SlideShare a Scribd company logo

PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services

PROIDEA
PROIDEA

PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services

Internet
1 of 39
Download to read offline
Scale and Secure the Internet of Things with Intelligent DNS Services Nigel Ashworth Solution Architect F5 Networks 28th September 2015
© F5 Networks, Inc 2 • Drivers for the Internet of Things • Architecture changes • Security • Scale • Use cases – Internal and external • CapEx vs OpEx • Audits • Service chaining and DNS • GI Firewall / TCP optimisation / Rate management Agenda • User attributes • Parental control / contracts • White lists and filters • DDOS Attacks • Protocol Abuse • DNS Firewall • Not a Firewall for DNS • Reporting
Drivers
© F5 Networks, Inc 4 50 Billion Connected Devices 6 Billion Connected Devices 20202013 20182016 The Driving Force behind Device-Based Network and App Congestion
© F5 Networks, Inc 5 • Internet of Things needs scalable DNS services • Combination = 5 to 10 times Internet revolution • 10 billion devices in 2014 = 77 billion mobile apps • Ensure really fast connections and responses The Internet of Things and DNS
© F5 Networks, Inc 6 Connected Cars Connected Homes Connected Cities Wearables/Connected Devices/Utilities Surge in connected devices accessing SP networks Increasing connection rates (Connections per Sec) Spikes in application usage 50B connected devices worldwide by 2020 Surge in DNS queries DNS security vulnerabilities New advanced persistent threat vectors New DDoS attack vectors Network signaling spikes Diameter signaling storms IPv6 addressing requirements Lower ARPU per device Packet Core Gi-LAN Data Centers IMS Core Service Provider Challenges Implications for Service Providers Scaling the networks. End to end security. Profitable new services.
© F5 Networks, Inc 7 Connected Cars Wearables/Connected Devices/Utilities Surge in connected devices accessing SP networks Increasing connection rates (Connections per Sec) Spikes in application usage 50B connected devices worldwide by 2020 Packet Core Gi-LAN Data Centers IMS Core High Performance Hybrid Architectures Simpler Architecture / Network Flexibility Extensibility Virtualised Network Functions Scalable VNFs Virtual Software Editions • Scalable DNS • Load balancing • Network firewall • Application layer firewall • IPv6 routing • Carrier grade NAT • Traffic classification • Subscriber classification • Application awareness • Diameter routing • Protocol gateway • Policy enforcement Connected Homes Connected Cities Hybrid Architectures
Use cases
© F5 Networks, Inc 9 Mobile (e)NodeB SGW/SGSN MME Fixed Fixed Core Mobile Core BRAS DNS/GSLB GGSN/ PGW DNS Caching/ Resolvers Transparent Cache Internet Core Infrastructure DNS64 NAT64 Web Caching WAP Gateways Content Streaming DataPlaneControlPlane PCRF DNS Authoritative Local Zones Subscriber Management HSS/HLR DHCP Activation PKI CSCF Billing/Self Service Customer Portal IP Multimedia Subsystem (IMS) MGCF SBC DNS ENUM Infrastructure Authoritative DNS Auth. Local Zones LDNS Simplified and Consolidated DNS
© F5 Networks, Inc 10 • Intelligent DNS for Evolved Packet Core • Proactively monitor for service-level adherence • Enhanced subscriber experience • Robust, scalable portal and service access • Exponential DNS performance and DDoS security protection • Optimise global service delivery • Faster DNS for 3G/4G LTE • Enhanced performance through transparent cache • Caching resolver for server consolidation • Mitigate DNS threats by blocking malicious IPs Intelligent DNS and Global Service Optimisation LDNS Authoritative Infrastructure
Archiecture
© F5 Networks, Inc 12 Traditional Architectures will Buckle ... under the strain of increasing demand Data volumes double every 18 months Applications double every four years Source: IDC Directions, Battle for the Future of the Datacenter: The Role of Disaggregated Systems, March 2014 Forrester Consulting, April 2014 Customer populations four orders of magnitude larger than employee/partner
© F5 Networks, Inc 13
© F5 Networks, Inc 14
Firewall for DNS or a DNS Firewall ?
© F5 Networks, Inc 16
© F5 Networks, Inc 17 Anatomy of a DNS Firewall • IP Anycast • Pre filter • Packet inspection • Performance • Scaling resolution • DNSsec and Validation • Reporting and Automation • DNS Reputational Intelligence • DNS scrubbing • Hardware sizing • Certification
© F5 Networks, Inc 18 Anatomy of a DNS Firewall • IP Anycast • Pre filter • Packet inspection • Performance • Scaling resolution • DNSsec and Validation • Reporting and Automation • DNS Reputational Intelligence • DNS scrubbing • Hardware sizing • Certification Clients IPv4/IPv6 TCP/UDP Protocol Validatio n+ACL iRules DNSSEC GSLB 6 4 GSLBiRules DNS Express 6 4 DNSSEC RPZ /Cache/ Resolver DNS6-4 DNSLB Pool DNS Server Pool iRules LocalBIND Request Response AXFR Request AXFR Response Zone XFR Zone XFR
© F5 Networks, Inc 19 Anatomy of a DNS Firewall • IP Anycast • Pre filter • Packet inspection • Performance • Scaling resolution • DNSsec and Validation • Reporting and Automation • DNS Reputational Intelligence • DNS scrubbing • Hardware sizing • Certification Performa nce Time TMOS Single Process or SMP 8x 4x 2x
© F5 Networks, Inc 20 Anatomy of a DNS Firewall • IP Anycast • Pre filter • Packet inspection • Performance • Scaling resolution • DNSsec and Validation • Reporting and Automation • DNS Reputational Intelligence • DNS scrubbing • Hardware sizing • Certification
© F5 Networks, Inc 21 Anatomy of a DNS Firewall • IP Anycast • Pre filter • Packet inspection • Performance • Scaling resolution • DNSsec and Validation • Reporting and Automation • DNS Reputational Intelligence • DNS scrubbing • Hardware sizing • Certification Advanced DNS Analytics – Applications – Virtual Servers – Query Name – Query Type – Client IP
© F5 Networks, Inc 22 Anatomy of a DNS Firewall • IP Anycast • Pre filter • Packet inspection • Performance • Scaling resolution • DNSsec and Validation • Reporting and Automation • DNS Reputational Intelligence • DNS scrubbing • Hardware sizing • Certification RESPONSE POLICY ZONES* URL FILTERING IP INTELLIGENCE Screens a DNS request against domain names with a bad reputation. Categorize the FQDN from the request & make a decision. Categorize the IP address from the response & make a decision. MITIGATES THREATS BY FQDN POLICY CONTROL BY FQDN Ingress DNS path Any IP Protocol with iRules HTTP, HTTPS and DNS with iRules MITIGATES THREATS BY FQDN MITIGATES THREATS BY FQDN
© F5 Networks, Inc 23 Anatomy of a DNS Firewall • IP Anycast • Pre filter • Packet inspection • Performance • Scaling resolution • DNSsec and Validation • Reporting and Automation • DNS Reputational Intelligence • DNS scrubbing • Hardware sizing • Certification Legitimate Users Threat Feed Intelligence DDoS Attacker ISPa/b Cloud Scrubbing Service Scann er Anonym ous Proxies Anonym ous Request s Botnet Attack ers Network attacks: ICMP flood, UDP flood, SYN flood DNS attacks: DNS amplificatio n, query flood, dictionary attack, DNS poisoning IPS Next-Generation Firewall Tier 2 SSL attacks: SSL renegotiatio n, SSL flood HTTP attacks: Slowloris, slow POST, recursive POST/GET Applicatio n Corporate Users Financial Services E- Commerce Subscriber Tier 2 Threat Feed Intelligence Strategic Point of Control Multiple ISP strategy Network and DNS Tier 1 Access Control, Policy Enforcemen t
© F5 Networks, Inc 24 Anatomy of a DNS Firewall • IP Anycast • Pre filter • Packet inspection • Performance • Scaling resolution • DNSsec and Validation • Reporting and Automation • DNS Reputational Intelligence • DNS scrubbing • Hardware sizing • Certification Platforms
© F5 Networks, Inc 25 Anatomy of a DNS Firewall • IP Anycast • Pre filter • Packet inspection • Performance • Scaling resolution • DNSsec and Validation • Reporting and Automation • DNS Reputational Intelligence • DNS scrubbing • Hardware sizing • Certification CONVENTIONAL DNS THINKING Internet External Firewall DNS Load Balancing Array of DNS Servers Internal Firewall Hidden Master DNS DMZ Datacenter F5 PARADIGM SHIFT Internet Master DNS Infrastructure BIG-IP Global Traffic Manager 30M RPS
User Protection and Protocol Abuse
© F5 Networks, Inc 27 Updates CACHE RESOLVER PROTOCOL VALIDATION IRULES IPV4/V6 LISTENER REPUTATION DATABASE SPECIAL HANDLING ADC GTM RPZ feed • Prevent malware and sites hosting malicious content from ever communicating with a client • Internet activity starts with a DNS request, inhibit the threat at the earliest opportunity Client Protection Prevent subscribers from reaching known bad domains
© F5 Networks, Inc 28 • RPZ filters out and provides NXDOMAIN, redirect for know bad domains • URL filtering provides granular policy controls using categories • IP intelligence blocks based on resolved IP, can also be used in data path for other protocols Layered Client Protection QUERY: WWW.DOMAIN.COM DNS iRules (Request / Response) CACHE RESOLVER iControl iQuery Subscriber Policy RPZ IP Intelligence URL Filtering EGRESS DNS PATH INGRESS DNS PATH RPZ Feed IPI Feed URL Feed iRule DNS request path DNS response path
© F5 Networks, Inc 29 • Classify the traffic • Mobile or fixed • SLA for RPS and allowed response size • When a client sends in a query • Is query for a blocked domain? • Is query rate above allowed rate? • Client previously above allowed rate? • Resolve request and analyse response • Factor in response size to the score • Take an action • Is client above score threshold? • Drop request • Suspend DNS service for a period Preventing DNS Abuse ClientA ClientB ClientC ClientD ClientE ClientF Drop threshold Suspend threshold RESPONSE SIZE SCORING QUERY RATE SCORING
© F5 Networks, Inc 30 DNS Service Protection Policing Requests for Fairness and Availability Service Providers need to ensure availability of DNS services to customers according to their service level. Intelligent per-Client IP Rate Limiting gives SPs the tools to inhibit bad actors including DNS tunneling, without adversely affecting performance. MALICIOUS ACTOR COMPROMISE D CLIENT REGULAR CLIENT SUSPEND DNS SERVICE RATE LIMIT CLIENT LOG MALICIOUS IDENTITY ACTION S CACHE RESOLVE R Per-client DNS rates Rate limits DNS RATE LIMITER
© F5 Networks, Inc 31 DNS Tuneling
© F5 Networks, Inc 32 DNS Tunnelling Enforcement
© F5 Networks, Inc 33 DNS use case – Service Provider User Black List RPZ IPIOpt in/out Policy and Charging Rules Function Portal User Internet DNS • User Query request • PCRF request / response • Vip choice for protection profiles for: • Adult • Family • Child Exception Match DNS Query
Capex vs Opex
© F5 Networks, Inc 35
© F5 Networks, Inc 36 Lifecycle Costs for Traditional DNS Resolver Infrastructure Fixed and wireless ISP with 1M customers, 200K RPS today to 2M+ by 2016 Traditional DNS Resolver Topology CapExPatchOpEx 3M RPS caching resolver with discrete firewall, load balancer, and 60 DNS servers Investigate threat Design FW rules Review FW rule Test FW rule Deploy FW rule Administrative overhead 2 days 2 days 1 day 2 days 2 days 1 day Vulnerability identified Test patch in lab Deploy patch Revise firewall rules Administrative overhead 3 days 10 days 1 day 1 day Initial patch issued Test patch in lab Deploy patch Administrative overhead 3 days 10 days 1 day Final patch issued 39 days of effort per patch: Historically, traditional DNS servers are patched 6-10 times annually Numbers 39 Days annually @ $40 / hour x9 Patches per year Administration staff (team of 3) Total cost of hardware and maintenance (firewall, load balancer, and 60 servers) $424,800 $12,480 $112,320 $249,600 Total in year 1: $799,200 Total in year 2 onwards: $439,200 vs DNS Resolver Model Local zones 3M RPS caching resolver Test release in lab Deploy firmware 3 days 1 day Annual firmware release Annual maintenance: 4 days Total cost of hardware and maintenance $354,000 4 days annually $1,280 Total in year 1: $355,280 Total in year 2 onwards: $55,280
Summary
© F5 Networks, Inc 38 • Internet of Things • Use cases – Internal and external • Architecture changes • Security a DNS Firewall • User protection and Protocol abuse • CapEx vs OpEx Summary
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services

Recommended

F5 DNS Solution for CSPs
F5 DNS Solution for CSPsF5 DNS Solution for CSPs
F5 DNS Solution for CSPsF5 Networks
 
Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...solarisyourep
 
Big Ip Global Traffic Manager Ds
Big Ip Global Traffic Manager DsBig Ip Global Traffic Manager Ds
Big Ip Global Traffic Manager DsSteven_Jackson
 
DNS Security (DNSSEC) With BIG-IP Global Traffic Manager
DNS Security (DNSSEC) With BIG-IP Global Traffic ManagerDNS Security (DNSSEC) With BIG-IP Global Traffic Manager
DNS Security (DNSSEC) With BIG-IP Global Traffic ManagerDSorensenCPR
 
F5 and Infoblox deliver complete secured DNS infrastructure
F5 and Infoblox deliver complete secured DNS infrastructureF5 and Infoblox deliver complete secured DNS infrastructure
F5 and Infoblox deliver complete secured DNS infrastructureDSorensenCPR
 
BIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationBIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationPCCW GLOBAL
 
F5's Dynamic DNS Services
F5's Dynamic DNS ServicesF5's Dynamic DNS Services
F5's Dynamic DNS ServicesF5 Networks
 
The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of ThingsPeter Silva
 

Recommended

F5 DNS Solution for CSPs
F5 DNS Solution for CSPsF5 DNS Solution for CSPs
F5 DNS Solution for CSPsF5 Networks
 
Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...solarisyourep
 
Big Ip Global Traffic Manager Ds
Big Ip Global Traffic Manager DsBig Ip Global Traffic Manager Ds
Big Ip Global Traffic Manager DsSteven_Jackson
 
DNS Security (DNSSEC) With BIG-IP Global Traffic Manager
DNS Security (DNSSEC) With BIG-IP Global Traffic ManagerDNS Security (DNSSEC) With BIG-IP Global Traffic Manager
DNS Security (DNSSEC) With BIG-IP Global Traffic ManagerDSorensenCPR
 
F5 and Infoblox deliver complete secured DNS infrastructure
F5 and Infoblox deliver complete secured DNS infrastructureF5 and Infoblox deliver complete secured DNS infrastructure
F5 and Infoblox deliver complete secured DNS infrastructureDSorensenCPR
 
BIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationBIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationPCCW GLOBAL
 
F5's Dynamic DNS Services
F5's Dynamic DNS ServicesF5's Dynamic DNS Services
F5's Dynamic DNS ServicesF5 Networks
 
The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of ThingsPeter Silva
 
Intelligent DNS Scale
Intelligent DNS ScaleIntelligent DNS Scale
Intelligent DNS ScalePeter Silva
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS ProtectionMarketingArrowECS_CZ
 
F5 Solutions for Service Providers
F5 Solutions for Service ProvidersF5 Solutions for Service Providers
F5 Solutions for Service ProvidersBAKOTECH
 
F5 GTM HEALTH CHECKS
F5 GTM HEALTH CHECKSF5 GTM HEALTH CHECKS
F5 GTM HEALTH CHECKSMarco Essomba
 
Big Data for Security - DNS Analytics
Big Data for Security - DNS AnalyticsBig Data for Security - DNS Analytics
Big Data for Security - DNS AnalyticsMarco Casassa Mont
 
F5 TMOS v13.0
F5 TMOS v13.0F5 TMOS v13.0
F5 TMOS v13.0MarketingArrowECS_CZ
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for SecurityMarco Casassa Mont
 
DNSSEC Validation Tutorial
DNSSEC Validation TutorialDNSSEC Validation Tutorial
DNSSEC Validation TutorialAPNIC
 
F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017Guy Brown
 
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupInfoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupNetCraftsmen
 
Novinky F5 pro rok 2018
Novinky F5 pro rok 2018Novinky F5 pro rok 2018
Novinky F5 pro rok 2018MarketingArrowECS_CZ
 
Cyber Side-Effects - Cloud Databases and Modern Malware
Cyber Side-Effects - Cloud Databases and Modern MalwareCyber Side-Effects - Cloud Databases and Modern Malware
Cyber Side-Effects - Cloud Databases and Modern MalwareImperva
 
How to Reduce Latency with Cloudflare Argo Smart Routing
How to Reduce Latency with Cloudflare Argo Smart RoutingHow to Reduce Latency with Cloudflare Argo Smart Routing
How to Reduce Latency with Cloudflare Argo Smart RoutingCloudflare
 
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014Puppet
 
A10 issa d do s 5-2014
A10 issa d do s 5-2014A10 issa d do s 5-2014
A10 issa d do s 5-2014Raleigh ISSA
 
New Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosNew Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosCaitlin Magat
 
Nginx app protect-for-meetup-v1.0-202006_lk
Nginx app protect-for-meetup-v1.0-202006_lkNginx app protect-for-meetup-v1.0-202006_lk
Nginx app protect-for-meetup-v1.0-202006_lkJuraj Hantak
 
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 TorontoF5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Torontopatmisasi
 
What’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesWhat’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesCloudflare
 
Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)Cloudflare
 
PLNOG15: ROADM & OTN - teletransmision network of Orange Poland (presentation...
PLNOG15: ROADM & OTN - teletransmision network of Orange Poland (presentation...PLNOG15: ROADM & OTN - teletransmision network of Orange Poland (presentation...
PLNOG15: ROADM & OTN - teletransmision network of Orange Poland (presentation...PROIDEA
 
PLNOG15 :From FTTH to BTTH - Fiber Broadband Through the Home,Stijn Coppieters
PLNOG15 :From FTTH to BTTH - Fiber Broadband Through the Home,Stijn Coppieters PLNOG15 :From FTTH to BTTH - Fiber Broadband Through the Home,Stijn Coppieters
PLNOG15 :From FTTH to BTTH - Fiber Broadband Through the Home,Stijn Coppieters PROIDEA
 

More Related Content

What's hot

Intelligent DNS Scale
Intelligent DNS ScaleIntelligent DNS Scale
Intelligent DNS ScalePeter Silva
 
F5 Solutions for Service Providers
F5 Solutions for Service ProvidersF5 Solutions for Service Providers
F5 Solutions for Service ProvidersBAKOTECH
 
F5 GTM HEALTH CHECKS
F5 GTM HEALTH CHECKSF5 GTM HEALTH CHECKS
F5 GTM HEALTH CHECKSMarco Essomba
 
Big Data for Security - DNS Analytics
Big Data for Security - DNS AnalyticsBig Data for Security - DNS Analytics
Big Data for Security - DNS AnalyticsMarco Casassa Mont
 
DNSSEC Validation Tutorial
DNSSEC Validation TutorialDNSSEC Validation Tutorial
DNSSEC Validation TutorialAPNIC
 
F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017Guy Brown
 
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupInfoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupNetCraftsmen
 
Cyber Side-Effects - Cloud Databases and Modern Malware
Cyber Side-Effects - Cloud Databases and Modern MalwareCyber Side-Effects - Cloud Databases and Modern Malware
Cyber Side-Effects - Cloud Databases and Modern MalwareImperva
 
How to Reduce Latency with Cloudflare Argo Smart Routing
How to Reduce Latency with Cloudflare Argo Smart RoutingHow to Reduce Latency with Cloudflare Argo Smart Routing
How to Reduce Latency with Cloudflare Argo Smart RoutingCloudflare
 
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014Puppet
 
A10 issa d do s 5-2014
A10 issa d do s 5-2014A10 issa d do s 5-2014
A10 issa d do s 5-2014Raleigh ISSA
 
New Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosNew Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosCaitlin Magat
 
Nginx app protect-for-meetup-v1.0-202006_lk
Nginx app protect-for-meetup-v1.0-202006_lkNginx app protect-for-meetup-v1.0-202006_lk
Nginx app protect-for-meetup-v1.0-202006_lkJuraj Hantak
 
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 TorontoF5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Torontopatmisasi
 
What’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesWhat’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesCloudflare
 
Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)Cloudflare
 

What's hot (20)

Intelligent DNS Scale
Intelligent DNS ScaleIntelligent DNS Scale
Intelligent DNS Scale
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS Protection
 
F5 Solutions for Service Providers
F5 Solutions for Service ProvidersF5 Solutions for Service Providers
F5 Solutions for Service Providers
 
F5 GTM HEALTH CHECKS
F5 GTM HEALTH CHECKSF5 GTM HEALTH CHECKS
F5 GTM HEALTH CHECKS
 
Big Data for Security - DNS Analytics
Big Data for Security - DNS AnalyticsBig Data for Security - DNS Analytics
Big Data for Security - DNS Analytics
 
F5 TMOS v13.0
F5 TMOS v13.0F5 TMOS v13.0
F5 TMOS v13.0
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for Security
 
DNSSEC Validation Tutorial
DNSSEC Validation TutorialDNSSEC Validation Tutorial
DNSSEC Validation Tutorial
 
F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017
 
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupInfoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
 
Novinky F5 pro rok 2018
Novinky F5 pro rok 2018Novinky F5 pro rok 2018
Novinky F5 pro rok 2018
 
Cyber Side-Effects - Cloud Databases and Modern Malware
Cyber Side-Effects - Cloud Databases and Modern MalwareCyber Side-Effects - Cloud Databases and Modern Malware
Cyber Side-Effects - Cloud Databases and Modern Malware
 
How to Reduce Latency with Cloudflare Argo Smart Routing
How to Reduce Latency with Cloudflare Argo Smart RoutingHow to Reduce Latency with Cloudflare Argo Smart Routing
How to Reduce Latency with Cloudflare Argo Smart Routing
 
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
 
A10 issa d do s 5-2014
A10 issa d do s 5-2014A10 issa d do s 5-2014
A10 issa d do s 5-2014
 
New Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosNew Products Overview: Use Cases and Demos
New Products Overview: Use Cases and Demos
 
Nginx app protect-for-meetup-v1.0-202006_lk
Nginx app protect-for-meetup-v1.0-202006_lkNginx app protect-for-meetup-v1.0-202006_lk
Nginx app protect-for-meetup-v1.0-202006_lk
 
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 TorontoF5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
 
What’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesWhat’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product Launches
 
Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)
 

Viewers also liked

PLNOG15: ROADM & OTN - teletransmision network of Orange Poland (presentation...
PLNOG15: ROADM & OTN - teletransmision network of Orange Poland (presentation...PLNOG15: ROADM & OTN - teletransmision network of Orange Poland (presentation...
PLNOG15: ROADM & OTN - teletransmision network of Orange Poland (presentation...PROIDEA
 
PLNOG15 :From FTTH to BTTH - Fiber Broadband Through the Home,Stijn Coppieters
PLNOG15 :From FTTH to BTTH - Fiber Broadband Through the Home,Stijn Coppieters PLNOG15 :From FTTH to BTTH - Fiber Broadband Through the Home,Stijn Coppieters
PLNOG15 :From FTTH to BTTH - Fiber Broadband Through the Home,Stijn Coppieters PROIDEA
 
PLNOG15: Virtualization and automation of network and security services in Da...
PLNOG15: Virtualization and automation of network and security services in Da...PLNOG15: Virtualization and automation of network and security services in Da...
PLNOG15: Virtualization and automation of network and security services in Da...PROIDEA
 
PLNOG15-Inter VRF leaking in Enterprise/Corporate WAN,Piotr Papis
PLNOG15-Inter VRF leaking in Enterprise/Corporate WAN,Piotr PapisPLNOG15-Inter VRF leaking in Enterprise/Corporate WAN,Piotr Papis
PLNOG15-Inter VRF leaking in Enterprise/Corporate WAN,Piotr PapisPROIDEA
 
DevOpsDays Warsaw 2015: Zero-Friction Performance Instrumentation And Monitor...
DevOpsDays Warsaw 2015: Zero-Friction Performance Instrumentation And Monitor...DevOpsDays Warsaw 2015: Zero-Friction Performance Instrumentation And Monitor...
DevOpsDays Warsaw 2015: Zero-Friction Performance Instrumentation And Monitor...PROIDEA
 
DevOpsDays Warsaw 2015: Automating microservices in Syncano – Michał Kobus & ...
DevOpsDays Warsaw 2015: Automating microservices in Syncano – Michał Kobus & ...DevOpsDays Warsaw 2015: Automating microservices in Syncano – Michał Kobus & ...
DevOpsDays Warsaw 2015: Automating microservices in Syncano – Michał Kobus & ...PROIDEA
 
DevOpsDays Warsaw 2015: Placebo of Progress – Caoimhin Graham
DevOpsDays Warsaw 2015: Placebo of Progress – Caoimhin GrahamDevOpsDays Warsaw 2015: Placebo of Progress – Caoimhin Graham
DevOpsDays Warsaw 2015: Placebo of Progress – Caoimhin GrahamPROIDEA
 
PLNOG15: Farm machine, taxi or armored car and maybe all in one – in other wo...
PLNOG15: Farm machine, taxi or armored car and maybe all in one – in other wo...PLNOG15: Farm machine, taxi or armored car and maybe all in one – in other wo...
PLNOG15: Farm machine, taxi or armored car and maybe all in one – in other wo...PROIDEA
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 
JDD2015: Frege - Introducing purely functional programming on the JVM - Dierk...
JDD2015: Frege - Introducing purely functional programming on the JVM - Dierk...JDD2015: Frege - Introducing purely functional programming on the JVM - Dierk...
JDD2015: Frege - Introducing purely functional programming on the JVM - Dierk...PROIDEA
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...PROIDEA
 
JDD2015: Kubernetes - Beyond the basics - Paul Bakker
JDD2015: Kubernetes - Beyond the basics - Paul BakkerJDD2015: Kubernetes - Beyond the basics - Paul Bakker
JDD2015: Kubernetes - Beyond the basics - Paul BakkerPROIDEA
 
JDD2015: Functional programing and Event Sourcing - a pair made in heaven - e...
JDD2015: Functional programing and Event Sourcing - a pair made in heaven - e...JDD2015: Functional programing and Event Sourcing - a pair made in heaven - e...
JDD2015: Functional programing and Event Sourcing - a pair made in heaven - e...PROIDEA
 
JDD2015: Jak dogadywać się z obcymi formami inteligencji - poradnik dla craft...
JDD2015: Jak dogadywać się z obcymi formami inteligencji - poradnik dla craft...JDD2015: Jak dogadywać się z obcymi formami inteligencji - poradnik dla craft...
JDD2015: Jak dogadywać się z obcymi formami inteligencji - poradnik dla craft...PROIDEA
 
JDD2015: Taste of new in Java 9 - Arkadiusz Sokołowski
JDD2015: Taste of new in Java 9 - Arkadiusz SokołowskiJDD2015: Taste of new in Java 9 - Arkadiusz Sokołowski
JDD2015: Taste of new in Java 9 - Arkadiusz SokołowskiPROIDEA
 
PLNOG15 :Scrubing Center- what is it? Krzysztof Syrgut
PLNOG15 :Scrubing Center- what is it? Krzysztof SyrgutPLNOG15 :Scrubing Center- what is it? Krzysztof Syrgut
PLNOG15 :Scrubing Center- what is it? Krzysztof SyrgutPROIDEA
 
DevOpsDays Warsaw 2015: Running High Performance And Fault Tolerant Elasticse...
DevOpsDays Warsaw 2015: Running High Performance And Fault Tolerant Elasticse...DevOpsDays Warsaw 2015: Running High Performance And Fault Tolerant Elasticse...
DevOpsDays Warsaw 2015: Running High Performance And Fault Tolerant Elasticse...PROIDEA
 
PLNOG15 :Assuring Performance, Scalability and Reliability in NFV Deployments...
PLNOG15 :Assuring Performance, Scalability and Reliability in NFV Deployments...PLNOG15 :Assuring Performance, Scalability and Reliability in NFV Deployments...
PLNOG15 :Assuring Performance, Scalability and Reliability in NFV Deployments...PROIDEA
 
infraxstructure: Piotr Wojciechowski "Secure Data Center"
infraxstructure: Piotr Wojciechowski "Secure Data Center"infraxstructure: Piotr Wojciechowski "Secure Data Center"
infraxstructure: Piotr Wojciechowski "Secure Data Center"PROIDEA
 
infraxstructure: Robert Zdunek, "Jak zbudować innowacyjne i efektywne energet...
infraxstructure: Robert Zdunek, "Jak zbudować innowacyjne i efektywne energet...infraxstructure: Robert Zdunek, "Jak zbudować innowacyjne i efektywne energet...
infraxstructure: Robert Zdunek, "Jak zbudować innowacyjne i efektywne energet...PROIDEA
 

Viewers also liked (20)

PLNOG15: ROADM & OTN - teletransmision network of Orange Poland (presentation...
PLNOG15: ROADM & OTN - teletransmision network of Orange Poland (presentation...PLNOG15: ROADM & OTN - teletransmision network of Orange Poland (presentation...
PLNOG15: ROADM & OTN - teletransmision network of Orange Poland (presentation...
 
PLNOG15 :From FTTH to BTTH - Fiber Broadband Through the Home,Stijn Coppieters
PLNOG15 :From FTTH to BTTH - Fiber Broadband Through the Home,Stijn Coppieters PLNOG15 :From FTTH to BTTH - Fiber Broadband Through the Home,Stijn Coppieters
PLNOG15 :From FTTH to BTTH - Fiber Broadband Through the Home,Stijn Coppieters
 
PLNOG15: Virtualization and automation of network and security services in Da...
PLNOG15: Virtualization and automation of network and security services in Da...PLNOG15: Virtualization and automation of network and security services in Da...
PLNOG15: Virtualization and automation of network and security services in Da...
 
PLNOG15-Inter VRF leaking in Enterprise/Corporate WAN,Piotr Papis
PLNOG15-Inter VRF leaking in Enterprise/Corporate WAN,Piotr PapisPLNOG15-Inter VRF leaking in Enterprise/Corporate WAN,Piotr Papis
PLNOG15-Inter VRF leaking in Enterprise/Corporate WAN,Piotr Papis
 
DevOpsDays Warsaw 2015: Zero-Friction Performance Instrumentation And Monitor...
DevOpsDays Warsaw 2015: Zero-Friction Performance Instrumentation And Monitor...DevOpsDays Warsaw 2015: Zero-Friction Performance Instrumentation And Monitor...
DevOpsDays Warsaw 2015: Zero-Friction Performance Instrumentation And Monitor...
 
DevOpsDays Warsaw 2015: Automating microservices in Syncano – Michał Kobus & ...
DevOpsDays Warsaw 2015: Automating microservices in Syncano – Michał Kobus & ...DevOpsDays Warsaw 2015: Automating microservices in Syncano – Michał Kobus & ...
DevOpsDays Warsaw 2015: Automating microservices in Syncano – Michał Kobus & ...
 
DevOpsDays Warsaw 2015: Placebo of Progress – Caoimhin Graham
DevOpsDays Warsaw 2015: Placebo of Progress – Caoimhin GrahamDevOpsDays Warsaw 2015: Placebo of Progress – Caoimhin Graham
DevOpsDays Warsaw 2015: Placebo of Progress – Caoimhin Graham
 
PLNOG15: Farm machine, taxi or armored car and maybe all in one – in other wo...
PLNOG15: Farm machine, taxi or armored car and maybe all in one – in other wo...PLNOG15: Farm machine, taxi or armored car and maybe all in one – in other wo...
PLNOG15: Farm machine, taxi or armored car and maybe all in one – in other wo...
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
 
JDD2015: Frege - Introducing purely functional programming on the JVM - Dierk...
JDD2015: Frege - Introducing purely functional programming on the JVM - Dierk...JDD2015: Frege - Introducing purely functional programming on the JVM - Dierk...
JDD2015: Frege - Introducing purely functional programming on the JVM - Dierk...
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...
 
JDD2015: Kubernetes - Beyond the basics - Paul Bakker
JDD2015: Kubernetes - Beyond the basics - Paul BakkerJDD2015: Kubernetes - Beyond the basics - Paul Bakker
JDD2015: Kubernetes - Beyond the basics - Paul Bakker
 
JDD2015: Functional programing and Event Sourcing - a pair made in heaven - e...
JDD2015: Functional programing and Event Sourcing - a pair made in heaven - e...JDD2015: Functional programing and Event Sourcing - a pair made in heaven - e...
JDD2015: Functional programing and Event Sourcing - a pair made in heaven - e...
 
JDD2015: Jak dogadywać się z obcymi formami inteligencji - poradnik dla craft...
JDD2015: Jak dogadywać się z obcymi formami inteligencji - poradnik dla craft...JDD2015: Jak dogadywać się z obcymi formami inteligencji - poradnik dla craft...
JDD2015: Jak dogadywać się z obcymi formami inteligencji - poradnik dla craft...
 
JDD2015: Taste of new in Java 9 - Arkadiusz Sokołowski
JDD2015: Taste of new in Java 9 - Arkadiusz SokołowskiJDD2015: Taste of new in Java 9 - Arkadiusz Sokołowski
JDD2015: Taste of new in Java 9 - Arkadiusz Sokołowski
 
PLNOG15 :Scrubing Center- what is it? Krzysztof Syrgut
PLNOG15 :Scrubing Center- what is it? Krzysztof SyrgutPLNOG15 :Scrubing Center- what is it? Krzysztof Syrgut
PLNOG15 :Scrubing Center- what is it? Krzysztof Syrgut
 
DevOpsDays Warsaw 2015: Running High Performance And Fault Tolerant Elasticse...
DevOpsDays Warsaw 2015: Running High Performance And Fault Tolerant Elasticse...DevOpsDays Warsaw 2015: Running High Performance And Fault Tolerant Elasticse...
DevOpsDays Warsaw 2015: Running High Performance And Fault Tolerant Elasticse...
 
PLNOG15 :Assuring Performance, Scalability and Reliability in NFV Deployments...
PLNOG15 :Assuring Performance, Scalability and Reliability in NFV Deployments...PLNOG15 :Assuring Performance, Scalability and Reliability in NFV Deployments...
PLNOG15 :Assuring Performance, Scalability and Reliability in NFV Deployments...
 
infraxstructure: Piotr Wojciechowski "Secure Data Center"
infraxstructure: Piotr Wojciechowski "Secure Data Center"infraxstructure: Piotr Wojciechowski "Secure Data Center"
infraxstructure: Piotr Wojciechowski "Secure Data Center"
 
infraxstructure: Robert Zdunek, "Jak zbudować innowacyjne i efektywne energet...
infraxstructure: Robert Zdunek, "Jak zbudować innowacyjne i efektywne energet...infraxstructure: Robert Zdunek, "Jak zbudować innowacyjne i efektywne energet...
infraxstructure: Robert Zdunek, "Jak zbudować innowacyjne i efektywne energet...
 

Similar to PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services

The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of ThingsF5 Networks
 
Denial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewMarketingArrowECS_CZ
 
F5 Intelligent DNS Scale
F5 Intelligent DNS ScaleF5 Intelligent DNS Scale
F5 Intelligent DNS ScaleF5 Networks
 
F5 Networks Intelligent DNS Scale
F5 Networks Intelligent DNS ScaleF5 Networks Intelligent DNS Scale
F5 Networks Intelligent DNS ScaleF5 Networks
 
Spider & F5 Round Table - Application Centric Security
Spider & F5 Round Table - Application Centric SecuritySpider & F5 Round Table - Application Centric Security
Spider & F5 Round Table - Application Centric SecurityTzoori Tamam
 
F5 GOV Round Table - Application Centeric Security
F5 GOV Round Table - Application Centeric SecurityF5 GOV Round Table - Application Centeric Security
F5 GOV Round Table - Application Centeric SecurityTzoori Tamam
 
Ultra Dns Overview Presentation
Ultra Dns Overview PresentationUltra Dns Overview Presentation
Ultra Dns Overview Presentationgueste95639
 
f5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdff5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdfGrigoryShkolnik1
 
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Cisco Canada
 
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastrukturyPlnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastrukturyPROIDEA
 
FreeSBC - A New Approach to the SBC
FreeSBC - A New Approach to the SBCFreeSBC - A New Approach to the SBC
FreeSBC - A New Approach to the SBCTelcoBridges Inc.
 
FreeSBC - A New Approach to the SBC
FreeSBC - A New Approach to the SBCFreeSBC - A New Approach to the SBC
FreeSBC - A New Approach to the SBCAlan Percy
 
F5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облакаF5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облакаBAKOTECH
 
Best Practices for Monitoring DNS
Best Practices for Monitoring DNSBest Practices for Monitoring DNS
Best Practices for Monitoring DNSThousandEyes
 
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld
 
VMware: my jsme “software defined”
VMware: my jsme “software defined”VMware: my jsme “software defined”
VMware: my jsme “software defined”MarketingArrowECS_CZ
 
Barracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_ProfileBarracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_ProfileAliza Ayub
 
Barracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_ProfileBarracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_ProfileIqra Hameed
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshowpatmisasi
 
Silver Peak presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
Silver Peak presentation used during the SWITCHPOINT NV/SA Quarterly Experien...Silver Peak presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
Silver Peak presentation used during the SWITCHPOINT NV/SA Quarterly Experien...SWITCHPOINT NV/SA
 

Similar to PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services (20)

The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of Things
 
Denial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider Overview
 
F5 Intelligent DNS Scale
F5 Intelligent DNS ScaleF5 Intelligent DNS Scale
F5 Intelligent DNS Scale
 
F5 Networks Intelligent DNS Scale
F5 Networks Intelligent DNS ScaleF5 Networks Intelligent DNS Scale
F5 Networks Intelligent DNS Scale
 
Spider & F5 Round Table - Application Centric Security
Spider & F5 Round Table - Application Centric SecuritySpider & F5 Round Table - Application Centric Security
Spider & F5 Round Table - Application Centric Security
 
F5 GOV Round Table - Application Centeric Security
F5 GOV Round Table - Application Centeric SecurityF5 GOV Round Table - Application Centeric Security
F5 GOV Round Table - Application Centeric Security
 
Ultra Dns Overview Presentation
Ultra Dns Overview PresentationUltra Dns Overview Presentation
Ultra Dns Overview Presentation
 
f5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdff5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdf
 
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
 
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastrukturyPlnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
 
FreeSBC - A New Approach to the SBC
FreeSBC - A New Approach to the SBCFreeSBC - A New Approach to the SBC
FreeSBC - A New Approach to the SBC
 
FreeSBC - A New Approach to the SBC
FreeSBC - A New Approach to the SBCFreeSBC - A New Approach to the SBC
FreeSBC - A New Approach to the SBC
 
F5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облакаF5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облака
 
Best Practices for Monitoring DNS
Best Practices for Monitoring DNSBest Practices for Monitoring DNS
Best Practices for Monitoring DNS
 
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
 
VMware: my jsme “software defined”
VMware: my jsme “software defined”VMware: my jsme “software defined”
VMware: my jsme “software defined”
 
Barracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_ProfileBarracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_Profile
 
Barracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_ProfileBarracuda_NG_Firewall_Profile
Barracuda_NG_Firewall_Profile
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshow
 
Silver Peak presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
Silver Peak presentation used during the SWITCHPOINT NV/SA Quarterly Experien...Silver Peak presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
Silver Peak presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
 

Recently uploaded

All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiEscorts Call Girls
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceDelhi Call girls
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...singhpriety023
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...SUHANI PANDEY
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...tanu pandey
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...SUHANI PANDEY
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubaikojalkojal131
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"growthgrids
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...roncy bisnoi
 

Recently uploaded (20)

Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
 

PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services

  • 1. Scale and Secure the Internet of Things with Intelligent DNS Services Nigel Ashworth Solution Architect F5 Networks 28th September 2015
  • 2. © F5 Networks, Inc 2 • Drivers for the Internet of Things • Architecture changes • Security • Scale • Use cases – Internal and external • CapEx vs OpEx • Audits • Service chaining and DNS • GI Firewall / TCP optimisation / Rate management Agenda • User attributes • Parental control / contracts • White lists and filters • DDOS Attacks • Protocol Abuse • DNS Firewall • Not a Firewall for DNS • Reporting
  • 4. © F5 Networks, Inc 4 50 Billion Connected Devices 6 Billion Connected Devices 20202013 20182016 The Driving Force behind Device-Based Network and App Congestion
  • 5. © F5 Networks, Inc 5 • Internet of Things needs scalable DNS services • Combination = 5 to 10 times Internet revolution • 10 billion devices in 2014 = 77 billion mobile apps • Ensure really fast connections and responses The Internet of Things and DNS
  • 6. © F5 Networks, Inc 6 Connected Cars Connected Homes Connected Cities Wearables/Connected Devices/Utilities Surge in connected devices accessing SP networks Increasing connection rates (Connections per Sec) Spikes in application usage 50B connected devices worldwide by 2020 Surge in DNS queries DNS security vulnerabilities New advanced persistent threat vectors New DDoS attack vectors Network signaling spikes Diameter signaling storms IPv6 addressing requirements Lower ARPU per device Packet Core Gi-LAN Data Centers IMS Core Service Provider Challenges Implications for Service Providers Scaling the networks. End to end security. Profitable new services.
  • 7. © F5 Networks, Inc 7 Connected Cars Wearables/Connected Devices/Utilities Surge in connected devices accessing SP networks Increasing connection rates (Connections per Sec) Spikes in application usage 50B connected devices worldwide by 2020 Packet Core Gi-LAN Data Centers IMS Core High Performance Hybrid Architectures Simpler Architecture / Network Flexibility Extensibility Virtualised Network Functions Scalable VNFs Virtual Software Editions • Scalable DNS • Load balancing • Network firewall • Application layer firewall • IPv6 routing • Carrier grade NAT • Traffic classification • Subscriber classification • Application awareness • Diameter routing • Protocol gateway • Policy enforcement Connected Homes Connected Cities Hybrid Architectures
  • 9. © F5 Networks, Inc 9 Mobile (e)NodeB SGW/SGSN MME Fixed Fixed Core Mobile Core BRAS DNS/GSLB GGSN/ PGW DNS Caching/ Resolvers Transparent Cache Internet Core Infrastructure DNS64 NAT64 Web Caching WAP Gateways Content Streaming DataPlaneControlPlane PCRF DNS Authoritative Local Zones Subscriber Management HSS/HLR DHCP Activation PKI CSCF Billing/Self Service Customer Portal IP Multimedia Subsystem (IMS) MGCF SBC DNS ENUM Infrastructure Authoritative DNS Auth. Local Zones LDNS Simplified and Consolidated DNS
  • 10. © F5 Networks, Inc 10 • Intelligent DNS for Evolved Packet Core • Proactively monitor for service-level adherence • Enhanced subscriber experience • Robust, scalable portal and service access • Exponential DNS performance and DDoS security protection • Optimise global service delivery • Faster DNS for 3G/4G LTE • Enhanced performance through transparent cache • Caching resolver for server consolidation • Mitigate DNS threats by blocking malicious IPs Intelligent DNS and Global Service Optimisation LDNS Authoritative Infrastructure
  • 12. © F5 Networks, Inc 12 Traditional Architectures will Buckle ... under the strain of increasing demand Data volumes double every 18 months Applications double every four years Source: IDC Directions, Battle for the Future of the Datacenter: The Role of Disaggregated Systems, March 2014 Forrester Consulting, April 2014 Customer populations four orders of magnitude larger than employee/partner
  • 13. © F5 Networks, Inc 13
  • 14. © F5 Networks, Inc 14
  • 15. Firewall for DNS or a DNS Firewall ?
  • 16. © F5 Networks, Inc 16
  • 17. © F5 Networks, Inc 17 Anatomy of a DNS Firewall • IP Anycast • Pre filter • Packet inspection • Performance • Scaling resolution • DNSsec and Validation • Reporting and Automation • DNS Reputational Intelligence • DNS scrubbing • Hardware sizing • Certification
  • 18. © F5 Networks, Inc 18 Anatomy of a DNS Firewall • IP Anycast • Pre filter • Packet inspection • Performance • Scaling resolution • DNSsec and Validation • Reporting and Automation • DNS Reputational Intelligence • DNS scrubbing • Hardware sizing • Certification Clients IPv4/IPv6 TCP/UDP Protocol Validatio n+ACL iRules DNSSEC GSLB 6 4 GSLBiRules DNS Express 6 4 DNSSEC RPZ /Cache/ Resolver DNS6-4 DNSLB Pool DNS Server Pool iRules LocalBIND Request Response AXFR Request AXFR Response Zone XFR Zone XFR
  • 19. © F5 Networks, Inc 19 Anatomy of a DNS Firewall • IP Anycast • Pre filter • Packet inspection • Performance • Scaling resolution • DNSsec and Validation • Reporting and Automation • DNS Reputational Intelligence • DNS scrubbing • Hardware sizing • Certification Performa nce Time TMOS Single Process or SMP 8x 4x 2x
  • 20. © F5 Networks, Inc 20 Anatomy of a DNS Firewall • IP Anycast • Pre filter • Packet inspection • Performance • Scaling resolution • DNSsec and Validation • Reporting and Automation • DNS Reputational Intelligence • DNS scrubbing • Hardware sizing • Certification
  • 21. © F5 Networks, Inc 21 Anatomy of a DNS Firewall • IP Anycast • Pre filter • Packet inspection • Performance • Scaling resolution • DNSsec and Validation • Reporting and Automation • DNS Reputational Intelligence • DNS scrubbing • Hardware sizing • Certification Advanced DNS Analytics – Applications – Virtual Servers – Query Name – Query Type – Client IP
  • 22. © F5 Networks, Inc 22 Anatomy of a DNS Firewall • IP Anycast • Pre filter • Packet inspection • Performance • Scaling resolution • DNSsec and Validation • Reporting and Automation • DNS Reputational Intelligence • DNS scrubbing • Hardware sizing • Certification RESPONSE POLICY ZONES* URL FILTERING IP INTELLIGENCE Screens a DNS request against domain names with a bad reputation. Categorize the FQDN from the request & make a decision. Categorize the IP address from the response & make a decision. MITIGATES THREATS BY FQDN POLICY CONTROL BY FQDN Ingress DNS path Any IP Protocol with iRules HTTP, HTTPS and DNS with iRules MITIGATES THREATS BY FQDN MITIGATES THREATS BY FQDN
  • 23. © F5 Networks, Inc 23 Anatomy of a DNS Firewall • IP Anycast • Pre filter • Packet inspection • Performance • Scaling resolution • DNSsec and Validation • Reporting and Automation • DNS Reputational Intelligence • DNS scrubbing • Hardware sizing • Certification Legitimate Users Threat Feed Intelligence DDoS Attacker ISPa/b Cloud Scrubbing Service Scann er Anonym ous Proxies Anonym ous Request s Botnet Attack ers Network attacks: ICMP flood, UDP flood, SYN flood DNS attacks: DNS amplificatio n, query flood, dictionary attack, DNS poisoning IPS Next-Generation Firewall Tier 2 SSL attacks: SSL renegotiatio n, SSL flood HTTP attacks: Slowloris, slow POST, recursive POST/GET Applicatio n Corporate Users Financial Services E- Commerce Subscriber Tier 2 Threat Feed Intelligence Strategic Point of Control Multiple ISP strategy Network and DNS Tier 1 Access Control, Policy Enforcemen t
  • 24. © F5 Networks, Inc 24 Anatomy of a DNS Firewall • IP Anycast • Pre filter • Packet inspection • Performance • Scaling resolution • DNSsec and Validation • Reporting and Automation • DNS Reputational Intelligence • DNS scrubbing • Hardware sizing • Certification Platforms
  • 25. © F5 Networks, Inc 25 Anatomy of a DNS Firewall • IP Anycast • Pre filter • Packet inspection • Performance • Scaling resolution • DNSsec and Validation • Reporting and Automation • DNS Reputational Intelligence • DNS scrubbing • Hardware sizing • Certification CONVENTIONAL DNS THINKING Internet External Firewall DNS Load Balancing Array of DNS Servers Internal Firewall Hidden Master DNS DMZ Datacenter F5 PARADIGM SHIFT Internet Master DNS Infrastructure BIG-IP Global Traffic Manager 30M RPS
  • 26. User Protection and Protocol Abuse
  • 27. © F5 Networks, Inc 27 Updates CACHE RESOLVER PROTOCOL VALIDATION IRULES IPV4/V6 LISTENER REPUTATION DATABASE SPECIAL HANDLING ADC GTM RPZ feed • Prevent malware and sites hosting malicious content from ever communicating with a client • Internet activity starts with a DNS request, inhibit the threat at the earliest opportunity Client Protection Prevent subscribers from reaching known bad domains
  • 28. © F5 Networks, Inc 28 • RPZ filters out and provides NXDOMAIN, redirect for know bad domains • URL filtering provides granular policy controls using categories • IP intelligence blocks based on resolved IP, can also be used in data path for other protocols Layered Client Protection QUERY: WWW.DOMAIN.COM DNS iRules (Request / Response) CACHE RESOLVER iControl iQuery Subscriber Policy RPZ IP Intelligence URL Filtering EGRESS DNS PATH INGRESS DNS PATH RPZ Feed IPI Feed URL Feed iRule DNS request path DNS response path
  • 29. © F5 Networks, Inc 29 • Classify the traffic • Mobile or fixed • SLA for RPS and allowed response size • When a client sends in a query • Is query for a blocked domain? • Is query rate above allowed rate? • Client previously above allowed rate? • Resolve request and analyse response • Factor in response size to the score • Take an action • Is client above score threshold? • Drop request • Suspend DNS service for a period Preventing DNS Abuse ClientA ClientB ClientC ClientD ClientE ClientF Drop threshold Suspend threshold RESPONSE SIZE SCORING QUERY RATE SCORING
  • 30. © F5 Networks, Inc 30 DNS Service Protection Policing Requests for Fairness and Availability Service Providers need to ensure availability of DNS services to customers according to their service level. Intelligent per-Client IP Rate Limiting gives SPs the tools to inhibit bad actors including DNS tunneling, without adversely affecting performance. MALICIOUS ACTOR COMPROMISE D CLIENT REGULAR CLIENT SUSPEND DNS SERVICE RATE LIMIT CLIENT LOG MALICIOUS IDENTITY ACTION S CACHE RESOLVE R Per-client DNS rates Rate limits DNS RATE LIMITER
  • 31. © F5 Networks, Inc 31 DNS Tuneling
  • 32. © F5 Networks, Inc 32 DNS Tunnelling Enforcement
  • 33. © F5 Networks, Inc 33 DNS use case – Service Provider User Black List RPZ IPIOpt in/out Policy and Charging Rules Function Portal User Internet DNS • User Query request • PCRF request / response • Vip choice for protection profiles for: • Adult • Family • Child Exception Match DNS Query
  • 35. © F5 Networks, Inc 35
  • 36. © F5 Networks, Inc 36 Lifecycle Costs for Traditional DNS Resolver Infrastructure Fixed and wireless ISP with 1M customers, 200K RPS today to 2M+ by 2016 Traditional DNS Resolver Topology CapExPatchOpEx 3M RPS caching resolver with discrete firewall, load balancer, and 60 DNS servers Investigate threat Design FW rules Review FW rule Test FW rule Deploy FW rule Administrative overhead 2 days 2 days 1 day 2 days 2 days 1 day Vulnerability identified Test patch in lab Deploy patch Revise firewall rules Administrative overhead 3 days 10 days 1 day 1 day Initial patch issued Test patch in lab Deploy patch Administrative overhead 3 days 10 days 1 day Final patch issued 39 days of effort per patch: Historically, traditional DNS servers are patched 6-10 times annually Numbers 39 Days annually @ $40 / hour x9 Patches per year Administration staff (team of 3) Total cost of hardware and maintenance (firewall, load balancer, and 60 servers) $424,800 $12,480 $112,320 $249,600 Total in year 1: $799,200 Total in year 2 onwards: $439,200 vs DNS Resolver Model Local zones 3M RPS caching resolver Test release in lab Deploy firmware 3 days 1 day Annual firmware release Annual maintenance: 4 days Total cost of hardware and maintenance $354,000 4 days annually $1,280 Total in year 1: $355,280 Total in year 2 onwards: $55,280
  • 38. © F5 Networks, Inc 38 • Internet of Things • Use cases – Internal and external • Architecture changes • Security a DNS Firewall • User protection and Protocol abuse • CapEx vs OpEx Summary