Peter Silva

Sr. Technical Marketing Manager

@psilvas

The DNS of Things

Q. WHERE IS

WWW.F5.COM?

A. 2001:19b8:10

1:2::f5f5:1d

© F5 Networks, Inc 2 Confidential © F5 Networks, Inc 2

Mobility

SDDC/Cloud

Advanced threats

Internet of Things

“Software defined” everything

HTTP is the new TCP

© F5 Networks, Inc 3

Internet Foundation? DNS

DNS DEMANDS

WHEN DNS BREAKS EVERYTHING BREAKS

DOMAIN NAME SYSTEM (DNS)

Translates a domain name… http://www.google.com

into an IP address: 74.125.227.64 (IPv4)

http://www.f5.com = 2001:19b8:101:2::f5f5:1d (IPv6)

More People

Mobile devices/apps

Complex sites

Increased latency

Cloud implementations

IPv6 added with IPv4

DDoS attacks

© F5 Networks, Inc 4

Everything: DNS

• Internet of Things needs scalable DNS services*

• Combination = 5 to 10 times Internet revolution**

• 10bil devices in 2014 = 77bil mobile apps**

• 35% Y/Y DNS query increase***

• Ensure really fast connections and responses*

DNS

Look Ups

© F5 Networks, Inc 5

Demand: DNS

AVERAGE DAILY LOAD FOR DNS (.COM/.NET TLDS) QUERIES IN BILLIONS

DNSSEC DEPLOYMENT EXPANDING

TYPICAL FOR A SINGLE WEB PAGE TO CONSUME 100+ DNS QUERIES FROM ACTIVE CONTENT, ADVERTISING, AND ANALYTICS

SECOND MOST ATTACKED PROTOCOL

GLOBAL MOBILE DATA (4G/LTE) IS DRIVING THE NEED FOR FAST, AVAILABLE DNS

DISTRIBUTED, AVAILABLE, HIGH-PERFORMANCE GSLB FOR MULTIPLE DATA CENTERS

18X Growth 2011-2016 4G LTE

2.4GB /mo

Non-4G LTE

86MB /mo

Reflection/amplification DDoS

Cache poisoning attacks

Drive for DNSSEC adoption

Total service availability

Geographically dispersed DCs

DNS capacity close to subscribers

82

‘13 ‘12 ‘11 ‘10 ‘09

82

77

43

50

57

© F5 Networks, Inc 6

Growth of Nouns

2013:80

2014:100

2020:250

152

Million

Cars

© F5 Networks, Inc 7

Growth of Sensors

© F5 Networks, Inc 8

Critical: DNS

76% are willing to wait

10 seconds or less for a single web page to load on Mobile phone before leaving.

Every 100ms delay Costs Amazon

1% in sales.

2013

2009 DNS has grown over 91% in the last 5 years.

2013

2009 157%

As of December 2013, there were over 184 million active websites,

a growth of 157% over the last 5 years.

© F5 Networks, Inc 9

DNS Deployments

• Performance = Add DNS boxes

• Weak DoS/DDoS Protection

• Firewall is THE bottleneck

• Massive performance over 10M RPS!

• Best DoS/DDoS protection

• Lower CapEx and OpEx

CONVENTIONAL DNS THINKING

DNS DELIVERY REIMAGINED

Internet External Firewall

DNS Load Balancing

Array of DNS Servers

Internal Firewall

Hidden Master DNS

Authoritative DNS Caching Resolver

Transparent Caching

DNS Firewall

DNS DDoS Protection

Protocol Validation

High Performance DNSSEC DNSSEC Validation

Intelligent GSLB

DMZ Datacenter

PARADIGM SHIFT

Internet Master DNS Infrastructure

BIG-IP

© F5 Networks, Inc 10

True DNS Costs

HIGHER OPEX DUE TO MAINTENANCE

BIND by the numbers

• 340 updates since 2004

• 84 issued patches for vulnerabilities and bugs

• 9 patches a year for DNS

COMPANIES DEPLOY FIREWALLS TO PROTECT DNS

But traditional firewalls don’t process DNS, so a vulnerability can still be exploited on the DNS server.

0

10

20

30

40

50

60

9.0 9.1 9.2 9.3 9.4 9.5 9.6 9.7 9.8 9.9

BIND HISTORY

Total updates, including beta, release candidates

Critical patches for vulnerabilities

Nu

mb

er

of

up

da

tes i

ssu

ed

BIND Version

DNS Authoritative Model Traditional DNS Authoritative Topology

Total in year 1: $355,280

Total in year 2 onwards: $55,280

Total in year 1: $799,200

Total in year 2 onwards: $439,200

© F5 Networks, Inc 11

Answer DNS

Query

Answer DNS

Query

Answer DNS

Query

Answer DNS

Query

Answer DNS

Query

Efficient DNS

• Delivers High-speed response & DDoS protection with in-memory DNS.

• Authoritative DNS served out of RAM.

• Configuration size for tens of millions of records.

• Scale and consolidate DNS servers.

Clients

Internet

DNS in DMZ

DNS Server

OS Admin Auth Roles

NIC Dynamic

DNS DHCP

Manage DNS

Records

© F5 Networks, Inc 12

Optimized DNS

Easy integration into existing DNS

infrastructure for high availability

and security

Support over 10 million DNS

responses per second (RPS)

Manageable and predictable

data center utilization

© F5 Networks, Inc 13

The DNS Value

SCALABLE UP TO 20X

0

3

6

Low Query Query Growth Query Spike Query Decline

Max DNS

DENIAL OF SERVICE MITIGATION

SUPPORT CLIENT REQUESTS AND CONSOLIDATE IT

IPv6 to IPv4

ROUTE BASED ON GEOLOCATION

COMPLETE DNS CONTROL

Access Denied:

SECURE DNS QUERY RESPONSES

http://f5.com

© F5 Networks, Inc 14

Deal with DNS

Who What Questions

• Enterprises w/High

volume of DNS, Apps.,

• Federal/Gov’t.

• eCommerce

• Service Providers

• DNS DDoS

• DNS Scale and Security

• How do you scale DNS/

Apps.?

• How do you manage

DNS Security?

• How do you support

DNS?

© F5 Networks, Inc 15

Market Pulse Research: Managing DNS Capacity Key Findings

• Respondents most frequently cite improved application availability and application performance (speed) as

highly important benefits of DNS.

• A majority (63%) report that their organizations’ DNS volume has increased over the past year. • Contributing factors: rollout of new services, applications. Cloud migration and traffic spikes.

• Most often, organizations manage DNS capacity by adding more servers (53%) and/or adding more bandwidth

(36%). Average of 24 DNS servers in use.

• With regard to current DNS implementations, outages are the top concern (70% highly concerned). • Most concerning consequences: loss of productivity and a poor customer experience.

• Nearly one-third of respondents (29%) report their organizations have experienced DNS outages in the past

12 months. Culprit? One-quarter of these (25%) report a traffic surge.

• Among those who indicate their organizations are planning to expand DNS services to the cloud, increasing

capacity is the most common driver. On-premise DNS primary case over the next year. Use of public cloud DNS slight

increase in next 12 months.

© F5 Networks, Inc 16

Story Arch

deviantart.net

© F5 Networks, Inc 17

admissions.tufts.edu

© F5 Networks, Inc 18

DNS Story Arc

Introduction

Complication

Denouement

Climax

Body

Market Conditions

DNS Traffic

Add Infrastructure

ADC

Peace of Mind

© F5 Networks, Inc 19

Intelligent & Secure DNS that Scales

• Scale and manage DNS and apps globally

• Improve application performance and availability

• Robust, Flexible and Secure DNS Infrastructure

• Mitigate DNS DDoS Attacks

• Support hybrid IP Environments

• Complete DNS Security

© F5 Networks, Inc 20

LOWERS

Stress of DNS Outages.

REDUCES

Data center costs.

DIRECTS

Customers to the best data

center or cloud.

PROTECTS

Web Properties and

Brand Reputation.

IMPROVES

Web application

performance.

Intelligent DNS Scale

© F5 Networks, Inc 21

The Five Takeaways

Scalability: In times of high traffic, enterprises’ DNS servers must be able to handle shifting volumes of traffic.

Security: Denial-of-service attacks frequently target IP addresses that cause DNS server outages.

Intelligence: To be protective, IT must be proactive. That means being able to pinpoint application or service delivery accuracy, based

on location of users, with geolocation services.

Manageability: Enterprises need visibility into DNS services across cloud and on-premises networks, in order to ensure uptime and

performance. IT also needs to be able to identify unusual activity that may indicate probing for vulnerabilities.

Reliability: With more customers accessing corporate web sites, DNS server performance has the potential to impact user experience

and employee productivity. Given these trends, DNS servers must be extremely reliable.

© F5 Networks, Inc 22

The F5 DNS Reference Architecture

f5.com/architectures

@f5networks

Explore