CloudFlare DNS Anycast Services lafur Gu mundsson | - PowerPoint PPT Presentation

Dec 25, 2023 •453 likes •545 views

CloudFlare DNS Anycast Services lafur Gu mundsson | olafur@cloudflare.com Network Over 80 locations soon All services over Anycast 2 CloudFlare DNS expertise Deliver DNS answers in fast and reliable manner worldwide

CloudFlare DNS Anycast Services Ólafur Gu ð mundsson | olafur@cloudflare.com
Network Over 80 locations soon • All services over Anycast • 2
CloudFlare DNS expertise Deliver DNS answers in fast and reliable manner • worldwide Extensive experience in absorbing large DDoS attacks • • Multilayer defense architecture • We answer less than 1% of DNS packets, and no-one complains • As most are attack packets Hard to use us as amplifiers • • We block most attack traffic, and DNS packet size is kept under 512 bytes 3
DNS services: RRDNS Highly distributed authoritative server • DNSSEC signing on the fly • Data entered via API/UI replicated to edges in seconds • FAST and reliable • “ANY” suppressed • dig cloudflare.com ANY cloudflare.com. 3788 IN HINFO "Please stop asking for ANY"   "See draft-ietf—dnsop-refuse-any” 4
DNS products: Virtual DNS A proxy authoritative • server We will cache data • requested and answer from edge Intelligent fetching of • answers from origins. No need to update us if • zones added/deleted 5
The cost of staying online? Providers need to capacity plan for attacks • • We have mitigated 5xx Mp/s attacks Attacks evolve all the time • • we see them all 6
The new norm of DNS • Anycast delivery • Defense in depth • DNSSEC on the fly • Smaller answers • No need for 5-13 NS records • RSA needs to be retired (Key sizes 5x bigger than ECDSA) • Suppress ANY dnsperf.com 7

Download Presentation

Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to Cloudflare Jrme Fleury BNIX meeting, Thursday 29th 2016, Brussels. What is

Introduction to Cloudflare Jrme Fleury BNIX meeting, Thursday 29th 2016, Brussels. What is Cloudflare? Cloudflare makes websites faster and safer using our globally distributed network to deliver essential services to any website

525 views • 19 slides

DNSSEC and DNS Proxying DNS is hard at scale when you are a huge target 2 CloudFlare

DNSSEC and DNS Proxying DNS is hard at scale when you are a huge target 2 CloudFlare DNS is big 3 CloudFlare DNS is fast 4 CloudFlare DNS is always under attack 5 CloudFlare A secure reverse proxy for http(s)

538 views • 25 slides

Tier-1s break Anycast DNS Zhihao Li, Neil Spring D-Root: 199.7.91.13 111 Anycast

Tier-1s break Anycast DNS Zhihao Li, Neil Spring D-Root: 199.7.91.13 111 Anycast replicas: 19 global (red): advertised without restriction 92 local (black): advertised one hop in BGP Anycast Mental model: Packets sent to

646 views • 29 slides

Four years of Go at CloudFlare John Graham-Cumming CloudFlare You

Four years of Go at CloudFlare John Graham-Cumming CloudFlare You likely use us without knowing it Server Languages 2011 www data request PHP backend pipeline logic Server Languages 2011

972 views • 38 slides

Anycast Routing in OLSR MANETs (A sample deployment) Justin Dean 4 th OLSR Interop Ottawa, CA

Anycast Routing in OLSR MANETs (A sample deployment) Justin Dean 4 th OLSR Interop Ottawa, CA 10/14/08 Anycast definitions Anycast addressing assigning a common IP address to multiple instance of the same service.. 1 Anycast

794 views • 19 slides

.CL anycast switching experiment Sebastian Castro secastro@caida.org secastro@nic.cl CAIDA

.CL anycast switching experiment Sebastian Castro secastro@caida.org secastro@nic.cl CAIDA NIC Chile 8 th CAIDA/WIDE workshop July, 2007 Introduction The anycast technology has been widely deployed in various DNS services around the

291 views • 17 slides

Hidden Linux Metrics with ebpf_exporter Ivan Babrou @ibobrik Performance team @Cloudflare What

Hidden Linux Metrics with ebpf_exporter Ivan Babrou @ibobrik Performance team @Cloudflare What does Cloudflare do CDN Website Optimization DNS Moving content physically Making web fast and up to Cloudflare is the fastest closer to

715 views • 44 slides

DNSSEC at Scale Dani Grant | DNS @ CloudFlare CloudFlare - Authoritative DNS provider (includes

DNSSEC at Scale Dani Grant | DNS @ CloudFlare CloudFlare - Authoritative DNS provider (includes DNSSEC for free) - 4M+ domains - 40+ billion queries per day - 76 edge locations in 40 countries (growing) DNSSEC at Scale 1. Elliptic

597 views • 34 slides

XDP in Practice DDoS Mitigation @Cloudflare Gilberto Bertin About me Systems Engineer at

XDP in Practice DDoS Mitigation @Cloudflare Gilberto Bertin About me Systems Engineer at Cloudflare London DDoS Mitigation Team Enjoy messing with networking and Linux kernel Agenda Cloudflare DDoS mitigation pipeline Iptables and

802 views • 65 slides

Luke Valenta Gabbi Fisher @lukevalenta @gabbifish Systems Engineer, Cloudflare Systems

Luke Valenta Gabbi Fisher @lukevalenta @gabbifish Systems Engineer, Cloudflare Systems Engineer, Cloudflare Outline 1. HTTPS Interceptors and How to Find Them: Common sources of MITM (Monsters in the Middle). 2. A technique for

701 views • 37 slides

Event-driven network automation and orchestration Tom Strickx UKNOF 40 Cloudflare, London

Event-driven network automation and orchestration Tom Strickx UKNOF 40 Cloudflare, London Manchester, April 2018 1 Tom Strickx Chaos Monkey at Cloudflare (Network software engineer) Contributor at NAPALM Automation

953 views • 51 slides

Anycast census and geolocation AIMS: Workshop on Active Internet Measurements 31 March - 2 April

Anycast census and geolocation AIMS: Workshop on Active Internet Measurements 31 March - 2 April 2015 Cicalese Danilo Jordan Auge Diana Joumblatt Dario Rossi Timur Friedman Here is where the anycast instances are Demo: goo.gl/Ff8gdQ 12

338 views • 19 slides

Characterizing IPv4 Anycast Adoptjon and Deployment Dario Rossi Professor

Characterizing IPv4 Anycast Adoptjon and Deployment Dario Rossi Professor dario.rossi@telecom-paristech.fr htup://www.enst.fr/~drossi/anycast Joint work with D.Cicalese, J. Auge, D. Joumblatu and T. Friedman Talk Teaser A seminal work [4] at

748 views • 50 slides

F root anycast: What, why and how Joo Damas ISC Overview What is a root server? What is

F root anycast: What, why and how Joo Damas ISC Overview What is a root server? What is F? What is anycast? F root anycast. Why? How does ISC do it? What is f.root-servers.net? One the Internets official DNS root servers

456 views • 24 slides

Anycast in The Cloud 22.10.18 Brett Carr Agenda Introduction Short history of our

Anycast in The Cloud 22.10.18 Brett Carr Agenda Introduction Short history of our DNS Infrastructure Expansion and Cloud choices Anycast in the cloud, simple/cost effective Problems dont give me no problems

251 views • 14 slides

Two days in The Life of The DNS Anycast Root Servers Ziqian Liu Beijing Jiaotong Univeristy

Two days in The Life of The DNS Anycast Root Servers Ziqian Liu Beijing Jiaotong Univeristy Bradley Huffaker, Marina Fomenkov Nevil Brownlee, and kc claffy CAIDA PAM2007 Outline DNS root servers DNS anycast in root servers Data

289 views • 26 slides

University Advancement Advancements Mission Statement Through inspirational programs designed

University Advancement Advancements Mission Statement Through inspirational programs designed to engage constituents, University Advancement secures philanthropic support, engages alumni, and fosters public/private partnerships to serve

262 views • 14 slides

Travel 101 Policies, Requirements and How to Make Reimbursements

Travel 101 Policies, Requirements and How to Make Reimbursements Painless Policies Travel must be submi:ed within 60 days of compleAon. 1 st offense

485 views • 21 slides

COUNSELING ADCN INTERNSHIP PREREQUISITES 30-HR. ADDICTIONS COUNSELING o Internship: ADCN 699

COUNSELING ADCN INTERNSHIP PREREQUISITES 30-HR. ADDICTIONS COUNSELING o Internship: ADCN 699 ADCN 501, 502, 504, 505, 506, 510, 512, 515, 521, 646, 667 SUBS 505, 606, 607 o Prerequisite courses are non-negotiable. o 3.0 GPA or above at

585 views • 10 slides

Shared Supervision: Strategies to promote an effective working relationship between site and

Shared Supervision: Strategies to promote an effective working relationship between site and faculty supervisors to enhance graduate student intern development Amanda Barudin, M.A., LMHC Katherine M. Bender, Ph.D. Learning Objectives

546 views • 33 slides

Health Impact Project, Tempe Climate Ac e Action + + Ex Extrem eme e Hea eat Pew H Health

Health Impact Project, Tempe Climate Ac e Action + + Ex Extrem eme e Hea eat Pew H Health I Impac act P Proj oject, T Tempe What urban infrastructure is associated with thermal comfort and discomfort? Four Activities: 1. citywide

368 views • 26 slides

Creekside Playgrounds Construction Award Park Board Committee Meeting July 25, 2016 Purpose of

Andy Livingstone & Creekside Playgrounds Construction Award Park Board Committee Meeting July 25, 2016 Purpose of Presentation The purpose of this presentation is to seek Board approval for the award of a construction contract to Holland

457 views • 25 slides

Goldman Sachs Goldman Sachs Global Industrials Conference Global Industrials Conference

Goldman Sachs Goldman Sachs Global Industrials Conference Global Industrials Conference November 2009 November 2009 1 1 Forward-Looking Disclosure Forward-Looking Disclosure This information and other statements by the company contain

469 views • 20 slides

PLAN VIEW PLAN VIEW MANZANO MESA PICKLE BALL COURTS MARCH 2016 MANZANO MESA PICKLE BALL

KEY 1. POST-TENSION CONCRETE PICKLE BALL 8 7 2 16 3 4 COURTS WITH ACRYLIC TEXTURED COURT SURFACING. SURFACE COLORS BLUE AND TYP. TYP. TYP. TYP. TYP. TYP. GREEN 12 2. 6 CHAINLINK FENCING (9 GAUGE, 2 MESH) WITH WIND SCREEN

181 views • 3 slides