The OpenDNS Global Network Delivers a Secure Connection Every Time. Everywhere.



Similar documents
Enterprise Buyer Guide

Networks. Sites and Internal Networks: Setup Guide. Sites and Internal Networks Setup Guide for Umbrella Page 1

Best Practices in DNS Anycast Service-Provision Architecture. Version 1.1 March 2006 Bill Woodcock Gaurab Raj Upadhaya Packet Clearing House

ios Mobile: Setup Guide for Umbrella ios Mobile Devices

THE MASTER LIST OF DNS TERMINOLOGY. v 2.0

BEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE

State of the Cloud DNS Report

State of the Cloud DNS Report

Superior Disaster Recovery with Radware s Global Server Load Balancing (GSLB) Solution

Alteon Global Server Load Balancing

THE MASTER LIST OF DNS TERMINOLOGY. First Edition

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

AKAMAI WHITE PAPER. Delivering Dynamic Web Content in Cloud Computing Applications: HTTP resource download performance modelling

How To Connect To Telx Dia (Dia) For Free

XRoads Networks, Inc.

Intelligent Routing Platform White Paper

Introduction to The Internet. ISP/IXP Workshops

A Link Load Balancing Solution for Multi-Homed Networks

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

Multihoming and Multi-path Routing. CS 7260 Nick Feamster January

Networking Topology For Your System

Zscaler Internet Security Frequently Asked Questions

Deploying IP Anycast. Core DNS Services for University of Minnesota Introduction and General discussion

Distributed Systems. 23. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2015

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT

How to Evaluate DDoS Mitigation Providers:

Putting Web Threat Protection and Content Filtering in the Cloud

Internet Resiliency and Recovery

D.R. Network Design. The Small College Version

F root anycast: What, why and how. João Damas ISC

Border Gateway Protocol Best Practices

Introduction to The Internet

KASPERSKY DDOS PROTECTION. Discover how Kaspersky Lab defends businesses against DDoS attacks

Service Description DDoS Mitigation Service

Network Level Multihoming and BGP Challenges

GLOBAL SERVER LOAD BALANCING WITH SERVERIRON

BGP and Traffic Engineering with Akamai. Caglar Dabanoglu Akamai Technologies AfPIF 2015, Maputo, August 25th

Data Center Content Delivery Network

Simplify Your Route to the Internet:

The Value of Measuring End-User Experience from a Global Point of Presence. Web Application Monitoring Service.

Making the Internet fast, reliable and secure. DE-CIX Customer Summit Steven Schecter <schecter@akamai.com>

SSL Encryption and Traffic Inspection ADDRESSING THE INCREASED 2048-BIT PERFORMANCE DEMANDS OF 2048-BIT SSL CERTIFICATES

Achieving Low-Latency Security

Bell Aliant. Business Internet Border Gateway Protocol Policy and Features Guidelines

Chapter 1 Personal Computer Hardware hours

Whitepaper. A Practical Guide to ISP Redundancy and Uninterrupted Internet Connectivity

Chapter 5. Data Communication And Internet Technology

Solution Brief. Aerohive and OpenDNS. Advanced Network Security for Retail Stores

DD2491 p Load balancing BGP. Johan Nicklasson KTHNOC/NADA

Distributed Systems. 25. Content Delivery Networks (CDN) 2014 Paul Krzyzanowski. Rutgers University. Fall 2014

The changing face of global data network traffic

media network & internet access

Global Server Load Balancing

Redundancy for Corporate Broadband

Demystifying BGP: By Jeffrey Papen Thursday, May 15th, 2003

Web Application Hosting Cloud Architecture

ANATOMY OF A DDoS ATTACK AGAINST THE DNS INFRASTRUCTURE

Essential Ingredients for Optimizing End User Experience Monitoring

Exterior Gateway Protocols (BGP)

WAN Traffic Management with PowerLink Pro100

Arbor s Solution for ISP

Voice over IP Networks: Ensuring quality through proactive link management

Internet Protocol version 4 Part I

VMware vcloud Networking and Security Overview

Data Center Networking Designing Today s Data Center

SIP Trunking Guide: Get More For Your Money 07/17/2014 WHITE PAPER

The Next Generation of Wide Area Networking

How AWS Pricing Works May 2015

Tools and Methods for Testing the QoS of Internet services

The Definitive Guide to Cloud Acceleration

Demonstrating the high performance and feature richness of the compact MX Series

Wedge Networks: Transparent Service Insertion in SDNs Using OpenFlow

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

Kick starting science...

We license by the total # of users with Internet access. No, but you may contact us anytime you need to increase your license count.

Redundancy & the Netnod Internet Exchange Points

TRUFFLE Broadband Bonding Network Appliance. A Frequently Asked Question on. Link Bonding vs. Load Balancing

ASA/PIX: Load balancing between two ISP - options

Acquia Cloud Edge Protect Powered by CloudFlare

Business Continuity. Proactive Telecom Strategies for Decision Makers

BGP. 1. Internet Routing

Microsoft Azure ExpressRoute

TOPOLOGIES NETWORK SECURITY SERVICES

2012 Infrastructure Security Report. 8th Annual Edition Kleber Carriello Consulting Engineer

Cisco Application Networking for IBM WebSphere

TechBrief Introduction

Transcription:

The OpenDNS Global Network Delivers a Secure Connection Every Time. Everywhere.

Network Performance Users devices create multiple simultaneous connections each time we exchange data with other Internet hosts (e.g. browsing Websites). So the latency (aka. delay) to establish each connection is the most important performance metric of a cloud-delivered service s network. Peering Relationships Shortens the Path. Typically one cannot drive from point A to point B via a straight line as the crow flies. Roadways connecting these points limit the shortest routes available. If each point has nearby highway on-ramps, many traffic intersections can be avoided, which shortens the path. The Internet works in much the same fashion, except that physical parameters are meaningless. Expeditious routing through the Internet s ever-changing topology is most relevant. And the quantity of a network s POPs (Points of Presence) is often a less determining factor than the quantity and quality of its peering relationships. Such as those established with well-connected, first-tier ISPs at the Internet s core. Each peer effectively offers a shortcut for traffic to flow thru the 5,000+ ISPs that make up the overall fabric of the Internet s topology (see page 5 for a more detailed illustration). ROUTING IS MOST RELEVANT: Path Length & Peer s Connectivity OpenDNS Peering Sessions Shorten the Path from Devices to the Cloud and the Cloud to Servers POINT A TRANSIT TRANSIT POINT B Devices Connections to the Internet OpenDNS Global Network is Co-Located with the Most Well-Connected Internet Exchanges Points at Geographically-Distributed Peering Facilities Name or Content Servers Connections to the Internet GEOGRAPHY IS LEAST RELEVANT: Physical Distance is Meaningless Short Distances Do Not Necessarily Increase Speed. Many vendors often show prospects a network map indicating the distribution and quantity of their POPs. 1 False assumptions are often made that connection latency decreases the nearer a vendor s POP is located to the ISP s POP for which networks and devices connect to. Yet the shortest path between the ISP and the vendor may actually route traffic across the Pacific Ocean and back due to a lack of peers or other transit paths. Or may require excessive hops to route around such slow links, which in total, still results in a slower path between points A and B. Of course, it s difficult to map the route 1 Beware of some vendors marketed numbers. Some include privately accessible POPs. Or POPs used only for data retention, management or reporting systems, but not traffic enforcement. Or some POPs only enforce one traffic protocol (e.g. SMTP), while others enforce different traffic (e.g. HTTP/S). speed between every endpoint and the vendor s network. And the speed fluctuates. Most security cloud services use traditional Unicast routing, which advertises a unique IP address for every server. Such services will deploy load-balancers at each POP so there is only one unique IP address per location. During setup, a specific location s IP address may need to be chosen for each provisioned network or device. However, the Internet s topology is always changing around networks and the geographic location is always changing for roaming computers or mobile devices. And often such static setups lead to slower connections via a less optimal starting point. The OpenDNS Global Network Delivers a Secure Connection Every Time. Everywhere Page 2

Always Selecting the Optimal Starting Point. Umbrella is the only such network security service in the market that leverages Anycast routing. Anycast enables every server at every POP to advertise the same IP address globally, not per location. And without load balancers, which add latency and risk of failure. Implementing Anycast routing via the OpenDNS Global Network is complex, time consuming and costly. It requires maintaining a lot of hardware, owning a large IP address space, managing sophisticated routing policies, and developing many peering relationships to upstream ISPs. This burden is owned entirely by a team of OpenDNS engineers at our network operation center, not the customer! Now every customer network and device, automatically or manually setup, connects to the same IP address. Regardless of variable Internet topology or geographic location. Anycast uses invisible load-balanced routing logic, not actual load-balancers, to always route traffic to the OpenDNS POP that will provide the shortest path for every connection. Customers no longer need to manage and/or host a configuration file to perform this action as with most other security cloud services. Achieving the Lowest Connection Latency Between Any Two Points. The OpenDNS Global Network provides 23 publicly accessible POPs distributed across 4 continents, with more planned. 2 More importantly, these POPs are colocated with the number one, two and three most wellconnected IXPs (Internet Exchange Points) on each continent. Since 2006, OpenDNS has established over 1641 peering sessions with other well-connected networks thereby shortening the path between any two endpoints Internet-wide. These relationships enable the OpenDNS Global Network to deliver secure connections via shorter paths relative to any other security cloud service s network. 3 And an entire hop less than the average network. While actual connection latency between router hops will vary, the total connection latency between points A and B is more likely to be the lower by leveraging the OpenDNS Global Network. Average Path Length by # of AS/BGP Router Hops (measured on November 2012) 45 OpenDNS Global Network Competitor A Network Competitor B Network Competitor C Network 4 Competitor D Network Competitor E Network 3.640 Average Network (e.g. ISP) 5 4.081 3.996 4.190 4.128 4.331 4.610 2 The OpenDNS Global Network consists of (10) ten POPs across the Americas; (10) ten POPs across Europe, Middle East and Africa; and (3) three POPs across Asia-Pacific. Please request the locations from a technical support rep to help determine the expected average route speeds to your networks. 3 Source: Hurricane Electric Internet Services (http://bgp.he.net/). BGP routers announce paths between networks using Autonomous System (AS) numbers. The OpenDNS Global Network is assigned AS36692 by ARIN (American Registry for Internet Numbers). The metrics reported for each competitor s AS number was used for comparison. Mean value was calculated for competitor s using multiple AS numbers. 4 Competitor C s networks are not assigned a routable AS number. The AS numbers of the ISP networks hosting competitor C s POPs are used instead. 5 Source: Cymru (http://www.cymru.com/bgp/avg_aspath_len.html). One way to determine the interconnectedness of the Internet is to look at the average path length between any AS. The OpenDNS Global Network Delivers a Secure Connection Every Time. Everywhere Page 3

Network Uptime The availability and reliability to establish and maintain every secure connection is paramount. Any impact to businesscritical Internet access translates to opportunity costs. Vendors marketing often claims 99.999% network uptime. Fine print regularly reveals that this is not a metric the vendor delivers over the entire life of the service. Just that the vendor will reimburse a percent of the service cost if it fails to meet this metric. Will their reimbursement cover the lost opportunity? Operational Excellence with Complete Transparency Umbrella is built on a foundation of trust that OpenDNS has established for over 50 million active Internet users relying on recursive DNS services for network connectivity. The OpenDNS Global Network has maintained 100% uptime since it launched in 2006. OpenDNS believes that is more valuable than just a promise (aka. service level agreement) to reimburse customers. Below is a snapshot of the current status and rolling 30-day window of various operational messages and notices that is published online at http://208.69.38.170/. Connect with Confidence Rather than crude round-robin methods or physical load balancers, Anycast uses load-balanced routing logic, which is invisible to individual servers or entire PoPs. If a server or entire PoP (#3 in the example below) is taken offline for maintenance, disasters, failures or attacks, it ceases to advertise its shared IP address. Then all upstream layer-3 network devices (e.g. BGP routers) will transparently route new connections to the next best server or POP (#5 in the example below due to a lower link cost). The traditional burden is completely removed from the customer if OpenDNS needs to make a temporary or permanent change to its global network. Such as periodic service maintenance, major location shifts, or extended failovers due to on-going DDoS (Distributed Denial of Service) attacks. Also, the OpenDNS Global Network strives to maintain double the global network capacity as the daily peak usage. Even in a worse case situation taking several entire OpenDNS POPs offline would not cause any customers to lose network connectivity. POP 5 IP: 1.2.3.4 POINT A TRANSIT TRANSIT POP 3 IP: OFFLINE POINT B TOTAL LINK COST = X POP 8 IP: 1.2.3.4 The OpenDNS Global Network Delivers a Secure Connection Every Time. Everywhere Page 4

Internet s Topology The Internet is often referred to as a Network of Networks, as it consists of over 5,000 ISPs interconnected with one another in a sparsely meshed fabric. The Core The core of the Internet s topology is created using peering agreements at IXPs (Internet Exchange Points), which allow first-tier ISPs or other service providers like OpenDNS to exchange traffic bound for one another s customers. Greater quantity and quality of peers at a IXP, equals fewer routing hops and link latency encountered between customers networks or devices and the OpenDNS Global Network. And between the OpenDNS Global Network and content or name servers. The Edge Millions of business networks and billions of home networks are connected via transit agreements for direct Internet access from each ISP s PoP. Transit agreements are also used to connect OpenDNS to first-tier ISPs and first-tier ISPs to smaller ISPs, commonly at the Internet s edges. Many regional second- or third-tier ISPs that business or home networks receive access from have no peering agreements at IXPs or geographic dispersion making their network connectivity susceptible to greater latency or outages, respectfully. The OpenDNS Global Network Delivers a Secure Connection Every Time. Everywhere Page 5

Umbrella is brought to you by OpenDNS. Trusted by millions around the world. The easiest way to prevent malware and phishing attacks, contain botnets, and make your Internet faster and more reliable. OpenDNS, Inc. www.opendns.com 1.877.811.2367 Copyright 2014 OpenDNS, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of OpenDNS, Inc. Information contained in this document is believed to be accurate and reliable, however, OpenDNS, Inc. assumes no responsibility for its use. TechDoc-Delivery-Platform-v2

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information