DNS: EdgeCast Route - Basic DNS Service Overview
Upcoming SlideShare
Loading in...5
×
 

DNS: EdgeCast Route - Basic DNS Service Overview

on

  • 724 views

EDGECAST ROUTE: THE WORLD’S FASTEST DNS SERVICE ...

EDGECAST ROUTE: THE WORLD’S FASTEST DNS SERVICE

This presentation gives an introduction to EdgeCast Route, the company’s new globally distributed DNS (Domain Name System) service.

DNS is required to ensure that a web site is available to end users, yet it is often neglected, under-prioritized, or deployed on old and insecure infrastructure. This means that many online enterprises are at risk for degraded performance, malicious attacks, or worse – being unreachable via their domain names.

After an extensive review of the existing DNS market, EdgeCast sees an opportunity to offer enterprise-grade DNS features and functionality with a simple and cost-effective pricing structure. Customers switching from competitors are likely to realize significant savings while benefiting from vastly superior performance and functionality.

Statistics

Views

Total Views
724
Views on SlideShare
719
Embed Views
5

Actions

Likes
0
Downloads
27
Comments
0

1 Embed 5

https://twitter.com 5

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Introducing Edgecast Route – the world’s fastest Managed (primary) and Secondary DNS Service.EdgeCast Route is based on DNS technology that – for more than two years – has been directing traffic to the tens of thousands of EdgeCast servers around the world that deliver more than 5% of all web traffic.
  • Before we dive into the details I want to call attention to some key themes that you will hear throughout the rest of the presentation – the reasons we think you should choose EdgeCast Route as your primary or secondary DNS?Of note, EdgeCast Route is based on DNS technology that – for more than two years – has been directing traffic to the tens of thousands of EdgeCast servers around the world that deliver more than 5% of all web traffic.Best overall valueFastest DNS provider worldwideBest price to performance ratio of any DNS providerIntelligent routingSecureHighly scalable
  • So what is DNS and why should I consider outsourcing my DNS requirements to EdgeCast?DNS is required to ensure that a web site is available to end users, yet it is often neglected, under-prioritized, or deployed on old and insecure infrastructure. This means that many online enterprises are at risk for degraded performance, malicious attacks, or worse – being unreachable via their domain namesIt is networking technique where the same IP prefix is advertised from multiple locations. The network then decides which location to route a user request to, based on routing protocol costs and possibly the 'health' of the advertising servers.There are many advantages to outsourcing your DNS to a DNS provider running on a global AnyCast networkReduced latencyAbility to easily load-balance across serversEase of configuration managementHigh availabilityHorizontal scalingIf you find that one server is being overly loaded, simply deploy another one in a location that would allow it to take some proportion of the overloaded server's requests.
  • Not surprisingly, the “bad guys” are now targeting DNS in an attempt to make Web sites unavailable.They employ a number of different types of attacks:Spoofing attacks leading to DNS cache poisoning. Various types of DNS spoofing and forgery exploits abound, which aim to redirect users from legitimate sites to malicious websites. These include so-called "Kaminsky attacks", in which attackers take authoritative control of an entire DNS zone.Denial-of-service (DoS) attacks. Attackers may launch DDoS attacks against the resolvers themselves, or hijack resolvers to launch DoS attacks on other systems. Attacks that use DNS servers to launch DoS attacks on other systems by exploiting large DNS record/response size are known as amplification attacks.”
  • EdgeCast provides organizations the ability to use EdgeCast Route as either their primary (use to manage zones) – used to administer DNS zones and associated records or secondary DNS.EdgeCast Route leverages EdgeCast’s massive global IP Anycast network, with DNS points of presence in major metros across fourcontinents.
  • Sometimes the default routing provided by Anycast IP is enough to address their needs.However, sometimes organizations want more control over the way DNS queries to their Web site get routed.In the latter example, EdgeCast provides the ability to do routing based on advanced policies.These advanced policies enable organizations to route DNS queries based on various decision variables.
  • Edgecast Route has been tested extensively with customer applications using backbone, real-user (RUM), and mobile measurement agents from several third-party performance measurement services - a methodology that helps prevent manipulation by service providers to improve testing results. Both internal and independent tests show EdgeCast Route to be the fastest DNS solution overall on a worldwide basis.These tests showed that EdgeCast Route provides performance improvements from 15% to more than 300% depending on competitor and region.Faster on average than Akamai, Amazon, Dyn, neustar and all the other major (and minor) DNS providers worldwide.
  • Edgecast Route incorporates extensive security capabilities, with resilience against DDoS attacks, known exploits in traditional DNS software, and a variety of other exposures. With DNS playing such a critical infrastructure role and being a very common attack target, the solution provides enhanced assurance that sites will survive even the most substantial attacks.
  • When deployed as your primary DNS, EdgeCast Route can be used to create and/or manage your DNS zones.Existing zones can be imported into Route via a REST API.The most common DNS record types are supported.And all configurations – including load balancing (round robin) and failover is done through the EdgeCast Control Center.
  • EdgeCast Route employs an intuitive Web-based control center for setting up DNS zones.Simple configurations can be up and running within 5 minutes – with DNS changes published in less than 60 seconds – and typically much less.
  • Traffic for a load balanced hostname is distributed among the servers associated with it – a process known as load balancing. The distribution of requests between multiple servers ensures data availability through redundancy.If a server in a load balancing configuration is unavailable, either due to scheduled maintenance or an unplanned outage, requests to the corresponding hostname will be balanced among the remaining servers. A load balancing configuration allows our authoritative DNS servers to pick between various servers when resolving a hostname to an IP address. The manner in which requests will be distributed between servers is determined by the weight assigned to each server. The EdgeCast Control Center is used to set up load balancing groups, and configuration can be done with/without health checks.
  • DNS Health Checks are key to ensuring that your site's traffic flows properly is to check at regular intervals that your web servers can provide a response to requests. Our Health Check module is designed to check server health status at regular intervals by sending an HTTP, HTTPS, TCP, or a TCP SSL request from our health checks agents. The worldwide distribution of our health check agents ensures that network latency doesn't result in a misdiagnosis of a server's health state. Each agent will poll a monitored server every 10 seconds. A simple majority consensus will then be used to determine whether traffic should be pulled from a server. They are configured via the EdgeCast Control Center.
  • In this example Origin 2 is found to fail.
  • A primary/backup relationship can be established between two servers. This type of relationship allows a backup server to take over when the primary server can no longer fulfill its responsibilities (fails a majority of its health checks). This prevents a server outage from impacting site traffic. This process is known as failover.
  • Secondary DNS is a redundant name service for the domains that you manage.The major point in having a secondary DNS server is as backup in the event the primary DNS server handling your domain goes down.Typically located on separate networks to prevent downtime, secondary DNS ensures that if your network goes down, you will continue to resolve your DNS queries.The ability to employ EdgeCast Route as a secondary DNS is a key part of the offering.
  • Why go with EdgeCast Route?As previously mentioned, it is based on DNS technology that – for more than two years – has been directing traffic to the tens of thousands of EdgeCast servers around the world that deliver more than 5% of all web traffic.It provides a comprehensive solutionFastest DNS provider worldwideBest price to performance ratio of any DNS providerBest overall valueSupports advanced policy routingSecureHighly scalable
  • Here is the current pricing structure for EdgeCast RouteCustomers are required to choose the number of billable zones they expect to employThey will also be billed on the number and type of queries, and the number of health checks performed

DNS: EdgeCast Route - Basic DNS Service Overview DNS: EdgeCast Route - Basic DNS Service Overview Presentation Transcript

  • edgecast Route (DNS) Service Overview 10-01-2013© 2013 EDGECAST NETWORKS 2850 OCEAN PARK BLVD, SUITE 110, SANTA MONICA CA WWW.EDGECAST.COM
  • 2 Why EdgeCast Route for DNS?  Robust. Globally distributed. Feature rich. Massively scalable. And at the best price to performance ratio available from any DNS provider Resolve Queries Faster  We route DNS queries faster world wide than any other DNS provider, and we guarantee that the DNS queries will be answered 100% of the time. Get the Best Value  Experience immunity from cache poisoning attacks and other known DNS software flaws and exploits , and get protection against DDoS attacks. Experience Better Security Worry Less © 2013 EDGECAST NETWORKS 2850 OCEAN PARK BLVD, SUITE 110, SANTA MONICA CA Route Queries More Intelligently  Control routing by using information such as the user’s geographic location, traffic load, network transiting, and knowledge of the topologically closest EdgeCast PoP to ensure consistently fast responses regardless of end-user location.  Leverage the EdgeCast global IP Anycast network and high performance ROUTE DNS system instead of building it yourself. Take advantage of EdgeCast’s global capacity, performance and security Save Time  Deploy Route via our management control center. It’s easy to set up. And quick to modify with updates pushed out globally in under 60 seconds
  • Domain Name System (DNS) What Is DNS?  A hierarchical and distributed naming system for any resource connected to the Internet. • Mappings of host names (www.edgecast.com) into Internet Protocol (IP) addresses (93.184.218.132) are stored in a DB and used by devices to communicate Leverage features of a global AnyCast network  Reduced latency – improved performance  Ability to easily load-balance across servers  Ease of configuration management  High availability  Horizontal scaling Lower operating expenses than do it yourself Dedicated Support  24x7x365 Security  Primary DNS not directly exposed to attackers  Ensure end-users are able to find your site DNS Defined Benefits of Outsourcing DNS DNS is the “phonebook” for the Internet  Without DNS users can only reach your Web site(s) if they know your IP addresses Why is DNS Important? © 2013 EDGECAST NETWORKS 2850 OCEAN PARK BLVD, SUITE 110, SANTA MONICA CA 3
  • 4 DNS Security Concerns Two common types of attacks  Spoofing attacks o Lead to DNS cache poisoning  Denial-of-service (DoS) attacks o Basic DNS flood o Reflective DNS attack o Recursive DNS attack o Garbage DNS attack Threats to DNS How Pharming Works © 2013 EDGECAST NETWORKS 2850 OCEAN PARK BLVD, SUITE 110, SANTA MONICA CA DNS Attacks
  • 5 EdgeCast Route DNS Management Solution  Globally distributed o 20+ points of presence (PoPs) o 12 countries (more coming soon) o 4 continents  Overprovisioned o Normal traffic = small % of capacity Massive Scale and Capacity  Managed (Primary) & Secondary offerings o Implemented as “authoritative-only” o Use to administer DNS zones and associated records o Reliable, high performance and secure DNS service o Fully compliant with DNS specification  No up-front capital costs Comprehensive Solution © 2013 EDGECAST NETWORKS 2850 OCEAN PARK BLVD, SUITE 110, SANTA MONICA CA
  • 6 EdgeCast Route DNS Management Solution  Resolve queries faster world wide than any other DNS provider  Standard routing utilizes global IP Anycast network o Globally distributed name server infrastructure responds to domain name lookups faster o Queries routed to nearest topological location based on geographic location; traffic load; network transiting  Advanced Policy Routing utilizes ECMUX grammar/ rules for Decision Variable (DV) token o Potential Values - ASN (Autonomous System Number), GR (Geographical Region), GC (City Level Geographical), SN (Client IP Subnet Range Query), IPV (IP Version), HC (Health Check Value) o Currently requires EC Professional Services High Performing © 2013 EDGECAST NETWORKS 2850 OCEAN PARK BLVD, SUITE 110, SANTA MONICA CA
  • DNS Performance Results – 2013-07 0 20 40 60 80 100 120 140 160 Worldwide 32.95 45.15 68.87 94.41 152.75 -37% -109% -187% -364% © 2013 EDGECAST NETWORKS 2850 OCEAN PARK BLVD, SUITE 110, SANTA MONICA CA 7
  • 8 EdgeCast Route DNS Management Solution  Lack of recursive caching function makes service immune to cache poisoning attacks and other risks o A benefit of authoritative-only name servers  Not based on BIND o Known vulnerabilities inherent in BIND do not apply  Per IP address throttling to avoid DNS reflection and DNS flooding attacks  Resilient against DNS software flaws and exploits  Highly scalable against DDoS attacks Secure  Distributed DNS with globally deployed IP Anycast PoPs improves availability of authoritative name servers o EdgeCast will serve DNS resolutions 100% of the time  Health checks performed on global basis o Monitor server performance & availability every 10s  Traffic Management o Load balance traffic across servers + data centers o Establish system failover  24x7x365 management by dedicated team Reliable © 2013 EDGECAST NETWORKS 2850 OCEAN PARK BLVD, SUITE 110, SANTA MONICA CA
  • 9 EdgeCast Route DNS Zone Management Features  Allows the creation and management of DNS Zones o A Zone is the portion of the DNS namespace to which authority is delegated. It contains records via which an authoritative name server can provide a response to DNS queries o DNS Record Types supported include: • A (IPv4), AAAA (IPv6), CNAME (Alias), MX (Mail Exchange), NS (Name Server), PTR (Pointer), SOA (Start of Authority), SPF (Sender Policy Framework), SRV (Service Locator), TXT (Text)  Define load balancing and failover configurations for address records associated with each zone o Zone Management User Interface (UI) is integrated with Load balancing, Failover and Health Check Management system UIs © 2013 EDGECAST NETWORKS 2850 OCEAN PARK BLVD, SUITE 110, SANTA MONICA CA
  • 10 EdgeCast Route DNS Zone Management Benefits  Never leave the zone screen to configure load balancing, fail-over groups, or health checks  Up and running in ~5 minutes  DNS changes typically published to EdgeCast DNS servers in less than 60 seconds  Intuitive user interface makes it easy for both the DNS novice and expert o Simplifies administration and improves reliability over common manual edits © 2013 EDGECAST NETWORKS 2850 OCEAN PARK BLVD, SUITE 110, SANTA MONICA CA
  • 11 EdgeCast Route DNS Load Balancing Features Benefits  Distribution of requests between multiple servers o Redundancy ensures data availability  EdgeCast authoritative name servers automatically pick between servers when resolving a hostname to an IP address based on pre-defined allocation  You are not required to be an EC CDN customer or to have EC manage your zone  Traffic for a load balanced hostname is distributed among the servers associated with it o If a server in a load balancing group is not available requests to the corresponding hostname will be balanced among the remaining servers  Traffic can flow from: o A Zone managed by EdgeCast o A CNAME record – including ones created a 3rd- party DNS provider that owns your zone o A Subdomain delegation  Web portal used to create load balancing groups o Assigned weight given to each server (VIP)  Configured with/without global health checks © 2013 EDGECAST NETWORKS 2850 OCEAN PARK BLVD, SUITE 110, SANTA MONICA CA
  • 12 EdgeCast Route Server (Global) Health Checks Features Benefits  Consensus model for health checks ensures against false positives  Automated or manual reinstatement of servers  Check server health status at customer defined intervals o Servers polled at customer-defined intervals • Send HTTP/S GET, HTTP/S POST, or TCP/TCP SSL request from the EdgeCast Health Check agents • More frequent polling o Worldwide distribution of health check agents • Majority consensus used to determine whether traffic should be pulled from a server • Service failures are reported by email within a few milliseconds once health checks are completed  Health Check User Interface (UI) is integrated with Zone Management system UI  Health checks can check either entire groups or individual members © 2013 EDGECAST NETWORKS 2850 OCEAN PARK BLVD, SUITE 110, SANTA MONICA CA
  • 13 EdgeCast Route Server (Global) Health Checks © 2013 EDGECAST NETWORKS 2850 OCEAN PARK BLVD, SUITE 110, SANTA MONICA CA
  • 14 EdgeCast Route DNS Failover Features Benefits  Enables a backup server to take over when the primary server cannot fulfill its responsibilities o Prevents server outage from impacting site traffic  You are not required to be an EC CDN customer or to have EC manage your zone  You can chain the load balancing groups by CNAME.  Establishes primary and backup relationship between 2 two targets o Health check configuration used to determine when to fail traffic over to backup server • Assigned to each IP address o Primary service failure results in DNS traffic being routed to the backup service o Supports both IPv4 and IPv6 o Failed services automatically or manually reinstated  A failover configuration established for traffic from: o A Zone managed by EdgeCast o A CNAME record – including ones created a 3rd-party DNS provider that owns your zone o A Subdomain delegation  Web portal used to create failover groups © 2013 EDGECAST NETWORKS 2850 OCEAN PARK BLVD, SUITE 110, SANTA MONICA CA
  • 15 EdgeCast Route Secondary DNS Features Benefits  Leverage the EdgeCast global IP Anycast network and high performance ROUTE DNS system o No need for your own infrastructure o Easy way to take advantage of EC global capacity, performance and security • You can choose to hide your master DNS servers desire and not expose your systems to Internet-based security threats & concerns o Improves end-user response by directing them to best performing name server o Ensures high availability  TSIG (Transaction SIGnature) support o Helps ensure secure zone transfers  Manage your zones on-premise or via a 3rd-party provider o Configuring EdgeCast Route as a secondary DNS can be done in less than 5 minutes  Web portal used to setup “Master Server Groups” o EdgeCast DNS nodes think they are all masters  TSIG (Transaction SIGnature) support o Used to provide a means of authenticating zone transfers © 2013 EDGECAST NETWORKS 2850 OCEAN PARK BLVD, SUITE 110, SANTA MONICA CA
  • 16 Why EdgeCast Route for DNS?  Utilizes EdgeCast’s global IP Anycast network Massive Scale and Capacity  Normal traffic = small percentage of total capacity High Performing Secure  Not susceptible to cache poisoning  Provides protection against DDoS attacks  Primary & Secondary offerings (authoritative-only) Comprehensive Solution  IP Anycast network improves availability  Health checks performed on global basis  Traffic management Reliable © 2013 EDGECAST NETWORKS 2850 OCEAN PARK BLVD, SUITE 110, SANTA MONICA CA
  • 17 EdgeCast Route – Price Structure © 2013 EDGECAST NETWORKS 2850 OCEAN PARK BLVD, SUITE 110, SANTA MONICA CA Solution Module Unit of Measure When Is It Billable? Tier 1: 1-50 Zones Each additional increment of 50 Zones Tier 1: =<1B Queries Tier 2: >1B Queries Tier 1: =<1B Queries Tier 2: >1B Queries Tier 1: =<1B Queries Tier 2: >1B Queries DNS Health Checks Average number of configured Health Checks per month. Rounded up to nearest whole number. Upon configuration Service Component EdgeCast Route (DNS) Required (Choose one Tier – both components are required) Components Managed (Primary) or Secondary DNS Billable Zones When zone starts being used (e.g. receives 1st DNS query) Optional Health Checks DNS Queries Starndard Routing Fixed fee is charged per million queries according to the total number of DNS queries that were directed to all billable zones for which there is no Traffic Management (Failover & Weighted Load Balancing) or advanced policies. Queries rounded UP to nearest million. Adaptive Availability Fixed fee is charged per million queries according to the total number of DNS queries that were directed to all billable zones for which there is Standard Routing + Traffic Management (Weighted Load Balancing and/or Failover). Queries rounded UP to nearest million. Advanced PolicyRouting Fixed fee is charged per million queries according to the total number of DNS queries that were directed to all billable zones for which there is Advanced Policy Routing (based on GeoIP, GeoCountry, GeoCity, ASN, IP Groups, Network Groups, AnyCast PoP, or IP Type) + Traffic Management (Weighted Load Balancing and/or Failover). Advanced Policy Routing currently requires a Professional Services engagement to set up. Queries rounded UP to nearest million.