Enviar pesquisa
Carregar
EDNS0 Client-Subnet for DNS based CDNs by Matt Jansen
•
4 gostaram
•
1,925 visualizações
MyNOG
Seguir
Internet
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 25
Baixar agora
Baixar para ler offline
Recomendados
40 - IDNOG03 - Bob Lau (Akamai) - BGP and Traffic Engineering
40 - IDNOG03 - Bob Lau (Akamai) - BGP and Traffic Engineering
Indonesia Network Operators Group
Google Cloud DNS
Google Cloud DNS
Zdenko Hrček
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...
Amazon Web Services
LTM essentials
LTM essentials
bharadwajv
Distributed Tracing for Kafka with OpenTelemetry with Daniel Kim | Kafka Summ...
Distributed Tracing for Kafka with OpenTelemetry with Daniel Kim | Kafka Summ...
HostedbyConfluent
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced Attacks
Amazon Web Services
Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)
NetProtocol Xpert
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017
Netgate
Mais conteúdo relacionado
Mais procurados
Hping ile IP/ICMP ve UDP Paketleri Oluşturma
Hping ile IP/ICMP ve UDP Paketleri Oluşturma
BGA Cyber Security
Disaster Recovery Options Running Apache Kafka in Kubernetes with Rema Subra...
Disaster Recovery Options Running Apache Kafka in Kubernetes with Rema Subra...
HostedbyConfluent
Open Policy Agent
Open Policy Agent
Torin Sandall
NGINX: High Performance Load Balancing
NGINX: High Performance Load Balancing
NGINX, Inc.
Open vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NAT
Thomas Graf
BGP Multihoming Techniques
BGP Multihoming Techniques
APNIC
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX, Inc.
HTTP/3 for everyone
HTTP/3 for everyone
Daniel Stenberg
F5 Solutions for Service Providers
F5 Solutions for Service Providers
BAKOTECH
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Netgate
Creating_scheduled_reports_with_Zabbix.pdf
Creating_scheduled_reports_with_Zabbix.pdf
ITDispendik
Palo alto networks product overview
Palo alto networks product overview
Belsoft
NGINX Installation and Tuning
NGINX Installation and Tuning
NGINX, Inc.
Çalıştay | DDoS Saldırıları Nasıl Gerçekleştirilir?
Çalıştay | DDoS Saldırıları Nasıl Gerçekleştirilir?
BGA Cyber Security
Netflix Data Pipeline With Kafka
Netflix Data Pipeline With Kafka
Allen (Xiaozhong) Wang
F5 TLS & SSL Practices
F5 TLS & SSL Practices
Brian A. McHenry
AWS IAM과 친해지기 – 조이정, AWS 솔루션즈 아키텍트:: AWS Builders Online Series
AWS IAM과 친해지기 – 조이정, AWS 솔루션즈 아키텍트:: AWS Builders Online Series
Amazon Web Services Korea
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Netgate
Sizma testi bilgi toplama
Sizma testi bilgi toplama
BTRisk Bilgi Güvenliği ve BT Yönetişim Hizmetleri
Optimizing Network Performance for Amazon EC2 Instances (CMP308-R1) - AWS re:...
Optimizing Network Performance for Amazon EC2 Instances (CMP308-R1) - AWS re:...
Amazon Web Services
Mais procurados
(20)
Hping ile IP/ICMP ve UDP Paketleri Oluşturma
Hping ile IP/ICMP ve UDP Paketleri Oluşturma
Disaster Recovery Options Running Apache Kafka in Kubernetes with Rema Subra...
Disaster Recovery Options Running Apache Kafka in Kubernetes with Rema Subra...
Open Policy Agent
Open Policy Agent
NGINX: High Performance Load Balancing
NGINX: High Performance Load Balancing
Open vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NAT
BGP Multihoming Techniques
BGP Multihoming Techniques
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA Broadcast
HTTP/3 for everyone
HTTP/3 for everyone
F5 Solutions for Service Providers
F5 Solutions for Service Providers
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Creating_scheduled_reports_with_Zabbix.pdf
Creating_scheduled_reports_with_Zabbix.pdf
Palo alto networks product overview
Palo alto networks product overview
NGINX Installation and Tuning
NGINX Installation and Tuning
Çalıştay | DDoS Saldırıları Nasıl Gerçekleştirilir?
Çalıştay | DDoS Saldırıları Nasıl Gerçekleştirilir?
Netflix Data Pipeline With Kafka
Netflix Data Pipeline With Kafka
F5 TLS & SSL Practices
F5 TLS & SSL Practices
AWS IAM과 친해지기 – 조이정, AWS 솔루션즈 아키텍트:: AWS Builders Online Series
AWS IAM과 친해지기 – 조이정, AWS 솔루션즈 아키텍트:: AWS Builders Online Series
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Sizma testi bilgi toplama
Sizma testi bilgi toplama
Optimizing Network Performance for Amazon EC2 Instances (CMP308-R1) - AWS re:...
Optimizing Network Performance for Amazon EC2 Instances (CMP308-R1) - AWS re:...
Semelhante a EDNS0 Client-Subnet for DNS based CDNs by Matt Jansen
16 (IDNOG01) EDNS0 / How CDNS works by Matt Jansen
16 (IDNOG01) EDNS0 / How CDNS works by Matt Jansen
Indonesia Network Operators Group
EDNS0 Client-Subnet for DNS Based CDNs
EDNS0 Client-Subnet for DNS Based CDNs
Bangladesh Network Operators Group
Traffic Engineering for CDNs
Traffic Engineering for CDNs
Bangladesh Network Operators Group
Traffic Engineering for CDNs
Traffic Engineering for CDNs
MyNOG
Content Growth by Kams Yueng
Content Growth by Kams Yueng
MyNOG
Akamai company profile
Akamai company profile
rahulp9999
Traffic Engineering for CDNs by Matt Jansen [APRICOT 2015]
Traffic Engineering for CDNs by Matt Jansen [APRICOT 2015]
APNIC
BGP and Traffic Engineering with Akamai
BGP and Traffic Engineering with Akamai
Internet Society
PLNOG 6: Christian Kaufmann - How Akamai delivers your packets - the insight
PLNOG 6: Christian Kaufmann - How Akamai delivers your packets - the insight
PROIDEA
PLNOG 6: Christian Kaufmann - How Akamai delivers your packets - the insight
PLNOG 6: Christian Kaufmann - How Akamai delivers your packets - the insight
PROIDEA
Embedded CDNs in 2023
Embedded CDNs in 2023
MyNOG
India Internet Access Problems Whitepaper_Ver 2.2
India Internet Access Problems Whitepaper_Ver 2.2
Arin Burman
AWS Best Practices Version 2
AWS Best Practices Version 2
Kenichi Shibata
Scalable Web Applications in AWS, 2014
Scalable Web Applications in AWS, 2014
Vadim Zendejas
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
Men and Mice
Scalable Web Applications Session at Codebase
Scalable Web Applications Session at Codebase
Ian Massingham
Денис Баталов, Принципы построения высоконагруженных сайтов на платформе АWS
Денис Баталов, Принципы построения высоконагруженных сайтов на платформе АWS
Tanya Denisyuk
AWS Webinar 201: Designing scalable, available & resilient cloud applications
AWS Webinar 201: Designing scalable, available & resilient cloud applications
Amazon Web Services
GTM vs AWS Route 53 with Cisco umbrella
GTM vs AWS Route 53 with Cisco umbrella
Dhruv Sharma
Cnvrgd hosted calculate
Cnvrgd hosted calculate
Bhanu Prathap
Semelhante a EDNS0 Client-Subnet for DNS based CDNs by Matt Jansen
(20)
16 (IDNOG01) EDNS0 / How CDNS works by Matt Jansen
16 (IDNOG01) EDNS0 / How CDNS works by Matt Jansen
EDNS0 Client-Subnet for DNS Based CDNs
EDNS0 Client-Subnet for DNS Based CDNs
Traffic Engineering for CDNs
Traffic Engineering for CDNs
Traffic Engineering for CDNs
Traffic Engineering for CDNs
Content Growth by Kams Yueng
Content Growth by Kams Yueng
Akamai company profile
Akamai company profile
Traffic Engineering for CDNs by Matt Jansen [APRICOT 2015]
Traffic Engineering for CDNs by Matt Jansen [APRICOT 2015]
BGP and Traffic Engineering with Akamai
BGP and Traffic Engineering with Akamai
PLNOG 6: Christian Kaufmann - How Akamai delivers your packets - the insight
PLNOG 6: Christian Kaufmann - How Akamai delivers your packets - the insight
PLNOG 6: Christian Kaufmann - How Akamai delivers your packets - the insight
PLNOG 6: Christian Kaufmann - How Akamai delivers your packets - the insight
Embedded CDNs in 2023
Embedded CDNs in 2023
India Internet Access Problems Whitepaper_Ver 2.2
India Internet Access Problems Whitepaper_Ver 2.2
AWS Best Practices Version 2
AWS Best Practices Version 2
Scalable Web Applications in AWS, 2014
Scalable Web Applications in AWS, 2014
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
Scalable Web Applications Session at Codebase
Scalable Web Applications Session at Codebase
Денис Баталов, Принципы построения высоконагруженных сайтов на платформе АWS
Денис Баталов, Принципы построения высоконагруженных сайтов на платформе АWS
AWS Webinar 201: Designing scalable, available & resilient cloud applications
AWS Webinar 201: Designing scalable, available & resilient cloud applications
GTM vs AWS Route 53 with Cisco umbrella
GTM vs AWS Route 53 with Cisco umbrella
Cnvrgd hosted calculate
Cnvrgd hosted calculate
Mais de MyNOG
Peering Personal MyNOG-10
Peering Personal MyNOG-10
MyNOG
Edge virtualisation for Carrier Networks
Edge virtualisation for Carrier Networks
MyNOG
Equinix: New Markets, New Frontiers
Equinix: New Markets, New Frontiers
MyNOG
Securing the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native Infrastructure
MyNOG
Hierarchical Network Controller
Hierarchical Network Controller
MyNOG
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
MyNOG
Cleaning up your RPKI invalids
Cleaning up your RPKI invalids
MyNOG
Introducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIX
MyNOG
Load balancing and Service in Kubernetes
Load balancing and Service in Kubernetes
MyNOG
Cloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKI
MyNOG
SDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable Paradigm
MyNOG
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
MyNOG
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
MyNOG
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
MyNOG
Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...
MyNOG
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
MyNOG
MyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIX
MyNOG
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
MyNOG
Quick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, Opengear
MyNOG
Data Centre Interconnect (DCI) with X86’s DCI Solution by Raja Akmal, X86 Net...
Data Centre Interconnect (DCI) with X86’s DCI Solution by Raja Akmal, X86 Net...
MyNOG
Mais de MyNOG
(20)
Peering Personal MyNOG-10
Peering Personal MyNOG-10
Edge virtualisation for Carrier Networks
Edge virtualisation for Carrier Networks
Equinix: New Markets, New Frontiers
Equinix: New Markets, New Frontiers
Securing the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native Infrastructure
Hierarchical Network Controller
Hierarchical Network Controller
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Cleaning up your RPKI invalids
Cleaning up your RPKI invalids
Introducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIX
Load balancing and Service in Kubernetes
Load balancing and Service in Kubernetes
Cloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKI
SDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable Paradigm
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
MyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIX
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Quick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, Opengear
Data Centre Interconnect (DCI) with X86’s DCI Solution by Raja Akmal, X86 Net...
Data Centre Interconnect (DCI) with X86’s DCI Solution by Raja Akmal, X86 Net...
Último
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
mchristianalwyn
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptx
naveenithkrishnan
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
APNIC
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024
Shubham Pant
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a Website
Mavein
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Roxana Stingu
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpress
ssuser166378
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
edrianrheine
Zero-day Vulnerabilities
Zero-day Vulnerabilities
alihassaah1994
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
Jan Löffler
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Shreedeep Rayamajhi
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
lesteraporado16
Último
(12)
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a Website
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpress
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
Zero-day Vulnerabilities
Zero-day Vulnerabilities
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
EDNS0 Client-Subnet for DNS based CDNs by Matt Jansen
1.
EDNS0 Client-Subnet for
DNS based CDNs Matt Jansen Akamai Technologies MyNOG 4, Kuala Lumpur, August 21st 2014
2.
©2012 AKAMAI |
FASTER FORWARDTM The world’s largest on-demand, distributed computing platform delivers all forms of web content and applications The Akamai Intelligent Platform Typical daily traffic: • More than 2 trillion requests served • Delivering over 21 Terabits/second • 15-30% of all daily web traffic The Akamai Intelligent Platform: 150,000+ Servers 2,000+ Locations 92 Countries 1,200+ Networks 700+ Cities
3.
©2012 AKAMAI |
FASTER FORWARDTM Kota Kinabalu Kuala Lumpur Johor Penang Kuching Infrastructure Cluster Current Presence in Malaysia AANP Cluster (embedded in Network) MyIX MyIX
4.
©2012 AKAMAI |
FASTER FORWARDTM When content is requested from CDNs, the user is directed to the optimal server to serve this user There’s 2 common ways to do that: • anycast: the content is served from the location the request is received (easy to build, requires symmetric routing to work well) • DNS based: the CDN decides where to best serve the content from based on the resolver it receives the request from, and replies with the optimal server How CDNs Work
5.
©2012 AKAMAI |
FASTER FORWARDTM Users querying a DNS-based CDNs will be returned different A (and AAAA) records for the same hostname depending on the resolver the request comes from This is called “mapping” The better the mapping, the better the CDN How DNS based CDNs Work
6.
©2012 AKAMAI |
FASTER FORWARDTM Example of Akamai mapping • Notice the different A records for different locations: [NYC]% host www.symantec.com www.symantec.com CNAME e5211.b.akamaiedge.net. e5211.b.akamaiedge.net. A 207.40.194.46 e5211.b.akamaiedge.net. A 207.40.194.49 [Boston]% host www.symantec.com www.symantec.com CNAME e5211.b.akamaiedge.net. e5211.b.akamaiedge.net. A 81.23.243.152 e5211.b.akamaiedge.net. A 81.23.243.145 How Akamai’s CDN works
7.
©2012 AKAMAI |
FASTER FORWARDTM Akamai uses multiple criteria to choose the optimal server • These include standard network metrics: • Latency • Throughput • Packet loss • as well as internal ones such as: • CPU load on the server • HD space • network utilization How Akamai’s CDN works
8.
©2012 AKAMAI |
FASTER FORWARDTM Mapping (simplified) 1) end-user requests www.example.com from ISP NS 2) ISP NS recursively (multiple iterations) looks up www.example.com being referred to authoritative Akamai NS (by cname) 3) ISP NS asks authoritative Akamai NS 4) Akamai NS looks up IP of requestor (ISP NS) and replies with IP of optimal cluster to serve content (local cluster in that ISP) 5) ISP NS replies to end-user who 6) requests content from local Cluster end-user ISP NS 1.2.3.4 root/tld/intermediate NS (recursive lookup until reaching authoritative NS) Akamai NS Local Akamai Cluster at ISP 5.6.7.8 example.com? a212.g.akamai.net 1 3 6 2 NS 1.2.3.4? best cluster = 5.6.7.8 4 5
9.
©2012 AKAMAI |
FASTER FORWARDTM All of this works very well if the end-user used their provider’s DNS servers. However if the end-user is making use of a 3rd party DNS service like • Google DNS (28 locations worldwide) https://developers.google.com/speed/public-dns/faq#locations • OpenDNS (20 locations worldwide) http://www.opendns.com/network-map/ a DNS-based CDN does not know which network the request originated from, and can therefore in the best case serve it in the rough geographic area The Problem: 3rd Party DNS servers
10.
©2012 AKAMAI |
FASTER FORWARDTM How 3rd party (open) resolvers typically work global ‘frontend’ anycast address, local unique ‘backend’ address for recursive queries • CDN can tell which NS location it came from (by backend-ip) • but not which end-user location or network -> have to serve from a large infrastructure cluster (typically located at the big IXs) to ensure we can reach any end-user end-user Akamai NS NS 74.125.190.1? best cluster = ? Google DNS Frontend 8.8.8.8 Backend 74.125.190.1 request to 8.8.8.8 request from 74.125.190.1
11.
©2012 AKAMAI |
FASTER FORWARDTM relatively small numbers in most countries with a mature internet ecosystem: USA, Germany, Netherlands, Singapore: less than 1% but very high percentage of users in developing countries and/or countries performing some form of DNS-based web-filtering: Turkey: 22%, Indonesia: 22%, Bangladesh: 25% Malaysia: 11% Use of 3rd party DNS servers
12.
©2012 AKAMAI |
FASTER FORWARDTM ISP DNS Google OpenDNS Others ISP A 84.5% 11.0% 1.7% 2.9% ISP B 87.9% 6.7% 0.8% 4.6% ISP C 88.0% 6.4% 0.7% 4.9% ISP D 88.4% 7.6% 0.5% 3.5% ISP E 88.4% 5.5% 0.3% 5.9% ISP F 89.5% 3.8% 0.1% 6.6% Use of 3rd party DNS servers in Malaysia
13.
©2012 AKAMAI |
FASTER FORWARDTM Use end-user IP instead of NS IP for mapping Problem: at the time of authoritative DNS answer end- user IP is not known yet • HTTP redirect • Map based on DNS • Measure RTT of initial request from end-user received (and therefore IP known), if over threshold: • Redirect to better positioned server to reach end-user IP Problem: slow, not suitable for small objects End User Mapping
14.
©2012 AKAMAI |
FASTER FORWARDTM EDNS0 client-subnet https://tools.ietf.org/html/draft-vandergaast-edns-client-subnet-02 The recursive resolver includes the end-user’s prefix in the request to the authoritative nameserver This allows the authoritative nameserver (the CDN) to process this information and optimize the reply not based on the requesting nameserver but the end-user’s prefix The Solution: EDNS0 client-subnet
15.
©2012 AKAMAI |
FASTER FORWARDTM • Open standard (draft) • Has to be supported by recursive resolver (3rd Party DNS) • and by Authoritative NS (CDN) • Privacy: only prefix, not full address transmitted The Solution: EDNS0 client-subnet
16.
©2012 AKAMAI |
FASTER FORWARDTM Op0on-‐Code = 8 Op0on-‐Length (in bytes) Family (1=v4, 2=v6) Source-‐Netmask Scope-‐Netmask Address request: e.g. 24 0 for privacy to be echoed in reply request = 0 reply can be <> request, 0 for not used EDNS0 client-subnet implementation
17.
©2012 AKAMAI |
FASTER FORWARDTM Mapping (EDNS0) 1) end-user requests www.example.com from Google NS 2) Google NS recursively looks up www.example.com being referred to authoritative Akamai NS (by cname) 3) Google NS asks Akamai NS including client-subnet 4) Akamai NS looks up client-subnet and replies with IP of optimal cluster to serve content (local cluster in that ISP) 5) ISP NS replies to end-user who 6) requests content from local Cluster end-user Google NS 8.8.8.8 root/tld/intermediate NS (recursive lookup until reaching authoritative NS) Akamai NS Local Akamai Cluster at ISP 5.6.7.8 example.com? a212.g.akamai.net 1 3 6 2 NS 8.8.8.8 (whitelisted for edns0) client subnet=1.1.1.0/24 best cluster = 5.6.7.8 4 5
18.
©2012 AKAMAI |
FASTER FORWARDTM Only prefix, not full IP transmitted CDN already gets your full IP anyways (in the subsequent HTTP request) Set source-netmask/address to 0.0.0.0/0 • Google DNS honors forwards request with 0.0.0.0/0 • OpenDNS ignores at time of writing Do not use client-subnet capable resolver if intention is to hide client origin Privacy concerns
19.
©2012 AKAMAI |
FASTER FORWARDTM Scanning/walking the mapping algorithm • double whitelist (at recursive resolver & auth NS) • enforced replacement of client-tagged edns0 option by Google & OpenDNS before being send to Akamai Amplification • double whitelist • echoing request in reply • standard rate limiting methods work Cache pollution of recursive resolver can be a problem • separate reply stored for each prefix Security concerns
20.
©2012 AKAMAI |
FASTER FORWARDTM Google/OpenDNS currently always send client-subnet as /24 (for privacy/caching-efficiency reasons) Mapping system has view of internet from it’s partners with differing prefix-lenghts • client-subnet more specific than Akamai • e.g. Akamai has /20 from partner-> can be mapped • scope-netmask send to resolver for caching purposes • client-subnet less specific than Akamai • e.g. Akamai has /26s from partner in different locations -> no clear choice to map -> will take first match • also send scope-netmask to resolver for information Prefix-Length
21.
©2012 AKAMAI |
FASTER FORWARDTM 2"Jan& 9"Jan& 16"Jan& 23"Jan& 30"Jan& 6"Feb& 13"Feb& 20"Feb& 27"Feb& average&distance& Open&DNS&India& Improvements with edns0 client-subnet
22.
©2012 AKAMAI |
FASTER FORWARDTM can be used within a partner’s network instead of distributed DNS architecture A partner might have a widespread network (especially in countries spanning large geographical areas and/or different islands like Malaysia) • Would like to deploy clusters around the network to localize traffic • But central DNS infrastructure makes mapping traffic accurately difficult Additional Use-Case
23.
©2012 AKAMAI |
FASTER FORWARDTM Kota Kinabalu Kuala Lumpur (NS) Johor Penang Kuching Akamai Cluster Nameserver Example for distributed architecture
24.
©2012 AKAMAI |
FASTER FORWARDTM Deploy additional NS in all locations • Benefit: better DNS responses, can use anycast frontend IP to simplify administration/failover (announcing same frontend IP to all end-users) • Drawback: additional CAPEX & support-costs Virtual IPs on existing NS given to different geographic sets of end-users • Benefit: no additional CAPEX, easy to implement • Drawback: more difficult to administer, will require manual allocation of IPs to clusters on CDN side, no clear fallback EDNS0 client-subnet within the providers network • Benefit: no additional CAPEX, only software change on the NS, can dynamically adapt by changing announcements, can scale for very small clusters in remote places • Drawback: needs compatible NS software Solutions
25.
©2012 AKAMAI |
FASTER FORWARDTM Matt Jansen mj@akamai.com Questions?
Baixar agora