SlideShare une entreprise Scribd logo
1  sur  6
Télécharger pour lire hors ligne
Delivery Platform




The OpenDNS Global Network Delivers
a Secure Connection Every Time. Everywhere.

 • A trusted delivery platform is the
   foundation of any cloud service.
 • The Umbrella Security Cloud leverages
   the OpenDNS Global Network.
 • Achieving the lowest connection latency
   between any two points Internet-wide.
 • Serving 50 million active users daily
   with 100% network uptime.
Network Performance
                               Users’ devices create multiple simultaneous connections each time we exchange data with other
                               Internet hosts (e.g. browsing Websites). So the latency (aka. delay) to establish each connection is
                               the most important performance metric of a security cloud service’s network.


                               Peering Relationships Shortens the Path.
                               Typically one cannot drive from point A to point B via a straight line as the crow flies. Roadways
                               connecting these points limit the shortest routes available. If each point has nearby highway on-
                               ramps, many traffic intersections can be avoided, which shortens the path. The Internet works in
                               much the same fashion, except that physical parameters are meaningless. Expeditious routing
                               through the Internet’s ever-changing topology is most relevant. And the quantity of a network’s
                               POPs (Points of Presence) is often a less determining factor than the quantity and quality of its
                               peering relationships. Such as those established with well-connected, first-tier ISPs at the
                               Internet’s core. Each peer effectively offers a shortcut for traffic to flow thru the 5,000+ ISPs that
                               make up the overall fabric of the Internet’s topology (see page 5 for a more detailed illustration).

                                       ROUTING IS MOST RELEVANT: Path Length & Peer’s Connectivity
                                                      OpenDNS Peers Shorten the Path
                            from Devices to the Umbrella Security Cloud and the Umbrella Security Cloud to Servers


                POINT A               TRANSIT            PEER            PEER               PEER            PEER           TRANSIT             POINT B


                                 Devices’             OpenDNS Global Network is Co-Located with the                        Name or Content
                               Connections            Most Well-Connected Internet Exchanges Points                      Servers’ Connections
                              to the Internet         at Geographically-Distributed Peering Facilities                      to the Internet

                                      GEOGRAPHY IS LEAST RELEVANT: Physical Distance is Meaningless

                               Short Distances Do Not Necessarily Increase Speed.
                               Many vendors often show prospects a network map indicating the distribution and quantity of their
                               POPs.1 False assumptions are often made that connection latency decreases the nearer a vendor’s
                               POP is located to the ISP’s POP for which networks and devices connect to. Yet the shortest path
                               between the ISP and the vendor may actually route traffic across the Pacific Ocean and back due
                               to a lack of peers or other transit paths. Or may require excessive hops to route around such slow
                               links, which in total, still results in a slower path between points A and B. Of course, it’s difficult
                               to map the route speed between every endpoint and the vendor’s network. And the speed fluctuates.
                               Most security cloud services use traditional Unicast routing, which advertises a unique IP address
                               for every server. Such services will deploy load-balancers at each POP so there is only one unique
                               IP address per location. During setup, a specific location’s IP address may need to be chosen for
                               each provisioned network or device. However, the Internet’s topology is always changing around
                               networks and the geographic location is always changing for roaming computers or mobile devices.
                               And often such static setups lead to slower connections via a less optimal starting point.


1 Beware of some vendors’ marketed numbers. Some include privately accessible POPs. Or POPs used only for data retention, management or reporting
  systems, but not traffic enforcement. Or some POPs only enforce one traffic protocol (e.g. SMTP), while others enforce different traffic (e.g. HTTP/S).


                                                The OpenDNS Global Network Delivers a Secure Connection Every Time. Everywhere                     Page 2
Always Selecting the Optimal Starting Point.
                               The Umbrella Security Cloud is the only such security service in the market that leverages Anycast
                               routing. Anycast enables every server at every POP to advertise the same IP address globally, not
                               per location. And without load balancers, which add latency and risk of failure. Implementing
                               Anycast routing via the OpenDNS Global Network is complex, time consuming and costly. It
                               requires maintaining a lot of hardware, owning a large IP address space, managing sophisticated
                               routing policies, and developing many peering relationships to upstream ISPs. This burden is
                               owned entirely by a team of OpenDNS engineers at our network operation center, not the customer!

                               Now every customer network and device, automatically or manually setup, connects to the same IP
                               address. Regardless of variable Internet topology or geographic location. Anycast uses invisible
                               load-balanced routing logic, not actual load-balancers, to always route traffic to the OpenDNS POP
                               that will provide the shortest path for every connection. Customers no longer need to manage
                               and/or host a configuration file to perform this action as with most other security cloud services.


                               Achieving the Lowest Connection Latency Between Any Two Points.
                               The OpenDNS Global Network provides 13 publicly accessible POPs distributed across 3
                               continents, with more planned.2 More importantly, these POPs are co-located with the number
                               one, two and three most well-connected IXPs (Internet Exchange Points) on each continent. Since
                               2006, OpenDNS has established nearly 40 peering relationships with other well-connected
                               networks thereby shortening the path between any two endpoints Internet-wide. These relationships
                               enable the OpenDNS Global Network to deliver secure connections via shorter paths relative to any
                               other security cloud service’s network.3 And an entire hop less than the average network. While
                               actual connection latency between router hops will vary, the total connection latency between
                               points A and B is more likely to be the lower by leveraging the OpenDNS Global Network.



                               Average Path Length by # of AS/BGP Router Hops45

                                OpenDNS Global Network 3.640
                                Competitor A Network                                                            4.331
                                Competitor B Network                                             4.081
                                Competitor C Network4                                                   4.190
                                Competitor D Network                                        3.996
                                Competitor E Network                                                4.128
                                Average Network (e.g. ISP)5                                                                      4.610


2
    The OpenDNS Global Network consists of (8) eight POPs across the Americas; (3) three POPs across Europe, Middle East and Africa; and (2) two POPs
    across Asia-Pacific. Please request the locations from a technical support rep to help determine the expected average route speeds to your networks.
3
    Source: Hurricane Electric Internet Services (http://bgp.he.net/). BGP routers announce paths between networks using Autonomous System (AS)
    numbers. The OpenDNS Global Network is assigned AS36692 by ARIN (American Registry for Internet Numbers). The metrics reported for each
    competitor’s AS number was used for comparison. Mean value was calculated for competitor’s using multiple AS numbers.
4
    Competitor C’s networks are not assigned a routable AS number. The AS numbers of the ISP networks hosting competitor C’s POPs are used instead.
5
    Source: Cymru (http://www.cymru.com/BGP/avg_aspath_len.html). One way to determine the interconnectedness of the Internet is to look at the
    average path length between any AS.


                                                The OpenDNS Global Network Delivers a Secure Connection Every Time. Everywhere                    Page 3
Network Uptime
               The availability and reliability to establish and maintain every secure connection is paramount.
               Any impact to business-critical Internet access translates to opportunity costs. Vendors’ marketing
               often claims “99.999%” network uptime. Fine print regularly reveals that this is not a metric the
               vendor delivers over the entire life of the service. Just that the vendor will reimburse a percent of
               the service cost if it fails to meet this metric. Will their reimbursement cover the lost opportunity?


               Operational Excellence with Complete Transparency
               The Umbrella Security Cloud is built on a foundation of trust that OpenDNS has established for
               over 50 million active Internet users relying on recursive DNS services for network connectivity.
               The OpenDNS Global Network has maintained 100% uptime since it launched in 2006. OpenDNS
               believes that is more valuable than just a promise (aka. service level agreement) to reimburse
               customers. Below is a snapshot of the current status and rolling 30-day window of various
               operational messages and notices that is published online at http://208.69.38.170/.




               Connect with Confidence
               Rather than crude round-robin methods or physical load balancers, Anycast uses load-balanced
               routing logic, which is invisible to individual servers or entire PoPs. If a server or entire PoP (#3 in
               the example below) is taken offline for maintenance, disasters, failures or attacks, it ceases to
               advertise its shared IP address. Then all upstream layer-3 network devices (e.g. BGP routers) will
               transparently route new connections to the next best server or POP (#5 in the example below due
               to a lower link cost). The traditional burden is completely removed from the customer if OpenDNS
               needs to make a temporary or permanent change to its global network. Such as periodic service
               maintenance, major location shifts, or extended failovers due to on-going DDoS (Distributed Denial
               of Service) attacks. Also, the OpenDNS Global Network strives to maintain double the global
               network capacity as the daily peak usage. Even in a worse case situation taking several entire
               OpenDNS POPs offline would not cause any customers to lose network connectivity.

                                                                      POP 5
                                                                      IP: 1.2.3.4



                                                    PEER                 PEER
                                                               PEER




                                                                                    PEER
                                         ER
                                         PE




     POINT A           TRANSIT           PEER       PEER                 PEER              PEER   TRANSIT    POINT B
                                                                      POP 3
                                  PEER




                                                               PEER




                                                                                    PEER




                                                                      IP: OFFLINE



                                         PEER       PEER                 PEER

                                         TOTAL LINK COST = X          POP 8
                                                                      IP: 1.2.3.4




                             The OpenDNS Global Network Delivers a Secure Connection Every Time. Everywhere     Page 4
Internet’s Topology
           The Internet is often referred to as a “Network of Networks”, as it consists of over 5,000 ISPs
           interconnected with one another in a sparsely meshed fabric.


           The Core
           The core of the Internet’s topology is created using peering agreements at IXPs (Internet Exchange
           Points), which allow first-tier ISPs or other service providers like OpenDNS to exchange traffic
           bound for one another’s customers. Greater quantity and quality of peers at a IXP, equals fewer
           routing hops and link latency encountered between customers’ networks or devices and the
           OpenDNS Global Network. And between the OpenDNS Global Network and content or name servers.


           The Edge
           Millions of business networks and billions of home networks are connected via transit agreements
           for direct Internet access from each ISP’s PoP. Transit agreements are also used to connect
           OpenDNS to first-tier ISPs and first-tier ISPs to smaller ISPs, commonly at the Internet’s edges.
           Many regional second- or third-tier ISPs that business or home networks receive access from have
           no peering agreements at IXPs or geographic dispersion making their network connectivity
           susceptible to greater latency or outages, respectfully.




                        The OpenDNS Global Network Delivers a Secure Connection Every Time. Everywhere   Page 5
Umbrella is brought to
you by OpenDNS.
Trusted by millions around the world.
The easiest way to prevent malware and phishing
attacks, contain botnets, and make your Internet faster
and more reliable.




OpenDNS, Inc. • www.umbrella.com • 1.877.811.2367

Copyright © 2012 OpenDNS, Inc. All rights reserved worldwide. No part of this document may be reproduced by
any means nor translated to any electronic medium without the written consent of OpenDNS, Inc. Information
contained in this document is believed to be accurate and reliable, however, OpenDNS, Inc. assumes no
responsibility for its use.

Umbrella-Whitepaper-Delivery-Platform-v1.0

Contenu connexe

Tendances

Adhoc mobile wireless network enhancement based on cisco devices
Adhoc mobile wireless network enhancement based on cisco devicesAdhoc mobile wireless network enhancement based on cisco devices
Adhoc mobile wireless network enhancement based on cisco devicesIJCNCJournal
 
Mobile computing
Mobile computingMobile computing
Mobile computingSaranyaK68
 
MOBILE IP,DHCP,ADHOC ROUTING PROTOCOLS
MOBILE IP,DHCP,ADHOC ROUTING PROTOCOLSMOBILE IP,DHCP,ADHOC ROUTING PROTOCOLS
MOBILE IP,DHCP,ADHOC ROUTING PROTOCOLSManju La
 
Basic networking
Basic networkingBasic networking
Basic networkingajeeshr3
 
Data Networking Concepts
Data Networking ConceptsData Networking Concepts
Data Networking ConceptsPeter R. Egli
 
Networks (Distributed computing)
Networks (Distributed computing)Networks (Distributed computing)
Networks (Distributed computing)Sri Prasanna
 
difference between hub, bridge, switch and router
difference between hub, bridge, switch and routerdifference between hub, bridge, switch and router
difference between hub, bridge, switch and routerAkmal Cikmat
 
IPv6 Neighbor Discovery Problems (and mitigations)
IPv6 Neighbor Discovery Problems (and mitigations)IPv6 Neighbor Discovery Problems (and mitigations)
IPv6 Neighbor Discovery Problems (and mitigations)Juniper Networks
 
IT6601 Mobile Computing Unit II
IT6601 Mobile Computing Unit IIIT6601 Mobile Computing Unit II
IT6601 Mobile Computing Unit IIpkaviya
 
Building a metro ethernet network to deliver high bandwidth internet protocol...
Building a metro ethernet network to deliver high bandwidth internet protocol...Building a metro ethernet network to deliver high bandwidth internet protocol...
Building a metro ethernet network to deliver high bandwidth internet protocol...IRJET Journal
 
Neighbor Discovery Deep Dive – IPv6-Networking-Referat
Neighbor Discovery Deep Dive – IPv6-Networking-ReferatNeighbor Discovery Deep Dive – IPv6-Networking-Referat
Neighbor Discovery Deep Dive – IPv6-Networking-ReferatDigicomp Academy AG
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Mobile computing unit-5
Mobile computing unit-5Mobile computing unit-5
Mobile computing unit-5Ramesh Babu
 

Tendances (20)

F0322038042
F0322038042F0322038042
F0322038042
 
Chapter1 intro
Chapter1 introChapter1 intro
Chapter1 intro
 
Adhoc mobile wireless network enhancement based on cisco devices
Adhoc mobile wireless network enhancement based on cisco devicesAdhoc mobile wireless network enhancement based on cisco devices
Adhoc mobile wireless network enhancement based on cisco devices
 
Mobile computing
Mobile computingMobile computing
Mobile computing
 
20CS2008 Computer Networks
20CS2008 Computer Networks20CS2008 Computer Networks
20CS2008 Computer Networks
 
MOBILE IP,DHCP,ADHOC ROUTING PROTOCOLS
MOBILE IP,DHCP,ADHOC ROUTING PROTOCOLSMOBILE IP,DHCP,ADHOC ROUTING PROTOCOLS
MOBILE IP,DHCP,ADHOC ROUTING PROTOCOLS
 
Basic networking
Basic networkingBasic networking
Basic networking
 
Broadcast NETWORK
Broadcast NETWORKBroadcast NETWORK
Broadcast NETWORK
 
Data Networking Concepts
Data Networking ConceptsData Networking Concepts
Data Networking Concepts
 
Networks (Distributed computing)
Networks (Distributed computing)Networks (Distributed computing)
Networks (Distributed computing)
 
Class-note-data communications-01
Class-note-data communications-01Class-note-data communications-01
Class-note-data communications-01
 
difference between hub, bridge, switch and router
difference between hub, bridge, switch and routerdifference between hub, bridge, switch and router
difference between hub, bridge, switch and router
 
IPv6 Neighbor Discovery Problems (and mitigations)
IPv6 Neighbor Discovery Problems (and mitigations)IPv6 Neighbor Discovery Problems (and mitigations)
IPv6 Neighbor Discovery Problems (and mitigations)
 
IT6601 Mobile Computing Unit II
IT6601 Mobile Computing Unit IIIT6601 Mobile Computing Unit II
IT6601 Mobile Computing Unit II
 
Cs8591 Computer Networks
Cs8591 Computer NetworksCs8591 Computer Networks
Cs8591 Computer Networks
 
Building a metro ethernet network to deliver high bandwidth internet protocol...
Building a metro ethernet network to deliver high bandwidth internet protocol...Building a metro ethernet network to deliver high bandwidth internet protocol...
Building a metro ethernet network to deliver high bandwidth internet protocol...
 
Internet
InternetInternet
Internet
 
Neighbor Discovery Deep Dive – IPv6-Networking-Referat
Neighbor Discovery Deep Dive – IPv6-Networking-ReferatNeighbor Discovery Deep Dive – IPv6-Networking-Referat
Neighbor Discovery Deep Dive – IPv6-Networking-Referat
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
Mobile computing unit-5
Mobile computing unit-5Mobile computing unit-5
Mobile computing unit-5
 

En vedette

White Paper: Defense In Breadth
White Paper: Defense In BreadthWhite Paper: Defense In Breadth
White Paper: Defense In BreadthCourtland Smith
 
Datasheet: Umbrella Everywhere Solution Overview
Datasheet: Umbrella Everywhere Solution OverviewDatasheet: Umbrella Everywhere Solution Overview
Datasheet: Umbrella Everywhere Solution OverviewCourtland Smith
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceCourtland Smith
 
OpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&COpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&CCourtland Smith
 
Role of DNS in Botnet Command and Control
Role of DNS in Botnet Command and ControlRole of DNS in Botnet Command and Control
Role of DNS in Botnet Command and ControlOpenDNS
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 

En vedette (7)

White Paper: Defense In Breadth
White Paper: Defense In BreadthWhite Paper: Defense In Breadth
White Paper: Defense In Breadth
 
Datasheet: Umbrella Everywhere Solution Overview
Datasheet: Umbrella Everywhere Solution OverviewDatasheet: Umbrella Everywhere Solution Overview
Datasheet: Umbrella Everywhere Solution Overview
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic Workforce
 
OpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&COpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&C
 
Role of DNS in Botnet Command and Control
Role of DNS in Botnet Command and ControlRole of DNS in Botnet Command and Control
Role of DNS in Botnet Command and Control
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
 
Black ops 2012
Black ops 2012Black ops 2012
Black ops 2012
 

Similaire à Tech Doc: Umbrella Delivery Platform

Network the 4th layer
Network the 4th layerNetwork the 4th layer
Network the 4th layerkachbourimed
 
E business 2014 l06
E business 2014 l06E business 2014 l06
E business 2014 l06kchanaka3
 
Networking Fundamentals
Networking FundamentalsNetworking Fundamentals
Networking FundamentalsRajet Veshin
 
Stable And Self Adaptive Routing For Mobile And Ad Hoc...
Stable And Self Adaptive Routing For Mobile And Ad Hoc...Stable And Self Adaptive Routing For Mobile And Ad Hoc...
Stable And Self Adaptive Routing For Mobile And Ad Hoc...Sandra Acirbal
 
3 deus leaflet wp3
3 deus leaflet wp33 deus leaflet wp3
3 deus leaflet wp3imec.archive
 
Network fundamental
Network fundamentalNetwork fundamental
Network fundamentalashrawi92
 
Basic ccna interview questions and answers ~ sysnet notes
Basic ccna interview questions and answers ~ sysnet notesBasic ccna interview questions and answers ~ sysnet notes
Basic ccna interview questions and answers ~ sysnet notesVamsi Krishna Kalavala
 
Evaluation of a topological distance
Evaluation of a topological distanceEvaluation of a topological distance
Evaluation of a topological distanceIJCNCJournal
 
Throughput Maximization using Spatial Reusability in Multi Hop Wireless Network
Throughput Maximization using Spatial Reusability in Multi Hop Wireless NetworkThroughput Maximization using Spatial Reusability in Multi Hop Wireless Network
Throughput Maximization using Spatial Reusability in Multi Hop Wireless Networkijtsrd
 
DCN notes adi
DCN notes adiDCN notes adi
DCN notes adiAdiseshaK
 
Networrrrrrrrkkkk secuiiirtyyyyyyyyyyyyyyyyyyyy
Networrrrrrrrkkkk secuiiirtyyyyyyyyyyyyyyyyyyyyNetworrrrrrrrkkkk secuiiirtyyyyyyyyyyyyyyyyyyyy
Networrrrrrrrkkkk secuiiirtyyyyyyyyyyyyyyyyyyyyAvishek Maitra
 

Similaire à Tech Doc: Umbrella Delivery Platform (20)

Network the 4th layer
Network the 4th layerNetwork the 4th layer
Network the 4th layer
 
E business 2014 l06
E business 2014 l06E business 2014 l06
E business 2014 l06
 
Transport layer
Transport layer Transport layer
Transport layer
 
Networking Fundamentals
Networking FundamentalsNetworking Fundamentals
Networking Fundamentals
 
Stable And Self Adaptive Routing For Mobile And Ad Hoc...
Stable And Self Adaptive Routing For Mobile And Ad Hoc...Stable And Self Adaptive Routing For Mobile And Ad Hoc...
Stable And Self Adaptive Routing For Mobile And Ad Hoc...
 
CCNP ROUTE V7 CH1
CCNP ROUTE V7 CH1CCNP ROUTE V7 CH1
CCNP ROUTE V7 CH1
 
3 deus leaflet wp3
3 deus leaflet wp33 deus leaflet wp3
3 deus leaflet wp3
 
Network fundamental
Network fundamentalNetwork fundamental
Network fundamental
 
CCNA Training
CCNA Training CCNA Training
CCNA Training
 
Ccna presentation
Ccna presentationCcna presentation
Ccna presentation
 
Basic ccna interview questions and answers ~ sysnet notes
Basic ccna interview questions and answers ~ sysnet notesBasic ccna interview questions and answers ~ sysnet notes
Basic ccna interview questions and answers ~ sysnet notes
 
Evaluation of a topological distance
Evaluation of a topological distanceEvaluation of a topological distance
Evaluation of a topological distance
 
C0343015019
C0343015019C0343015019
C0343015019
 
Throughput Maximization using Spatial Reusability in Multi Hop Wireless Network
Throughput Maximization using Spatial Reusability in Multi Hop Wireless NetworkThroughput Maximization using Spatial Reusability in Multi Hop Wireless Network
Throughput Maximization using Spatial Reusability in Multi Hop Wireless Network
 
Document
DocumentDocument
Document
 
Networking concepts
Networking conceptsNetworking concepts
Networking concepts
 
DCN notes adi
DCN notes adiDCN notes adi
DCN notes adi
 
Networrrrrrrrkkkk secuiiirtyyyyyyyyyyyyyyyyyyyy
Networrrrrrrrkkkk secuiiirtyyyyyyyyyyyyyyyyyyyyNetworrrrrrrrkkkk secuiiirtyyyyyyyyyyyyyyyyyyyy
Networrrrrrrrkkkk secuiiirtyyyyyyyyyyyyyyyyyyyy
 
Gokul
GokulGokul
Gokul
 
Presentasi cisco
Presentasi ciscoPresentasi cisco
Presentasi cisco
 

Tech Doc: Umbrella Delivery Platform

  • 1. Delivery Platform The OpenDNS Global Network Delivers a Secure Connection Every Time. Everywhere. • A trusted delivery platform is the foundation of any cloud service. • The Umbrella Security Cloud leverages the OpenDNS Global Network. • Achieving the lowest connection latency between any two points Internet-wide. • Serving 50 million active users daily with 100% network uptime.
  • 2. Network Performance Users’ devices create multiple simultaneous connections each time we exchange data with other Internet hosts (e.g. browsing Websites). So the latency (aka. delay) to establish each connection is the most important performance metric of a security cloud service’s network. Peering Relationships Shortens the Path. Typically one cannot drive from point A to point B via a straight line as the crow flies. Roadways connecting these points limit the shortest routes available. If each point has nearby highway on- ramps, many traffic intersections can be avoided, which shortens the path. The Internet works in much the same fashion, except that physical parameters are meaningless. Expeditious routing through the Internet’s ever-changing topology is most relevant. And the quantity of a network’s POPs (Points of Presence) is often a less determining factor than the quantity and quality of its peering relationships. Such as those established with well-connected, first-tier ISPs at the Internet’s core. Each peer effectively offers a shortcut for traffic to flow thru the 5,000+ ISPs that make up the overall fabric of the Internet’s topology (see page 5 for a more detailed illustration). ROUTING IS MOST RELEVANT: Path Length & Peer’s Connectivity OpenDNS Peers Shorten the Path from Devices to the Umbrella Security Cloud and the Umbrella Security Cloud to Servers POINT A TRANSIT PEER PEER PEER PEER TRANSIT POINT B Devices’ OpenDNS Global Network is Co-Located with the Name or Content Connections Most Well-Connected Internet Exchanges Points Servers’ Connections to the Internet at Geographically-Distributed Peering Facilities to the Internet GEOGRAPHY IS LEAST RELEVANT: Physical Distance is Meaningless Short Distances Do Not Necessarily Increase Speed. Many vendors often show prospects a network map indicating the distribution and quantity of their POPs.1 False assumptions are often made that connection latency decreases the nearer a vendor’s POP is located to the ISP’s POP for which networks and devices connect to. Yet the shortest path between the ISP and the vendor may actually route traffic across the Pacific Ocean and back due to a lack of peers or other transit paths. Or may require excessive hops to route around such slow links, which in total, still results in a slower path between points A and B. Of course, it’s difficult to map the route speed between every endpoint and the vendor’s network. And the speed fluctuates. Most security cloud services use traditional Unicast routing, which advertises a unique IP address for every server. Such services will deploy load-balancers at each POP so there is only one unique IP address per location. During setup, a specific location’s IP address may need to be chosen for each provisioned network or device. However, the Internet’s topology is always changing around networks and the geographic location is always changing for roaming computers or mobile devices. And often such static setups lead to slower connections via a less optimal starting point. 1 Beware of some vendors’ marketed numbers. Some include privately accessible POPs. Or POPs used only for data retention, management or reporting systems, but not traffic enforcement. Or some POPs only enforce one traffic protocol (e.g. SMTP), while others enforce different traffic (e.g. HTTP/S). The OpenDNS Global Network Delivers a Secure Connection Every Time. Everywhere Page 2
  • 3. Always Selecting the Optimal Starting Point. The Umbrella Security Cloud is the only such security service in the market that leverages Anycast routing. Anycast enables every server at every POP to advertise the same IP address globally, not per location. And without load balancers, which add latency and risk of failure. Implementing Anycast routing via the OpenDNS Global Network is complex, time consuming and costly. It requires maintaining a lot of hardware, owning a large IP address space, managing sophisticated routing policies, and developing many peering relationships to upstream ISPs. This burden is owned entirely by a team of OpenDNS engineers at our network operation center, not the customer! Now every customer network and device, automatically or manually setup, connects to the same IP address. Regardless of variable Internet topology or geographic location. Anycast uses invisible load-balanced routing logic, not actual load-balancers, to always route traffic to the OpenDNS POP that will provide the shortest path for every connection. Customers no longer need to manage and/or host a configuration file to perform this action as with most other security cloud services. Achieving the Lowest Connection Latency Between Any Two Points. The OpenDNS Global Network provides 13 publicly accessible POPs distributed across 3 continents, with more planned.2 More importantly, these POPs are co-located with the number one, two and three most well-connected IXPs (Internet Exchange Points) on each continent. Since 2006, OpenDNS has established nearly 40 peering relationships with other well-connected networks thereby shortening the path between any two endpoints Internet-wide. These relationships enable the OpenDNS Global Network to deliver secure connections via shorter paths relative to any other security cloud service’s network.3 And an entire hop less than the average network. While actual connection latency between router hops will vary, the total connection latency between points A and B is more likely to be the lower by leveraging the OpenDNS Global Network. Average Path Length by # of AS/BGP Router Hops45 OpenDNS Global Network 3.640 Competitor A Network 4.331 Competitor B Network 4.081 Competitor C Network4 4.190 Competitor D Network 3.996 Competitor E Network 4.128 Average Network (e.g. ISP)5 4.610 2 The OpenDNS Global Network consists of (8) eight POPs across the Americas; (3) three POPs across Europe, Middle East and Africa; and (2) two POPs across Asia-Pacific. Please request the locations from a technical support rep to help determine the expected average route speeds to your networks. 3 Source: Hurricane Electric Internet Services (http://bgp.he.net/). BGP routers announce paths between networks using Autonomous System (AS) numbers. The OpenDNS Global Network is assigned AS36692 by ARIN (American Registry for Internet Numbers). The metrics reported for each competitor’s AS number was used for comparison. Mean value was calculated for competitor’s using multiple AS numbers. 4 Competitor C’s networks are not assigned a routable AS number. The AS numbers of the ISP networks hosting competitor C’s POPs are used instead. 5 Source: Cymru (http://www.cymru.com/BGP/avg_aspath_len.html). One way to determine the interconnectedness of the Internet is to look at the average path length between any AS. The OpenDNS Global Network Delivers a Secure Connection Every Time. Everywhere Page 3
  • 4. Network Uptime The availability and reliability to establish and maintain every secure connection is paramount. Any impact to business-critical Internet access translates to opportunity costs. Vendors’ marketing often claims “99.999%” network uptime. Fine print regularly reveals that this is not a metric the vendor delivers over the entire life of the service. Just that the vendor will reimburse a percent of the service cost if it fails to meet this metric. Will their reimbursement cover the lost opportunity? Operational Excellence with Complete Transparency The Umbrella Security Cloud is built on a foundation of trust that OpenDNS has established for over 50 million active Internet users relying on recursive DNS services for network connectivity. The OpenDNS Global Network has maintained 100% uptime since it launched in 2006. OpenDNS believes that is more valuable than just a promise (aka. service level agreement) to reimburse customers. Below is a snapshot of the current status and rolling 30-day window of various operational messages and notices that is published online at http://208.69.38.170/. Connect with Confidence Rather than crude round-robin methods or physical load balancers, Anycast uses load-balanced routing logic, which is invisible to individual servers or entire PoPs. If a server or entire PoP (#3 in the example below) is taken offline for maintenance, disasters, failures or attacks, it ceases to advertise its shared IP address. Then all upstream layer-3 network devices (e.g. BGP routers) will transparently route new connections to the next best server or POP (#5 in the example below due to a lower link cost). The traditional burden is completely removed from the customer if OpenDNS needs to make a temporary or permanent change to its global network. Such as periodic service maintenance, major location shifts, or extended failovers due to on-going DDoS (Distributed Denial of Service) attacks. Also, the OpenDNS Global Network strives to maintain double the global network capacity as the daily peak usage. Even in a worse case situation taking several entire OpenDNS POPs offline would not cause any customers to lose network connectivity. POP 5 IP: 1.2.3.4 PEER PEER PEER PEER ER PE POINT A TRANSIT PEER PEER PEER PEER TRANSIT POINT B POP 3 PEER PEER PEER IP: OFFLINE PEER PEER PEER TOTAL LINK COST = X POP 8 IP: 1.2.3.4 The OpenDNS Global Network Delivers a Secure Connection Every Time. Everywhere Page 4
  • 5. Internet’s Topology The Internet is often referred to as a “Network of Networks”, as it consists of over 5,000 ISPs interconnected with one another in a sparsely meshed fabric. The Core The core of the Internet’s topology is created using peering agreements at IXPs (Internet Exchange Points), which allow first-tier ISPs or other service providers like OpenDNS to exchange traffic bound for one another’s customers. Greater quantity and quality of peers at a IXP, equals fewer routing hops and link latency encountered between customers’ networks or devices and the OpenDNS Global Network. And between the OpenDNS Global Network and content or name servers. The Edge Millions of business networks and billions of home networks are connected via transit agreements for direct Internet access from each ISP’s PoP. Transit agreements are also used to connect OpenDNS to first-tier ISPs and first-tier ISPs to smaller ISPs, commonly at the Internet’s edges. Many regional second- or third-tier ISPs that business or home networks receive access from have no peering agreements at IXPs or geographic dispersion making their network connectivity susceptible to greater latency or outages, respectfully. The OpenDNS Global Network Delivers a Secure Connection Every Time. Everywhere Page 5
  • 6. Umbrella is brought to you by OpenDNS. Trusted by millions around the world. The easiest way to prevent malware and phishing attacks, contain botnets, and make your Internet faster and more reliable. OpenDNS, Inc. • www.umbrella.com • 1.877.811.2367 Copyright © 2012 OpenDNS, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of OpenDNS, Inc. Information contained in this document is believed to be accurate and reliable, however, OpenDNS, Inc. assumes no responsibility for its use. Umbrella-Whitepaper-Delivery-Platform-v1.0