SlideShare a Scribd company logo
1 of 19
Download to read offline
Peter Silva
Sr. Technical Marketing Manager
F5 Intelligent DNS Scale
© F5 Networks, Inc 2
LOWERS
Stress of DNS outages
REDUCES
Data center costs
DIRECTS
Customers to the best data
center or cloud
PROTECTS
Web properties and
Brand reputation
IMPROVES
Web application
performance
Intelligent and scalable DNS
© F5 Networks, Inc 3
Internet foundation? DNS
DNS DEMANDS
WHEN DNS BREAKS, EVERYTHING
BREAKS
DOMAIN NAME SYSTEM (DNS)
Translates a domain name…
http://www.google.com
into an IP address:
74.125.227.64 (IPv4)
http://www.f5.com =
2001:19b8:101:2::f5f5:1d
(IPv6)
More
people
Mobile
devices/apps
Complex
sites
Increased
latency
Cloud
implementation
s
IPv6 added
to IPv4
DDoS
attacks
© F5 Networks, Inc 4
DNS demand
Available and protected
AVERAGE DAILY LOAD FOR DNS (TLD)
QUERIES IN BILLIONS
DNSSEC DEPLOYMENT EXPANDING
TYPICAL FOR A SINGLE WEB PAGE TO
CONSUME 100+ DNS QUERIES FROM ACTIVE
CONTENT, ADVERTISING, AND ANALYTICS
ATTACKS ON DNS BECOMING MORE COMMON;
DNS SERVICES MUST BE ROBUST
GLOBAL MOBILE DATA (4G/LTE) IS DRIVING
THE NEED FOR FAST, AVAILABLE DNS
DISTRIBUTED, AVAILABLE, HIGH-
PERFORMANCE GSLB FOR
MULTIPLE DATA CENTERS
’12’11’10’09’08 77
57
39
43
50 18X Growth 2011-2016
4G LTE
2.4GB
/mo
Non-4G LTE
86MB
/mo
Reflection/amplification DDoS
Cache poisoning attacks
Drive for DNSSEC adoption
Total service availability
Geographically dispersed DCs
DNS capacity close to subscribers
© F5 Networks, Inc 5
Critical: DNS
5SECONDS
74% are willing to wait
5 seconds or less
for a single web page
to load before leaving
the site
Every 100ms delay
costs Amazon.com
1% in sales
2012
2007
DNS has grown
over 100%
in the last 5 years
2012
2007 180%
As of October 2012,
there were over
188 million active websites,
a growth of 180%
over the last 5 years
© F5 Networks, Inc 6
DNS Deployments
• Performance = Add DNS
boxes
• Weak DoS/DDoS Protection
• Firewall is THE bottleneck
• Massive performance over
10M RPS!
• Best DoS/DDoS protection
• Lower CapEx and OpEx
CONVENTIONAL DNS
THINKING
F5 DNS DELIVERY
REIMAGINED
Internet
External
Firewall
DNS Load
Balancing
Array of DNS
Servers
Internal
Firewall
Hidden
Master DNS
Authoritative DNS
Caching Resolver
Transparent Caching
DNS Firewall
DNS DDoS Protection
Protocol Validation
High Performance DNSSEC
DNSSEC Validation
Intelligent GSLB
DMZ Datacenter
F5 PARADIGM SHIFT
Internet
Master DNS
InfrastructureBIG-IP
Global Traffic
Manager
© F5 Networks, Inc 7
True DNS Costs
HIGHER OPEX DUE TO MAINTENANCE
BIND by the numbers
• 340 updates since 2004
• 84 issued patches for vulnerabilities and bugs
• 9 patches a year for DNS
COMPANIES DEPLOY FIREWALLS TO PROTECT DNS
But traditional firewalls don’t process DNS, so a
vulnerability can still be exploited on the DNS
server.
0
10
20
30
40
50
60
9.0 9.1 9.2 9.3 9.4 9.5 9.6 9.7 9.8 9.9
BIND HISTORY
Total updates, including beta, release candidates
Critical patches for vulnerabilities
Numberofupdatesissued
BIND Version
F5 DNS Authoritative
Model
Traditional DNS Authoritative
Topology
Total in year 1: $355,280
Total in year 2 onwards: $55,280
Total in year 1: $799,200
Total in year 2 onwards: $439,200
© F5 Networks, Inc 8
Optimized DNS
Easy integration into existing
DNS infrastructure for high
availability and security
Support over 10 million DNS
responses per second (RPS)
Manageable and predictable
data center utilization
Authoritative
Zone Transfer
Legitimate
Visitors
Context based on
geographical
location
Tier 1: DMZ
Cache
Poisoning
DNS DDoS
Attacks
Web Bot
Attacker
Tier 2: Application
Delivery
Application
SaaS
Cloud Providers
Distributed
DNS
IP Intelligence
Threat
Intelligence
DNSSEC
IP Geolocation
DNS DDoS
Protection
PaaS
IaaS
Application
Health
Authoritative DNS
TCP Port 80/443
Strategic Point of
Control
Intelligent and
Scalable DNS
Services
Primary DNS
TCP/UDP Port
53
LDNS
© F5 Networks, Inc 9
Answer
DNS
Query
Answer
DNS
Query
Answer
DNS
Query
Answer
DNS
Query
Answer
DNS
Query
Efficient DNS
DNS Express
• Delivers High-speed response & DDoS protection with in-memory
DNS.
• Authoritative DNS served out of RAM.
• Configuration size for tens of millions of records.
• Scale and consolidate DNS servers.
Clients
Internet
DNS Express in BIG-IP
GTM
DNS Server
OS
Admin
Auth
Roles
NIC
Dynamic
DNS
DHCP
Manage
DNS
Records
© F5 Networks, Inc 10
Benefits of BIG-IP Integration
Simply and efficiently manage complex networks using one ADC solution.
Route users to available apps and data centers based on business logic.
Use the same geolocation data to reference for all BIG-IP devices.
Constantly monitor health between devices.
© F5 Networks, Inc 11
Replicate High Performance DNS
• Cloud DNS service with signed DNSSEC zones
— Replicate DNSSEC to non-DNSSEC
environments
• Cloud DNS for disaster recovery / business
continuity
• DNS replication service to BIG-IPs or other DNS
servers in DCs/Clouds closest to users
BIG-IP
Unsigned
Zone(s)
Traditional
DNS Server
Signed
Zone(s
)
Cloud DNS
(BIG-IP VE)
Enhanced AXFR Support for DNS Express
• Zone transfer from DNS Express to any DNS
service
• Replicate DNS in physical, virtual, and cloud
• NOTIFY is supported, as is TSIG key for each zone
Cloud DNS
Service
High Performance
DNS and DNSSEC
Scenario Soluition
Replicate
Zones
DNS Express
© F5 Networks, Inc 12
Complete DNS
• Protocol inspection and validation
• DNS record type ACL
• DNS load balancing
• High-performance DNS cache
• Higher-performance DNS slave
• Stateful – never accepts unsolicited
responses
• ICSA Certified – DMZ deployment
Scale across devices – IP Anycast
• Secure responses – DNSSEC
• Complete DNS control – iRules
• DDoS threshold alerting
• DNS logging and reporting
• Hardened F5 DNS code – NOT
BIND
F5 DNS FIREWALL SERVICES
DMZClients
LDNS Internet DNS Firewall
in
BIG-IP GTM
Data Center
DNS
Servers
Apps
© F5 Networks, Inc 13
The DNS value
Scalable up to 20x
0
3
6
Low
Query
Query
Growth
Query
Spike
Query
Decline
Max
DNS
Complete DNS control
Access Denied:
Denial-of-service mitigation
© F5 Networks, Inc 14
The DNS value
Support client requests
and consolidate IT
IPv6 to IPv4
Secure DNS query responses
http://f5.com
Route based on geolocation
© F5 Networks, Inc 15
DNS services are a primary reason we went with
F5 for our infrastructure…
With BIG-IP products, we were able to deploy
leading functionality with an exceptional reduction
in latency from the new DNS caching and
resolving capabilities.
— Oktay Yavuz Bora
Senior Network Engineer, Turk Telekom
© F5 Networks, Inc 16
Intelligent DNS that Scales
• Scale and manage DNS and apps globally
• Improve application performance and availability
• Robust, Flexible and Secure DNS Infrastructure
• Mitigate DNS DDoS Attacks
• Support hybrid IP Environments
• Complete DNS Security
© F5 Networks, Inc 17
Intelligent means that your BIG-IP device, based on the context of the
request (like location or reputation), can determine if the query is valid
Scale means that your BIG-IP device will be able to handle any surge of
DNS queries, keeping your applications available for your customers
The F5 Intelligent DNS Scale reference architecture
helps protect your brand and grow your business
© F5 Networks, Inc 18
The F5 Intelligent DNS
Scale Reference
Architecture
f5.com/architectures
Explore
F5 Networks Intelligent DNS Scale

More Related Content

What's hot

BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionF5 Networks
 
F5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5 Networks
 
F5's Dynamic DNS Services
F5's Dynamic DNS ServicesF5's Dynamic DNS Services
F5's Dynamic DNS ServicesF5 Networks
 
F5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5 Networks
 
Cisco ACI & F5 Integrate to Transform the Data Center
Cisco ACI & F5 Integrate to Transform the Data CenterCisco ACI & F5 Integrate to Transform the Data Center
Cisco ACI & F5 Integrate to Transform the Data CenterF5NetworksAPJ
 
VIPRION 2400 and vCMP
VIPRION 2400 and vCMPVIPRION 2400 and vCMP
VIPRION 2400 and vCMPF5 Networks
 
Intrinsic Security—The Key to Effective Hybrid DDoS Protection
Intrinsic Security—The Key to Effective Hybrid DDoS ProtectionIntrinsic Security—The Key to Effective Hybrid DDoS Protection
Intrinsic Security—The Key to Effective Hybrid DDoS ProtectionF5 Networks
 
F5 Application Delivery Optimization
F5 Application Delivery OptimizationF5 Application Delivery Optimization
F5 Application Delivery OptimizationF5 Networks
 
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Cisco Canada
 
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński -  Wirtualizacja i optymalizacja infrastrukturyPlnog 3: Zbigniew Skurczyński -  Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastrukturyPROIDEA
 
DNS Security (DNSSEC) With BIG-IP Global Traffic Manager
DNS Security (DNSSEC) With BIG-IP Global Traffic ManagerDNS Security (DNSSEC) With BIG-IP Global Traffic Manager
DNS Security (DNSSEC) With BIG-IP Global Traffic ManagerDSorensenCPR
 
The F5 Networks Application Services Reference Architecture (White Paper)
The F5 Networks Application Services Reference Architecture (White Paper)The F5 Networks Application Services Reference Architecture (White Paper)
The F5 Networks Application Services Reference Architecture (White Paper)F5 Networks
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk managementAEC Networks
 
The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of ThingsPeter Silva
 
Presentation network design and security for your v mware view deployment w...
Presentation   network design and security for your v mware view deployment w...Presentation   network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...solarisyourep
 
Big Ip Global Traffic Manager Ds
Big Ip Global Traffic Manager DsBig Ip Global Traffic Manager Ds
Big Ip Global Traffic Manager DsSteven_Jackson
 
F5 and Infoblox deliver complete secured DNS infrastructure
F5 and Infoblox deliver complete secured DNS infrastructureF5 and Infoblox deliver complete secured DNS infrastructure
F5 and Infoblox deliver complete secured DNS infrastructureDSorensenCPR
 
F5 iHealth Presentation 10 22-10
F5 iHealth Presentation 10 22-10F5 iHealth Presentation 10 22-10
F5 iHealth Presentation 10 22-10F5 Networks
 

What's hot (18)

BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall Solution
 
F5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference Architecture
 
F5's Dynamic DNS Services
F5's Dynamic DNS ServicesF5's Dynamic DNS Services
F5's Dynamic DNS Services
 
F5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference Architecture
 
Cisco ACI & F5 Integrate to Transform the Data Center
Cisco ACI & F5 Integrate to Transform the Data CenterCisco ACI & F5 Integrate to Transform the Data Center
Cisco ACI & F5 Integrate to Transform the Data Center
 
VIPRION 2400 and vCMP
VIPRION 2400 and vCMPVIPRION 2400 and vCMP
VIPRION 2400 and vCMP
 
Intrinsic Security—The Key to Effective Hybrid DDoS Protection
Intrinsic Security—The Key to Effective Hybrid DDoS ProtectionIntrinsic Security—The Key to Effective Hybrid DDoS Protection
Intrinsic Security—The Key to Effective Hybrid DDoS Protection
 
F5 Application Delivery Optimization
F5 Application Delivery OptimizationF5 Application Delivery Optimization
F5 Application Delivery Optimization
 
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
 
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński -  Wirtualizacja i optymalizacja infrastrukturyPlnog 3: Zbigniew Skurczyński -  Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
 
DNS Security (DNSSEC) With BIG-IP Global Traffic Manager
DNS Security (DNSSEC) With BIG-IP Global Traffic ManagerDNS Security (DNSSEC) With BIG-IP Global Traffic Manager
DNS Security (DNSSEC) With BIG-IP Global Traffic Manager
 
The F5 Networks Application Services Reference Architecture (White Paper)
The F5 Networks Application Services Reference Architecture (White Paper)The F5 Networks Application Services Reference Architecture (White Paper)
The F5 Networks Application Services Reference Architecture (White Paper)
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk management
 
The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of Things
 
Presentation network design and security for your v mware view deployment w...
Presentation   network design and security for your v mware view deployment w...Presentation   network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...
 
Big Ip Global Traffic Manager Ds
Big Ip Global Traffic Manager DsBig Ip Global Traffic Manager Ds
Big Ip Global Traffic Manager Ds
 
F5 and Infoblox deliver complete secured DNS infrastructure
F5 and Infoblox deliver complete secured DNS infrastructureF5 and Infoblox deliver complete secured DNS infrastructure
F5 and Infoblox deliver complete secured DNS infrastructure
 
F5 iHealth Presentation 10 22-10
F5 iHealth Presentation 10 22-10F5 iHealth Presentation 10 22-10
F5 iHealth Presentation 10 22-10
 

Viewers also liked

Using Docker container technology with F5 Networks products and services
Using Docker container technology with F5 Networks products and servicesUsing Docker container technology with F5 Networks products and services
Using Docker container technology with F5 Networks products and servicesF5 Networks
 
F5 Networks Quick Poll Research: HTTP/2 Survey Results
F5 Networks Quick Poll Research: HTTP/2Survey ResultsF5 Networks Quick Poll Research: HTTP/2Survey Results
F5 Networks Quick Poll Research: HTTP/2 Survey ResultsF5 Networks
 
F5 Intelligent DNS Scale
F5 Intelligent DNS ScaleF5 Intelligent DNS Scale
F5 Intelligent DNS ScaleF5 Networks
 
F5 Application Services Reference Architecture
F5 Application Services Reference ArchitectureF5 Application Services Reference Architecture
F5 Application Services Reference ArchitectureF5 Networks
 
F5 Certified! Program Overview and Update
F5 Certified! Program Overview and UpdateF5 Certified! Program Overview and Update
F5 Certified! Program Overview and UpdateF5 Networks
 
Integrated SDN/NFV Framework for Transitioning to Application Delivery Model
Integrated SDN/NFV Framework for Transitioning to Application Delivery ModelIntegrated SDN/NFV Framework for Transitioning to Application Delivery Model
Integrated SDN/NFV Framework for Transitioning to Application Delivery ModelF5 Networks
 
F5 Application Services Reference Architecture (Audio)
F5 Application Services Reference Architecture (Audio)F5 Application Services Reference Architecture (Audio)
F5 Application Services Reference Architecture (Audio)F5 Networks
 
F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)F5 Networks
 
Operationalize all the Network Things
Operationalize all the Network ThingsOperationalize all the Network Things
Operationalize all the Network ThingsF5 Networks
 
Key Findings from the State of Application Delivery 2015
Key Findings from the State of Application Delivery 2015Key Findings from the State of Application Delivery 2015
Key Findings from the State of Application Delivery 2015F5 Networks
 
F5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 Networks
 
The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of ThingsF5 Networks
 
5 Ways to use Node in the Network
5 Ways to use Node in the Network5 Ways to use Node in the Network
5 Ways to use Node in the NetworkF5 Networks
 
Ensure Application Availability Between Hybrid Data Centers
Ensure Application Availability Between Hybrid Data CentersEnsure Application Availability Between Hybrid Data Centers
Ensure Application Availability Between Hybrid Data CentersF5 Networks
 
BIG-IP Policy Enforcement Manager
BIG-IP Policy Enforcement ManagerBIG-IP Policy Enforcement Manager
BIG-IP Policy Enforcement ManagerF5 Networks
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
Presentation f5 – beyond load balancer
Presentation   f5 – beyond load balancerPresentation   f5 – beyond load balancer
Presentation f5 – beyond load balancerxKinAnx
 
F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices Lior Rotkovitch
 
Visual Design with Data
Visual Design with DataVisual Design with Data
Visual Design with DataSeth Familian
 

Viewers also liked (20)

Using Docker container technology with F5 Networks products and services
Using Docker container technology with F5 Networks products and servicesUsing Docker container technology with F5 Networks products and services
Using Docker container technology with F5 Networks products and services
 
F5 Networks Quick Poll Research: HTTP/2 Survey Results
F5 Networks Quick Poll Research: HTTP/2Survey ResultsF5 Networks Quick Poll Research: HTTP/2Survey Results
F5 Networks Quick Poll Research: HTTP/2 Survey Results
 
F5 Intelligent DNS Scale
F5 Intelligent DNS ScaleF5 Intelligent DNS Scale
F5 Intelligent DNS Scale
 
F5 Application Services Reference Architecture
F5 Application Services Reference ArchitectureF5 Application Services Reference Architecture
F5 Application Services Reference Architecture
 
F5 Certified! Program Overview and Update
F5 Certified! Program Overview and UpdateF5 Certified! Program Overview and Update
F5 Certified! Program Overview and Update
 
Integrated SDN/NFV Framework for Transitioning to Application Delivery Model
Integrated SDN/NFV Framework for Transitioning to Application Delivery ModelIntegrated SDN/NFV Framework for Transitioning to Application Delivery Model
Integrated SDN/NFV Framework for Transitioning to Application Delivery Model
 
F5 Application Services Reference Architecture (Audio)
F5 Application Services Reference Architecture (Audio)F5 Application Services Reference Architecture (Audio)
F5 Application Services Reference Architecture (Audio)
 
F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)
 
Operationalize all the Network Things
Operationalize all the Network ThingsOperationalize all the Network Things
Operationalize all the Network Things
 
Key Findings from the State of Application Delivery 2015
Key Findings from the State of Application Delivery 2015Key Findings from the State of Application Delivery 2015
Key Findings from the State of Application Delivery 2015
 
F5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhere
 
The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of Things
 
5 Ways to use Node in the Network
5 Ways to use Node in the Network5 Ways to use Node in the Network
5 Ways to use Node in the Network
 
Ensure Application Availability Between Hybrid Data Centers
Ensure Application Availability Between Hybrid Data CentersEnsure Application Availability Between Hybrid Data Centers
Ensure Application Availability Between Hybrid Data Centers
 
BIG-IP Policy Enforcement Manager
BIG-IP Policy Enforcement ManagerBIG-IP Policy Enforcement Manager
BIG-IP Policy Enforcement Manager
 
Configuration F5 BIG IP ASM v12
Configuration F5 BIG IP ASM v12Configuration F5 BIG IP ASM v12
Configuration F5 BIG IP ASM v12
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introduction
 
Presentation f5 – beyond load balancer
Presentation   f5 – beyond load balancerPresentation   f5 – beyond load balancer
Presentation f5 – beyond load balancer
 
F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices
 
Visual Design with Data
Visual Design with DataVisual Design with Data
Visual Design with Data
 

Similar to F5 Networks Intelligent DNS Scale

PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS ServicesPLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS ServicesPROIDEA
 
Building Resilient Applications with Cloudflare DNS
Building Resilient Applications with Cloudflare DNSBuilding Resilient Applications with Cloudflare DNS
Building Resilient Applications with Cloudflare DNSDevOps.com
 
Denial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewMarketingArrowECS_CZ
 
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS ProtectionPLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS ProtectionPROIDEA
 
Ultra Dns Overview Presentation
Ultra Dns Overview PresentationUltra Dns Overview Presentation
Ultra Dns Overview Presentationgueste95639
 
DNS Made Easy Sales Brochure
DNS Made Easy Sales BrochureDNS Made Easy Sales Brochure
DNS Made Easy Sales BrochureDNS Made Easy
 
Spider & F5 Round Table - Application Centric Security
Spider & F5 Round Table - Application Centric SecuritySpider & F5 Round Table - Application Centric Security
Spider & F5 Round Table - Application Centric SecurityTzoori Tamam
 
F5 GOV Round Table - Application Centeric Security
F5 GOV Round Table - Application Centeric SecurityF5 GOV Round Table - Application Centeric Security
F5 GOV Round Table - Application Centeric SecurityTzoori Tamam
 
f5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdff5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdfGrigoryShkolnik1
 
IT-as-a-Service - BlueCat @ NUBIT 2017
IT-as-a-Service - BlueCat @ NUBIT 2017IT-as-a-Service - BlueCat @ NUBIT 2017
IT-as-a-Service - BlueCat @ NUBIT 2017Andreas Taudte
 
150415 - Verisign Recursive DNS
150415 - Verisign Recursive DNS150415 - Verisign Recursive DNS
150415 - Verisign Recursive DNSMichael Kaczmarek
 
EfficientIP webinar mitigate dns zero day vulnerability
EfficientIP webinar mitigate dns zero day vulnerabilityEfficientIP webinar mitigate dns zero day vulnerability
EfficientIP webinar mitigate dns zero day vulnerabilityEfficientIP
 
F5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облакаF5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облакаBAKOTECH
 
Akamai Korea - Tech Day (2015/03/11) DNS
Akamai Korea - Tech Day (2015/03/11) DNSAkamai Korea - Tech Day (2015/03/11) DNS
Akamai Korea - Tech Day (2015/03/11) DNSSangJin Kang
 
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]APNIC
 
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks
 
F5 Suite Whiteboard.pptx
F5 Suite Whiteboard.pptxF5 Suite Whiteboard.pptx
F5 Suite Whiteboard.pptxAdrianoSimao6
 
Risico op digitale bedreigingen maximaal verminderen - Bijdrage ASP4all voor ...
Risico op digitale bedreigingen maximaal verminderen - Bijdrage ASP4all voor ...Risico op digitale bedreigingen maximaal verminderen - Bijdrage ASP4all voor ...
Risico op digitale bedreigingen maximaal verminderen - Bijdrage ASP4all voor ...ASP4all
 
F5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitecturePeter Silva
 

Similar to F5 Networks Intelligent DNS Scale (20)

PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS ServicesPLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
 
Building Resilient Applications with Cloudflare DNS
Building Resilient Applications with Cloudflare DNSBuilding Resilient Applications with Cloudflare DNS
Building Resilient Applications with Cloudflare DNS
 
Denial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider Overview
 
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS ProtectionPLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
 
Ultra Dns Overview Presentation
Ultra Dns Overview PresentationUltra Dns Overview Presentation
Ultra Dns Overview Presentation
 
DNS Made Easy Sales Brochure
DNS Made Easy Sales BrochureDNS Made Easy Sales Brochure
DNS Made Easy Sales Brochure
 
Spider & F5 Round Table - Application Centric Security
Spider & F5 Round Table - Application Centric SecuritySpider & F5 Round Table - Application Centric Security
Spider & F5 Round Table - Application Centric Security
 
F5 GOV Round Table - Application Centeric Security
F5 GOV Round Table - Application Centeric SecurityF5 GOV Round Table - Application Centeric Security
F5 GOV Round Table - Application Centeric Security
 
f5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdff5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdf
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS Protection
 
IT-as-a-Service - BlueCat @ NUBIT 2017
IT-as-a-Service - BlueCat @ NUBIT 2017IT-as-a-Service - BlueCat @ NUBIT 2017
IT-as-a-Service - BlueCat @ NUBIT 2017
 
150415 - Verisign Recursive DNS
150415 - Verisign Recursive DNS150415 - Verisign Recursive DNS
150415 - Verisign Recursive DNS
 
EfficientIP webinar mitigate dns zero day vulnerability
EfficientIP webinar mitigate dns zero day vulnerabilityEfficientIP webinar mitigate dns zero day vulnerability
EfficientIP webinar mitigate dns zero day vulnerability
 
F5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облакаF5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облака
 
Akamai Korea - Tech Day (2015/03/11) DNS
Akamai Korea - Tech Day (2015/03/11) DNSAkamai Korea - Tech Day (2015/03/11) DNS
Akamai Korea - Tech Day (2015/03/11) DNS
 
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
 
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
 
F5 Suite Whiteboard.pptx
F5 Suite Whiteboard.pptxF5 Suite Whiteboard.pptx
F5 Suite Whiteboard.pptx
 
Risico op digitale bedreigingen maximaal verminderen - Bijdrage ASP4all voor ...
Risico op digitale bedreigingen maximaal verminderen - Bijdrage ASP4all voor ...Risico op digitale bedreigingen maximaal verminderen - Bijdrage ASP4all voor ...
Risico op digitale bedreigingen maximaal verminderen - Bijdrage ASP4all voor ...
 
F5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference Architecture
 

More from F5 Networks

F5 Networks: The Internet of Things - Ready Infrastructure
F5 Networks: The Internet of Things - Ready InfrastructureF5 Networks: The Internet of Things - Ready Infrastructure
F5 Networks: The Internet of Things - Ready InfrastructureF5 Networks
 
F5 Networks Threat Analysis: Madness
F5 Networks Threat Analysis: MadnessF5 Networks Threat Analysis: Madness
F5 Networks Threat Analysis: MadnessF5 Networks
 
Scaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer ApproachScaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer ApproachF5 Networks
 
An Evolving Threat Needs an Evolved Defense (F5 Networks Infographic)
An Evolving Threat Needs an Evolved Defense (F5 Networks Infographic)An Evolving Threat Needs an Evolved Defense (F5 Networks Infographic)
An Evolving Threat Needs an Evolved Defense (F5 Networks Infographic)F5 Networks
 
The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)F5 Networks
 
DNS: Challenges in a Changing Landscape (Infographic)
DNS: Challenges in a Changing Landscape (Infographic)DNS: Challenges in a Changing Landscape (Infographic)
DNS: Challenges in a Changing Landscape (Infographic)F5 Networks
 
BIG-IP 4200v Hardware Platform
BIG-IP 4200v Hardware PlatformBIG-IP 4200v Hardware Platform
BIG-IP 4200v Hardware PlatformF5 Networks
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence ServiceF5 Networks
 

More from F5 Networks (8)

F5 Networks: The Internet of Things - Ready Infrastructure
F5 Networks: The Internet of Things - Ready InfrastructureF5 Networks: The Internet of Things - Ready Infrastructure
F5 Networks: The Internet of Things - Ready Infrastructure
 
F5 Networks Threat Analysis: Madness
F5 Networks Threat Analysis: MadnessF5 Networks Threat Analysis: Madness
F5 Networks Threat Analysis: Madness
 
Scaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer ApproachScaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer Approach
 
An Evolving Threat Needs an Evolved Defense (F5 Networks Infographic)
An Evolving Threat Needs an Evolved Defense (F5 Networks Infographic)An Evolving Threat Needs an Evolved Defense (F5 Networks Infographic)
An Evolving Threat Needs an Evolved Defense (F5 Networks Infographic)
 
The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)
 
DNS: Challenges in a Changing Landscape (Infographic)
DNS: Challenges in a Changing Landscape (Infographic)DNS: Challenges in a Changing Landscape (Infographic)
DNS: Challenges in a Changing Landscape (Infographic)
 
BIG-IP 4200v Hardware Platform
BIG-IP 4200v Hardware PlatformBIG-IP 4200v Hardware Platform
BIG-IP 4200v Hardware Platform
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence Service
 

Recently uploaded

RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 

Recently uploaded (20)

RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 

F5 Networks Intelligent DNS Scale

  • 1. Peter Silva Sr. Technical Marketing Manager F5 Intelligent DNS Scale
  • 2. © F5 Networks, Inc 2 LOWERS Stress of DNS outages REDUCES Data center costs DIRECTS Customers to the best data center or cloud PROTECTS Web properties and Brand reputation IMPROVES Web application performance Intelligent and scalable DNS
  • 3. © F5 Networks, Inc 3 Internet foundation? DNS DNS DEMANDS WHEN DNS BREAKS, EVERYTHING BREAKS DOMAIN NAME SYSTEM (DNS) Translates a domain name… http://www.google.com into an IP address: 74.125.227.64 (IPv4) http://www.f5.com = 2001:19b8:101:2::f5f5:1d (IPv6) More people Mobile devices/apps Complex sites Increased latency Cloud implementation s IPv6 added to IPv4 DDoS attacks
  • 4. © F5 Networks, Inc 4 DNS demand Available and protected AVERAGE DAILY LOAD FOR DNS (TLD) QUERIES IN BILLIONS DNSSEC DEPLOYMENT EXPANDING TYPICAL FOR A SINGLE WEB PAGE TO CONSUME 100+ DNS QUERIES FROM ACTIVE CONTENT, ADVERTISING, AND ANALYTICS ATTACKS ON DNS BECOMING MORE COMMON; DNS SERVICES MUST BE ROBUST GLOBAL MOBILE DATA (4G/LTE) IS DRIVING THE NEED FOR FAST, AVAILABLE DNS DISTRIBUTED, AVAILABLE, HIGH- PERFORMANCE GSLB FOR MULTIPLE DATA CENTERS ’12’11’10’09’08 77 57 39 43 50 18X Growth 2011-2016 4G LTE 2.4GB /mo Non-4G LTE 86MB /mo Reflection/amplification DDoS Cache poisoning attacks Drive for DNSSEC adoption Total service availability Geographically dispersed DCs DNS capacity close to subscribers
  • 5. © F5 Networks, Inc 5 Critical: DNS 5SECONDS 74% are willing to wait 5 seconds or less for a single web page to load before leaving the site Every 100ms delay costs Amazon.com 1% in sales 2012 2007 DNS has grown over 100% in the last 5 years 2012 2007 180% As of October 2012, there were over 188 million active websites, a growth of 180% over the last 5 years
  • 6. © F5 Networks, Inc 6 DNS Deployments • Performance = Add DNS boxes • Weak DoS/DDoS Protection • Firewall is THE bottleneck • Massive performance over 10M RPS! • Best DoS/DDoS protection • Lower CapEx and OpEx CONVENTIONAL DNS THINKING F5 DNS DELIVERY REIMAGINED Internet External Firewall DNS Load Balancing Array of DNS Servers Internal Firewall Hidden Master DNS Authoritative DNS Caching Resolver Transparent Caching DNS Firewall DNS DDoS Protection Protocol Validation High Performance DNSSEC DNSSEC Validation Intelligent GSLB DMZ Datacenter F5 PARADIGM SHIFT Internet Master DNS InfrastructureBIG-IP Global Traffic Manager
  • 7. © F5 Networks, Inc 7 True DNS Costs HIGHER OPEX DUE TO MAINTENANCE BIND by the numbers • 340 updates since 2004 • 84 issued patches for vulnerabilities and bugs • 9 patches a year for DNS COMPANIES DEPLOY FIREWALLS TO PROTECT DNS But traditional firewalls don’t process DNS, so a vulnerability can still be exploited on the DNS server. 0 10 20 30 40 50 60 9.0 9.1 9.2 9.3 9.4 9.5 9.6 9.7 9.8 9.9 BIND HISTORY Total updates, including beta, release candidates Critical patches for vulnerabilities Numberofupdatesissued BIND Version F5 DNS Authoritative Model Traditional DNS Authoritative Topology Total in year 1: $355,280 Total in year 2 onwards: $55,280 Total in year 1: $799,200 Total in year 2 onwards: $439,200
  • 8. © F5 Networks, Inc 8 Optimized DNS Easy integration into existing DNS infrastructure for high availability and security Support over 10 million DNS responses per second (RPS) Manageable and predictable data center utilization Authoritative Zone Transfer Legitimate Visitors Context based on geographical location Tier 1: DMZ Cache Poisoning DNS DDoS Attacks Web Bot Attacker Tier 2: Application Delivery Application SaaS Cloud Providers Distributed DNS IP Intelligence Threat Intelligence DNSSEC IP Geolocation DNS DDoS Protection PaaS IaaS Application Health Authoritative DNS TCP Port 80/443 Strategic Point of Control Intelligent and Scalable DNS Services Primary DNS TCP/UDP Port 53 LDNS
  • 9. © F5 Networks, Inc 9 Answer DNS Query Answer DNS Query Answer DNS Query Answer DNS Query Answer DNS Query Efficient DNS DNS Express • Delivers High-speed response & DDoS protection with in-memory DNS. • Authoritative DNS served out of RAM. • Configuration size for tens of millions of records. • Scale and consolidate DNS servers. Clients Internet DNS Express in BIG-IP GTM DNS Server OS Admin Auth Roles NIC Dynamic DNS DHCP Manage DNS Records
  • 10. © F5 Networks, Inc 10 Benefits of BIG-IP Integration Simply and efficiently manage complex networks using one ADC solution. Route users to available apps and data centers based on business logic. Use the same geolocation data to reference for all BIG-IP devices. Constantly monitor health between devices.
  • 11. © F5 Networks, Inc 11 Replicate High Performance DNS • Cloud DNS service with signed DNSSEC zones — Replicate DNSSEC to non-DNSSEC environments • Cloud DNS for disaster recovery / business continuity • DNS replication service to BIG-IPs or other DNS servers in DCs/Clouds closest to users BIG-IP Unsigned Zone(s) Traditional DNS Server Signed Zone(s ) Cloud DNS (BIG-IP VE) Enhanced AXFR Support for DNS Express • Zone transfer from DNS Express to any DNS service • Replicate DNS in physical, virtual, and cloud • NOTIFY is supported, as is TSIG key for each zone Cloud DNS Service High Performance DNS and DNSSEC Scenario Soluition Replicate Zones DNS Express
  • 12. © F5 Networks, Inc 12 Complete DNS • Protocol inspection and validation • DNS record type ACL • DNS load balancing • High-performance DNS cache • Higher-performance DNS slave • Stateful – never accepts unsolicited responses • ICSA Certified – DMZ deployment Scale across devices – IP Anycast • Secure responses – DNSSEC • Complete DNS control – iRules • DDoS threshold alerting • DNS logging and reporting • Hardened F5 DNS code – NOT BIND F5 DNS FIREWALL SERVICES DMZClients LDNS Internet DNS Firewall in BIG-IP GTM Data Center DNS Servers Apps
  • 13. © F5 Networks, Inc 13 The DNS value Scalable up to 20x 0 3 6 Low Query Query Growth Query Spike Query Decline Max DNS Complete DNS control Access Denied: Denial-of-service mitigation
  • 14. © F5 Networks, Inc 14 The DNS value Support client requests and consolidate IT IPv6 to IPv4 Secure DNS query responses http://f5.com Route based on geolocation
  • 15. © F5 Networks, Inc 15 DNS services are a primary reason we went with F5 for our infrastructure… With BIG-IP products, we were able to deploy leading functionality with an exceptional reduction in latency from the new DNS caching and resolving capabilities. — Oktay Yavuz Bora Senior Network Engineer, Turk Telekom
  • 16. © F5 Networks, Inc 16 Intelligent DNS that Scales • Scale and manage DNS and apps globally • Improve application performance and availability • Robust, Flexible and Secure DNS Infrastructure • Mitigate DNS DDoS Attacks • Support hybrid IP Environments • Complete DNS Security
  • 17. © F5 Networks, Inc 17 Intelligent means that your BIG-IP device, based on the context of the request (like location or reputation), can determine if the query is valid Scale means that your BIG-IP device will be able to handle any surge of DNS queries, keeping your applications available for your customers The F5 Intelligent DNS Scale reference architecture helps protect your brand and grow your business
  • 18. © F5 Networks, Inc 18 The F5 Intelligent DNS Scale Reference Architecture f5.com/architectures Explore

Editor's Notes

  1. Imagine how much you’d use the internet if you had to remember dozens of number combinations to do anything. Developed in 1983, the Domain Name System or DNS translates the names people type into a browser into an IP address so the requested service can be found on the internet. It is one of the most important plumbing components for a functioning internet. So welcome to F5’s Intelligent DNS Scale story, I’m Peter Silva.
  2. An intelligent and scalable DNS infrastructure improves performance of the web application, directs customers to the best performing data center, protects not only the web properties but also the brand reputation. It also reduces not only data center costs but also the administrator’s stress in dealing with DNS.
  3. DNS is the foundation for the internet – akin to air and water for humans. We just expect it to be available, to always work and we really do not think about it until it doesn’t work…until it breaks….until we can’t resolve a website. DNS is critical for any human/internet interaction. Today, there are more demands than ever on DNS and it’s only going to get worse. With the upcoming Internet of Things or the Internet of Everything – where household items like your refrigerator, toaster, even toilet are connected – all of these will require a DNS entry and DNS will have many more things to resolve. BUT, When DNS breaks, everything breaks.
  4. Today’s websites are more complex, requiring many more DNS queries. Every icon, URL, link, image, object and all embedded content on a web page requires a DNS lookup. Loading complex sites may require hundreds of DNS queries and even simple smartphone apps can require numerous DNS queries just to load. In the last five years, the volume of DNS queries on for .com and .net addresses has more than doubled, increasing to an average daily query load of 77 billion in the fourth quarter of 2012*. More than six million domain names were added to the Internet in the fourth quarter of 2012. Future growth is expected to occur at an even faster pace. DNS scale becomes a critical issue when dealing with millions of service names and IP addresses. Also, You might not realize that DNS is the second most attacked protocol after http. Organizations such as twitter, nyt, network solutions and comcast all have had DNS attacks and outages over the last year. Notes: TLD numbers are for Verisign’s TLD servers. Traffic has doubled since 2008 (more now in 2013). Especially interesting since this is just for a TLD DNS service. This is the traffic that gets to a TLD after caching by ISPs! Point to make about 4G/LTE rollout is that there’s little point to having faster data speeds if the DNS latency and throughput aren’t in place to allow the user to experience those new data rates. On DDoS, especially for enterprises or ISPs that host, is that although you may not need ultra-high performance for “normal” DNS traffic loads, you will need it to absorb attacks. UDP, on which DNS is based, does not have identity. Spoofing is common. So mitigation techniques to identify real versus malicious actors actually consume more bandwidth than just answering the query. Of course, F5 performs copious checks on incoming DNS to qualify all requests and only responds to query types or responses that it is responsible for. Today’s websites are more complex, requiring many more DNS queries. Every icon, URL, and all embedded content on a web page requires a DNS lookup. Loading complex sites may require hundreds of DNS queries and even simple smartphone apps can require numerous DNS queries just to load. In the last five years, the volume of DNS queries on for .com and .net addresses has more than doubled, increasing to an average daily query load of 77 billion in the fourth quarter of 2012*. More than six million domain names were added to the Internet in the fourth quarter of 2012. Future growth is expected to occur at an even faster pace. DNS scale becomes a critical issue when dealing with millions of service names and IP addresses. Notes: TLD numbers are for Verisign’s TLD servers. Traffic has doubled since 2008 (more now in 2013). Especially interesting since this is just for a TLD DNS service. This is the traffic that gets to a TLD after caching by ISPs! Point to make about 4G/LTE rollout is that there’s little point to having faster data speeds if the DNS latency and throughput aren’t in place to allow the user to experience those new data rates. On DDoS, especially for enterprises or ISPs that host, is that although you may not need ultra-high performance for “normal” DNS traffic loads, you will need it to absorb attacks. UDP, on which DNS is based, does not have identity. Spoofing is common. So mitigation techniques to identify real versus malicious actors actually consume more bandwidth than just answering the query. Of course, F5 performs copious checks on incoming DNS to qualify all requests and only responds to query types or responses that it is responsible for.
  5. There are many reasons why DNS requirements are growing. Over the last 5 years, there has been a 180% growth of active websites, 230% growth in active users, a 22% growth in software applications and 100% growth in DNS queries. Add to that, we are very impatient – 74% are willing to wait 5 seconds, nearly 60% of web users say they expect a website to load on their mobile phone in 3 seconds or less. 1 mississippi, 2 mississippi, 3 mississippi – that’s it, on to the next site. Organizations are experiencing rapid growth in terms of applications and the volume of traffic accessing those applications. DNS failures account for almost half - 41% of web infrastructure downtime. According to a survey by the Aberdeen Group, organizations lose an average of $138,000 for every hour their data centers are down*. There are real costs and loss involved when DNS does not respond. Downtime has an impact on visiting customers, can lead to loss of revenue and can also impact employees trying to access their corporate resources. “Nearly 60% of web users say they expect a website to load on their mobile phone in 3 seconds or less and 74% are willing to wait 5 seconds or less for a single web page to load before leaving the site.” – Compuware report, “What Users Want from Mobile,” July 2011 Every 100ms delay costs Amazon 1% in sales. – Greg Lindon, Amazon DNS growth stats attached (100%+ growth in last 5yrs.)  https://investor.verisign.com/releaseDetail.cfm?ReleaseID=591560 188M+ active websites (180%+ growth in last 5 yrs.) http://news.netcraft.com/ Active users = 230% Growth last 5 years. 566% growth in last 12 years. http://www.internetworldstats.com/stats.htm http://slideshow.techworld.com/3363475/ipv6--why-we-need-new-internet-protocol/8/ Global software spending forecast from 2005 to 2015. Statista http://www.statista.com/statistics/203964/global-software-spending-forecast/ Software apps grew at 8.9% in 2011 and 7.7% in 2010. http://www.gartner.com/id=1969315 The Internet and its endless challenges keep growing. Over the last 5 years, there has been a 180% growth of active websites, 230% growth in active users, a 22% growth in software applications and 100% growth in DNS queries. Add to that, nearly 60% of web users say they expect a website to load on their mobile phone in 3 seconds or less. Organizations are experiencing rapid growth in terms of applications and the volume of traffic accessing those applications. And if customers can’t get to your content, they’ll go elsewhere because the next app is just a click away. DNS failures account for 41% of web infrastructure downtime so organizations must keep their DNS available. According to a survey by the Aberdeen Group, organizations lose an average of $138,000 for every hour their data centers are down*. Downtime has an impact on visiting customers, can lead to loss of revenue and can also impact employees trying to access their corporate resources. “Nearly 60% of web users say they expect a website to load on their mobile phone in 3 seconds or less and 74% are willing to wait 5 seconds or less for a single web page to load before leaving the site.” – Compuware report, “What Users Want from Mobile,” July 2011 Every 100ms delay costs Amazon 1% in sales. – Greg Lindon, Amazon DNS growth stats attached (100%+ growth in last 5yrs.)  https://investor.verisign.com/releaseDetail.cfm?ReleaseID=591560 188M+ active websites (180%+ growth in last 5 yrs.) http://news.netcraft.com/ Active users = 230% Growth last 5 years. 566% growth in last 12 years. http://www.internetworldstats.com/stats.htm http://slideshow.techworld.com/3363475/ipv6--why-we-need-new-internet-protocol/8/ Global software spending forecast from 2005 to 2015. Statista http://www.statista.com/statistics/203964/global-software-spending-forecast/ Software apps grew at 8.9% in 2011 and 7.7% in 2010. http://www.gartner.com/id=1969315
  6. When a visitor requests a website, it first goes to their local DNS server – typically the dsl or cable modem at the edge of your home network. If your ISP knows where to find the website, maybe it’s cached, it’ll return the answer and tell the browser where to go. If not, then the query has to go back to the primary DNS server handling the record to then get the answer. That’s all fine and dandy and typically works well…until there is a serge in DNS traffic. It could be some media event, a rush of visitors or…it could be malicious activity. Generally, organizations have a set of DNS servers, each one capable of handling up to 150,000 to 200,000 DNS queries per second. If traffic spikes due to normal operations or if an attacker is sending a lot of DNS query requests by nefarious means, it might be more than what the DNS servers can handle. The DNS server stops responding and sites are unavailable, unreachable, or completely offline. Currently, organizations must add costly DNS infrastructure to address spikes in DNS requests but are not really needed during normal business operations. In addition, DNS servers must also be patched frequently for newfound vulnerabilities. On top of all that, organizations might have firewalls to protect the DNS servers and those could become a bottleneck depending on the traffic spike. Instead, put BIG-IP in that sweet spot. The F5 Intelligent DNS Scale reference architecture is leaner, faster, and more secure on top of offering massive performance. BIG-IP can handle over 10 million query RPS; that’s 123 requests per day from every person on earth. Additionally, it offers unmatched DNS D/DoS protection and since BIG-IP is ICSA firewall certified, organizations can collapse multiple firewall tiers in the DMZ. Less equipment to purchase, manage and support. Plus, BIG-IP offers easy DNS management that integrates with your existing infrastructure. Error checking, auto population of protocols, and importation of zones help eliminate any downtime from DNS errors. The customer benefits from an ultra-high performance solution which incorporates a firewall and DNS services. Unlike the conventional model, it does not suffer from firewall bottlenecks. The F5 solution scales, in a single box, to 20M query RPS. This results in much lower OpEx and CapEx while delivering much higher performance and protection.
  7. About 80% of DNS deployments today are done with BIND. BIND is an open-source project maintained by Internet Systems Consortium (ISC) and the software is free. It still needs a server and operating system to run on, however, along with any maintenance, updates, rack space and so forth. ISC is a non-profit organization with a for-profit consulting arm called DNS-CO, which offers five levels of subscription that range from $10,000 to $100,000 annually. Despite its popularity, BIND requires significant maintenance multiple times a year primarily due to vulnerabilities, patches, and upgrades, averaging about 9 patches a year. Many organizations do not keep current with patching thus their DNS systems could be vulnerable. What’s the risk to the business if DNS is not working? In addition, BIND typically scales to only 50,000 responses per second (RPS), making it vulnerable to both legitimate and malicious DNS surges. You can see the cost savings both initially and ongoing for a very large enterprise. Even though BIND is free, there are certainly personnel, maintenance, datacenter, support, management and other costs that an organization can incur.
  8. The F5 Intelligent DNS Scale reference architecture also helps keep your content and applications available by responding to DNS queries from the edge of the network in the DMZ, rather than from deep within your critical infrastructure. When you offload DNS responses to the BIG-IP platform, no request reaches the back end of your network, which greatly increases your ability to scale and respond to DNS surges along with protecting your DNS infrastructure. There is less risk to those back end applications and much higher performance. Organizations can add DNSSEC to secure their domain name along with IP Intelligence to automatically block known malicious networks. Built in protocol validation also helps ensure proper DNS requests are made. It’s not just public websites that need DNS, it’s also internal systems like exchange that need name resolution. DNS is required on a network in order to find basic services such as fileservers and clients and to identify assets by name. By increasing the speed, availability, scalability, and security of your DNS infrastructure, the F5 Intelligent DNS Scale reference architecture ensures that your customers—and your employees—can access your critical web, application, and database services whenever they need them. Instead of worrying about DNS outages and purchasing additional DNS infrastructure to combat surges, simply place BIG-IP in front of your primary DNS server. It’s a full DNS server and handles requests on behalf of your main DNS server.
  9. The architecture of the F5 Intelligent and Scalable DNS services is optimized by the specifically designed DNS Express query response module. DNS Express manages authoritative DNS queries by transferring zones to its own RAM. The primary DNS server tells BIG-IP, ‘You are authoritative and you answer the query.’ In this architecture, F5 DNS Services only has to open the DNS query packet once, as long as the request is for an address that is in the zone that was transferred to DNS Express. Since it is served out of RAM, it is instantaneous. DNS Express simplifies a single processing instance of the DNS query to significantly improve the performance of an organization’s DNS infrastructure. With DNS Express, each individual core of each BIG-IP device can answer approximately 125,000 to 200,000 requests per second, scaling up to 10 million query RPS. This can be over 12X the capacity of what a typical primary DNS server can handle. This gives F5 customers a unique opportunity to scale dramatically to DNS query responses. BIG-IP GTM is a full DNS server and handles requests on behalf of the main DNS server.
  10. 10
  11. Just under half of the internet (47 percent) remains insecure insofar as many top level domains (TLDs) have failed to sign up to use domain name system security extensions (DNSSEC), including intensive internet using countries such as Italy (.it), Spain (.es) and South Africa (.za), leaving millions of internet users open to malicious redirect to fake websites, reports Ultra Electronics AEP.  
  12. BIG-IP GTM can be configured as a full proxy for global load balancing applications and DNS across architectures—and across the globe. For greater flexibility, you can use BIG-IP GTM Virtual Edition (VE) to extend DNS services and global app availability to cloud or virtual environments and maintain centralized control within the data center. Your revenue and your brand are protected Use the same IP address for multiple devices Geographically separate the DNS request load for all requests Scale DNS infrastructure up and out per number of BIG-IP devices
  13. DNS is the internet’s phonebook and essential for every web property on the internet. It helps people find your web presence. It helps websites deliver the content you want visitors to see. If DNS is slow, then you entire infrastructure is slow and your bounce rate jumps. If your website takes longer than 3 seconds to load, you are losing revenue. If your DNS is attacked, then your web presence is severely limited. If your DNS cannot scale, then you cannot accommodate additional visitors. If your DNS is compromised, then your brand suffers. If DNS doesn’t work, you lose revenue. If you have an antiquated DNS infrastructure, you’re spending too much money and putting the business at risk. If people cannot find you, they will go somewhere else.
  14. If your DNS is resilient, people will find you. If people can find you, they will engage. If they engage, your brand gets exposure. If your web properties respond quickly, people are more likely to stay. If people stay, business will grow. F5 Intelligent and Scalable DNS Services can help protect your brand and grow your business.
  15. F5 DNS Services are crucial http://www.f5.com/about/news/press/2012/20120625b/
  16. Read slide