CDN Breakthroughs
2.6K views | +0 today
Follow
CDN Breakthroughs
Monitoring innovations in CDN, CDN Federation, Cloud, SDN, Security, Caching, Load Balancing, Video/DRM delivery strategies & tools
Curated by Nicolas Weil
Your new post is loading...
Your new post is loading...
Scooped by Nicolas Weil
Scoop.it!

IP Routing, AWS, and Docker

IP Routing, AWS, and Docker | CDN Breakthroughs | Scoop.it

Operating distributed computing systems at scale brings a variety of challenges. Minor issues like having the wrong version of a small software library can take a whole application offline. To create a smooth transition from development to operations with regard to dependencies, environment, and testing OpenDNS has adopted open-source Docker containerization technology. Interfacing Docker containers with existing dedicated infrastructure across 23 data centers provided a unique set of routing challenges which we solved with clever application of Generic Routing Encapsulation and Border Gateway Protocol. - See more at: http://engineering.opendns.com/2014/07/01/ip-routing-aws-docker/#sthash.4SZbQgq7.dpuf

more...
No comment yet.
Scooped by Nicolas Weil
Scoop.it!

5 years after major DNS flaw is discovered, few US companies have deployed long-term fix

5 years after major DNS flaw is discovered, few US companies have deployed long-term fix | CDN Breakthroughs | Scoop.it

Five years after the disclosure of a serious vulnerability in the Domain Name System dubbed the Kaminsky bug, only a handful of U.S. ISPs, financial institutions or e-commerce companies have deployed DNS Security Extensions (DNSSEC ) to alleviate this threat.

 

In 2008, security researcher Dan Kaminsky described a major DNS flaw that made it possible for hackers to launch cache poisoning attacks, where traffic is redirected from a legitimate website to a fake one without the website operator or end user knowing.

 

While DNS software patches are available to help plug the Kaminsky hole, experts agree that the best long-term fix is DNSSEC, which uses digital signatures and public-key encryption to allow websites to verify their domain names and corresponding IP addresses and prevent man-in-the-middle attacks.

more...
No comment yet.
Scooped by Nicolas Weil
Scoop.it!

Netflix's Denominator: A Multi-Vendor Interface for DNS

Netflix's Denominator: A Multi-Vendor Interface for DNS | CDN Breakthroughs | Scoop.it

We announced Denominator at our February NetflixOSS meetup, and now we are ready to release the first code as open source.  Denominator is a portable Java library for manipulating DNS clouds.  Denominator has pluggable back-ends, initially including AWS Route53, Neustar Ultra, DynECT, and a mock for testing.  We also ship a command line version so it's easy for anyone to try it out.
The reason we built Denominator is that we are working on multi-region failover and traffic sharing patterns to provide higher availability for the streaming service during regional outages caused by our own bugs and AWS issues. To do this we need to directly control the DNS configuration that routes users to each region and each zone. When we looked at the features and vendors in this space we found that we were already using AWS Route53, which has a nice API but is missing some advanced features; Neustar UltraDNS, which has a SOAP based API; and DynECT, which has a REST API that uses a quite different pseudo-transactional model.  We couldn’t find a Java based API that grouped together common set of capabilities that we are interested in, so we created one. The idea is that any feature that is supported by more than one vendor API is the highest common denominator, and that functionality can be switched between vendors as needed, or in the event of a DNS vendor outage.

more...
No comment yet.
Scooped by Nicolas Weil
Scoop.it!

Netflix tackles the black art of DNS

Netflix tackles the black art of DNS | CDN Breakthroughs | Scoop.it

Netflix yesterday pushed version 1.1 of its Denominator DNS automation system onto its public GitHub account. This open-source tool allows developers and administrators alike to automate DNS migrations, changes and rules without having to edit DNS records by hand. With this release, the project now includes geographic-based controls for DNS routing, and thus is nearly ready to be deployed internally at Netflix.

 

When a developer is hired at Netflix, they learn a few different ways of doing things off the bat. For starters, there are very few managers, and all developers are senior level. Secondly, developers tend to find their own niches rather than have one assigned to them. So it went for Adrian Cole, who joined Netflix in December and found himself running a brand new open-source project by January.

 

That project, proposed by Adrian Cockcroft (Netflix’s cloud architect), came to be called Denominator. “Some of the outages we had last year could be solved by running multiple [cloud] regions,” he said. “We were looking for ways to direct our customers to more than one region. We do that by managing DNS, but we can't have a hand-managed configuration the way most people do DNS; we needed a RESTful API.”

more...
No comment yet.
Scooped by Nicolas Weil
Scoop.it!

[How-to] DNS based session persistence with latency based routing

[How-to] DNS based session persistence with latency based routing | CDN Breakthroughs | Scoop.it

Many applications require each HTTP request, from a particular client, be directed to the same server or cloud instance. This is called session persistence and is common with web applications that do not share application “state” between back-end servers or data stores.

 

In the past, this has been solved using local Load Balancers such as those provided by F5 or Brocade or more recently with the Elastic Load Balancer from Amazon. However, as application architects look to serve a global audience and deploy their applications to multiple data centers it becomes necessary to ensure session persistence at a global and local level.

more...
No comment yet.