SlideShare uma empresa Scribd logo

OpenDNS Whitepaper: Platform Technology

Courtland Smith
Courtland Smith

Overview of the technology that behind OpenDNS, the largest Internet-wide security network.

Tecnologia
1 de 3
Baixar para ler offline
DELIVERY PLATFORM AND TECHNOLOGY OVERVIEW OpenDNS Enterprise Secures Internet Connections with 100% Uptime Our global security network, Anycast routing and SmartCache™ technologies deliver a simpler, faster and more reliable Internet experience without requiring you to change your network topology. Let’s face it, if there were no security and compliance However, even if we lived in a threat-free world, you threats to protect users and devices from, you wouldn’t still would deal with the inherent complexity and complicate and risk your network infrastructure by inconsistency of several, less-than-100%-reliable installing countless network devices (e.g. firewalls, in-line recursive DNS services provided by your ISPs. This filters, proxies). You would deploy the minimum number of common situation impacts organizations that use switches and routers between your devices and the redundant Internet pipes with more than one ISP or Internet. Traffic would flow at the maximum speed and have multiple network locations with different ISPs. throughput provided by your ISPs (Internet Service OpenDNS addresses both these problems, while Providers), and there would be no additional points of securing every Internet connection, by eliminating failure (or complication) to manage and maintain daily. the common requirement to add network devices or You would be happy, and your end users would be happy. in any way change your network topology, and Regrettably, the risk of data loss, identity theft, simultaneously consolidating all these disparate inappropriate or malicious resource consumption, brand recursive DNS services into one ultra-reliable global damage, etc. is great enough to justify adding network DNS service with the same two consistent IP infrastructure risks and investing your time. addresses (208.67.222.222 and 208.67.220.220). Connected at Internet’s Core Fabric for a Faster, More Global Service The Internet is often referred to as a “Network of networks and OpenDNS’s services, as well as Networks”, as it consists of over 5,000 ISPs between authoritative DNS servers and OpenDNS’s interconnected with one another in a sparsely meshed services. More geographic isolation between IXPs, fabric. The core of the Internet’s fabric is created using translates to fewer issues in one region spilling over peering agreements at IXPs (Internet Exchange Points), and impacting another (e.g. disaster at datacenter, which allow first-tier ISPs or other service providers like large-scale OpenDNS to exchange traffic bound for one another’s routing customers. Millions of business networks and billions of errors). home networks are connected via transit agreements for DIA (direct Internet access) from each ISP’s PoP (points of presence). Transit agreements are also used to connect OpenDNS to first-tier ISPs and first-tier ISPs to smaller ISPs, commonly at the Internet’s edges. OpenDNS selects strategic IXPs to connect our PoPs to the Internet’s core using two criteria – Internet connectivity and geography. More peering and transit agreements established with ISPs at a IXP, translates to fewer connection hops and latency incurred between the customer’s For more information please visit: www.opendns.com or call 877-811-2367
Many regional second- or third-tier ISPs that business available everywhere today, there are further plans to or home networks receive DIA from have no peering increase usage in Asia-Pacific and South America. agreements at IXPs or geographic dispersion making their DNS services susceptible to greater latency to retrieve DNS responses or outages, respectfully. OpenDNS currently has selected 12 PoPs, which interconnect with the number one, two and three most well-connected IXPs globally, and in particular in the Americas, Europe and Asia-Pacific. While OpenDNS is “All Roads Lead to Rome” for a Faster, Simpler Internet Experience Most local network setups or global services use pair of IP addresses. Such as configuring DHCP servers traditional Unicast routing, for which each server at and creating, backing up or cloning hard disk or virtual each location advertises a unique IP address. In machine images used anywhere, at any time. The regards to an ISP’s DNS service, it would mean that benefit to your end users is faster connections to the every recursive DNS resolver is assigned a different IP Internet. OpenDNS blends Anycast’s fewest-hop routing address. Some services may offer a single IP address logic to ensure your DNS queries go to the nearest PoP, per PoP even if it consists of hundreds of servers, which and our proprietary network topology using two is commonly implemented by load-balancers deployed overlapping global Anycast “clouds” with different at each location, but this has the same drawbacks of routing policies to enable your stub DNS resolvers to Unicast routing. Anycast routing enables multiple pick the lowest-latency route. servers at multiple locations to advertise the same IP address globally, not per location, and without load balancers adding more latency and risk of failure. In regards to OpenDNS’s DNS service, it enables our global PoPs consisting of 1000s of identical recursive DNS resolvers to advertise the same IP address pair. OpenDNS absorbs the time, cost and complexity to setup our true Anycasted security network. It requires that we maintain our own hardware, a large IP address space, direct relationships with your upstream ISPs, and sophisticated network routing policies. The benefit to you is that it is much simpler to setup every network device by using the same  
Self-Healing Routes Lead to a More Reliable Internet Experience Rather than crude round-robin methods or physical load balancers, Anycast uses load- balanced routing logic, which is invisible to individual servers or entire PoPs. If a server or entire PoP is taken offline for maintenance, disasters, failures or attacks, it ceases to advertise its shared IP address and upstream as other layer-3 network devices will transparently re-route global services the traffic. So when you send a DNS query to claiming 99.999% up- OpenDNS, it will always return a response from the time SLAs (service level quickest, closest available DNS resolver! This agreements) so often do. It’s that eliminates you ever needing to make changes because reliable and why we can truly claim that we are conducting maintenance on servers closest to we’ve had 100% uptime since we launched our your network locations or we experience a major failure, services in 2006. SmartCache Leads to a Even Faster and Smarter Internet Experience OpenDNS receives billions of DNS queries daily from Many authoritative DNS outages, attacks or failures almost 2% of the Internet’s users and their devices. have impacted business-critical sites such as When OpenDNS receives each subsequent DNS query, salesforce.com, amazon.com and petco.com, or even we already know the answer (much more often than millions of domain, such as when the top-level domain your regional ISPs), so we do not make you wait on the used by Germany (.de) was unreachable. When such authoritative DNS servers to return this same answer. incidents occur, which is not uncommon, OpenDNS still While we know almost every server’s address across returns the last-known correct address using our entire global Internet at any given, this is not what exclusive caching logic, whereas the rest of the makes our caching technology unique. Internet’s users will not be able to reach the domain. DNS RESOLVER: STUB   RECURSIVE AUTHORITATIVE   What uses it? Every device worldwide OPTION 1 OPTION 2 Third-party servers (e.g. clients, servers) Regional ISP Servers Global OpenDNS Servers worldwide Non-Cached Query: STEP 1: IS THERE A VALID/NON-EXPIRED CACHED ANSWER? “where is foo.com?” Less likely with only Very likely with 40+ billion + lookup latency regional coverage global queries daily No Cached Response Cached Response: Answer #1 (GOOD): Gets Answer #1: (added latency) ê “foo.com is at 1.2.3.4” “foo.com is at 1.2.3.4” How does it work? “foo.com is at 1.2.3.4” STEP 2: IF THERE IS NO/EXPIRED CACHED ANSWER, THEN... or (always with OpenDNS) Query: “where is foo.com?” + lookup latency Answer #2 (BAD): or New Response: (#1)“foo.com is at 1.2.3.4” or “Server Failed” Gets Answer #2: New Response: Last-Known Cached Response: “Server Failed” (sometimes with ISP) (#2) “Server Failed” “foo.com is at 1.2.3.4” For more information please visit: www.opendns.com or call 877-811-2367

Recomendados

DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
APNIC
 
NZNOG 2020: DOH
NZNOG 2020: DOHNZNOG 2020: DOH
NZNOG 2020: DOH
APNIC
 
Dnssec
DnssecDnssec
Dnssec
guest3131f85
 
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache ServersNANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
Chika Yoshimura
 
DNS & DNSSEC
DNS & DNSSECDNS & DNSSEC
DNS & DNSSEC
APNIC
 
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct Access
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct AccessWindows Server 2012 Seminar 4 - De mogelijkheden van Direct Access
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct Access
CompuTrain. De IT opleider.
 
Campus networking
Campus networkingCampus networking
Campus networking
Jisc
 
Investigation of dhcp packets using wireshark
Investigation of dhcp packets using wiresharkInvestigation of dhcp packets using wireshark
Investigation of dhcp packets using wireshark
jpratt59
 

Recomendados

DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
APNIC
 
NZNOG 2020: DOH
NZNOG 2020: DOHNZNOG 2020: DOH
NZNOG 2020: DOH
APNIC
 
Dnssec
DnssecDnssec
Dnssec
guest3131f85
 
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache ServersNANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
Chika Yoshimura
 
DNS & DNSSEC
DNS & DNSSECDNS & DNSSEC
DNS & DNSSEC
APNIC
 
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct Access
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct AccessWindows Server 2012 Seminar 4 - De mogelijkheden van Direct Access
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct Access
CompuTrain. De IT opleider.
 
Campus networking
Campus networkingCampus networking
Campus networking
Jisc
 
Investigation of dhcp packets using wireshark
Investigation of dhcp packets using wiresharkInvestigation of dhcp packets using wireshark
Investigation of dhcp packets using wireshark
jpratt59
 
Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linux
jasembo
 
Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)
Hari
 
Bh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsBh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackops
Dan Kaminsky
 
Configuration DHCP
Configuration DHCPConfiguration DHCP
Configuration DHCP
Tan Huynh Cong
 
Dnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsDnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defs
AFRINIC
 
Lesson 01 - Network Assessment
Lesson 01 - Network AssessmentLesson 01 - Network Assessment
Lesson 01 - Network Assessment
Angel G Diaz
 
Technical interview questions -networking
Technical interview questions -networkingTechnical interview questions -networking
Technical interview questions -networking
rafiq123
 
An Introduction and Comparison of Dante, AVB and CobraNet Methodologies
An Introduction and Comparison of Dante, AVB and CobraNet MethodologiesAn Introduction and Comparison of Dante, AVB and CobraNet Methodologies
An Introduction and Comparison of Dante, AVB and CobraNet Methodologies
rAVe [PUBS]
 
Introduction P2p
Introduction P2pIntroduction P2p
Introduction P2p
Davide Carboni
 
DASH7 Webinar: Working With Open Tag For Mode 2
DASH7 Webinar: Working With Open Tag For Mode 2DASH7 Webinar: Working With Open Tag For Mode 2
DASH7 Webinar: Working With Open Tag For Mode 2
Haystack Technologies
 
unit 2
unit 2unit 2
unit 2
Sangeetha Rangarajan
 
Dhcp 11
Dhcp 11Dhcp 11
Dhcp 11
Jainul Musani
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
Marta Pacyga
 
Gabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHYGabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHY
IKT-Norge
 
Lesson 5: Configuring Name Resolution
Lesson 5: Configuring Name ResolutionLesson 5: Configuring Name Resolution
Lesson 5: Configuring Name Resolution
Mahmmoud Mahdi
 
DYNAMIC HOST CONFIGURATION PROTOCOL
DYNAMIC HOST CONFIGURATION PROTOCOLDYNAMIC HOST CONFIGURATION PROTOCOL
DYNAMIC HOST CONFIGURATION PROTOCOL
VENKATESHAN A S
 
Ipo spaces calling document-v1
Ipo spaces calling document-v1Ipo spaces calling document-v1
Ipo spaces calling document-v1
ManmeetShandilya2
 
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupInfoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
NetCraftsmen
 
mDNS / Bonjour
mDNS / BonjourmDNS / Bonjour
mDNS / Bonjour
Asociatia ProLinux
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
IKT-Norge
 
Docker at OpenDNS
Docker at OpenDNSDocker at OpenDNS
Docker at OpenDNS
OpenDNS
 
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...
OpenDNS
 

Mais conteúdo relacionado

Mais procurados

Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linux
jasembo
 
Bh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsBh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackops
Dan Kaminsky
 
An Introduction and Comparison of Dante, AVB and CobraNet Methodologies
An Introduction and Comparison of Dante, AVB and CobraNet MethodologiesAn Introduction and Comparison of Dante, AVB and CobraNet Methodologies
An Introduction and Comparison of Dante, AVB and CobraNet Methodologies
rAVe [PUBS]
 

Mais procurados (20)

Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linux
 
Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)
 
Bh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsBh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackops
 
Configuration DHCP
Configuration DHCPConfiguration DHCP
Configuration DHCP
 
Dnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsDnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defs
 
Lesson 01 - Network Assessment
Lesson 01 - Network AssessmentLesson 01 - Network Assessment
Lesson 01 - Network Assessment
 
Technical interview questions -networking
Technical interview questions -networkingTechnical interview questions -networking
Technical interview questions -networking
 
An Introduction and Comparison of Dante, AVB and CobraNet Methodologies
An Introduction and Comparison of Dante, AVB and CobraNet MethodologiesAn Introduction and Comparison of Dante, AVB and CobraNet Methodologies
An Introduction and Comparison of Dante, AVB and CobraNet Methodologies
 
Introduction P2p
Introduction P2pIntroduction P2p
Introduction P2p
 
DASH7 Webinar: Working With Open Tag For Mode 2
DASH7 Webinar: Working With Open Tag For Mode 2DASH7 Webinar: Working With Open Tag For Mode 2
DASH7 Webinar: Working With Open Tag For Mode 2
 
unit 2
unit 2unit 2
unit 2
 
Dhcp 11
Dhcp 11Dhcp 11
Dhcp 11
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
Gabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHYGabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHY
 
Lesson 5: Configuring Name Resolution
Lesson 5: Configuring Name ResolutionLesson 5: Configuring Name Resolution
Lesson 5: Configuring Name Resolution
 
DYNAMIC HOST CONFIGURATION PROTOCOL
DYNAMIC HOST CONFIGURATION PROTOCOLDYNAMIC HOST CONFIGURATION PROTOCOL
DYNAMIC HOST CONFIGURATION PROTOCOL
 
Ipo spaces calling document-v1
Ipo spaces calling document-v1Ipo spaces calling document-v1
Ipo spaces calling document-v1
 
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupInfoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
 
mDNS / Bonjour
mDNS / BonjourmDNS / Bonjour
mDNS / Bonjour
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
 

Destaque

Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...
OpenDNS
 
Security Ninjas: An Open Source Application Security Training Program
Security Ninjas: An Open Source Application Security Training ProgramSecurity Ninjas: An Open Source Application Security Training Program
Security Ninjas: An Open Source Application Security Training Program
OpenDNS
 
Docker with BGP - OpenDNS
Docker with BGP - OpenDNSDocker with BGP - OpenDNS
Docker with BGP - OpenDNS
bacongobbler
 

Destaque (7)

Docker at OpenDNS
Docker at OpenDNSDocker at OpenDNS
Docker at OpenDNS
 
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...
 
OpenDNS CTO Dan Hubbard VizSec 2014 Keynote Slides
OpenDNS CTO Dan Hubbard VizSec 2014 Keynote SlidesOpenDNS CTO Dan Hubbard VizSec 2014 Keynote Slides
OpenDNS CTO Dan Hubbard VizSec 2014 Keynote Slides
 
New DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsNew DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet Threats
 
Security Ninjas: An Open Source Application Security Training Program
Security Ninjas: An Open Source Application Security Training ProgramSecurity Ninjas: An Open Source Application Security Training Program
Security Ninjas: An Open Source Application Security Training Program
 
Blackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream PresentationBlackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream Presentation
 
Docker with BGP - OpenDNS
Docker with BGP - OpenDNSDocker with BGP - OpenDNS
Docker with BGP - OpenDNS
 

Semelhante a OpenDNS Whitepaper: Platform Technology

How to configure dns server(2)
How to configure dns server(2)How to configure dns server(2)
How to configure dns server(2)
Amandeep Kaur
 
DNS: EdgeCast Route - Technical DNS Service Overview
DNS: EdgeCast Route - Technical DNS Service Overview DNS: EdgeCast Route - Technical DNS Service Overview
DNS: EdgeCast Route - Technical DNS Service Overview
Verizon Digital Media Services
 
lec3_10.ppt
lec3_10.pptlec3_10.ppt
lec3_10.ppt
ImXaib
 
HTTP_SS_ENTERPRISE_EN
HTTP_SS_ENTERPRISE_ENHTTP_SS_ENTERPRISE_EN
HTTP_SS_ENTERPRISE_EN
Bernd Thomsen
 

Semelhante a OpenDNS Whitepaper: Platform Technology (20)

How to configure dns server(2)
How to configure dns server(2)How to configure dns server(2)
How to configure dns server(2)
 
DNS: EdgeCast Route - Technical DNS Service Overview
DNS: EdgeCast Route - Technical DNS Service Overview DNS: EdgeCast Route - Technical DNS Service Overview
DNS: EdgeCast Route - Technical DNS Service Overview
 
Lecture 4 -_internet_infrastructure_2_updated_2011
Lecture 4 -_internet_infrastructure_2_updated_2011Lecture 4 -_internet_infrastructure_2_updated_2011
Lecture 4 -_internet_infrastructure_2_updated_2011
 
Going Cloud? Going Mobile? Don't Let Your Network Be A Showstopper!
Going Cloud? Going Mobile? Don't Let Your Network Be A Showstopper!Going Cloud? Going Mobile? Don't Let Your Network Be A Showstopper!
Going Cloud? Going Mobile? Don't Let Your Network Be A Showstopper!
 
Linux and DNS Server
Linux and DNS ServerLinux and DNS Server
Linux and DNS Server
 
Learning series fundamentals of Networking and Medical Imaging
Learning series fundamentals of Networking and Medical ImagingLearning series fundamentals of Networking and Medical Imaging
Learning series fundamentals of Networking and Medical Imaging
 
Bcs 052 solved assignment
Bcs 052 solved assignmentBcs 052 solved assignment
Bcs 052 solved assignment
 
DNS - MCSE 2019
DNS - MCSE 2019DNS - MCSE 2019
DNS - MCSE 2019
 
Storage Primer
Storage PrimerStorage Primer
Storage Primer
 
Networking & Servers
Networking & ServersNetworking & Servers
Networking & Servers
 
lec3_10.ppt
lec3_10.pptlec3_10.ppt
lec3_10.ppt
 
Computer networks7
Computer networks7Computer networks7
Computer networks7
 
Tech Doc: Umbrella Delivery Platform
Tech Doc: Umbrella Delivery PlatformTech Doc: Umbrella Delivery Platform
Tech Doc: Umbrella Delivery Platform
 
SWG Buyer Guide: Competitive Comparison
SWG Buyer Guide: Competitive ComparisonSWG Buyer Guide: Competitive Comparison
SWG Buyer Guide: Competitive Comparison
 
Topic #3 of outline Server Environment.pptx
Topic #3 of outline Server Environment.pptxTopic #3 of outline Server Environment.pptx
Topic #3 of outline Server Environment.pptx
 
Protect Websites against DDoS attacks with Reblaze
Protect Websites against DDoS attacks with ReblazeProtect Websites against DDoS attacks with Reblaze
Protect Websites against DDoS attacks with Reblaze
 
HTTP_SS_ENTERPRISE_EN
HTTP_SS_ENTERPRISE_ENHTTP_SS_ENTERPRISE_EN
HTTP_SS_ENTERPRISE_EN
 
Network Testing ques
Network Testing quesNetwork Testing ques
Network Testing ques
 
RIPE 82: DNS Evolution
RIPE 82: DNS EvolutionRIPE 82: DNS Evolution
RIPE 82: DNS Evolution
 
Large-Scale System Integration with DDS for SCADA, C2, and Finance
Large-Scale System Integration with DDS for SCADA, C2, and FinanceLarge-Scale System Integration with DDS for SCADA, C2, and Finance
Large-Scale System Integration with DDS for SCADA, C2, and Finance
 

Último

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Último (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 

OpenDNS Whitepaper: Platform Technology

  • 1. DELIVERY PLATFORM AND TECHNOLOGY OVERVIEW OpenDNS Enterprise Secures Internet Connections with 100% Uptime Our global security network, Anycast routing and SmartCache™ technologies deliver a simpler, faster and more reliable Internet experience without requiring you to change your network topology. Let’s face it, if there were no security and compliance However, even if we lived in a threat-free world, you threats to protect users and devices from, you wouldn’t still would deal with the inherent complexity and complicate and risk your network infrastructure by inconsistency of several, less-than-100%-reliable installing countless network devices (e.g. firewalls, in-line recursive DNS services provided by your ISPs. This filters, proxies). You would deploy the minimum number of common situation impacts organizations that use switches and routers between your devices and the redundant Internet pipes with more than one ISP or Internet. Traffic would flow at the maximum speed and have multiple network locations with different ISPs. throughput provided by your ISPs (Internet Service OpenDNS addresses both these problems, while Providers), and there would be no additional points of securing every Internet connection, by eliminating failure (or complication) to manage and maintain daily. the common requirement to add network devices or You would be happy, and your end users would be happy. in any way change your network topology, and Regrettably, the risk of data loss, identity theft, simultaneously consolidating all these disparate inappropriate or malicious resource consumption, brand recursive DNS services into one ultra-reliable global damage, etc. is great enough to justify adding network DNS service with the same two consistent IP infrastructure risks and investing your time. addresses (208.67.222.222 and 208.67.220.220). Connected at Internet’s Core Fabric for a Faster, More Global Service The Internet is often referred to as a “Network of networks and OpenDNS’s services, as well as Networks”, as it consists of over 5,000 ISPs between authoritative DNS servers and OpenDNS’s interconnected with one another in a sparsely meshed services. More geographic isolation between IXPs, fabric. The core of the Internet’s fabric is created using translates to fewer issues in one region spilling over peering agreements at IXPs (Internet Exchange Points), and impacting another (e.g. disaster at datacenter, which allow first-tier ISPs or other service providers like large-scale OpenDNS to exchange traffic bound for one another’s routing customers. Millions of business networks and billions of errors). home networks are connected via transit agreements for DIA (direct Internet access) from each ISP’s PoP (points of presence). Transit agreements are also used to connect OpenDNS to first-tier ISPs and first-tier ISPs to smaller ISPs, commonly at the Internet’s edges. OpenDNS selects strategic IXPs to connect our PoPs to the Internet’s core using two criteria – Internet connectivity and geography. More peering and transit agreements established with ISPs at a IXP, translates to fewer connection hops and latency incurred between the customer’s For more information please visit: www.opendns.com or call 877-811-2367
  • 2. Many regional second- or third-tier ISPs that business available everywhere today, there are further plans to or home networks receive DIA from have no peering increase usage in Asia-Pacific and South America. agreements at IXPs or geographic dispersion making their DNS services susceptible to greater latency to retrieve DNS responses or outages, respectfully. OpenDNS currently has selected 12 PoPs, which interconnect with the number one, two and three most well-connected IXPs globally, and in particular in the Americas, Europe and Asia-Pacific. While OpenDNS is “All Roads Lead to Rome” for a Faster, Simpler Internet Experience Most local network setups or global services use pair of IP addresses. Such as configuring DHCP servers traditional Unicast routing, for which each server at and creating, backing up or cloning hard disk or virtual each location advertises a unique IP address. In machine images used anywhere, at any time. The regards to an ISP’s DNS service, it would mean that benefit to your end users is faster connections to the every recursive DNS resolver is assigned a different IP Internet. OpenDNS blends Anycast’s fewest-hop routing address. Some services may offer a single IP address logic to ensure your DNS queries go to the nearest PoP, per PoP even if it consists of hundreds of servers, which and our proprietary network topology using two is commonly implemented by load-balancers deployed overlapping global Anycast “clouds” with different at each location, but this has the same drawbacks of routing policies to enable your stub DNS resolvers to Unicast routing. Anycast routing enables multiple pick the lowest-latency route. servers at multiple locations to advertise the same IP address globally, not per location, and without load balancers adding more latency and risk of failure. In regards to OpenDNS’s DNS service, it enables our global PoPs consisting of 1000s of identical recursive DNS resolvers to advertise the same IP address pair. OpenDNS absorbs the time, cost and complexity to setup our true Anycasted security network. It requires that we maintain our own hardware, a large IP address space, direct relationships with your upstream ISPs, and sophisticated network routing policies. The benefit to you is that it is much simpler to setup every network device by using the same  
  • 3. Self-Healing Routes Lead to a More Reliable Internet Experience Rather than crude round-robin methods or physical load balancers, Anycast uses load- balanced routing logic, which is invisible to individual servers or entire PoPs. If a server or entire PoP is taken offline for maintenance, disasters, failures or attacks, it ceases to advertise its shared IP address and upstream as other layer-3 network devices will transparently re-route global services the traffic. So when you send a DNS query to claiming 99.999% up- OpenDNS, it will always return a response from the time SLAs (service level quickest, closest available DNS resolver! This agreements) so often do. It’s that eliminates you ever needing to make changes because reliable and why we can truly claim that we are conducting maintenance on servers closest to we’ve had 100% uptime since we launched our your network locations or we experience a major failure, services in 2006. SmartCache Leads to a Even Faster and Smarter Internet Experience OpenDNS receives billions of DNS queries daily from Many authoritative DNS outages, attacks or failures almost 2% of the Internet’s users and their devices. have impacted business-critical sites such as When OpenDNS receives each subsequent DNS query, salesforce.com, amazon.com and petco.com, or even we already know the answer (much more often than millions of domain, such as when the top-level domain your regional ISPs), so we do not make you wait on the used by Germany (.de) was unreachable. When such authoritative DNS servers to return this same answer. incidents occur, which is not uncommon, OpenDNS still While we know almost every server’s address across returns the last-known correct address using our entire global Internet at any given, this is not what exclusive caching logic, whereas the rest of the makes our caching technology unique. Internet’s users will not be able to reach the domain. DNS RESOLVER: STUB   RECURSIVE AUTHORITATIVE   What uses it? Every device worldwide OPTION 1 OPTION 2 Third-party servers (e.g. clients, servers) Regional ISP Servers Global OpenDNS Servers worldwide Non-Cached Query: STEP 1: IS THERE A VALID/NON-EXPIRED CACHED ANSWER? “where is foo.com?” Less likely with only Very likely with 40+ billion + lookup latency regional coverage global queries daily No Cached Response Cached Response: Answer #1 (GOOD): Gets Answer #1: (added latency) ê “foo.com is at 1.2.3.4” “foo.com is at 1.2.3.4” How does it work? “foo.com is at 1.2.3.4” STEP 2: IF THERE IS NO/EXPIRED CACHED ANSWER, THEN... or (always with OpenDNS) Query: “where is foo.com?” + lookup latency Answer #2 (BAD): or New Response: (#1)“foo.com is at 1.2.3.4” or “Server Failed” Gets Answer #2: New Response: Last-Known Cached Response: “Server Failed” (sometimes with ISP) (#2) “Server Failed” “foo.com is at 1.2.3.4” For more information please visit: www.opendns.com or call 877-811-2367