Geographic Distribution of Critical Systems

Electronic mail and DNS servers are arguably the most critical systems in an organization. Without electronic mail, an organization is largely isolated from the Internet. Electronic mail may be used simply for communication, or it may be used for product orders, sales enquiries, or emergency notifications. Likewise, DNS is even more important, because electronic mail and most Internet-based applications will not function without the use of name -to-IP-address mapping. Given these facts, why do we so commonly find critical systems deployed in the manner depicted in Figure 4-5?

image from book
Figure 4-5: Non- geographically diverse MX and DNS servers

In this network, we find both authoritative name servers and both mail exchanger (MX) hosts residing on the same physical LAN segment! If we combine this design with the elements of Figure 4-4 in the previous section (no sparing /redundancy), we have a disaster waiting to happen. A failure of any component in this network not only isolates the organization from the Internet, but electronic mail cannot queue anywhere , nor can anyone even resolve electronic mail addresses for the organization.

Simply put, you must deploy both MX hosts and DNS servers in geographically unique locations. If you have a medium- or large- sized organization with multiple locations and Internet gateways, this problem is easily solved . You can deploy two or more servers, each in different locations.

If you are thinking, "I have a small business with a single Internet connection in one location; I do not have diverse locations for my systems," then never fear. Many companies exist to fill this gap by providing outsourced DNS services and mail exchanger services. They typically have collocation space in several locations around the United States, and some have locations all over the globe. For reasonable monthly fees, these companies will act as a secondary/backup system for your DNS and MX hosts. This may even be more cost effective for large organizations with hundreds or thousands of domain names and e-mail addresses. They can simply outsource the entire operation of DNS and MX hosts but retain management control of the services. Outsourced providers tend to offer a wide range of enhanced services as well as the basics mentioned here. The following list highlights a few of the larger outsource providers:

UltraDNS

http://www.ultradns.com/services/index.cfm

Akamai

http://www.akamai.com/en/html/services/overview.html

Nominum

http://www.nominum.com/products.php

Register.com

http://www.register.com

Network Solutions

http://www.networksolutions.com

Again, we can't stress enough that you must deploy critical servers in diverse locations!

Utilizing Anycast Routing for System Reliability

Organizations may be able to employ IP anycast addressing to increase reliability of critical systems/applications. Unicast is the general addressing mechanism used on the Internet whereby both the client and server have a unique IP address, just as a home or business has a unique mailing address.

Anycast is a communication mechanism whereby multiple servers, geographically dispersed across a wide area network (WAN), are assigned a common IP address. Using anycast allows the devices to share a common IP address, while routing protocols deliver packets to the " closest " device (see Figure 4-6). Anycast is typically used in large ISP networks, but may also be used by any organization with a sufficiently large, multihomed network.

image from book
Figure 4-6: Anycast use in a large wide area network

As seen in Figure 4-6, four servers are deployed within a large network and each is assigned the same anycast IP address. In addition, each server should have a second interface with a unicast address to be used for administration, and possibly other communication (discussed below). A client establishes a connection to an application, which runs on all four servers. Routing protocols deliver the packets between client and server based on a predetermined "metric," such as cost or distance (see Chapter 3 for details on how anycast works with respect to routing protocols).

When the "closest" server is unavailable, routing protocols determine the next "closest" server, and the client then communicates with that server. The client is still using the same anycast address, but is actually communicating with a different server. This mechanism generally provides higher reliability and the client never knows (nor should it care) which server it is communicating with, as long as the application works.

We should note that anycast may be used for almost any application, but generally it works much better with UDP-based applications than TCP-based applications. TCP is a connection-oriented (stateful) protocol and there is generally no way to keep state between the anycast servers such that the sessions from a failed server could be seamlessly transferred to the other anycast servers. If an anycast server fails, or the path to the server changes such that a different server is now the closest, the client would receive a TCP RST (reset), causing it to reestablish the session with the new server.

One mechanism to mitigate the problem with TCP-based applications works with protocols such as LDAP and HTTP (or any protocol supporting application-layer redirection). The client sends the initial TCP-SYN packet to the server, and the server can respond with an application-layer redirect to the unicast address (remember the note about a second interface with a unicast address?). Since this address is unique, a path change would have no effect on TCP, but of course, a server failure would still cause the client to reestablish the connection to a new server.

UDP is a connectionless protocol, so if an anycast server fails, or the path to the server changes such that a different server is now the closest, the client will probably never see any change in communication, or latency, as it would with TCP-based sessions.

Several large service providers utilize anycast, primarily for DNS services. These include Akamai, UltraDNS, and the volunteer root DNS servers (C, F, I, J, K, and M root).

While anycast can provide a high degree of reliability for systems, denial-of-service attacks against an anycast infrastructure may still disrupt service. Until the recent emergence of large botnets , the resources required to sustain a distributed denial-of-service attack against a large anycast infrastructure was beyond the reach of all but the most sophisticated attackers . However, these attacks are becoming more common and are happening with more frequency.



Extreme Exploits. Advanced Defenses Against Hardcore Hacks
Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed)
ISBN: 0072259558
EAN: 2147483647
Year: 2005
Pages: 120

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net