Dyn.com | @dyninc
DNS 102: Managing Traffic with DynECT Managed DNS Advanced Services
Tom Daly Chief Scien5st, Dyn Labs [email protected] | @tomdyninc
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
Agenda • Welcome and Introduc5on
• Quick Review: DNS Basics
• DNS and HTTP Interac5on
• DynECT Managed DNS Advanced Services
• Traffic Op5miza5on
• Q&A
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
Webinar Panel • Tom Daly, @DynInc
– Chief Scien5st – Previously CTO at Dyn – Working with DNS, Email, and BGP rou5ng for over 10 years.
• Mark Mayo, @Mozilla – Principal Engineer – Previously CTO at Joyent – Dyn customer, twice.
Quick Review: DNS Basics
hWp://www.poslovnipuls.com/wp-‐content/uploads/2011/05/sta5s5ka_v.jpg
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
The Domain Name System (DNS) • Fundamentally, the DNS is a mul5-‐level database distributed throughout the world.
• DNS maps domain names to network resources, such as the IP address of a web server, FTP server, or e-‐mail server.
• This is accomplished through a variety of DNS record types. Record types give you the hint about the type of remote server you’re contac5ng.
Working Together: The Lifecycle of a DNS Request
<root>
server1.www.dyn.com.
204.13.248.106
.com
dyn.com
Root DNS Servers
.com Servers
dyn.com Servers
Recursive DNS
DNS and HTTP InteracTon
hWp://www.flickr.com/photos/maW_gibson/2559703930/sizes/o/in/photostream/
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
DNS and HTTP Working Together • Client computers make DNS requests to find the IP addresses of HTTP web servers.
• DNS requests are sent to the ISP Recursive DNS server.
• DNS requests are resolved via the site’s authorita5ve DNS servers.
• Client receives the web server IP address and ini5ates and HTTP connect.
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
DNS and HTTP InteracTon
Primary Web Server (192.168.54.87)
ISP DNS
Home User DynECT DNS Server
HTTP Connec5on to 192.168.54.87
DNS Query for www.catblog.com returns with 192.168.54.87
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
Traffic Management with DNS • Fundamentally, managing traffic with DNS means changing DNS responses on the fly.
• This means we need lower TTLs.
• We need intelligence in the Authorita5ve DNS to hand out the right IP address.
• Add in Health and Performance Monitoring for more advanced intelligence services.
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
DNS-‐Based Traffic Management
Primary Web Server (192.168.54.87)
ISP DNS
Home User DynECT DNS Server
HTTP Connec5on to 192.168.54.87
DNS Query for www.catblog.com returns with 192.168.54.87
Hrm? Can I do something smart with this client?
Secondary Web Server (192.168.55.42)
DynECT Advanced Services and Mozilla Usage
hWp://www.flickr.com/photos/nhuisman/3168683736/sizes/l/in/photostream/
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
Scenarios for Mozilla • Ac5ve Failover: Used to enact server to server or site to site disaster recovery.
• Traffic Management: DNS-‐based cloud load balancing for applica5ons and highly available system.
• Real-‐Time Traffic Management: Performance monitored and triggered traffic distribu5on.
• Geo Traffic Management: Advanced targe5ng per state (US), province (CA), or country (world).
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
DynECT AcTve Failover • Goal: In case of a failure of Mozilla’s primary server, ac5vate disaster recovery to a backup server.
• Steps: – #1: Customer provides IP / FQDN of primary and backup Servers.
– #2: Health Checks are performed against the primary server. – #3: If the primary server is unavailable, we return the IP / CNAME’d FQDN of the backup server.
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
AcTve Failover: Normal State
Primary Web Server (192.168.54.87)
Backup Web Server (192.168.89.45)
ISP DNS
Home User DynECT DNS w/ Ac5ve Failover
HTTP Connec5on to 192.168.54.87
DNS Query for mozilla.org returns with 192.168.54.87
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
AcTve Failover: Monitoring
Primary Web Server (192.168.54.87)
Backup Web Server (192.168.89.45)
ISP DNS
Home User DynECT DNS w/ Ac5ve Failover
HTTP Health Check to HTTP Server
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
AcTve Failover: Failover State
Primary Web Server (192.168.54.87)
Backup Web Server (192.168.89.45)
ISP DNS
Home User DynECT DNS w/ Ac5ve Failover
HTTP Connec5on to 192.168.89.45
DNS Query for mozilla.org returns with 192.168.89.45
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
DynECT Traffic Management • Goal: Distribute web traffic to mul5ple web servers
• Steps: – #1: Customer provides IP / FQDN of all servers. – #2: Declare per region mappings to des5na5on servers – #2: Health Checks are performed against the servers. – #3: Configure rules for global or regional traffic distribu5on. – #4: Use health checks to determine servers available to take traffic.
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
! !
!"#$%"&'$(!)%"*+,-.#(/#"$"*(
#"0)1(
2)(/3#2'%,(
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
! !
!"##$%!&'&()**+&*+&",'$-&*.%")/0$(
!"#$%&#'(!#%)
(12-$3&4"5
!"#$%&&(12-$3&4"5
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
! !
!"#$%&'($&$!"#$%&'!()(%*%$($)*"+$!"#*
,*"'-.(*$/%&/$!"#$+,$$!"#*$(+&-0$&..*(11
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
! !
<head><script src=”https://login.persona.org/include.js”></script></head>
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
*.login.persona.org =
Fallback IDP
It’s how to bootstrap BID into the web
(so it can’t go down!)
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
Persona: Globally Distributed
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
Persona Traffic Management • Mozilla datacenters in Santa Clara, Phoenix, Amsterdam.
• Soon: Brazil, APAC • N+1 redundancy; all sites carry live traffic (“failover” is for suckers).
• Rolling upgrades (compat with v-‐1) within a DC
• Stop the world (schema) changes via TM one DC at a 5me
• Feature releases + TM == happy
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
Actually, pre`y easy!
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
Health Checks
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
Health Checks • Smaller endpoint-‐specific checks within the DC
• == LBs doing the majority of the checks frequently
• “Expensive” single large health check rollup for each site
• TM makes DC level decisions
• Currently use external services to monitor content checksums, latency (not RTTM).
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
Traffic Management: Normal State
Web Server #1 (192.168.54.87)
Web Server #2 (192.168.89.45)
ISP DNS
Home User DynECT DNS w/ Traffic Management
HTTP Connec5on to 192.168.54.87
DNS Query for *.login.persona.org returns with 192.168.54.87 and 192.168.89.45
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
Traffic Management: Next ConnecTon
Web Server #1 (192.168.54.87)
Web Server #2 (192.168.89.45)
ISP DNS
Home User DynECT DNS w/ Traffic Management
HTTP Connec5on to 192.168.89.45
DNS Query for *.login.persona.org returns with 192.168.54.87 and 192.168.89.45
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
Traffic Management: GeolocaTon
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
Traffic Management: WeighTng
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
Traffic Management: Serve Count
Web Server #1 (192.168.54.87)
Web Server #2 (192.168.89.45)
Home User
Web Server #3 (192.168.89.46)
Web Server #4 (192.168.89.47)
ISP DNS
DynECT returns 1, 2, 3, or 4 A records at a 5me.
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
DynECT Real Time Traffic Management • Goal: Distribute web traffic to mul5ple web servers, based upon network and applica5on latency.
• Steps: – #1: Customer provides IP / FQDN of all servers. – #2: Declare PREFERRED region mappings to servers – #3: Health Checks are performed against the servers. – #4: Performance probes are launched from EVERY Dyn monitoring site.
– #5: Send traffic to the fastest responding servers in the region.
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
verifier.login.persona.org
Real Time TM
Compute Bound; Scale into AWS/GCE
Using the RTTM APIs to bring up compute on the fly
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
RTTM: Measurement
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
RTTM: ComputaTon
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
RTTM: RouTng
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
DynECT Geo Traffic Management • Goal: Distribute web traffic to mul5ple web servers, based upon state (US), province (CA), or country (world) proximity.
• Steps: – #1: Customer provides IP / FQDN of all servers. – #2: Declare state, province, or country mappings to servers – #3: Health Checks are performed against the servers. – #4: Send traffic to servers based upon loca5on of the user’s ISP recursive DNS server.
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
addons.mozilla.org
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
addons.mozilla.org • Single datacenter • Peak ~10,000 req/sec; Low ~5000 req/sec • > 10GBit/sec • Mul5ple HA LB clusters
• Traffic Management for balancing across LB clusters
• Allows for cluster-‐by-‐cluster maintenance
• Leans heavily on caching, CDNs • Geo!
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
Geo Traffic Management: Targefng
OpTmizaTon
hWp://www.flickr.com/photos/kryptos5/3281740790/sizes/z/in/photostream/
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
Minimize DNS Round Trips • Most DNS-‐based load balancing systems rely on mul5ple DNS round trips: – Delegate a subdomain to the GSLB system. – Set up a CNAME to an external system.
• More round trips means more lookup latency, more entries to cache, more configura5on to manage.
• DynECT uniquely combines Managed DNS and Traffic Management in a single plazorm, a single query response every 5me.
DNS 102: DNS Advanced Services Tom Daly @tomdyninc Dyn.com | @dyninc
Minimize DNS Latency • IP Anycast: A globally distributed IP Anycast network of 17 worldwide Points of Presence (POPs).
• Customers are given 4 nameservers to delegate to: – 4 discrete anycast IP prefixes – 6 worldwide backbone providers
– Nearly 70 independent network paths.
• Queries are answered by geographically local sites
A Proven Track Record
Dedicated Team of DNS Experts
Dyn.com | @dyninc
Stay Tuned! Learn More!
DNS 103: Performance OpTmizaTon and Security
November 14th @ 02:00pm Eastern Time
Thanks for listening!
Dyn.com | @dyninc
Thank You!
Hit us on TwiWer:
@tomdyninc
@mmayo
Thanks for listening!