We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published bySebastian Willits
Modified over 2 years ago
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Cisco Global Site Selector Vikas Deolaliker Product Manager, ECBU September, 2011
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 PRODUCT OVERVIEW Global Site Selector
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Cisco GSS in a Nutshell DNS Services DNS authority for A-records and AAAA records (Rel. 4.1) Answers of type: A-record, AAAA, NS and CRA Ddos for DNS Security 12K – 28K DNS RPS depending upon configuration complexity GSS Network Configuration Limits Destination : 2000 hosted domains (128 chars with wildcards) Source : 60 Source Address Lists Resources : 4000 VIPs across 256 SLBs (increasing to 8K in Rel 4.1) KALs : MP, ICMP, TCP, HTTP/Head, KAL-AP, SNMP, CRA, NS Policy : 4000 DNS rules across GSS Network GSLB Services Availability : Site Level Failover GSLB Methods: Geographical, Topological, Least Loaded, Client Source Resolver Hast, Ordered List, Ratio, RR/WRR Resource Affinity : Sticky, Cookies. Management, Monitoring & Logging User Interface : GUI (with new Cisco Kubric Look & feel) & CLI Authorization : RBAC Management Station Support : ANM Support Pricing $ 20K plus licenses for DDOS, GeoIP License free IPv6 Support DDoS Protection Geographical and Resource Affinity Supports Cisco ACE/CSS/CSM http://cio.cisco.com/en/US/products/hw/contnetw/ps4162/products_install ation_and_configuration_guides_list.html ACE GSS4492R-K9 HW SF-GSS-V1.3-K9 SW SF-GSS-DDOSLIC DDoS SF-GSS-GIPLICFX GeoIP GSLB Support SF-GSS-V6LICFX IPv6 Support Upto 16 GSS can work in a cluster to meet the needs of large Enterprise and Service Provider.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 More specifically … Provides Universal DNS-based Disaster Recovery – redirects clients to back-up data center for any device that support SNMP MIB and uses DNS Protects the DNS infrastructure with DNS-based DDOS mitigation software Delivers Advance Global Traffic Management Global Server Load Balancing (GSLB) for geographically dispersed Server Load Balancers and Caches Connect clients to the best server based on: Network topology Server load Availability of content and devices GSS participates in your DNS Infrastructure to enforce BCDR, GSLB, DNS Security policies.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Release 4.1 Highlights Key Benefits 1.Route clients based on geographical proximity to application 2.Support for IPv6 addressing for clients and servers 3.Extreme scalability for cloud datacenters 4.Reduce operational costs through enhanced GUI and ANM integration a User 2001:0DB8:AC10:FE01:: LDNS GSS Network SLB 2001:0DB8:AC10:FE01:: Datacenter A SLB 2001:0DB8:AC10:FE01:: Datacenter B b d c Globally route clients based on - Geographical Proximity - RTT Proximity - Site Persistence - Site Health Available on CCO: September 22 nd, 2011
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Geolocation Based Global Delivery (a) GeoIP based Proximity Proximity calculations using GeoIP distances (b) GeoRegions: GeoIP based Regions Regions based on GeoIP database entries. (Add single country or multiple countries). Granularity down to states Sticky support for GeoRegions (c) GeoSAL: GeoIP based Source Address Lists SALs can be based on GeoIP based Regions (d) New GUI Design (Kubric Look & Feel) GUI option to configure all GeoIP functionality User 2001:0DB8:AC10:FE01:: LDNS GSS Network SLB Datacenter A SLB Datacenter B b d c a Geolocation Highlights
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Data Center C Data Center AData Center DData Center B Internet Servers ACE GSS User 2001:0DB8:AC10:FE01:: LDNS Internet GeoProximity Override RTT based Proximity Pick the application based on geographical distance between probing device and client LDNS Licensable Feature
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 GeoRegions o Define Regions based on logical groups. For example BRIC (Brazil, Russia, India, China). o Create geographically grouped resource pools. For example, US- Central-Datacenter Use the regions to group resources (VIPs, NS, CRA) and clients (source address lists) o Define persistence policy based on GeoRegions GeoRegions US-Central-Datacenter
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Operational Flexibility ANM Import GSSM configuration into ANM and monitor VIP status and DNS rules status/hit count statistics from ANM GUI Suspend/Activate VIPs/Rules/GSS SW Rel Num from ANM GUI HTTPs KAL Add HTTPS-HEAD to existing KAL types: ICMP, TCP, HTTP HEAD, KAL-AP, Scripted KAL, CRA, and Name Server Global Shared KeepAlive Activate/Suspend GUI Logging Lower the Operation Expense
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Ease of Management GSS is a system not a device Self synchronization of upto 16 GSSes Single Point of management via GUI Does not sacrifice device level access (SSH to box) Any GSS can run GUI and a 2 nd GSS serves as standby Easy to use Interface IOS Syntax 100 new CLI commands since v1.3 Single interface for monitoring, troubleshooting and configuration Supports Import/Export of Configuration in industry standard formats Role based Access Control Remote Syslog Support Management Integration with ANM ANM - support the activation and suspension of a DNS rules and answers ANM – communicates to the primary GSS manager (PGSSM) via CLI, RMI and SSH. Configuration parameters to establish this communication is the GSS IP address and SSH credentials Four of eight Administrators Logon consumed by ANM ANM issues commands to the PGSSM then the PGSSM relays these commands to the rest of the GSSs in the cluster. GSS Network Ease of Management ANM GSS GUI GSS network is managed as a system – reduces number of touchpoints
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 IDN Support 1.Internationalized Domain Names (IDNs) are domain names that contain non- ASCII characters. (for example, Arabic or Chinese). 2.The ASCII form of an IDN label is termed as "A- label". Non-ascii code uses Unicode form or "U- label". 3.GSS can be configured for non-ascii URL
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 DNSSEC Ready 1.DNSSEC requests are automatically forwarded *matching* non-A DNS queries to the external name server. 2.For *matching* A queries with DO (DNS OK) flag setGSS forwards the request to the external name server and the external NS provides a DNSSEC response which the GSS forwards to the D-proxy; 3.For all rest, GSS responds back as it currently does with a plain DNS response. Configuration is quick and simple. gss2-tb1.cisco.com# configure terminal gss2-tb1.cisco.com(config)#property set ServerConfig.dnsserver.enableEDNS 1 gss2-tb1.cisco.com(config)#property set ServerConfig.dnsserver.nsForwardAQueriesWith DOFlag1
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Extreme Scalability (a)Thousand of Applications -GSS answers are VIPs declared on ACE. In Rel 4.1, GSS support 256 ACEs and 8000 VIPs and 2000 domains (b)Vast Pools of Resources -KeepAlive is the way GSS monitors resources behind the VIP that it serves. KAL-AP is Cisco proprietary keepalive. In Rel 4.1, GSS supports 128 KAL-APs configuration. (c)Global Clients and Servers - GSS responds with VIPs that are closest to the requesting client (LDNS). In Rel 4.1, GSS uses GeoIP to determine proximity in addition to existing probing mechanisms. (d)ANM for Cluster Management - ANM can activate/suspend answers on GSS and manage all 16 GSSes in a cluster a User LDNS GSS Network ACE Datacenter A ACE Datacenter B b c d Utilization Global Application Delivery
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 End to End Solutions: GSS, ACE, N7K Integration Points (a)Wide Area Vmotion (OTV/DWS) -GSS upon notification of a vmotion changes the answer for an query thereby helping customer preserve WAN bandwidth (b)ACE Virtualization -GSS treats ACE contexts as separate ACE devices thereby enabling virtual datacenters for each customer B, C, D, … (c)Virtual GSS - With Rel 5.1 (CY12), vGSS can offer dedicated GSS functionality per VLAN. a User LDNS GSS Network ACE Secondary Datacenter ACE Primary Datacenter ACE+GSS Cloud Solution DBCvm B c b
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 GSS IPv6 Support ComponentIPv6 is Supported on … Platform & Toolsaccess-group, access-list, interface ip, ip default-gateway, ip route, ip anycast, setup, ping, dnslookup, show, traceroute, tcpdump, ftp, scp, telnet KALICP, TCP, HTTP, HTTPs, KALAP Resource Grouping VIP, Name Server, CRA, Locations, Regions, Zones Traffic Management Proximity, DNS Rules GSLBResponse with AAAA for queries from IPv4 or IPv6 LDNS Respond with both A and AAAA records if available DNS Rules supports IPv6 Source Address Lists and AAAA Query type filters SNMP and Monitoring IPv6 SNMP MIB Support
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 GSS 4.1 – Q4CY11 (a)GeoIP based GSLB GeoIP based proximity GeoIP based DNS Rules and Sticky (b) IPv6 Support for AAAA response Support for persistence IPv6 Management over IPv6 interface (c) New GUI Design (Kubric Look & Feel) (d) Configuration Scalability 8000 answers a User 2001:0DB8:AC10:FE01:: LDNS GSS Network SLB Datacenter A SLB Datacenter B b d c
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 GSS Release Map JanFebMarAprMayJunJulAugSepOctNovDecJanFeb 2011 2012 Release 3.3 (Private Only) - Geo IP Proximity - 8K Answers Support - ANM support for 8K Answers Release 3.2 - HTTPs KAL - Workaround DNSSEC - Bug Fixes Release 4.1 - IPv6 Support - Geo IP GSLB - ANM support for 8K Answers Release 4.1.1 - IPv6 dot.ONE release - Bug Fixes
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 2011 Release 4.1 (September, 2011) IPv6 Support (AAAA) GeoIP (Proximity, GeoRegions, GeoSALs) 2012 GSS Direction Release 3.2 (Feb, 2011) HTTPs KAL DNSSec Forwarding Critical Bug Fixes Release 5.0 (CC’ed) DNSSec with FIPS SOA & NS Record HW Refresh
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 GlobalStrike GSS 5.1 1. Security and Compliance (a) DNSSEC strengthens the integrity of DNS Query/Response transaction from threats such as Forged or bogus response Removal of Records (RRs) in responses Incorrect application of wildcard expansion rules (b) USGv6 and IPv6 Ph 2 Logo certification FIPS compliant or validated encryption with acceleration Common Criteria EAL-2 2. Platfom Refresh (c) UCS server based appliance (San Luis) vGSS 3.GeoIP Enhancements (d) Logical Grouping of Geo Regions 4. KAL- AP Enhancements and scalability Key Asks in GlobalStrike a User 2001:0DB8:AC10:FE01:: LDNS GSS Netw ork SLB Datacenter A SLB Datacenter B b d c Concept Committed 8/22/2011
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 GSS Roadmap Rel 4.0 Q4CY11 Rel 5.0 1HCY12 11 2 1 2 33 44 DCI Services Automation to support Vmotion over DCI User LDNS GSS Network SLB Datacenter A SLB Datacenter B 2 4 3 DCI Services Automation through integration with ANM Exploring LISP Support GSLB Services Geo IP based Proximity DNS Services IPv6: Support for AAAA, A6, CNAME DNS Records DNS Services DNSSEc with FIPS SOA & NS Record SupportSOA & NS Record Support GSLB Services Share KAL Status Among Peers KAL-AP with VIP Capacity/LoadKAL-AP with VIP Capacity/Load Operation Optimization Audit Logs Log Source IP Sync CLI and GUI User View KAL logs through GUI Operational Optimization Authentication using AD Automated Backup Activate/Suspend Answers Enhanced Reporting Alerts/Alarms 55 Hardware Platform GSS-4492R Hardware Platform Hardware Refresh with FIPS complianceHardware Refresh with FIPS compliance
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 Ease of Deployment Mobile FixedWireless Dedicated/ATM/FR ISDN/Dial IP Control/Forwarding Plane Cable DSL Data Center #1 DNS Global Control Plane Clients Requesting Web Sites DNS Requests DNS Response Layer 3 Communications DNS Resolvers (DNSR): IE, Firefox, etc. BIND CNR QIP ISP#1 ISP#2 Client Name servers (D-proxy) ISP#3 Root Name Server Data Center #2 Intermediate Name Server Supporting:.com GSS becomes the Authoritive Name Server for the entire Zone supporting all applications for the SP DNS GSS participates in the DNS infrastructure – Lower Latency
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22www.fifa.com Use Case: Policy based GSLB User Mesh Link nameserver.fifa.com www.fifa.comwww.fifa.com “NS” Record 10.86.191.150 “NS” Record 10.86.191.134 VIP=10.86.191.147 SLB Datacenter B DNS query www.fifa.com A” Record 10.86.191.147 Proximity Selects Answer based on lowest RTT. RTT measured between client’s d- proxy and a probing device (Cisco Router and/or GSS) GSS uses DRP to communicate with probes Disaster Recovery Site Health Check Datacenter Load KAL-AP Ratio based GLSB GSLB Can Redirect Traffic Based On DNS GSS Milan 10.86.191.134 DNS GSS Johannesburg 10.86.191.150 SLB Datacenter A VIP=10.86.191.131 1 Add NS Record for both GSSes 2 Create Mesh Link 3 Add DNS Rules + SAL + DDL + Qtype + Add Clauses P-DNS2 22.214.171.124 DNS Query www.fifa.com 10.86.191.134 DNS Query, www.fifa.com www.fifa.com GSLB policy enables redirection based on proximity, site health, server load and user preferences
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 Cisco Confidential © 2011 Cisco and/or its affiliates. All rights reserved. 23 Mobile FixedWireless Cable DSL Dedicated/ATM/FR ISDN/Dial Tokyo Data Center #2 DNS Global Control Plane Resolver Use Case: BCDR DNS Name Servers NJ Back-up Data Center #3 Chicago Data Center #1 IP Control/ Forwarding Plane GSS Cluster Recovering Service Availability after Failure Active-Passive Design Network fail-over can happen within 10s Application/Server Recovery time is based on the time it take to complete data Synchronization of back-end data base, application servers and Web servers Supported by Cisco’s Solutions GSS, CSS, CSM, ACE
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 Cisco Confidential © 2011 Cisco and/or its affiliates. All rights reserved. 24 Mobile FixedWireless Cable DSL Dedicated/ATM/FR ISDN/Dial Tokyo Data Center #2 DNS Global Control Plane Resolver Use Case: Securing DNS Infrastructure Compromised DNS Name Servers or DNS bots NJ Back-up Data Center #3 Chicago Data Center #1 IP Control/ Forwarding Plane Provides Security Focused, highly available, DNS/DHCP/TFTP infrastructure for one or more data centers. Automatically identifies DNS-based DDOS attack and mitigates the attacks Rate limits these specific DNS Request
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 GSS Release 3.1.2 Before After 11 2 1 2 33 No support for IDNA Limited Integration with SLB Management (ANM) Bug Fixes IDNA Support 44 4 Tentative Bug Fixes KALs did not support HTTPs transport KALs on HTTPs Transport User LDNS GSS Network SLB Datacenter A SLB Datacenter B KAL 2 Integration with SLB Management (ANM) 4 3
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 GSS Release 3.2.0 Before After 11 2 4 2 33 No HTTPs KAL DNSSec Deployments Break GUI based Config Changes not logged HTTPs KAL 44 Audit Log for GUI based Config Changes SSL Vulnerabilities Secure Communication on SSL User LDNS GSS Network SLB Datacenter A SLB Datacenter B KAL 2 DNSSec workaround to forward A4 records 1 3
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 GSS Competitive Side by Side FeatureF5 GTMNetscalar GSLB Brocade GSLBRadWare GSLB Cisco DNS Services Uses Bind CNR* DNS DefenseYesNo UnknownYes GSLB Services Dedicated Appl.Yes NoYes GLSB FunctionsYes, 7 methodsYes, 3 methodYes, 3 methods Yes, 7 methods Dynamic RatioYesNo UnknownYes PersistenceYes NoYes TopologicalYesNo YesYes (manual load) GeographicalYes Yes (manual load) Management GUI, CLI and Wizard YesNo UnknownYes Administrative Login Authentication Local Only RADIUS and RBAC
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28 GSS Performance & Configuration Scalability Performance Single VIP (ans/sec)30,000 Complex Configuration (ans/sec)13,000 NS Forwarding1500 Configuration Limits DNS Rules4000 VIP (Standard/Shared)2000/4000 # of Active SLBs Probed256 Max active GSSes in Mesh16 HTTP Probes (Standard/Fast)500/100 ICMP Probes (Standard/Fast)750/150 TCP Probes (Standard/Fast)1500/150 Scripted SNMP Probes (Standard/Fast)384/120 KALAP Probes (Standard/Fast)128/40 Configuration Limits Answer Groups (per group max)2000 (100) Name Server addresses for NS Forwarding (max per answer group) 100 (30) DNS Race CRA Devices (max per race, max per answer group) 200 (20,20) Source IP Addresses configurable for DNS Rules500 Source Address Groups (Max per group)60 (30) Hosted Domains (Max per SLB)2000 (1000) Hosted Domain Lists (Max per Domain List)2000 (500) Administrative Owners500 Administrative Regions (Locations)20 (1000) Max user ids256 Max GUI (CLI) sessions128 (8)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29 Questions?
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 BACKUP
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31 Security Focused Functionality Improves availability and resiliency of DNS infrastructure with high performance and self protecting DDOS software Offloads and optimizes BIND/DNS processing and selects the best site based on: –Intelligent load balancing algorithms & “clauses” –Proximity to user request –Data center and server loads, availability & health –Persistence to prevent lost session information Complete and Centralized DNS/DHCP/TFTP management for network-enabled applications Security conscious features: DDOS Mitigation Software Client to GSS and GSS to GSS communication encrypted Private DNS code base Supports all DNS-compatible devices Can be deployed with or without content switches
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 Improving DNS Survivability Detects and mitigates the DNS focused Distributed Denial of Service (DDoS) attacks. Multiple defenses including source verification With the granularity and accuracy to provide new levels of business continuity by processing only legitimate DNS requests Delivering the performance and architecture suitable for the largest enterprises and providers Addresses DDoS attacks today, and its network-based behavioral anomaly capability will be extended to additional DNS focused threats
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33 Security Focused GSS deployment ISP-1 ISP-2 Public Web Servers Secure Web Servers DNS Server Datacenter A Cisco GSS Why here? -Public IP and DNS Host Names - Layers of firewalls and Nating between DNS and internal servers Not here? -If hacked private IP available -- DNS traffic Tunneled though firewall - Violates recommend “Split DNS” Best Practices Others DMZ Un-secure DNS traffic
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34 Cisco Confidential © 2011 Cisco and/or its affiliates. All rights reserved. 34 Shared Keepalive Type kal-ap 10.86.191.129 | 10.86.191.145 AnswerGroup grp-bxb Answer-1 (NY) Answer-1(Bos) Answer-1(NY) VIP-A 10.86.191.131 Answer-1(Bos) VIP-A 10.86.191.147 Answer-2(NY) VIP-B 10.86.191.136 Answer-2(Bos) VIP-B 10.86.191.153 AnswerGroup grp-rtp Answer-2 (NY) Answer-2(Bos) Domain List bxb www.bxb.com Source Address List Asia 126.96.36.199 – 188.8.131.52 184.108.40.206 - 220.127.116.11 Domain List rest www.bxb.com www.sjc.com Source Address List - Anywhere 0.0.0.0 – 255.255.255.255 Rule – bxb.com Source Address List Anywhere Domain List bxb Balance Clause 1: AnswerGroup grp-bxb Balance Method Round Robin Balance Clause 2: Balance Clause 3: Rule – goodFellas.com Source Address List Asia Domain List rest Balance Clause 1: AnswerGroup grp-bxb Balance Method Round Robin Balance Clause 2: Balance Clause 3:
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35 GSS vs F5 GTM FeatureGSSF5 Global Traffic Management Advance Multi-Site Traffic Management w/ PersistenceYes Integrate DC selection with Server LoadYes Universal Health checks for Traffic ManagementYes Leverages Cisco Router Technology for DC selectionYesNO! Business Continuance Provides HA for any type of DNS trafficYes ManageabilityYes Dynamic configuration, secure Auto-syncYes Network Server Consolidation Appliance Based DNSYes (but we have retired CNR) Yes (with Bind) Full DHCP/TFTP ServicesYes (but we have retired CNR)NO! Security Focused DNS Infrastructure Integrated DNS-based DDOS protectionYesNO! Protects BIND InfrastructureYesNO! Not-Subject to BIND vulnerabilitiesYesNO!
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36 GSLB Core Balance Functions Load Balancing Methods 1. Ordered List -Uses next VIPs when all previous VIPs are overloaded or down 6. Source Address and Domain hash -IP address of client’s DNS proxy and domain used -Always sticks same client to same VIP 2. Static Based on Client’s DNS Address -Maps IP address of client’s DNS to available VIPs 7. DNS Race –Initiates race of A-record responses to client –Finds closest SLB to client’s d-proxy 3. Round Robin – Cycles through available VIPs in order 8. DRP-based Dynamic Network Proximity –Actively localizes client traffic by probing the client DNS Name servers and routing the client to the closest data center based on the lowest RTT measurement. –Scales to greater than 400,000 4. Weighted Round Robin –Weighting causes repeat hits (up to 10) to a VIP 9. Global Sticky DNS Database –Dynamically tracks where clients are sent then ensures they are sent to the same device for subsequent requests –Entries are based the IP address of client name server and the domain name requested –Sticky answers are shared between GSSs 5. Least Loaded –Least connections on CSM and least loaded on CSS –Load communicated via CAPP UDP 10. Drop –Silently discards the DNS request
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37 CSS-BCSS-A Servers Site 1 Keepalives: TCP ICMP HTTP-Head SNMP CSS-BCSS-A Servers Site 2 Keep Alives (KAL) KALs – back-end process gathers state and load information from devices within the data center such as local server load balancers, and origin servers KAL can be grouped and logically “AND” together V2.0 added a new KAL type --- SNMP based
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38 Types of GSLB Solutions Underlying Platform Network InsertionProsConsDominant Use Case DNS Based GLSB DNS Authority DNS Proxy DNS Traffic Intercept Accurate Load Info Accurate Proximity Info Proximity between Client and Resolver Caching at client/server/proxy Disaster Recovery and Business Continuance Global Traffic Management DNS Security Host Route Injection SLB Add-On Router Add-On Server Add-On No new protocols required GSLB is a routing problem Support for multiple ISP Route Flapping Less accurate Load/Proximity Info No dominant use case Triangle Data Flow SLB Add-OnAccurate ProximityReverse PathTraffic Localization to nearest Datacenter GSS is a DNS based GSLB Solution
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39 GSS 3.2.0 Bug Fixes IdentifierHeadlineComments CSCsz42912Request to implement the show mem command in SNMP CSCtc38727Manual Reactivation answers in OS with secondary circuit specified kalap CSCtc39127GSS Running Config is gone, GUI is unavailable but is passing traffic CSCtd01467IMPORTANT TLS/SSL SECURITY UPDATE CSCte64381Cisco GSS not functioning as per Internet DNS StandardsFix for Chrystler CSCtf30643getBulkRequest with max repetitions 0 crashes snmp on GSS CSCtg60511GSS sticky mesh staying in INIT state and not replicating sticky entries CSCti20170High rate of tcp dns request causing dnsserver to crashCOPART issue CSCti91605GSS running out of inodes, unable to ssh CSCti93734During initialzation GSS returns NXDomain CSCtj23186Need check to prevent answer-group being added to dns rule w/out answers CSCtj24854GSS running out of inodes, needs cleanup on /tmpJPMC issue CSCtj28476ENH: Need to add "core-files verbose" output to gss tech-reportEnh request from escalation CSCtj55505Tech report should be enhanced & add more sticky and selector logs To get more debugs from cases like stream the world
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40 Thank you.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Global Site Selector ADBU Product Management.
Deploying XenApp and XenDesktop with BIG-IP Brent Imhoff – Field Systems Engineer Gary Zaleski – Solutions Architect Michael Koyfman – Solutions Architect.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Barracuda Load Balancer Server Availability and Scalability.
Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.
SERVER LOAD BALANCING Presented By : Priya Palanivelu.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 12: Planning and Implementing Server Availability and Scalability.
Chapter 9: Access Control Lists
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
Secure Access and Mobility Jason Kunst, Technical Marketing Engineer March 2016 Location Based Services with Mobility Services Engine ISE Location Services.
Deploying Global Server Load Balancing
Security fundamentals Topic 10 Securing the network perimeter.
D-Link TSD 2009 workshop D-Link Net-Defends Firewall Training ©Copyright By D-Link HQ TSD Benson Wu.
© F5 Networks, Inc. 1 How Does DNS Work? A user browses to A user browses to
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Configuring Global Server Load Balancing (GSLB)
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-1 Lesson 3 Cisco PIX Firewall Technology and Features.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES Establish secure topologies. Secure.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Exploring the Enterprise Network Infrastructure Introducing Routing and Switching.
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
Web Application Firewall (WAF) RSA ® Conference 2013.
Additional SugarCRM details for complete, functional, and portable deployment.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.
Integrating and Troubleshooting Citrix Access Gateway.
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Chapter 9: Implementing the Cisco Adaptive Security Appliance
Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.
Course 201 – Administration, Content Inspection and SSL VPN
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
Automated Backup, Recovery, Inventory and Management for Security and Networking Devices.
Chapter 4: Implementing Firewall Technologies
Firewall Policies. Module Objectives By the end of this module participants will be able to: Identify the components used in a firewall policy Create.
IS3220 Information Technology Infrastructure Security
Damian Leibaschoff Support Escalation Engineer Microsoft Becky Ochs Program Manager Microsoft.
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partners only. Do not distribute. C
Improve the Performance, Scalability, and Reliability of Applications in the Cloud with jetNEXUS Load Balancer for Microsoft Azure MICROSOFT AZURE ISV.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Firewalls CS432. Overview What are firewalls? Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 4: Routing Concepts Routing Protocols.
Cisco Device Hardening Disabling Unused Cisco Router Network Services and Interfaces.
+ Routing Concepts 1 st semester Objectives Describe the primary functions and features of a router. Explain how routers use information.
What’s New in Fireware v11.9.5
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Implementing a Highly Available Network
© 2017 SlidePlayer.com Inc. All rights reserved.