Surge 2014 - Kris Beevers - Data Driven DNS

54
DATA DRIVEN DNS Traffic Management for Distributed Applications Kris Beevers @beevek

TAGS:

description

Kris Beevers, CEO of NSONE Inc, talks Data Driven DNS at the Surge 2014 conference.

Transcript of Surge 2014 - Kris Beevers - Data Driven DNS

Page 1: Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVEN DNSTraffic Management for Distributed Applications

Kris Beevers@beevek

Page 2: Surge 2014 - Kris Beevers - Data Driven DNS

TRAFFIC MANAGEMENT

DATA DRIVEN DNS @nsoneinc

Page 3: Surge 2014 - Kris Beevers - Data Driven DNS

MULTIPLE OPTIONS FOR SERVICING A USER:2 or more servers... datacenters... CDNs

TRAFFIC MANAGEMENT

DATA DRIVEN DNS @nsoneinc

Page 4: Surge 2014 - Kris Beevers - Data Driven DNS

MULTIPLE OPTIONS FOR SERVICING A USER:2 or more servers... datacenters... CDNs

GOAL: SEND USER TO THE “BEST” OPTION

TRAFFIC MANAGEMENT

DATA DRIVEN DNS @nsoneinc

Page 5: Surge 2014 - Kris Beevers - Data Driven DNS

MULTIPLE OPTIONS FOR SERVICING A USER:2 or more servers... datacenters... CDNs

GOAL: SEND USER TO THE “BEST” OPTION

“BEST”:Fastest / most responsiveUpCheapest… any biz objective, really

TRAFFIC MANAGEMENT

DATA DRIVEN DNS @nsoneinc

Page 6: Surge 2014 - Kris Beevers - Data Driven DNS

MULTIPLE OPTIONS FOR SERVICING A USER:2 or more servers... datacenters... CDNs

GOAL: SEND USER TO THE “BEST” OPTION

“BEST”:Fastest / most responsiveUpCheapest… any biz objective, really

(of course, there’s more to “traffic management”)TRAFFIC MANAGEMENT

DATA DRIVEN DNS @nsoneinc

Page 7: Surge 2014 - Kris Beevers - Data Driven DNS

DNS IS BORING.

DATA DRIVEN DNS @nsoneinc

Page 8: Surge 2014 - Kris Beevers - Data Driven DNS

DNS IS BORING.

DATA DRIVEN DNS @nsoneinc

Page 9: Surge 2014 - Kris Beevers - Data Driven DNS

DNS IS BORING.

BUT

DISTRIBUTED APPLICATIONS ARE EASIER THAN EVER.(traffic management is more important than ever)

DATA DRIVEN DNS @nsoneinc

Page 10: Surge 2014 - Kris Beevers - Data Driven DNS

DNS IS BORING.

BUT

DISTRIBUTED APPLICATIONS ARE EASIER THAN EVER.(traffic management is more important than ever)

SO

DNS IS KIND OF EXCITING AGAIN. YAY.(because dns lookup is a decent time to make traffic management decisions)

DATA DRIVEN DNS @nsoneinc

Page 11: Surge 2014 - Kris Beevers - Data Driven DNS

WHY IS DNS LOOKUP A GOOD TIME TODO TRAFFIC MANAGEMENT?

DATA DRIVEN DNS @nsoneinc

Page 12: Surge 2014 - Kris Beevers - Data Driven DNS

WHY IS DNS LOOKUP A GOOD TIME TODO TRAFFIC MANAGEMENT?

DATA DRIVEN DNS @nsoneinc

1. APP ENTRYPOINT

Page 13: Surge 2014 - Kris Beevers - Data Driven DNS

WHY IS DNS LOOKUP A GOOD TIME TODO TRAFFIC MANAGEMENT?

1. APP ENTRYPOINT2. REALTIME STATE

Your systems The network Etc.

DATA DRIVEN DNS @nsoneinc

Page 14: Surge 2014 - Kris Beevers - Data Driven DNS

WHY IS DNS LOOKUP A GOOD TIME TODO TRAFFIC MANAGEMENT?

1. APP ENTRYPOINT2. REALTIME STATE3. HIGH FREQUENCY

Get to make “decisions” often

Can have impact faster than TTL in some key scenarios (load shedding)

DATA DRIVEN DNS @nsoneinc

Page 15: Surge 2014 - Kris Beevers - Data Driven DNS

WHY IS DNS LOOKUP A GOOD TIME TODO TRAFFIC MANAGEMENT?

1. APP ENTRYPOINT2. REALTIME STATE3. HIGH FREQUENCY4. GRANULAR

Per resolver Or per /24 (edns-client-subnet)

DATA DRIVEN DNS @nsoneinc

Page 16: Surge 2014 - Kris Beevers - Data Driven DNS

WHY IS DNS LOOKUP A GOOD TIME TODO TRAFFIC MANAGEMENT?

1. APP ENTRYPOINT2. REALTIME STATE3. HIGH FREQUENCY4. GRANULAR5. LOW LATENCY

Anycasting: decisions at the edge Caching: reuse decisions

DATA DRIVEN DNS @nsoneinc

Page 17: Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVEN DNS @nsoneinc

Page 18: Surge 2014 - Kris Beevers - Data Driven DNS

TRADITIONALDNS STATE

DATA DRIVEN DNS @nsoneinc

Page 19: Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVEN DNS @nsoneinc

WHAT DOES IT MEAN TO DODATA DRIVEN TRAFFIC MANAGEMENT?

Page 20: Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVEN DNS @nsoneinc

UNDERSTAND WHAT WE’RETRYING TO OPTIMIZE

Page 21: Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVEN DNS @nsoneinc

UNDERSTAND WHAT WE’RETRYING TO OPTIMIZE

response timesthroughputinfrastructure loadcost…

Page 22: Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVEN DNS @nsoneinc

UNDERSTAND WHAT WE’RETRYING TO OPTIMIZE

response timesthroughputinfrastructure loadcost…

MAKE ROUTING DECISIONS USINGFIRST ORDER INFORMATION

Page 23: Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVEN DNS @nsoneinc

UNDERSTAND WHAT WE’RETRYING TO OPTIMIZE

response timesthroughputinfrastructure loadcost…

MAKE ROUTING DECISIONS USINGFIRST ORDER INFORMATION

eyeball metricsapplication load metrics$/usage metricsaccurate geo/network/resolver data...

Page 24: Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVENDNS STATE

CONFIGURATIONSTATIC & DYNAMIC

LIVE METRICSDATA FEEDS

DATA DRIVEN DNS @nsoneinc

Page 25: Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVEN DNS @nsoneinc

WHAT DOES THIS LOOK LIKE IN PRACTICE?

Page 26: Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVEN DNS @nsoneinc

APP

DATASOURCES

application metricsperfload...

Page 27: Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVEN DNS @nsoneinc

APP

MONITORING

DATASOURCES

server, system, networkupnessperf/QoS...

Page 28: Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVEN DNS @nsoneinc

APP

MONITORING

TOOLS

DATASOURCES

portals/manualbiz logic/automation...

Page 29: Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVEN DNS @nsoneinc

APP

MONITORING

TOOLS

GATHERERS

DATASOURCES

routing/network metricsgeoip intelligenceresolver modeling & intelligenceeyeball metrics / RUM...

Page 30: Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVEN DNS @nsoneinc

APP

MONITORING

TOOLS

GATHERERS

INGEST

DATASOURCES

Page 31: Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVEN DNS @nsoneinc

APP

MONITORING

TOOLS

GATHERERS

INGEST

COMPILECLASSIFY

NORMALIZEAGGREGATE

...

DATASOURCES

Page 32: Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVEN DNS @nsoneinc

APP

MONITORING

TOOLS

GATHERERS

INGEST PUBLISH

COMPILECLASSIFY

NORMALIZEAGGREGATE

...

DNSEDGES

DATASOURCES

Page 33: Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVEN DNS @nsoneinc

APP

MONITORING

TOOLS

GATHERERS

INGEST PUBLISH

COMPILECLASSIFY

NORMALIZEAGGREGATE

...

DNSEDGES

QUERIES

DATASOURCES

Page 34: Surge 2014 - Kris Beevers - Data Driven DNS

TRAFFIC MANAGEMENT PATTERNS

DATA DRIVEN DNS @nsoneinc

Page 35: Surge 2014 - Kris Beevers - Data Driven DNS

TRAFFIC MANAGEMENT PATTERNS

DATA DRIVEN DNS @nsoneinc

GEO

Page 36: Surge 2014 - Kris Beevers - Data Driven DNS

TRAFFIC MANAGEMENT PATTERNS

DATA DRIVEN DNS @nsoneinc

GEO

TARGETING + FENCING

Page 37: Surge 2014 - Kris Beevers - Data Driven DNS

TRAFFIC MANAGEMENT PATTERNS

DATA DRIVEN DNS @nsoneinc

GEO +WEIGHTING

Page 38: Surge 2014 - Kris Beevers - Data Driven DNS

TRAFFIC MANAGEMENT PATTERNS

DATA DRIVEN DNS @nsoneinc

GEO +WEIGHTING +STICKINESS

Page 39: Surge 2014 - Kris Beevers - Data Driven DNS

TRAFFIC MANAGEMENT PATTERNS

DATA DRIVEN DNS @nsoneinc

GEO +WEIGHTING +STICKINESS +FAILOVER

Page 40: Surge 2014 - Kris Beevers - Data Driven DNS

TRAFFIC MANAGEMENT PATTERNS

DATA DRIVEN DNS @nsoneinc

GEO +WEIGHTING +STICKINESS +FAILOVER

CAN’T LOSE A SINGLE REQUEST?

ANYCAST.

Page 41: Surge 2014 - Kris Beevers - Data Driven DNS

TRAFFIC MANAGEMENT PATTERNS

DATA DRIVEN DNS @nsoneinc

GEO +WEIGHTING +STICKINESS +FAILOVER +LOAD SHEDDING

Page 42: Surge 2014 - Kris Beevers - Data Driven DNS

TRAFFIC MANAGEMENT PATTERNS

DATA DRIVEN DNS @nsoneinc

GEO +WEIGHTING +STICKINESS +FAILOVER +LOAD SHEDDING

COMMIT MANAGEMENTIP PREFIX FENCINGASN FENCINGPRIORITIZATIONRANDOMIZATION...

Page 43: Surge 2014 - Kris Beevers - Data Driven DNS

TRAFFIC MANAGEMENT PATTERNS

DATA DRIVEN DNS @nsoneinc

GEO +WEIGHTING +STICKINESS +FAILOVER +LOAD SHEDDING

COMMIT MANAGEMENTIP PREFIX FENCINGASN FENCINGPRIORITIZATIONRANDOMIZATION…

STATIC CONFIG +INFRASTRUCTURE INTELLIGENCE

Page 44: Surge 2014 - Kris Beevers - Data Driven DNS

TRAFFIC MANAGEMENT PATTERNS

DATA DRIVEN DNS @nsoneinc

METRICS ROUTING +WEIGHTING +STICKINESS +FAILOVER +LOAD SHEDDING

COMMIT MANAGEMENTIP PREFIX FENCINGASN FENCINGPRIORITIZATIONRANDOMIZATION…

STATIC CONFIG +INFRASTRUCTURE INTELLIGENCE +EYEBALL INTELLIGENCE

Page 45: Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVEN DNS @nsoneinc

Page 46: Surge 2014 - Kris Beevers - Data Driven DNS

WHAT MATTERS MORE IN DYNAMIC DNS?HOW FAST YOU SPIT OUT AN ANSWER?

OR THAT IT’S THE RIGHT ANSWER?

DATA DRIVEN DNS @nsoneinc

Page 47: Surge 2014 - Kris Beevers - Data Driven DNS

WHAT MATTERS MORE IN DYNAMIC DNS?HOW FAST YOU SPIT OUT AN ANSWER?

OR THAT IT’S THE RIGHT ANSWER?

90-98% OF DNS QUERIES AREANSWERED FROM CACHE

(for high volume records)

DATA DRIVEN DNS @nsoneinc

Page 48: Surge 2014 - Kris Beevers - Data Driven DNS

WHAT MATTERS MORE IN DYNAMIC DNS?HOW FAST YOU SPIT OUT AN ANSWER?

OR THAT IT’S THE RIGHT ANSWER?

90-98% OF DNS QUERIES AREANSWERED FROM CACHE

(for high volume records)

YOU’D BETTER MAKE SURE THE

RIGHT ANSWER IS CACHED

DATA DRIVEN DNS @nsoneinc

Page 49: Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVEN DNS @nsoneinc

ANYCASTING: More POPs is better, right?

40+

50+

?

<1010+15+

30+15+20+

Page 50: Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVEN DNS @nsoneinc

EDNS-CLIENT-SUBNET

Page 51: Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVEN DNS @nsoneinc

EDNS-CLIENT-SUBNETA.B.C.D: (xyz.com?) -> 8.8.8.8: (xyz.com? + A.B.C.0/24) -> dns3.p07.nsone.net

Page 52: Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVEN DNS @nsoneinc

EDNS-CLIENT-SUBNETA.B.C.D: (xyz.com?) -> 8.8.8.8: (xyz.com? + A.B.C.0/24) -> dns3.p07.nsone.net

Page 53: Surge 2014 - Kris Beevers - Data Driven DNS

THANK YOU!

Kris Beevers

[email protected]@nsoneinc

Page 54: Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVEN DNS @nsoneinc

WHERE ARE THE RESOLVERS?24h, sample ~0.5% NSONE queries CC /32s >10Q

US 95k 12k

BR 9k 1.3k

GB 7k 900

RU 6k 1.4k

JP 6k 800

CA 6k 800

DE 5k 600

CN 3k 700

AU 3k 400


Kris johnson

Kris johnson

Configuring DNS · Example: Configuring DNS Spoofing Inthefollowingexample,thedeviceisconfiguredtospoofrepliestoanyDNSqueries: ip dns server ip dns spoofing no ip domain lookup

Configuring DNS · Example: Configuring DNS Spoofing Inthefollowingexample,thedeviceisconfiguredtospoofrepliestoanyDNSqueries: ip dns server ip dns spoofing no ip domain lookup

Kris coupon

Kris coupon

Monitor Windows DNS Server using DNS Analytics … · Monitor Windows DNS Server using DNS Analytics (Preview) ... analyzes and correlates Windows DNS analytic and audit logs and

Monitor Windows DNS Server using DNS Analytics … · Monitor Windows DNS Server using DNS Analytics (Preview) ... analyzes and correlates Windows DNS analytic and audit logs and

KRIS VALLOTTON

KRIS VALLOTTON

Domain Name System. CONTENTS Definitions. DNS Naming Structure. DNS Components. How DNS Servers work. DNS Organizations. Summary.

Domain Name System. CONTENTS Definitions. DNS Naming Structure. DNS Components. How DNS Servers work. DNS Organizations. Summary.

STRENTHENING YOUR EXTERNAL DNS External DNS Overview DNS Background Strengthening External DNS with Anycast Example of an Anycast DNS Service.

STRENTHENING YOUR EXTERNAL DNS External DNS Overview DNS Background Strengthening External DNS with Anycast Example of an Anycast DNS Service.

Constellation: automated discovery of service and host ......DHCP MOM DNS DNS KERBEROS LDAP HTTP SMB LDAP MOM DNS DNS DNS DNS Figure 1: Small fragment of a constellation depicting

Constellation: automated discovery of service and host ......DHCP MOM DNS DNS KERBEROS LDAP HTTP SMB LDAP MOM DNS DNS DNS DNS Figure 1: Small fragment of a constellation depicting

MAPPING WITH LIMITED SENSING - Kris Beeverscs.krisbeevers.com/thesis/krb_phd_thesis.pdfMAPPING WITH LIMITED SENSING By Kristopher R. Beevers A Thesis Submitted to the Graduate Faculty

MAPPING WITH LIMITED SENSING - Kris Beeverscs.krisbeevers.com/thesis/krb_phd_thesis.pdfMAPPING WITH LIMITED SENSING By Kristopher R. Beevers A Thesis Submitted to the Graduate Faculty

David Nicholson and Kim Beevers - Mercy Corps · David Nicholson and Kim Beevers Market Analysis for Household Solar Products in ... the Mercy Corps team has decided to actively work

David Nicholson and Kim Beevers - Mercy Corps · David Nicholson and Kim Beevers Market Analysis for Household Solar Products in ... the Mercy Corps team has decided to actively work

DNS New World Order: QuadX! DoH! DoT! Da Fuq? · Domain Name System (DNS) in general & new encrypted DNS methods like DNS over HTTPS (DoH), DNS over TLS (DoT). ... DNS comes great

DNS New World Order: QuadX! DoH! DoT! Da Fuq? · Domain Name System (DNS) in general & new encrypted DNS methods like DNS over HTTPS (DoH), DNS over TLS (DoT). ... DNS comes great

Passive DNS Hardening - Farsight Security...Introduction DNS Security Issues Passive DNS hardening DNSDB DNS Passive DNS ISC SIE Passive DNS I Passive DNS replicationis a technology

Passive DNS Hardening - Farsight Security...Introduction DNS Security Issues Passive DNS hardening DNSDB DNS Passive DNS ISC SIE Passive DNS I Passive DNS replicationis a technology

Kris Nygaard

Kris Nygaard

Kris & Harrison

Kris & Harrison

Kris Viscom

Kris Viscom

Loving the brand - Richard Beevers

Loving the brand - Richard Beevers

Kris Beal, kris@vineyardteam.org  · Kris Beal, M.S. kris@vineyardteam.org 1 of 14 Item No. 10 Presentation September 22-23, 2016 Vineyard Team Presentation

Kris Beal, [email protected]  · Kris Beal, M.S. [email protected] 1 of 14 Item No. 10 Presentation September 22-23, 2016 Vineyard Team Presentation

Facebook Kris Kristofferson is on tour WallPhotosFlairBoxesKris KristoffersonLogout View photos of Kris(5) Send Kris a message Poke Kris Wall InfoPhotosBoxes.

Facebook Kris Kristofferson is on tour WallPhotosFlairBoxesKris KristoffersonLogout View photos of Kris(5) Send Kris a message Poke Kris Wall InfoPhotosBoxes.

. Featuring Julian Beevers Pavement Drawings.

. Featuring Julian Beevers Pavement Drawings.

DNS for Dummies Ebook Amazon | DNS

DNS for Dummies Ebook Amazon | DNS