Скачать презентацию NSI Registry Update NANOG 18 San Jose California Скачать презентацию NSI Registry Update NANOG 18 San Jose California

3a30d6cf4c941ae952fb6d91f65d8812.ppt

  • Количество слайдов: 24

NSI Registry Update NANOG 18, San Jose, California Aristotle Balogh February 6, 2000 February NSI Registry Update NANOG 18, San Jose, California Aristotle Balogh February 6, 2000 February 2000 Aristotle Balogh

Agenda • • • Background Registry Operating Metrics g. TLD RFP and deployment plans/status Agenda • • • Background Registry Operating Metrics g. TLD RFP and deployment plans/status Root and g. TLD stat’s Next-generation stuff – Multicast satellite dist – DNSSEC February 2000 Aristotle Balogh

NSI Registry System Loads I • Live operations with NSI registrar in April 1999 NSI Registry System Loads I • Live operations with NSI registrar in April 1999 • First non-NSI registrar in June 1999 • By August 1999 – 8 total registrars – Read-Write Create/Update/Delete Loads • 132, 000 operations per day • 3. 67 operations per second during busy hour – Read-Only Query Loads • 1, 300, 000 operations per day • 36. 11 operations per second during busy hour February 2000 Aristotle Balogh

NSI Registry System Loads II • February 2000 – 25+ total registrars – Read-Write NSI Registry System Loads II • February 2000 – 25+ total registrars – Read-Write Create/Update/Delete Loads • 256, 000 operations per day (94% increase) • 7. 11 operations per second during busy hour – Read-Only Query Loads • 5. 2 M operations per day (300% increase) • 144. 44 operations per second during busy hour February 2000 Aristotle Balogh

Reliability, Availability, Scalability • “Dial Tone” Quality Product – “Hot” primary/secondary data centers – Reliability, Availability, Scalability • “Dial Tone” Quality Product – “Hot” primary/secondary data centers – Read-Only (RO) operations separated from Create, Update, and Delete (CUD) operations – Self-help tools and protocol enhancements • Repeatable Engineering Processes – Requirements, configuration, release, defect tracking, and escalation management with integrated tool support – Automated stress, performance and integrity testing – Detailed project planning, tracking, and oversight February 2000 Aristotle Balogh

g. TLD Site Selection Request for Proposal RFP Objective: “Identify and place the g. g. TLD Site Selection Request for Proposal RFP Objective: “Identify and place the g. TLD servers at the topological cores of the Internet; put g. TLD DNS infrastructure under contractual framework” Requirements • Proximity to Internet hosts and users • Internet connectivity • Peering relationships • Adequate site facilities • Technical support • Price Process: • RFP distributed to over 80 qualified vendors in Nov/Dec 1999 February 2000 Aristotle Balogh

g. TLD Site Selection Request for Proposal RFP Results • 28 vendors registered to g. TLD Site Selection Request for Proposal RFP Results • 28 vendors registered to provide proposals • 20 vendors responded with proposals • Proposals currently being evaluated • Sites being visited • Selected vendors to be identified during February 2000 Schedule • Deployment of next generation systems scheduled to begin Feb, 2000 through July 15, 2000 February 2000 Aristotle Balogh

Average QPS for A, J & J. gtld February 2000 Aristotle Balogh Average QPS for A, J & J. gtld February 2000 Aristotle Balogh

Root and GTLD Servers • Growth in. com is accelerating • Pushing resources to Root and GTLD Servers • Growth in. com is accelerating • Pushing resources to the limits • Axfer off of a. root-servers. net is no longer feasible (E 450) • Zone propagation is growing (3+ hours) to distant sites. • Queries per second (QPS is growing). February 2000 Aristotle Balogh

Average QPS for A & J Root Servers February 2000 Aristotle Balogh Average QPS for A & J Root Servers February 2000 Aristotle Balogh

Top 10 a. root-servers. net Queries February 2000 Aristotle Balogh Top 10 a. root-servers. net Queries February 2000 Aristotle Balogh

Top 10 j. root-servers. net Queries February 2000 Aristotle Balogh Top 10 j. root-servers. net Queries February 2000 Aristotle Balogh

Top 10 j. gtld-servers. net Queries February 2000 Aristotle Balogh Top 10 j. gtld-servers. net Queries February 2000 Aristotle Balogh

Named Memory Usage February 2000 Aristotle Balogh Named Memory Usage February 2000 Aristotle Balogh

Average QPS - a. root-servers. net February 2000 Aristotle Balogh Average QPS - a. root-servers. net February 2000 Aristotle Balogh

Average QPS - j. root-servers. net February 2000 Aristotle Balogh Average QPS - j. root-servers. net February 2000 Aristotle Balogh

Average QPS - j. gtld-servers. net February 2000 Aristotle Balogh Average QPS - j. gtld-servers. net February 2000 Aristotle Balogh

Satellite Based Zone File Distribution • Challenges with current zone file distribution – Large Satellite Based Zone File Distribution • Challenges with current zone file distribution – Large file size (e. g. com. xfer is about 1. 4 GB) – Files sizes growing exponentially – Variable latency and congestion on the Internet causes problems during zone transfer. – Long transfer times for remote sites (e. g. 4 hrs for Hong Kong site) – Zone file distribution time limits frequency of zone file distribution (currently twice a day) February 2000 Aristotle Balogh

Satellite Based Zone File Distribution • Distributing zone files via satellite: – Enables use Satellite Based Zone File Distribution • Distributing zone files via satellite: – Enables use of compressed zone files (com. xfer. gz is 120 MB) – Scalable: Impact of file size growth is less – Provides fixed latency and congestion free transport – Simultaneous delivery of zones – Less load on zone distribution servers – Enables more frequent zone file updates (e. g. 4 times a day) February 2000 Aristotle Balogh

Satellite Based Zone File Distribution Timeline: February 2000 Aristotle Balogh Satellite Based Zone File Distribution Timeline: February 2000 Aristotle Balogh

DNS Security Issues • Participated in a number of workshops – non-trivial to setup DNS Security Issues • Participated in a number of workshops – non-trivial to setup – current implementation is buggy • What the future holds – Has to only work in EDNS-aware servers (packet overflow on the roots for UDP on present 512 byte limitation). – Bind 8. x will not work. February 2000 Aristotle Balogh

DNS Security Changes • Registrar/Registry split means that client has to go through registrar DNS Security Changes • Registrar/Registry split means that client has to go through registrar to have registry to sign. • Steps: – Registrar needs to identify the domain holder and selects key that they desire to have signed with) – Registrar identifies itself with the registry – Verify that domain is with registrar – Signs domain public key – Signed key is returned to domain holder February 2000 Aristotle Balogh

DNS Security Changes • Issues for NSI Registry – Registrars need to setup a DNS Security Changes • Issues for NSI Registry – Registrars need to setup a front-end signing service for their domain holders) – RRP (the protocol that is between the registrar and registry) needs to be enhanced – Performance issues – Security issues on the key February 2000 Aristotle Balogh

Contact Info • Registry Engineering – Ari Balogh • abalogh@netsol. com • DNS/g. TLD Contact Info • Registry Engineering – Ari Balogh • [email protected] com • DNS/g. TLD Programs – Tom Newell • [email protected] com – Mark Kosters • [email protected] com February 2000 Aristotle Balogh