1. IntroductionInternet infrastructures & Technologies :Internet Systems & applications IJosep Bardallo - 2012
2. 223 / 10 / 2012Josep BardalloInternet Systems The interconnection system we call the Internet comprises some37,000 ‘Autonomous Systems’ or ASes (ISPs or similar entities) and355,000 blocks of addresses (addressable groups of machines),spread around the world (2H2011)
3. 323 / 10 / 2012Josep BardalloWorld Data Centers
7. 723 / 10 / 2012Josep BardalloInternet Vulnerability to power outages The system is critically dependent on electricalpower.
8. 823 / 10 / 2012Josep BardalloInternet Datacenter Levels Tier I data centers are the most basic tier of data center with asingle uplink serving all components and the resident computerequipment. This means the computer equipment at this site lacksany sort of redundant capacity components hence becoming moresusceptible to disruption if any component or capacity system wereto fail unexpectedly. Furthermore, Tier 1 data centers can potentiallyexperience more frequent disruptions of service for annualmaintenance. Uptime of 99,671% Tier II data center meets the standards for Tier I classification andhas redundant capacity components and a single (N+1), non-redundant distribution path serving the computer components.Uptime of 99,741%
9. 923 / 10 / 2012Josep BardalloInternet Datacenter Levels Tier III has both redundant capacity components and multiple,independent distribution paths to serve the resident computerequipment. The components are dual-powered with multiple uplinks,allowing maintenance to occur without disrupting the system.Uptime of 99,982% Tier IV is the strongest tier and least prone to failures. It is fullyfault-tolerant with multiple, independent and isolated systemsserving the computer equipment. Dual power sources and coolingsystems help to maintain the integrity of the equipment in the eventof any failure. With compartmentalized systems, a single unexpectedfailing of any system component will not impact the computerequipment. Furthermore, the system will independently respond tothe failure as a means of preventing equipment damage. As with theTier III data center, maintenance work can be carried out withoutshutting down the system or impacting on operations. Uptime of99,995
10. 1023 / 10 / 2012Josep BardalloCertified Datacenters in Spain
11. 1123 / 10 / 2012Josep BardalloCertified Datacenters in the Worldhttp://uptimeinstitute.com/TierCertification/certMaps.php
12. 1223 / 10 / 2012Josep BardalloConverged Datacenters Converged Data Centers are in the class of modular data centers(complete, preconfigured data centers shipped and ready to go incomprehensive shipping containers) that expedite deployment andincrease efficiency. Samples: HP Performance Optimized Datacenters (PODs) aredatacenters in portable 20 or 400 foot energy efficient containers orColt modular datacenter.
13. 1323 / 10 / 2012Josep BardalloConverged Data Center
14. 1423 / 10 / 2012Josep BardalloServices More used in Internet (application layer) Http / Https (Web) Dns (Domain Name Server) Smtp (Mail) Sip/voIP IRC (Chat) & IM services (Instant Messaging)
15. 1523 / 10 / 2012Josep BardalloDomain Name Registrant and Registrar A domain name registrar is an organization or commercial entitythat manages the reservation of Internet domain names. A domainname registrar must be accredited by a generic top-leveldomain (gTLD) registry and/or a country code top-leveldomain (ccTLD) registry. The management is done in accordancewith the guidelines of the designated domain name registries and tooffer such services to the public. List of accredited registrars:http://www.icann.org/registrar-reports/accredited-list.html
18. 1823 / 10 / 2012Josep BardalloDomain Name Registratant The management and distribution of both generic and country codeTop Level Domains (TLD) is handled by Registries. For example, theCanadian Internet Registration Authority (CIRA) is responsible foroperating the ".ca" ccTLD and VeriSign Global Registry Servicesmanages the operation of the ".com" and ".net" gTLDs. Currently, there are 17 generic TLDs operated by various Registries.There are various restrictions on who may obtain a specific gTLD. There are 247 country code TLDs. The requirements for obtainingccTLD vary from country to country. .es is the country code top-level domain (ccTLD) for Spain. It isadministered by the Network Information Centre of Spain :http://www.nic.es
19. 1923 / 10 / 2012Josep BardalloDomain Name Registratant
20. 2023 / 10 / 2012Josep BardalloDomain Name Registratant
21. 2123 / 10 / 2012Josep BardalloDomain Name Registratant Domain names are generally distributed by Registrars to Registrants,who can be individuals or organizations. The Registrar keeps recordsof the Registrants contact information, submits the technicalinformation to the Registry and publishes the contact information ofRegistrants through WHOIS. Registrants may also obtain domain names through Resellers.Resellers are organizations are not certified as a Registrar, butinstead act as an intermediary between the Registrant and theRegistrar. Typically, Resellers offer value added services, such asweb hosting, URL forwarding, email forwarding, and search enginelisting.
22. 2223 / 10 / 2012Josep BardalloDomain Name Registratanthttp://www.webhosting.info/domains/country_stats/
23. 2323 / 10 / 2012Josep BardalloDomain Name Registratant .es is the country code top-level domain (ccTLD) for Spain. It is administered by the Network Information Centre of Spain. http://www.nic.es
26. 2623 / 10 / 2012Josep BardalloDNS: Domain Name Server A name server translates domain names into IP addresses. Thismakes it possible for a user to access a website by typing in thedomain name instead of the websites actual IP address. Forexample, when you type in "www.microsoft.com," the request getssent to Microsofts name server which returns the IP address of theMicrosoft website. RFC 1034 (www.ietf.org): DOMAIN NAMES - CONCEPTS ANDFACILITIES. This RFC introduces domain style names, their use forInternet mail and host address support, and the protocols andservers used to implement domain name facilities.
27. 2723 / 10 / 2012Josep BardalloDNS: Domain Name Server Each domain name must have at least two name servers listed whenthe domain is registered. These name servers are commonly namedns1.servername.com and ns2.servername.com, where "servername"is the name of the server. The first server listed is the primaryserver, while the second is used as a backup server if the first serveris not responding. Name servers are a fundamental part of the Domain Name System(DNS). They allow websites to use domain names instead of IPaddresses, which would be much harder to remember. In order tofind out what a certain domain names name servers are, you canuse a WHOIS lookup tool.
28. 2823 / 10 / 2012Josep BardalloDNS purpose The purpose of the DNS is to enable Internet applications and theirusers to name things that have to have a globally unique name. Theobvious benefit is easily memorizable names for things like webpages and mailboxes, rather than long numbers or codes. Lessobvious but equally important is the separation of the name ofsomething from its location. Things can move to a totally differentlocation in the network fully transparently, without changing theirname. www.isoc.org can be on a computer in Virginia today and onanother computer in Geneva tomorrow without anyone noticing. In order to achieve this separation, names must be translated intoother identifiers which the applications use to communicate via theappropriate Internet protocols.
29. 29Internet DNS structure23 / 10 / 2012Josep Bardallo
30. 3023 / 10 / 2012Josep BardalloDNS FlowA DNS recursor consults three nameservers to resolve the addresswww.wikipedia.org.
31. 3123 / 10 / 2012Josep BardalloDNS working Lets look at what happens when you send a mail message to me email@example.com. A mail server trying to deliver themessage has to find out where mail for mailboxes at ripe.net has tobe sent. This is when the DNS comes into play. Let us follow the DNS query starting from your computer. Yourcomputer knows the address of a nearby DNS "caching server" andwill send the query there. These caching servers are usuallyoperated by the people that provide Internet connectivity to you.This can be your Internet Service Provider (ISP) in a residentialsetting or your corporate IT department in an office setting. Yourcomputer may learn the address of the available caching serversautomatically when connecting to the network or have it staticallyconfigured by your network administrator.
32. 3223 / 10 / 2012Josep BardalloDNS working When the query arrives at the caching server there is a good chancethat this server knows the answer already because it hasremembered it, "cached" in DNS terminology, from a previoustransaction. So if someone using the same caching server has sentmail to someone at ripe.net recently, all the information that isneeded will already be available and all the caching server has to dois to send the cached answers to your computer. You can see howcaching speeds up responses to queries for popular namesconsiderably. Another important effect of caching is to reduce theload on the DNS as a whole, because many queries do not gobeyond the caching servers. If the caching server does not find the answer to a query in itscache, it has to find another DNS server that does have the answer.In our example it will look for a server that has answers for allnames that end in ripe.net. In DNS terminology such a server issaid to be "authoritative" for the "domain" ripe.net.
33. 3323 / 10 / 2012Josep BardalloDNS working In many cases our caching server already knows the address of theauthoritative server for ripe.net. If someone using the samecaching server has recently surfed to www.ripe.net, the cachingserver needed to find the authoritative server for ripe.net at thattime and, being a caching server, naturally it cached the address ofthe authoritative server. So the caching server will send the query about the mail servers forripe.net to the authoritative server for ripe.net, receive an answer,send that answer through to your computer and cache the answer aswell. Note that so far only your caching server and the authoritativeserver for ripe.net have been involved in answering this query.
34. 3423 / 10 / 2012Josep BardalloRoot name servers Root name server: They are part of the Domain Name System(DNS), a worldwide distributed database that is used to translateworldwide unique domain names such as www.isoc.org to otheridentifiers. The DNS is an important part of the Internet because it isused by almost all Internet applications. Root name server operators selected by IANA (Internet AssignedNumbers Authority) The root name servers publish the root zone file to other DNSservers and clients on the Internet. The root zone file describeswhere the authoritative servers for the DNS top-level domains (TLD)are located; in other words: which server one has to ask for namesending in one of 267 (September 2007) TLDs, such as ORG, NET, NLor AU. more than 130 locations in 53 countries, most of them outside theUnited States of America
35. 3523 / 10 / 2012Josep BardalloRoot Name Servers in the world
36. 3623 / 10 / 2012Josep BardalloRoot name Servers (www.root-servers.org) There currently are 12 organizations providing root name service at 13unique IPv4 addresses. They are: A - VeriSign Global Registry Services B - University of Southern California - Information Sciences Institute C - Cogent Communications D - University of Maryland E - NASA Ames Research Center F - Internet Systems Consortium, Inc. G - U.S. DOD Network Information Center H - U.S. Army Research Lab I - Autonomica/NORDUnet J - VeriSign Global Registry Services K - RIPE NCC L - ICANN M - WIDE Project
37. 3723 / 10 / 2012Josep BardalloDNS HA To ensure high availability the DNS has multiple servers all with the samedata. To get around the problem of the local caching server not beingavailable your computer usually has a number of them configured from whichit can choose. This way one can make sure that there always is a cachingserver available. But how about the authoritative servers? To improve availability of authoritative name servers there always are anumber of them for each domain. In our example of ripe.net there are fiveof them, three of which are in Europe, one in North America and one inAustralia. ripe.net. 172800 IN NS ns.ripe.net. ripe.net. 172800 IN NS ns2.nic.fr. ripe.net. 172800 IN NS sunic.sunet.se. ripe.net. 172800 IN NS auth03.ns.uu.net. ripe.net. 172800 IN NS munnari.OZ.AU.
38. 3823 / 10 / 2012Josep BardalloRoot name Servers The RIPE NCC operates k.root-servers.net, one of the 13 Internet root nameservers. The K-root service is provided by a set of distributed nodes usingIPv4 and IPv6 anycast. Each node announces prefixes from 220.127.116.11/23 inAS25152. A K-root node consists of a cluster of server machines running theNSD name server software. (k.root-servers.org). The RIPE NCC is a not-for-profit membership association under Dutch law
39. 3923 / 10 / 2012Josep BardalloRoot name Servers k.root-servers.org
40. 4023 / 10 / 2012Josep BardalloDomain Name Servers vulnerability 21/10/2002: A coordinated DDoS (distributed denial of service) attack waslaunched at approximately 2045UTC and lasted until approximately 2200UTC.All thirteen (13) DNS root name servers were targeted simultaneously.Attack volume was approximately 50 to 100 Mbits/sec (100 to 200 Kpkts/sec)per root name server, yielding a total attack volume was approximately 900Mbits/sec (1.8 Mpkts/sec). Some root name servers were unreachable frommany parts of the global Internet due to congestion from the attack trafficdelivered upstream/nearby. While all servers continued to answer all queriesthey received (due to successful overprovisioning of host resources), manyvalid queries were unable to reach some root name servers due to attack-related congestion effects, and thus went unanswered. No known report ofend-user visible error conditions. Early in 2007, February, the 13 root servers were hit by a DoS attack(originated in South Korea) that nearly took down three of them. Analystssay the hackers used possibly millions of zombie computers to wage theattack -- and they expect that army is populated with the desktops andlaptops of unknowing users around the world. 20 hours. However, the otherroot name servers, including the RIPE NCC managed K-root, kept theInternet working during this time.
41. 41Domain Name Servers Vulnerability23 / 10 / 2012Josep Bardallo 10/9/2012: A lone hacker has claimed responsibility for an ongoing denial-of-serviceattack that may have knocked out millions of websites hosted by worlds largest domainregistrar GoDaddy. The attack began at around 10.00 Pacific time (17.00 GMT/18.00BST) and appears to affect the registrars DNS servers. Any site that is hosted withGoDaddy could be affected, although as of 13.00 Pacific (20.00GMT/21.00BST) thecompany reported that at least some service had been restored. Web sites serviced by DNS and hosting provider Go Daddy were down for most oftoday, but were back up later this afternoon. A hacker using the "Anonymous Own3r"Twitter account claimed credit for the outage. The problem could be affecting thousands, if not millions, of sites, given that Scottsdale,Arizona-based Go Daddy is not only one of the biggest Web site hosters but also thelargest domain registrar. The Go Daddy site itself was accessible earlier today for CNETbut was down at last check. Twitter users were complaining that numerous sites hostedby the company were inaccessible.
42. 4223 / 10 / 2012Josep BardalloBibliography http://www.oecd.org/sti/broadbandandtelecom/oecdcommunicationsoutlook2011.htm http://news.netcraft.com/ http://www.isuppli.com/Mobile-and-Wireless-Communications/News/Pages/Consumers-Aggressively-Migrate-Data-to-Cloud-Storage-in-First-Half-of-2012.aspx http://www.akamai.com/html/technology/dataviz3.html http://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/inter-x/interx/report http://www.root-servers.org/ http://www.iana.org/about/popular-links/ Root servers in the world (google map): http://goo.gl/CMtL4 http://www.isoc.org/briefings/020/ http://www.icann.org/registrar-reports/accredited-list.html http://www.dotandco.net/ressources/icann_registrars/details/position.en http://www.nic.es http://alfredovela.visibli.com/share/qWWsCv http://uptimeinstitute.com/TierCertification/certMaps.php