2. 223 / 10 / 2012Josep Bardallo
Internet Systems
The interconnection system we call the Internet comprises some
37,000 ‘Autonomous Systems’ or ASes (ISPs or similar entities) and
355,000 blocks of addresses (addressable groups of machines),
spread around the world (2H2011)
3. 323 / 10 / 2012Josep Bardallo
World Data Centers
4. 423 / 10 / 2012Josep Bardallo
Internet Datacenter needs
7. 723 / 10 / 2012Josep Bardallo
Internet Vulnerability to power outages
The system is critically dependent on electrical
power.
8. 823 / 10 / 2012Josep Bardallo
Internet Datacenter Levels
Tier I data centers are the most basic tier of data center with a
single uplink serving all components and the resident computer
equipment. This means the computer equipment at this site lacks
any sort of redundant capacity components hence becoming more
susceptible to disruption if any component or capacity system were
to fail unexpectedly. Furthermore, Tier 1 data centers can potentially
experience more frequent disruptions of service for annual
maintenance. Uptime of 99,671%
Tier II data center meets the standards for Tier I classification and
has redundant capacity components and a single (N+1), non-
redundant distribution path serving the computer components.
Uptime of 99,741%
9. 923 / 10 / 2012Josep Bardallo
Internet Datacenter Levels
Tier III has both redundant capacity components and multiple,
independent distribution paths to serve the resident computer
equipment. The components are dual-powered with multiple uplinks,
allowing maintenance to occur without disrupting the system.
Uptime of 99,982%
Tier IV is the strongest tier and least prone to failures. It is fully
fault-tolerant with multiple, independent and isolated systems
serving the computer equipment. Dual power sources and cooling
systems help to maintain the integrity of the equipment in the event
of any failure. With compartmentalized systems, a single unexpected
failing of any system component will not impact the computer
equipment. Furthermore, the system will independently respond to
the failure as a means of preventing equipment damage. As with the
Tier III data center, maintenance work can be carried out without
shutting down the system or impacting on operations. Uptime of
99,995
11. 1123 / 10 / 2012Josep Bardallo
Certified Datacenters in the World
http://uptimeinstitute.com/TierCertification/certMaps.php
12. 1223 / 10 / 2012Josep Bardallo
Converged Datacenters
Converged Data Centers are in the class of modular data centers
(complete, preconfigured data centers shipped and ready to go in
comprehensive shipping containers) that expedite deployment and
increase efficiency.
Samples: HP Performance Optimized Datacenters (PODs) are
datacenters in portable 20 or 400 foot energy efficient containers or
Colt modular datacenter.
13. 1323 / 10 / 2012Josep Bardallo
Converged Data Center
14. 1423 / 10 / 2012Josep Bardallo
Services More used in Internet (application layer)
Http / Https (Web)
Dns (Domain Name Server)
Smtp (Mail)
Sip/voIP
IRC (Chat) & IM services (Instant Messaging)
15. 1523 / 10 / 2012Josep Bardallo
Domain Name Registrant and Registrar
A domain name registrar is an organization or commercial entity
that manages the reservation of Internet domain names. A domain
name registrar must be accredited by a generic top-level
domain (gTLD) registry and/or a country code top-level
domain (ccTLD) registry. The management is done in accordance
with the guidelines of the designated domain name registries and to
offer such services to the public.
List of accredited registrars:
http://www.icann.org/registrar-reports/accredited-list.html
18. 1823 / 10 / 2012Josep Bardallo
Domain Name Registratant
The management and distribution of both generic and country code
Top Level Domains (TLD) is handled by Registries. For example, the
Canadian Internet Registration Authority (CIRA) is responsible for
operating the ".ca" ccTLD and VeriSign Global Registry Services
manages the operation of the ".com" and ".net" gTLDs.
Currently, there are 17 generic TLDs operated by various Registries.
There are various restrictions on who may obtain a specific gTLD.
There are 247 country code TLDs. The requirements for obtaining
ccTLD vary from country to country.
.es is the country code top-level domain (ccTLD) for Spain. It is
administered by the Network Information Centre of Spain :
http://www.nic.es
19. 1923 / 10 / 2012Josep Bardallo
Domain Name Registratant
20. 2023 / 10 / 2012Josep Bardallo
Domain Name Registratant
21. 2123 / 10 / 2012Josep Bardallo
Domain Name Registratant
Domain names are generally distributed by Registrars to Registrants,
who can be individuals or organizations. The Registrar keeps records
of the Registrants' contact information, submits the technical
information to the Registry and publishes the contact information of
Registrants through WHOIS.
Registrants may also obtain domain names through Resellers.
Resellers are organizations are not certified as a Registrar, but
instead act as an intermediary between the Registrant and the
Registrar. Typically, Resellers offer value added services, such as
web hosting, URL forwarding, email forwarding, and search engine
listing.
23. 2323 / 10 / 2012Josep Bardallo
Domain Name Registratant
.es is the country code top-level domain (ccTLD) for Spain. It is administered by the Network Information Centre of Spain.
http://www.nic.es
26. 2623 / 10 / 2012Josep Bardallo
DNS: Domain Name Server
A name server translates domain names into IP addresses. This
makes it possible for a user to access a website by typing in the
domain name instead of the website's actual IP address. For
example, when you type in "www.microsoft.com," the request gets
sent to Microsoft's name server which returns the IP address of the
Microsoft website.
RFC 1034 (www.ietf.org): DOMAIN NAMES - CONCEPTS AND
FACILITIES. This RFC introduces domain style names, their use for
Internet mail and host address support, and the protocols and
servers used to implement domain name facilities.
27. 2723 / 10 / 2012Josep Bardallo
DNS: Domain Name Server
Each domain name must have at least two name servers listed when
the domain is registered. These name servers are commonly named
ns1.servername.com and ns2.servername.com, where "servername"
is the name of the server. The first server listed is the primary
server, while the second is used as a backup server if the first server
is not responding.
Name servers are a fundamental part of the Domain Name System
(DNS). They allow websites to use domain names instead of IP
addresses, which would be much harder to remember. In order to
find out what a certain domain name's name servers are, you can
use a WHOIS lookup tool.
28. 2823 / 10 / 2012Josep Bardallo
DNS purpose
The purpose of the DNS is to enable Internet applications and their
users to name things that have to have a globally unique name. The
obvious benefit is easily memorizable names for things like web
pages and mailboxes, rather than long numbers or codes. Less
obvious but equally important is the separation of the name of
something from its location. Things can move to a totally different
location in the network fully transparently, without changing their
name. www.isoc.org can be on a computer in Virginia today and on
another computer in Geneva tomorrow without anyone noticing.
In order to achieve this separation, names must be translated into
other identifiers which the applications use to communicate via the
appropriate Internet protocols.
30. 3023 / 10 / 2012Josep Bardallo
DNS Flow
A DNS recursor consults three nameservers to resolve the address
www.wikipedia.org.
31. 3123 / 10 / 2012Josep Bardallo
DNS working
Let's look at what happens when you send a mail message to me at
daniel.karrenberg@ripe.net. A mail server trying to deliver the
message has to find out where mail for mailboxes at 'ripe.net' has to
be sent. This is when the DNS comes into play.
Let us follow the DNS query starting from your computer. Your
computer knows the address of a nearby DNS "caching server" and
will send the query there. These caching servers are usually
operated by the people that provide Internet connectivity to you.
This can be your Internet Service Provider (ISP) in a residential
setting or your corporate IT department in an office setting. Your
computer may learn the address of the available caching servers
automatically when connecting to the network or have it statically
configured by your network administrator.
32. 3223 / 10 / 2012Josep Bardallo
DNS working
When the query arrives at the caching server there is a good chance
that this server knows the answer already because it has
remembered it, "cached" in DNS terminology, from a previous
transaction. So if someone using the same caching server has sent
mail to someone at 'ripe.net' recently, all the information that is
needed will already be available and all the caching server has to do
is to send the cached answers to your computer. You can see how
caching speeds up responses to queries for popular names
considerably. Another important effect of caching is to reduce the
load on the DNS as a whole, because many queries do not go
beyond the caching servers.
If the caching server does not find the answer to a query in its
cache, it has to find another DNS server that does have the answer.
In our example it will look for a server that has answers for all
names that end in 'ripe.net'. In DNS terminology such a server is
said to be "authoritative" for the "domain" 'ripe.net'.
33. 3323 / 10 / 2012Josep Bardallo
DNS working
In many cases our caching server already knows the address of the
authoritative server for 'ripe.net'. If someone using the same
caching server has recently surfed to 'www.ripe.net', the caching
server needed to find the authoritative server for 'ripe.net' at that
time and, being a caching server, naturally it cached the address of
the authoritative server.
So the caching server will send the query about the mail servers for
'ripe.net' to the authoritative server for 'ripe.net', receive an answer,
send that answer through to your computer and cache the answer as
well.
Note that so far only your caching server and the authoritative
server for 'ripe.net' have been involved in answering this query.
34. 3423 / 10 / 2012Josep Bardallo
Root name servers
Root name server: They are part of the Domain Name System
(DNS), a worldwide distributed database that is used to translate
worldwide unique domain names such as www.isoc.org to other
identifiers. The DNS is an important part of the Internet because it is
used by almost all Internet applications.
Root name server operators selected by IANA (Internet Assigned
Numbers Authority)
The root name servers publish the root zone file to other DNS
servers and clients on the Internet. The root zone file describes
where the authoritative servers for the DNS top-level domains (TLD)
are located; in other words: which server one has to ask for names
ending in one of 267 (September 2007) TLDs, such as ORG, NET, NL
or AU.
more than 130 locations in 53 countries, most of them outside the
United States of America
35. 3523 / 10 / 2012Josep Bardallo
Root Name Servers in the world
36. 3623 / 10 / 2012Josep Bardallo
Root name Servers (www.root-servers.org)
There currently are 12 organizations providing root name service at 13
unique IPv4 addresses. They are:
A - VeriSign Global Registry Services
B - University of Southern California - Information Sciences Institute
C - Cogent Communications
D - University of Maryland
E - NASA Ames Research Center
F - Internet Systems Consortium, Inc.
G - U.S. DOD Network Information Center
H - U.S. Army Research Lab
I - Autonomica/NORDUnet
J - VeriSign Global Registry Services
K - RIPE NCC
L - ICANN
M - WIDE Project
37. 3723 / 10 / 2012Josep Bardallo
DNS HA
To ensure high availability the DNS has multiple servers all with the same
data. To get around the problem of the local caching server not being
available your computer usually has a number of them configured from which
it can choose. This way one can make sure that there always is a caching
server available. But how about the authoritative servers?
To improve availability of authoritative name servers there always are a
number of them for each domain. In our example of 'ripe.net' there are five
of them, three of which are in Europe, one in North America and one in
Australia.
ripe.net. 172800 IN NS ns.ripe.net.
ripe.net. 172800 IN NS ns2.nic.fr.
ripe.net. 172800 IN NS sunic.sunet.se.
ripe.net. 172800 IN NS auth03.ns.uu.net.
ripe.net. 172800 IN NS munnari.OZ.AU.
38. 3823 / 10 / 2012Josep Bardallo
Root name Servers
The RIPE NCC operates k.root-servers.net, one of the 13 Internet root name
servers. The K-root service is provided by a set of distributed nodes using
IPv4 and IPv6 anycast. Each node announces prefixes from 193.0.14.0/23 in
AS25152. A K-root node consists of a cluster of server machines running the
NSD name server software. (k.root-servers.org). The RIPE NCC is a not-for-
profit membership association under Dutch law
40. 4023 / 10 / 2012Josep Bardallo
Domain Name Servers vulnerability
21/10/2002: A coordinated DDoS (distributed denial of service) attack was
launched at approximately 2045UTC and lasted until approximately 2200UTC.
All thirteen (13) DNS root name servers were targeted simultaneously.
Attack volume was approximately 50 to 100 Mbits/sec (100 to 200 Kpkts/sec)
per root name server, yielding a total attack volume was approximately 900
Mbits/sec (1.8 Mpkts/sec). Some root name servers were unreachable from
many parts of the global Internet due to congestion from the attack traffic
delivered upstream/nearby. While all servers continued to answer all queries
they received (due to successful overprovisioning of host resources), many
valid queries were unable to reach some root name servers due to attack-
related congestion effects, and thus went unanswered. No known report of
end-user visible error conditions.
Early in 2007, February, the 13 root servers were hit by a DoS attack
(originated in South Korea) that nearly took down three of them. Analysts
say the hackers' used possibly millions of zombie computers to wage the
attack -- and they expect that army is populated with the desktops and
laptops of unknowing users around the world. 20 hours. However, the other
root name servers, including the RIPE NCC managed K-root, kept the
Internet working during this time.
41. 41
Domain Name Servers Vulnerability
23 / 10 / 2012Josep Bardallo
10/9/2012: A lone hacker has claimed responsibility for an ongoing denial-of-service
attack that may have knocked out millions of websites hosted by world's largest domain
registrar GoDaddy. The attack began at around 10.00 Pacific time (17.00 GMT/18.00
BST) and appears to affect the registrar's DNS servers. Any site that is hosted with
GoDaddy could be affected, although as of 13.00 Pacific (20.00GMT/21.00BST) the
company reported that at least some service had been restored.
Web sites serviced by DNS and hosting provider Go Daddy were down for most of
today, but were back up later this afternoon. A hacker using the "Anonymous Own3r"
Twitter account claimed credit for the outage.
The problem could be affecting thousands, if not millions, of sites, given that Scottsdale,
Arizona-based Go Daddy is not only one of the biggest Web site hosters but also the
largest domain registrar. The Go Daddy site itself was accessible earlier today for CNET
but was down at last check. Twitter users were complaining that numerous sites hosted
by the company were inaccessible.