Technology

• Overview
• Directory Services Platform
• DNS Shield
• Global Network
• Web-Based Management Portal

Global Network Architecture

The network architecture consists of a combination of three (3) key components that function in unison to provide a managed Directory Services Platform. The platform is designed to meet stringent performance specifications of no less than 99.999% uptime.

The network currently consists of a mesh of fourteen (14) globally synchronized DNS server nodes located on five (5) continents. By utilizing dedicated hardware, each major component of the system is partitioned to function independently while providing a means of marshaling access control. Hardware is transparently added to an existing node without negatively impacting service at that node. Once a new DNS server is added, it immediately begins announcing the appropriate Anycast addresses [see Routing Methodology below for more information] and is included in the pool of servers available to answer queries within that node. Similarly, if a server fails, or is removed for maintenance, it ceases announcing the Anycast addresses, and queries continue to be received and answered by the remaining operational servers in that node with no end-user impact.

Diverse network connectivity is utilized within the network. Primary IPv4 connectivity is provided by three (3) International network carriers. Each node is multi-homed with 100 Mbps (Fast Ethernet) connections to each carrier. In addition, every node is also connected natively to a global IPv6 network. Finally, each node is connected to the local public peering fabric at that node, with a liberal peering policy. To ensure robustness and redundancy, a carefully architected matrix of network announcements is utilized to ensure that both minor and catastrophic failures of any elements within the network will not result in failures of resolution for end users. This includes unique combinations of network (IP address) announcements, network providers and collocation facility operators so that the catastrophic failure of an entire backbone carrier, combined with the failure of all facilities controlled by a collocation operator, would have no material impact on the service levels provided to customers.

Routing Methodology

The unprecedented internetworking reliability and minimized resolution latency UltraDNS offers are achieved in part by the implementation of advanced IP Anycast techniques. The term “Anycast” describes packets being sent between a single source and the nearest (in terms of network topology) of several possible destinations in a group, all having the same IP address. Anycast is different from multicast (packets between a single source and multiple, unique destinations) and unicast (packets between a single source and a single destination).

By injecting BGP (Border Gateway Protocol) route announcements from each node, the system leverages the features of BGP to enable the routing of user queries to a topologically nearby node, resulting in the following network efficiencies and advantages:

• Reduction of network latency for DNS transactions, as compared with a “standard” deployment of DNS services.
• Reduction in the number of queries routed to distant servers, thereby reducing the likelihood of encountering congested routers.
• Reduction in the number of query packets that are dropped, and which then result in DNS timeouts/retries.
• Improved performance and reliability to the end user.

Utilizing Anycast, the same six (6) IP addresses are announced in different combinations from each DNS resolver in the network infrastructure. This implementation provides additional redundancy in the face of network routing problems that can be caused by third parties. In the unlikely event that one or more of the IP addresses become unreachable, queries from users are seamlessly directed to an alternate node, which is also announcing the same IP address.

Anycast allows the geographical distribution of requests to any available DNS resolver for redundancy to effectively distribute traffic/requests to any given IP address globally, and to increase responsiveness of the overall system by using the closest (in terms of network topology) available resource to answer any query that enters the system.