Surge 2014 - Kris Beevers - Data Driven DNS

DATA DRIVEN DNSTraffic Management for Distributed Applications

Kris Beevers@beevek

TRAFFIC MANAGEMENT

DATA DRIVEN DNS @nsoneinc

MULTIPLE OPTIONS FOR SERVICING A USER:2 or more servers... datacenters... CDNs

TRAFFIC MANAGEMENT

GOAL: SEND USER TO THE “BEST” OPTION

TRAFFIC MANAGEMENT

“BEST”:Fastest / most responsiveUpCheapest… any biz objective, really

TRAFFIC MANAGEMENT

“BEST”:Fastest / most responsiveUpCheapest… any biz objective, really

(of course, there’s more to “traffic management”)TRAFFIC MANAGEMENT

DNS IS BORING.

DISTRIBUTED APPLICATIONS ARE EASIER THAN EVER.(traffic management is more important than ever)

DNS IS BORING.

DISTRIBUTED APPLICATIONS ARE EASIER THAN EVER.(traffic management is more important than ever)

DNS IS KIND OF EXCITING AGAIN. YAY.(because dns lookup is a decent time to make traffic management decisions)

WHY IS DNS LOOKUP A GOOD TIME TODO TRAFFIC MANAGEMENT?

1. APP ENTRYPOINT

1. APP ENTRYPOINT2. REALTIME STATE

Your systems The network Etc.

1. APP ENTRYPOINT2. REALTIME STATE3. HIGH FREQUENCY

Get to make “decisions” often

Can have impact faster than TTL in some key scenarios (load shedding)

1. APP ENTRYPOINT2. REALTIME STATE3. HIGH FREQUENCY4. GRANULAR

Per resolver Or per /24 (edns-client-subnet)

1. APP ENTRYPOINT2. REALTIME STATE3. HIGH FREQUENCY4. GRANULAR5. LOW LATENCY

Anycasting: decisions at the edge Caching: reuse decisions

TRADITIONALDNS STATE

WHAT DOES IT MEAN TO DODATA DRIVEN TRAFFIC MANAGEMENT?

UNDERSTAND WHAT WE’RETRYING TO OPTIMIZE

response timesthroughputinfrastructure loadcost…

MAKE ROUTING DECISIONS USINGFIRST ORDER INFORMATION

eyeball metricsapplication load metrics$/usage metricsaccurate geo/network/resolver data...

DATA DRIVENDNS STATE

CONFIGURATIONSTATIC & DYNAMIC

LIVE METRICSDATA FEEDS

WHAT DOES THIS LOOK LIKE IN PRACTICE?

DATASOURCES

application metricsperfload...

MONITORING

DATASOURCES

server, system, networkupnessperf/QoS...

MONITORING

DATASOURCES

portals/manualbiz logic/automation...

MONITORING

GATHERERS

DATASOURCES

routing/network metricsgeoip intelligenceresolver modeling & intelligenceeyeball metrics / RUM...

MONITORING

GATHERERS

INGEST

DATASOURCES

MONITORING

GATHERERS

INGEST

COMPILECLASSIFY

NORMALIZEAGGREGATE

DATASOURCES

MONITORING

GATHERERS

INGEST PUBLISH

COMPILECLASSIFY

NORMALIZEAGGREGATE

DNSEDGES

DATASOURCES

MONITORING

GATHERERS

INGEST PUBLISH

COMPILECLASSIFY

NORMALIZEAGGREGATE

DNSEDGES

QUERIES

DATASOURCES

TRAFFIC MANAGEMENT PATTERNS

TARGETING + FENCING

GEO +WEIGHTING

GEO +WEIGHTING +STICKINESS

GEO +WEIGHTING +STICKINESS +FAILOVER

CAN’T LOSE A SINGLE REQUEST?

ANYCAST.

GEO +WEIGHTING +STICKINESS +FAILOVER +LOAD SHEDDING

COMMIT MANAGEMENTIP PREFIX FENCINGASN FENCINGPRIORITIZATIONRANDOMIZATION...

COMMIT MANAGEMENTIP PREFIX FENCINGASN FENCINGPRIORITIZATIONRANDOMIZATION…

STATIC CONFIG +INFRASTRUCTURE INTELLIGENCE

METRICS ROUTING +WEIGHTING +STICKINESS +FAILOVER +LOAD SHEDDING

COMMIT MANAGEMENTIP PREFIX FENCINGASN FENCINGPRIORITIZATIONRANDOMIZATION…

STATIC CONFIG +INFRASTRUCTURE INTELLIGENCE +EYEBALL INTELLIGENCE

WHAT MATTERS MORE IN DYNAMIC DNS?HOW FAST YOU SPIT OUT AN ANSWER?

OR THAT IT’S THE RIGHT ANSWER?

90-98% OF DNS QUERIES AREANSWERED FROM CACHE

(for high volume records)

90-98% OF DNS QUERIES AREANSWERED FROM CACHE

(for high volume records)

YOU’D BETTER MAKE SURE THE

RIGHT ANSWER IS CACHED

ANYCASTING: More POPs is better, right?

<1010+15+

30+15+20+

EDNS-CLIENT-SUBNET

EDNS-CLIENT-SUBNETA.B.C.D: (xyz.com?) -> 8.8.8.8: (xyz.com? + A.B.C.0/24) -> dns3.p07.nsone.net

THANK YOU!

Kris Beevers

kbeevers@nsone.net@nsoneinc

WHERE ARE THE RESOLVERS?24h, sample ~0.5% NSONE queries CC /32s >10Q

US 95k 12k

BR 9k 1.3k

GB 7k 900

RU 6k 1.4k

JP 6k 800

CA 6k 800

DE 5k 600

CN 3k 700

AU 3k 400

Surge 2014 - Kris Beevers - Data Driven DNS

Technology

Kris & Harrison

DNS Cache y DNS Zonas_Dquintero

DNS. Sommario Introduzione al DNS Introduzione al DNS La terminologia del DNS La terminologia del DNS Nomi DNS in un dominio Windows 2003 Nomi DNS in

Passive DNS Hardening - Farsight Security...Introduction DNS Security Issues Passive DNS hardening DNSDB DNS Passive DNS ISC SIE Passive DNS I Passive DNS replicationis a technology

STRENTHENING YOUR EXTERNAL DNS External DNS Overview DNS Background Strengthening External DNS with Anycast Example of an Anycast DNS Service

The moon and the earth By nick BEEVERs

dns-Drechselkurse - Drechselstube Neckarsteinach · dns-Einsteigerkurs dns-Fortgeschrittenenkurs dns-Themenkurse dns-Profikurse dns-Betriebseventkurs Anmeldung / Anfahrt / Übenrachtung

Beevers Mapping With Limited Sensing

DNS Session 2: DNS cache operation and DNS debugging

RIPE76 DNS Privacy measurements · DNS WG @ RIPE76 DNS Privacy Measurements Latest Measurements on DNS Privacy Sinodun ... Unbound . DNS WG @ RIPE76 DNS Privacy Measurements Test

Kris Viscom

Kris Beal, kris@vineyardteam.org · 2016-10-05 · Kris Beal, M.S. kris@vineyardteam.org 1 of 14 Item No. 10 Presentation September 22-23, 2016 Vineyard Team Presentation

Webinar DNS 1550 DNS 1100

MAPPING WITH LIMITED SENSING - Kris Beeverscs.krisbeevers.com/thesis/krb_phd_thesis.pdfMAPPING WITH LIMITED SENSING By Kristopher R. Beevers A Thesis Submitted to the Graduate Faculty

Kris Nygaard

DNS DNS overview DNS operation DNS zones. DNS Overview Name to IP address lookup service based on Domain Names Some DNS servers hold name and address

Kris coupon

Windows Server 2008 R2 IPv6 的 DNS 及 IIS 設定 · DNS f6e5d4 (SOA) IPv6 (AAAA) 17 CTR) DNS DNS w1N2008 imntcedll im_ntc _ ed u _ tv im.ntc.edn.tv DNS DNS DNS w1N2008 imntcedll

dns ile alakalı diyer kelimeler · dns failover 1300 0,36 17,75 euro dns 720 0,05 6,03 dns management 1300 0,5 7,92 dns registration 720 0,89 27,22 dns blacklist 1600 0,11 2,69 dns

DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai