Sie sind auf Seite 1von 7

Vantio CacheServe

Data Sheet

01

Vantio CacheServe

Data Sheet

1.1

Overview
Key Features Integrated architecture with core engines, platforms and applications Open ecosystem and SDK for service creation

Vantio CacheServe leads the industry with superior performance, resiliency, security, and availability. Vantio integration with the N2 Platform makes it simple to create differentiated, value-added applications. A powerful policy framework has unique capabilities for enabling highly personalized subscriber services. Embedded real-time and offline analytics produce actionable intelligence to support business initiatives as well as day-to-day and ongoing network operations. Advanced query processing algorithms in Vantio CacheServe yield the industrys highest performance and lowest latency, and dampen attacks to provide extraordinary resilience from huge surges in traffic. Vantio CacheServe security remains unmatched in the industry, with layered defenses that deter all forms of cache poisoning attacks and built-in resilience to DDoS. Collectively, these capabilities ensure a better business proposition for network operators and a faster, safer, and more productive Internet experience for end users.

Extensive analytics for business intelligence, moni-toring, on-line diagnostics Layered security defenses protect against all forms of cache poisoning Robust DNSSEC validation with advanced features like Negative Trust Anchors Full dual-stack IPv4/IPv6 and DNS64 support Sophisticated query processing algorithms improve resilience, deliver leading performance Compatible with all major server hardware and operating systems

Key Benefits Improves network efficiency with superior performance, availability, and security Diverse applications & services differentiate the customer experience APIs for rapid application development by network operators and third parties Rapid deployment increases business agility, reduces time to market for new services Minimal integration expenses lower total cost of ownership Real time visibility into network trends and emerging problems No new equipment and no changes to the network architecture

01

02

Vantio CacheServe

Data Sheet

2.1

Vantio N2 Platform Integration


Vantio CacheServe is integrated with the N2 Platform, which lets network operators business and technical teams work together to gather actionable analytics and quickly create differentiated applications that efficiently leverage their DNS infrastructure. The N2 Platform makes application development faster and easier than integrating disparate products or building solutions in-house, and offers a lower total cost of ownership. Nominums IDEAL ecosystem is a collection of software developersthird party, Nominum, and network operatorsthat build applications using the N2 Platform. Nominum has already developed a wide range of applications to protect networks from botnets and deter outbound spam, personalize Internet services, improve subscriber safety, feed big data analytics systems, and more. An SDK in the N2 Platform allows for rapid development of additional applications by network operators themselves, or by third parties.

3.1

Powerful Policy Framework


Vantio CacheServe supports an extremely powerful policy framework with unique capabilities for enabling services. Lightweight Views take the view concept of the server to the ultimate extent, where each individual user can have their own view. Policies defining how queries are handled can be applied to each view, effectively enabling a personal Internet for each subscriber. For instance, every household could tailor the Internet content permitted in their home, and schedule when the Internet is available to suit their family preferences. To avoid the obvious problems individual caches could introduce Lightweight Views use a shared cache, every view can have distinct polices, but take advantage of statistical sharing of cached entries. Policies are enforced by Vantio CacheServe engines but configured, provisioned in distributed Vantio CacheServe servers, and managed through Nominum Policy Manager, which is part of the N2 Platform.

02

03

Vantio CacheServe

Data Sheet

4.1

Embedded Analytics for Actionable Network Intelligence


Vantio CacheServe can collect extremely fine-grained DNS query data to provide business insights, network visibility, and event awareness. This information can be analyzed in real time through Nominum Network View, a Nominum application, or collected for analysis with other offline tools such as big data analytics or logging and event management systems. Network information gathered with Vantio CacheServe can be used for a variety of other operational, security, and business purposes. For example, networks and users can be protected from bot-related threats, anomalous traffic trends can be uncovered,network attacks can be observed as theyre happening, or traffic patterns can be visualized based on web destinations rather than IP statistics. Real Time Alerts (RTA) leverage extensive event and network-level information, gathered by Vantio, to greatly enhance network awareness. Alerts are immediately sent for major changes in network behavior produced by malicious events, such as the onslaught of a DDoS attack. Additionally, network administrators can opt to monitor activity levels of valuable or sensitive network resources (e.g., websites or mail servers).

5.1

Layered Security Defenses


Vantio CacheServe layered security defenses offer the best protection available against DNS cache poisoning, and completely deter the exploit discovered by security researcher Dan Kaminsky. No other vendor offers all of these critical layers of protection. Deterrence Layer: Industry-leading UDP Source Port Randomization and domain case randomization (0x20) make it harder for attackers to correctly guess query parameters. Defense Layer: Detects spoofing attempts and re-queries Authoritative servers over a secure connection (TCP), greatly slowing the progress of an attack (by 100 times or more).

03

04

Vantio CacheServe

Data Sheet

Resistance Layer: Glue Segregation and Query Response Screening ensure corrupted data in DNS query responses is not cached. Remediation Layer: Sends alerts when an attack is underway and records associated parameters.

6.1

DDoS Attack Dampening


Vantio CacheServes unique and efficient design allows it to withstand extreme query volumes that cause other caching servers to fail. Instead, Vantio CacheServe continues to answer queries so end users do not perceive a service outage. Vantio CacheServe also limits open recursion contexts in order to manage outbound connections to authoritative servers, so it is not possible to DoS with barrages of recursive queries. In conjunction with RTA, network operators can rate limit queries from individual clients to shield DNS servers from abuse. Visibility can be used to baseline query trends and look for abnormally high query rates. If sources of an attack are identified with network visibility, the addresses sending the traffic can be blocked using ACLs. Lastly, exclusion lists allow select end users to be exempt from set thresholds.

7.1

Advanced Query Processing


The core Vantio CacheServe engine is able to deliver superior caching performance and scalability, unattainable in dual-purpose name servers, due to separation of the caching and authoritative DNS functions. Additionally, Nominum has taken steps to optimize Vantio CacheServes memory management, cache management, and query management techniques, which improves caching and recursive performance. Ultimately, the resiliency of Nominum authoritative software reduces the load on other network elements. Beyond performance, Nominum improves latency by regularly assessing Round Trip Times (RTT) for servers and selecting the fastest responders to resolve queries. There is also a configurable pre-fetching option that greatly reduces the time to resolve a query through a proactive process to keep the cache populated with current information before a customer query forces the recursive process. 04

05

Vantio CacheServe

Data Sheet

8.1

Dual Stack Support for IPv4, IPv6, DNS64


During the transition to IPv6, network operators need to resolve both IPv4 and IPv6 queries. A single Vantio CacheServe server handles both types of queries. Furthermore, DNS64 is supported as a transition technology to allow any IPv6only hosts to connect with IPv4 only servers on the Internet. Vantio CacheServe looks at incoming DNS requests and responses and when necessary synthesizes the AAAA records when only A records for a query are found so IPv6 host can initiate a connection to an IPv4 server.

9.1

Robust DNSSEC with Advanced Features


DNSSEC is the industry standard for cryptographically securing data published in the DNS. Nominum engineers have tremendous depth of experience with DNSSEC, having participated in the definition of the original protocol specification more than a decade ago. The Vantio CacheServe core engine delivers industry leading DNSSEC validation performance to minimize the operational impact of deploying the protocol. Only Vantio CacheServe supports advanced features like Negative Trust Anchors, which allow network operators deploying DNSSEC to temporarily disable validation for a domain if it is determined that validation failures are being caused by improper signing. This prevents DNSSEC errors from causing domains to disappear from the Internet, thereby eliminating the potential for adverse impact (the validator being blamed if a domain does not resolve) of signing errors. Negative Trust Anchors can be removed when the domain owner fixes the problem.

05

Nominum, Inc
Address: Phone: Fax: 2000 Seaport Boulevard, Suite 400 Redwood City, CA 94063 USA + 1 650-381-6000 + 1 650-381-6055

website

www.nominum.com