THE UTILITY OF DNS TRAFFIC MANAGEMENT

Similar documents
A Better Way to a Redundant DNS.

Imperva Incapsula Product Overview

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

Buyer s Guide: DRaaS features and functionality

A Guide to Architecting the Active/Active Data Center

WHITE PAPER Hybrid Approach to DDoS Mitigation

Bright House Networks Enterprise Solutions. FINAL Proposal for: WE RE WIRED DIFFERENTLY. Voice Data Cloud Managed Services. Proposal Date: 4/14/2016

THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES

Our key considerations include:

align security instill confidence

CONTENT-AWARE DNS. IMPROVING CONTENT-AWARE DNS RESOLUTION WITH AKAMAI DNSi CACHESERVE EQUIVALENCE CLASS. AKAMAI DNSi CACHESERVE

EVERYTHING YOU NEED TO KNOW ABOUT NETWORK FAILOVER

Internet Load Balancing Guide. Peplink Balance Series. Peplink Balance. Internet Load Balancing Solution Guide

Radware AppDirector Load Balancing Microsoft LCS servers, LCS Director and LCS Access Proxy Servers.

Hybrid Cloud for Business Communications

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Configuring Network Load Balancing

Never Drop a Call With TecInfo SIP Proxy White Paper

E-Commerce Networking

The Interactive Guide to Protecting Your Election Website

Introduction. The Safe-T Solution

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

ScaleArc for SQL Server

Think You re Safe from DDoS Attacks? As an AWS customer, you probably need more protection. Discover the vulnerabilities and how Neustar can help.

Imperva Incapsula Load Balancer

THE AUTHORITATIVE GUIDE TO DNS TERMINOLOGY

Load Balancing Technology White Paper

Cloudflare Advanced DDoS Protection

Preparing your network for the next wave of innovation

3 Ways Businesses Use Network Virtualization. A Faster Path to Improved Security, Automated IT, and App Continuity

Future-ready security for small and mid-size enterprises

Cloud DNS. High Performance under any traffic conditions from anywhere in the world. Reliable. Performance

WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution

WHEN DOWNTIME TAKES A BITE OUT OF YOUR BUDGET

Ensuring the Success of E-Business Sites. January 2000

BIG-IP Global Traffic Manager

MULTIPLAYER GAMING SOLUTION BRIEF

How to Choose a CDN. Improve Website Performance and User Experience. Imperva, Inc All Rights Reserved

Power Outages and the Hosted VOIP Option

HP Load Balancing Module

Disaster Recovery Is A Business Strategy

Protect Your End-of-Life Windows Server 2003 Operating System

BGP Case Studies. ISP Workshops

Protect Your End-of-Life Windows Server 2003 Operating System

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

Configuring NAT for High Availability

Radware's Application Front End solution for Microsoft Exchnage 2003 Outlook Web Access (OWA)

Hosting Roadmap Upgrades, Improvements and Changes

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

The 2017 State of Endpoint Security Risk

Survey: Global Efficiency Held Back by Infrastructure Spend in Pharmaceutical Industry

Barracuda Link Balancer

Tilaa client case Dutchdrops A clustered platform: goodbye down time

A Top US Bank Trusts Neustar SiteProtect for Reliable DDoS Protection Depth

The DNS of Things. A. 2001:19b8:10 1:2::f5f5:1d Q. WHERE IS Peter Silva Sr. Technical Marketing

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

DNS SECURITY BENEFITS OF OUTSOURCING YOUR DNS TO AN IP ANYCAST+ PROVIDER

SD-WAN Deployment Guide (CVD)

Keys to a more secure data environment

Distributing Applications for Disaster Planning and Availability

Network Security: Firewall, VPN, IDS/IPS, SIEM

Introducing the Global Site Selector

Network Security and Cryptography. 2 September Marking Scheme

The F5 Intelligent DNS Scale Reference Architecture

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

Making the case for SD-WAN

Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT

APPLICATION OF POLICY BASED INDEXES AND UNIFIED CACHING FOR CONTENT DELIVERY Andrey Kisel Alcatel-Lucent

W H I T E P A P E R : O P E N. V P N C L O U D. Implementing A Secure OpenVPN Cloud

How Cloud PBX Can Benefit Your Business. Contents. Introduction... 4 What is Cloud PBX? How Does It Work?... 6 Is Cloud Technology Secure?...

Neustar Security Solutions Overview

KillTest ᦝ䬺 䬽䭶䭱䮱䮍䭪䎃䎃䎃ᦝ䬺 䬽䭼䯃䮚䮀 㗴 㓸 NZZV ]]] QORRZKYZ PV ٶ瀂䐘މ悹伥濴瀦濮瀃瀆ݕ 濴瀦

Windows Server The operating system

Introducing the Global Site Selector

SmartDNS. Speed: Through load balancing, FatPipe's SmartDNS speeds up the delivery of inbound traffic.

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

The Guide to Best Practices in PREMIUM ONLINE VIDEO STREAMING

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

QUALITY IT SUPPORT TAILORED FOR NOT FOR PROFITS

NINE MYTHS ABOUT. DDo S PROTECTION

Hyper-Converged Infrastructure: Providing New Opportunities for Improved Availability

WHY BUILDING SECURITY SYSTEMS NEED CONTINUOUS AVAILABILITY

Cloud Services. Infrastructure-as-a-Service

Best Practice - Protect Against TCP SYN Flooding Attacks with TCP Accept Policies

Cisco Virtual Office High-Scalability Design

WAN Application Infrastructure Fueling Storage Networks

A10 DDOS PROTECTION CLOUD

Transforming the Cisco WAN with Network Intelligence

Review for Internet Introduction

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

Check Point DDoS Protector Simple and Easy Mitigation

Q-Balancer Range FAQ The Q-Balance LB Series General Sales FAQ

F5 BIG-IQ Centralized Management: Local Traffic & Network. Version 5.2

Avoiding the Cost of Confusion: SQL Server Failover Cluster Instances versus Basic Availability Group on Standard Edition

HTG XROADS NETWORKS. Network Appliance How To Guide: EdgeBPR (Shaping) How To Guide

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.

SD-WAN Transform Your Agency

Transcription:

SECURITY SERVICES WHITE PAPER THE UTILITY OF DNS TRAFFIC MANAGEMENT

TABLE OF CONTENTS 2 ABOUT DNS 3 DNS TRAFFIC MANAGEMENT 4 MONITORING AND FAILOVER 5 TRAFFIC MANAGEMENT MONITORING PROBES 6 GLOBAL LOAD BALANCING AND TRAFFIC DISTRIBUTION METHODS 8 ORIGIN-BASED ROUTING 9 COMBINING CAPABILITIES About DNS The domain name system, or DNS, is a protocol that translates user understandable names (like domain names for example,.co,.biz,.au) and labels (like website addresses for example, www.neustar.biz) into IP addresses that are understood and accepted by computers and routers to move and direct packets around the Internet. As the first step in almost every transaction on the Internet, DNS is well positioned to deliver traffic management capabilities, or to redirect traffic on the Internet based on conditions other than the standard routing protocols. But not every company is maximizing their DNS potential. With more than three billion people now 1 accessing the Internet, there s a true tension between managing website traffic, delivering a consistent user experience, and securing web applications. Failure to properly align these priorities could negatively affect website availability and cause irreparable brand damage. 2 The Utility of DNS Traffic Management

DNS Traffic Management So What s A Business To Do? Since a flawless website experience is a must, some organizations are relying on multi-vendor hosting and/or delivery solutions cloud delivery networks (CDN) or cloud computing services to balance incoming traffic requests. Whether on-premise or in the cloud, these solutions can be helpful and expensive. It s no surprise that higher performance usually comes at a higher cost. Also, essential tasks like moving from degraded servers to ones that are functioning properly heavily depend on budget, time and availability. Seeking to balance efficiency with finances, companies often use an array of cloud vendors in different regions of the world, exponentially increasing user demand and traffic. In one region, a less expensive provider with adequate performance may suffice, while in another region of the world, superior service - despite the premium cost - may be necessary. In other words, it can get complicated. Good thing there s a built-in way for you to complement your current traffic management solutions, keep a close eye on global traffic, deliver a consistent user experience, and even strengthen security. The answer consists of three letters: DNS. Nobody likes to wait. Whether it s at a theme park or on the Internet. DNS traffic management strategies and tools optimally direct user traffic to the correct destination, which can be defined by geographic location, Internet location, server availability, or traffic distribution. DNS also involves the re-routing of traffic when networks or servers require maintenance or incur incidents, making service unavailable. Traffic management helps to ensure websites and applications are always available and working at peak performance. DNS queries can provide a lot of information about a user before their browser even connects to your website. From the user s geographic region and internet service provider (ISP), down to the specific location when their provider supports advanced DNS features, you can learn a lot about a user based on the DNS query. Combining information on the performance and availability of your server resources allows you to make intelligent decisions about how you want to direct traffic and deliver the best user experience. TO THE CLOUD! Opting for cloud-based DNS traffic management is less expensive than maintaining on-site hardware, and it s easier to update. Cloud DNS also offers advanced traffic management capabilities that result in cost-savings, improved scalability, and better performance and managed security over a wider footprint. 3 The Utility of DNS Traffic Management

Monitoring and Failover When Downtime is NOT an Option Congratulations! Your marketing team did a fantastic job of driving traffic to your website, but do you know how much load the network can support? Is there a contingency plan just in case one of your servers goes down? One of the core tenets of having a website is ensuring its availability. Guessing won t suffice; you need proactive monitoring and standby services to ensure high availability and exceptional response time to provide a good user experience. Proactive monitoring leverages probes to test the availability and performance of the applications. Based on the results, you can now decide how to best redirect and manage traffic to the application. Standby or failover refers to the ability to seamlessly direct user sessions to an alternative, standby or redundant application instance when the primary server has failed or has been taken out of service. Failover can also allow you to direct traffic to another server in the event of an emergency, such as when your primary network is undergoing routine maintenance, or if you re being hit with a distributed denial of service (DDoS) attack. By delivering monitoring and failover services at the DNS level, you now have added availability. A plan B is a beautiful thing. MONITORING & FAILOVER DNS QUERY/ RESPONSE PROBES IP TRAFFIC DNS NETWORK RECURSIVE SERVER (ISP) PERFORMANCE PROBE AGENT END USER DR SERVER PRIMARY SERVER 4 The Utility of DNS Traffic Management

Traffic Management Monitoring Probes Traffic management services may use multiple types of probes to verify that servers and applications are reachable from several locations. This information is then used to determine which resources to announce via DNS, enabling automatic failover between primary and standby resources. It also enables intelligent load balancing among multiple active resources. The available probes range from very simple (PING) to more complex transaction based probes (HTTP/HTTPS). PING Probe PING is the simplest and most commonly used probe. It sends an ICMP packet and measures whether a server is reachable in a defined timeframe. Although the PING probe is frequently used, it is the least reliable indicator of system availability. DNS Probe DNS probes are used when an organization is layering cloud-based traffic management services with hardware load balancers that they have deployed. A probe is sent to the hardware load balancer, where it searches for a valid DNS reply. The probe allows for traffic management configurations, which leverage multiple deployments of load balancing hardware, to fail between or distribute traffic amongst them. FTP Probe This is used by organizations that maintain file transfer protocol (FTP) servers to allow the distribution of files. The FTP probe verifies an FTP service by logging into an FTP session. SMTP Availability Probe The SMTP probes verify that a mail server is reachable and active. TCP Probe TCP probes attempt to connect to a specified TCP port. TCP probes are used by organizations that wish to test the availability of applications that are not using HTTP/HTTPS and are using non-standard TCP ports. This probe verifies that the specified port is reachable. HTTP/HTTPS Probe The HTTP probe is the most common probe used in traffic management services. It verifies an HTTP service by making a request to a web server and testing the response. A correct response can be as simple as a valid HTTP response code, but typically these services are configured to look for a specific page on the host and search for a specific string of text. In doing so, the service verifies not only that the server is available, but that the web application is up and responding. Many services also provide the capability to build multi-step transactions using a series of HTTP(S) GETs and POSTs. This is the most robust traffic management probe and, as such, it is the most utilized. 5 The Utility of DNS Traffic Management

Global Load Balancing and Traffic Distribution Methods Investing in redundancy is an excellent step towards ensuring a constant website presence, but it doesn t guarantee the maximum use of all of your server resources. If your website suddenly receives a surge in traffic, some users could experience sluggish wait times - if they can even reach your site. To guard against this potentially brand-damaging event, DNS offers the ability to load balance incoming traffic. With load balancing, you now have several ways to direct and distribute traffic across multiple servers, ensuring optimal website performance and minimizing the risk of downtime. Some of the different approaches to DNS load balancing: Priority Hunt Directs traffic to a specified sequence of servers and returns to the top of the prioritized hunt list to select the first available server when the current server is unavailable. Random Traffic is distributed randomly between destinations. Round Robin Spreads traffic between the probe results of multiple configured servers. Weighted Load Balancing Traffic is managed based on a specified percentage that is sent to each server. Whether the ratio is 50:50 or 70:30, weighted load balancing allows you to distribute traffic based on the characteristics of each application server. TIP: Weighted load balancing allows you to take control of your website s performance. Since you have the ability to manage the traffic routed to each server, it allows for proper allocation resource and a flawless website experience. 6 The Utility of DNS Traffic Management

GLOBAL LOAD BALANCING DNS QUERY/ RESPONSE PROBES IP TRAFFIC DNS NETWORK RECURSIVE SERVER (ISP) PERFORMANCE PROBE AGENT END USER WEB SERVER 1 WEB SERVER 2 WEB SERVER 3 TRAFFIC DISTRIBUTION METHOD ACTION UPON FAILURE TRAFFIC DISTRIBUTION FOR SERVERS A, B, C, D Weighted Next available server based on load A: 40%; B: 60% Round Robin Next server in list ABCD; ABCD; ABCD Random Next random server D, A, C, D, B, B, A, C Priority Hunt Next available server in list, starting from top/priority on the list A, B, C, D *A is the priority 7 The Utility of DNS Traffic Management

Origin-Based Routing Origin-based routing allows you to see where a user is accessing your website be it geographical or network and route them to the appropriate resource to deliver maximum performance and/or tailored content. From the time they connect to the Internet, every user has an assigned IP address that can be viewed and analyzed. But not every DNS provider has quality IP intelligence data and the ability to set rules to provide an appropriate level of routing. Accurate IP intelligence is crucial if you have regional restrictions or offers. Not only is authentic IP intelligence a great way to serve your clients, it also allows you to identify and guard against security threats at the country, region and state level. As cyber attacks continue to cross borders and territories, authentic IP intelligence allows you to block access to your site based on the origin of the IP. And with proper traffic management that updates its IP intelligence files on a daily basis, you can proactively identify and stymie breaches before they occur. BUT: Not all IP intelligence solutions are created equal. Top-tier solutions continuously cleanse and append their data to provide accuracy and detail down to the state level for every country in the world. TIP: Support for EDNS0-Client-Subnet improves routing accuracy by identifying the geo-location of end users, enabling faster response times. ORIGIN BASED ROUTING - GLOBAL DNS NETWORK www.example.com IP TO REGIONAL DATA CENTER 8 The Utility of DNS Traffic Management

Combining Capabilities for Improved Performance 88% of consumers distrust a brand if the website is off-line and unavailable Source: Ponemon Institute/Neustar Study: What Erodes Trust in Digital Brands As the old adage goes, you never get a second chance to make a first impression. In this always-on and interconnected world, the Internet never sleeps. If your website is slow, unresponsive or down, it can quickly lead to skeptical customers, missed sales opportunities and brand damage. But that doesn t have to happen. You can achieve maximum website performance by combining traffic management services through a cloudbased managed DNS service that provides added flexibility and customized solutions for business applications. By using a solution that combines traffic distribution, monitoring and failover, load balancing, and origin-based routing, you can feel confident that you have the best assurance for website availability that is capable of providing a flawless customer experience. And much like a cell phone or radio tower, DNS is best served from the nearest, highest performing delivery node. As website traffic increases, it is important to have a scalable cloud and managed DNS service that is capable of improving performance and providing a seamless user experience. Key Takeaways: Most organizations do not understand nor realize the full set of capabilities that DNS can provide. By leveraging the benefits of DNS-based traffic management, you can: Increase redundancy via monitoring and failover Implement global load balancing to distribute global traffic more efficiently Optimize performance and improve end-user experience Prevent costly downtime Support disaster recovery and business continuity plans Protect your infrastructure from cyber attacks Obtain user location information Reduce and cap operation costs (no hardware required!) More than just a way to connect users to a website, DNS offers dynamic traffic management capabilities that can augment existing services, and in some cases, save money and time. If properly utilized, DNS can dramatically transform the website and user experience for you as well as your customers. 9 The Utility of DNS Traffic Management

Endnotes 1. InternetLiveStats.com NEUSTAR ULTRADNS Neustar UltraDNS is a cloud-based, authoritative managed DNS service that helps businesses with critical online infrastructure connect and stay connected to the internet ensuring better website availability, improved security, and faster performance for their users. To further increase website reliability and performance and ensure a flawless end-user experience, Neustar UltraDNS offers Advanced Traffic Management services. With 24/7 support and over 16 years of industry experience, Neustar fully manages your DNS so you can focus on other core initiatives. Learn more at neustar.biz/dns WP-SEC-4126 08252016

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback