f5's dynamic dns services
DESCRIPTION
F5 enhances suite of DNS services with added scalability and security. Complete DNS solution improves overall performance and reduces costs for enterprise customers.TRANSCRIPT
Dynamic DNS Services with Added Scalability and Security
© F5 Networks, Inc.
2
Dynamic and Intelligent DNS DNS is the Foundation of the Internet
• Improve web performance and browsing - Fast
• Protect your site and reputation - Secure
• Direct customers to right data center and clouds - Available
• Reduce data center costs - Flexible
© F5 Networks, Inc.
3
iRULES
iCONTROLiAPPS
TMO
S
TMO
S
TMO
S
GLOBAL AVAILABILITY
GLOBAL AVAILABILITY
COMPLETE DNS CONTROLCOMPLETE DNS CONTROL
DNS IPV6 to IPv4DNS IPv6 to IPv4
DNS DDoS PROTECTIONDNS DDoS PROTECTION
HIGH PERFORMANCE DNSHIGH PERFORMANCE DNS
DNSSECIP GEOSCALABLEDNS SERVICES
DNSSEC
SECU
RE D
NS
GEO
LOCA
TIO
N
SCAL
ABLE
DN
S
BIG-IPGTMTMOS TMOS
AVAILABLE
SECURE
FAST
AVAILABLE
SECURE
FAST
AVAILABILE AVAILABLE
Complete DNS Delivery and Protection BIG-IP Global Traffic Manager
© F5 Networks, Inc.
4
Complete DNS control
Secure DNS Query ResponsesRoute based on location and distribute load
Denial of Service Mitigation
Access Denied:
The F5 Value of Complete DNS / Web Solution
http://f5.com
Scalable 10x; 70%
Support client requests and consolidates IT
IPv6 to IPv4
Simple and Robust Cloud DNS and App Management
© F5 Networks, Inc.
5
Larger, More Complex Web = More DNS/HTTP• Fundamental change in the way apps. are used
• Every image, add button, widget, link, etc. has a potential IP address lookup
• Last 5 years, volume of DNS queries 2x+ (.com/.net) to 57B daily queries*
Visual by https://www.dnssec-tools.org/*https://investor.verisign.com/releaseDetail.cfm?ReleaseID=591560
© F5 Networks, Inc.
6
• Faster web browsing from reduced DNS latency
─ 80% reduction in DNS latency delivering faster web performance
• Reduced DNS infrastructure costs
─ 80% reduction of outbound DNS queries
Dynamic Site Response and App. DeliveryDNS Caching and Resolving in BIG-IP GTM v11.2
Private Public
Cloud
BIG-IP Global Traffic Manager
15ms15ms
DNS response time: Without DNS Caching/Resolving300ms = Mobile100ms = PCs
400ms = blink of an eyeInternal Clients
Data Center
With DNS Caching/Resolving
© F5 Networks, Inc.
7
Slow Response on DNSSEC validation
• Validating secure site responses require lots of steps that slows response times
• For example:
A record for www.isc.org
RRSIG record covering www.isc.org/A
(ZSK) DNSKEYrecord for isc.org
RRSIG record covering isc.org/DNSKEY
(KSK) DNSKEY record for isc.org
DS recordfor isc.org
RRSIG recordcovering isc.org/DS
(ZSK) DNSKEYrecord for org
RRSIG record covering org/DNSKEY
(KSK) DNSKEYrecord for org
is signed by is verified by is signed by
is verified by is verified by is signed by
is verified by is signed by is verified by
is verified byDS record
for org is signed byRRSIG record
covering org/DS is verified by
(ZSK) DNSKEYrecord for . is signed by
RRSIG record covering ./DNSKEY is verified by
(KSK) DNSKEYrecord for .
Example provided by infoblox.com
http://isc.org15 steps!!
© F5 Networks, Inc.
8
BIG-IP
Global Traffic Manager
• Rapid validation of DNSSEC responses
• Offload DNSSEC computations
• Consolidate DNS Infrastructure
Internal Clients
Complete DNS SecurityHigh performance DNSSEC validations in BIG-IP GTM v11.2
http://f5.com
Data Center
“A high-performance DNSSEC validation solution is going to be extremely important as more and more sites deploy DNSSEC.” Cricket Liu, VP of Architecture at Infoblox
© F5 Networks, Inc.
9
Dynamic DNS Infrastructure for Rapid Growthwith BIG-IP Global Traffic Manager (GTM)
•Robust, Flexible and Secure DNS Infrastructure
•Easily mitigate DNS DDoS Attacks
•Support hybrid IP Environments
•Complete DNS Security
•Scale and manage DNS and Apps globally
© 2012 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, BIG-IP, ARX, FirePass, iControl, iRules, TMOS, and VIPRION are registered trademarks of F5 Networks, Inc. in the U.S. and in certain other countries