I’d argue that BlueCat Networks won the best of Synergy award as they are all about foundations. According to Wikipedia, ‘A foundation is the lowest and supporting part of a structure’. For example, the pyramids in Egypt are not built on sand. The foundations of these extraordinary structures are based on solid rock and they need to be, otherwise all of the pyramids would have crumbled long ago – a bit like LinkedIn did on June 19th 2013.

A quick conclusion published by bloggers and the tech media suggested that LinkedIn got hacked but the world’s largest professional networking site jumped to their own defence via another social networking outlet to calm the storm and confirm the problem was being resolved and the outage was ‘down to a DNS issue.’

In very simple terms, DNS (the Domain Name System) is the phone book for the vast collection of devices connected to the Internet. It takes simple to remember catchy names like netscalertaylor.com and converts them to less memorable IP addresses which machines use to navigate their way round the globe and (hopefully) deliver the content you were expecting. For various reasons, it’s necessary to change these numbers, often on a frequent basis but we humans just have to remember netscalertaylor.com and the content arrives.

So what went wrong last month? In short, LinkedIn’s DNS provider suffered a Distributed Denial of Service (DDoS) attack which attempted to swamp their service and take them offline. The attack was unsuccessful but in the process of keeping things running smoothly the provider accidentally changed the DNS records of 5000 customers, one of which was LinkedIn. So when users typed linkedin.com the DNS records pointed them at ztomy.com

Cisco security researcher Jaeson Schultz had a dig round the issue and published a simple statement as a conclusion “Organisations need to carefully consider how they would swiftly identify unauthorised modifications to their DNS records and how they would react to such a situation.” If service levels matter in your organisation, take note.

NetScaler does some clever things with DNS records, most commonly within the Global Server Load Balancing feature. There’s a whole host of use cases from maintaining service levels at times of disaster recovery to pointing users to the correct data centre in a global online empire but NetScaler is only as good as the DNS records it has to work with and that’s generally been down to an administrator to manage, often using Excel spreadsheets and a pile of dedicated servers with the very real risks experienced above.

The problem is highlighted with the ever increasing growth in our cloud infrastructures. With more users demanding access to more content and more services, core network functions like DNS are critical to business continuity, availability and the ultimate measurement – service levels. Get it right and you’re a step closer to 5 nines uptime (99.999%), get it wrong and you may find yourself with a career adjustment opportunity.

To combat this risk, there’s a growing list of IP address, DNS and DHCP management vendors coming on to the market and we’ll see more of them as workloads become more dynamic and the steady migration to IPv6 becomes real for thousands of organisations. Some of these vendors are pushing strong alliances to core NetScaler competitors but reading between the lines there’s little more than a cross sell going on in the background – ‘I’ll push yours if you push mine’ mentality.

The primary reason we use an ADC like NetScaler is to consolidate the mechanism used to increase the performance, security and efficiency of service delivery. The most interesting thing about NetScaler for me however is the SDX platform and in particular the open architecture attitude that Citrix are pursuing. This not only allows multiple, full function individual NetScaler appliances to run in complete isolation on the hardware but also 3rd party vendors to consolidate their workloads in to the same physical box. BlueCat DNS/DHCP management appliances are a great example of this cross vendor collaboration.

As mentioned earlier, these core DNS/DHCP services traditionally sit on multiple servers, all of which need power, cooling and management with the associated costs involved. Reducing the physical footprint of the networking infrastructure in the data centre with DNS/DHCP management appliances hosted on the SDX platform therefore has obvious benefits.

The network teams that I’ve spoken to also like the idea of not having to wait for the server guys to provision a host for an increase in core network service capacity. In the past, this has ultimately inhibited the ability to react to the demands of the user counts leading to service levels slipping – clearly not the way forward for dynamic cloud infrastructures.

The ability to take human error out of the equation also has to be worth investigating. Automating these critical processes will become increasingly important especially with the onset of complex IPv6 addresses which make it very difficult for humans to spot errors at a glance and subsequently increase the risk of service failure.

Running BlueCat workloads directly on the NetScaler SDX hardware offers the industries first full function ADC and DNS/DHCP server in a single networking appliance with complete workload isolation and the elasticity that cloud delivery mechanisms need. Adding the ability to increase resilience and service efficiency it’s clear that BlueCat and Citrix have raised the bar, giving organisations of all sizes the solid foundations needed to build the clouds of the future.

© NetScalerTaylor

12th July 2013

Jaeson Schultz Cisco blog post

Citrix & BlueCat overview doc (well worth a read)

New to IPAM, DNS and DHCP?