Post on 16-Jul-2015
Peter Silva
Sr. Technical Marketing Manager
@psilvas
The DNS of Things
Q. WHERE IS
WWW.F5.COM?
A. 2001:19b8:10
1:2::f5f5:1d
© F5 Networks, Inc 2Confidential© F5 Networks, Inc 2
Mobility
SDDC/Cloud
Advanced threats
Internet ofThings
“Software defined”everything
HTTP is the new TCP
© F5 Networks, Inc 3
Internet Foundation? DNS
DNS DEMANDS
WHEN DNS BREAKS EVERYTHING BREAKS
DOMAIN NAME SYSTEM (DNS)
Translates a domain name…http://www.google.com
into an IP address:74.125.227.64 (IPv4)
http://www.f5.com =2001:19b8:101:2::f5f5:1d(IPv6)
More People
Mobile devices/apps
Complex sites
Increased latency
Cloud implementation
s
IPv6 added with IPv4
DDoS attacks
© F5 Networks, Inc 4
Everything: DNS
• Internet of Things needs scalable DNS
services*
• Combination = 5 to 10 times Internet
revolution**
• 10bil devices in 2014 = 77bil mobile apps**
• 35% Y/Y DNS query increase***
• Ensure really fast connections and responses*
DNS
Look Ups
© F5 Networks, Inc 5
Demand: DNS
AVERAGE DAILY LOAD FOR DNS (.COM/.NET TLDS) QUERIES IN BILLIONS
DNSSEC DEPLOYMENT EXPANDING
TYPICAL FOR A SINGLE WEB PAGE TO CONSUME 100+ DNS QUERIES FROM ACTIVE CONTENT, ADVERTISING, AND ANALYTICS
SECOND MOST ATTACKED PROTOCOL
GLOBAL MOBILE DATA (4G/LTE) IS DRIVING THE NEED FOR FAST, AVAILABLE DNS
DISTRIBUTED, AVAILABLE, HIGH-PERFORMANCE GSLB FOR MULTIPLE DATA CENTERS
18X Growth 2011-20164G LTE
2.4GB/mo
Non-4G LTE
86MB/mo
Reflection/amplification DDoS
Cache poisoning attacks
Drive for DNSSEC adoption
Total service availability
Geographically dispersed DCs
DNS capacity close to subscribers
82
‘13‘12‘11‘10‘098
2
77
43 5
0 57
© F5 Networks, Inc 9
Critical: DNS
76% are willing to wait
10 seconds or less for a single web page to load on Mobile phone before leaving.
Every 100ms delay Costs Amazon
1% in sales.
2013
2009DNS has grownover 91%in the last 5 years.
2013
2009 157%
As of December 2013, there were over 184 million active websites,
a growth of 157% over the last 5 years.
© F5 Networks, Inc 10
DNS Deployments
• Performance = Add DNS boxes
• Weak DoS/DDoS Protection
• Firewall is THE bottleneck
• Massive performance over 10M RPS!
• Best DoS/DDoS protection
• Lower CapEx and OpEx
CONVENTIONAL DNS THINKING
DNS DELIVERY REIMAGINED
InternetExternal Firewall
DNS Load Balancing
Array of DNS Servers
Internal Firewall
Hidden Master DNS
Authoritative DNSCaching Resolver
Transparent Caching
DNS Firewall
DNS DDoS Protection
Protocol Validation
High Performance DNSSECDNSSEC Validation
Intelligent GSLB
DMZ Datacenter
PARADIGM SHIFT
InternetMaster DNS Infrastructure
BIG-IP
© F5 Networks, Inc 12
AnswerDNS
Query
AnswerDNS
Query
AnswerDNS
Query
AnswerDNS
Query
AnswerDNS
Query
Efficient DNS
• Delivers High-speed response & DDoS protection with in-memory DNS.
• Authoritative DNS served out of RAM.
• Configuration size for tens of millions of records.
• Scale and consolidate DNS servers.
Clients
Internet
DNS in DMZ
DNS Server
OSAdminAuthRoles
NICDynamic
DNSDHCP
ManageDNS
Records
© F5 Networks, Inc 13
Optimized DNS
Easy integration into existing
DNS infrastructure for high
availability and security
Support over 10 million DNS
responses per second (RPS)
Manageable and predictable
data center utilization
© F5 Networks, Inc 14
The DNS Value
SCALABLE UP TO 20X
0
3
6
Low Query Query Growth Query Spike Query Decline
MaxDNS
DENIAL OF SERVICE MITIGATION
SUPPORT CLIENT REQUESTS AND CONSOLIDATE IT
IPv6 to IPv4
ROUTE BASED ON GEOLOCATION
COMPLETE DNS CONTROL
Access Denied:
SECURE DNS QUERY RESPONSES
http://f5.com
© F5 Networks, Inc 16
Market Pulse Research: Managing DNS CapacityKey Findings
• Respondents most frequently cite improved application availability and application performance
(speed) as highly important benefits of DNS.
• A majority (63%) report that their organizations’ DNS volume has increased over the past year. • Contributing factors: rollout of new services, applications. Cloud migration and traffic spikes.
• Most often, organizations manage DNS capacity by adding more servers (53%) and/or adding
more bandwidth (36%). Average of 24 DNS servers in use.
• With regard to current DNS implementations, outages are the top concern (70% highly
concerned). • Most concerning consequences: loss of productivity and a poor customer experience.
• Nearly one-third of respondents (29%) report their organizations have experienced DNS outages
in the past 12 months. Culprit? One-quarter of these (25%) report a traffic surge.
• Among those who indicate their organizations are planning to expand DNS services to the cloud,
increasing capacity is the most common driver. On-premise DNS primary case over the next year. Use of
public cloud DNS slight increase in next 12 months.
© F5 Networks, Inc 17
The Five Takeaways
Scalability: In times of high traffic, enterprises’ DNS servers must be able to handle shifting volumes of traffic.
Security: Denial-of-service attacks frequently target IP addresses that cause DNS server outages.
Intelligence: To be protective, IT must be proactive. That means being able to pinpoint application or service delivery
accuracy, based on location of users, with geolocation services.
Manageability: Enterprises need visibility into DNS services across cloud and on-premises networks, in order to ensure
uptime and performance. IT also needs to be able to identify unusual activity that may indicate probing for vulnerabilities.
Reliability: With more customers accessing corporate web sites, DNS server performance has the potential to impact user
experience and employee productivity. Given these trends, DNS servers must be extremely reliable.
© F5 Networks, Inc 19
admissions.tufts.edu
© F5 Networks, Inc 20
DNS Story Arc
Introduction
Complication
Denouement
Climax
Body
Market Conditions
DNS Traffic
Add Infrastructure
ADC
Peace of Mind
© F5 Networks, Inc 21
Intelligent & Secure DNS that Scales
• Scale and manage DNS and apps globally
• Improve application performance and availability
• Robust, Flexible and Secure DNS Infrastructure
• Mitigate DNS DDoS Attacks
• Support hybrid IP Environments
• Complete DNS Security
© F5 Networks, Inc 22
LOWERS
Stress of DNS Outages.
REDUCES
Data center costs.
DIRECTS
Customers to the best data
center or cloud.
PROTECTS
Web Properties and
Brand Reputation.
IMPROVES
Web application
performance.
Intelligent DNS Scale
© F5 Networks, Inc 23
The F5 DNS Reference
Architecture
f5.com/solutions
@f5networks
Explore