Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Improving Resilience and Performance in Light of Recent Internet Outages Troy Whitney – Manager, Solutions Engineering Confidential © 2017 ThousandEyes Inc. All Rights Reserved. 1 We now live in an Internet-centric IT world Employee Productivity Business Operations DDoS Attack Cloud Outages Customer Experience © 2017 ThousandEyes Inc. All Rights Reserved. 2 So what’s changed? Everything. INTERNET Data Center ‘Private’ circuits connect the corporate WAN through Internet Service Providers Branch © 2017 ThousandEyes Inc. All Rights Reserved. 3 Cloud data centers host business critical apps INTERNET Apps Data Center Applications hosted in the cloud or remote data centers Branch © 2017 ThousandEyes Inc. All Rights Reserved. 4 Direct Internet Access connects branches INTERNET Apps Data Center Direct Internet connectivity to cloud services and software-defined routing between branches Branch © 2017 ThousandEyes Inc. All Rights Reserved. 5 Wireless is everywhere INTERNET Apps Data Center Wireless is the primary connection at the branch Branch © 2017 ThousandEyes Inc. All Rights Reserved. 6 And employees work where convenient INTERNET Apps Data Center Home Employees access applications from home and on the road Branch © 2017 ThousandEyes Inc. All Rights Reserved. 7 Managed DNS is a linchpin of service delivery DNS services are managed by external providers DN S INTERNET Apps Data Center Home Branch © 2017 ThousandEyes Inc. All Rights Reserved. 8 CDNs and DDoS mitigation act as intermediaries CDNs offload traffic, filter attacks and reduce latency CDN / DDoS Mitigation DN S INTERNET Apps Data Center Home Branch © 2017 ThousandEyes Inc. All Rights Reserved. 9 IaaS has become your additional data center IaaS providers host services and entire applications Iaa S CDN / DDoS Mitigation DN S INTERNET Apps Data Center Home Branch © 2017 ThousandEyes Inc. All Rights Reserved. 10 Internet Outages Happen All the Time ~ 170 affected interfaces / hour ~ 1.6K prefixes / hour © 2017 ThousandEyes Inc. All Rights Reserved. 11 Internet Outage: AWS S3 © 2017 ThousandEyes Inc. All Rights Reserved. 12 IaaS outages • As business move critical apps and services to IaaS clouds, outages can be very damaging • Despite fault-isolated regions, many apps aren’t multiregion • Even those that are focus on compute, not resiliency of other services • Impacts can be complex, correlated and externally AWS S3 outage Feb 2017 4 hours 1000s of apps and sites Estimated $150M impact 50% of major retailers affected © 2017 ThousandEyes Inc. All Rights Reserved. 13 Broad impact on sites and apps • Impacted file storage, often not replicated across regions • Impacted other dependent AWS services (Redshift, ELB, RDS, etc.) • Impacted AWS monitoring services (Cloud Watch, status page) • Impacted commonly-used third-party services (Blue Kai, etc.) © 2017 ThousandEyes Inc. All Rights Reserved. 14 A large-scale operations error • AWS unintentionally removed servers and had to restart the file storage systems • The issue identification, system restart and recovery took hours • This showed up as completely unavailable services © 2017 ThousandEyes Inc. All Rights Reserved. 15 Internet Outage: Dyn DNS DDoS © 2017 ThousandEyes Inc. All Rights Reserved. 16 DDoS attacks • Attackers attempt to prevent users from reaching a service with a denial of service attack • DDoS attacks overwhelm networks, network equipment or applications with traffic • They happen with alarming frequency and scale, causing business interruption and covering traces of other attack types Largest attacks now exceed 500 Gbps Costs in excess of $40K per hour per company One attack cost a firm 8% of customers © 2017 ThousandEyes Inc. All Rights Reserved. 17 Dyn DNS DDoS • DNS matters! • You can’t send a message if you don’t know the address • An example from Oct 21st 2016 © 2017 ThousandEyes Inc. All Rights Reserved. 18 Service availability impacted for 24 hours • DNS is application traffic too • It needs the network to run • A DDoS attack prevents that © 2017 ThousandEyes Inc. All Rights Reserved. 19 Network connectivity to Dyn during the attack © 2017 ThousandEyes Inc. All Rights Reserved. 20 Clogging the Pipes © 2017 ThousandEyes Inc. All Rights Reserved. 21 Internet Outage: Rostelecom Route Leak © 2017 ThousandEyes Inc. All Rights Reserved. 22 Route leaks • Networks around the world exchange routes, data on how traffic can move to its destination • But, these routes can leak accidentally or another network can intentionally hijack them • This causes Internet traffic to move to an incorrect destination, denying service or allowing traffic inspection Dozens of large scale routing leaks each year Lasting from seconds to days © 2017 ThousandEyes Inc. All Rights Reserved. 23 Rostelecom route leak • April 27th • Rostelecom, a Russian state owned ISP leaked routes for dozens of networks • Including major payments infrastructure: Visa, Mastercard, BNP Paribas, HSBC, MUFG, UBS, Santander • Traffic flowed through Russian networks for over 7 minutes © 2017 ThousandEyes Inc. All Rights Reserved. 24 Taking financial traffic for a ride • Traffic entered the Rostelecom network • Traversed 60+ interfaces either in a loop or as it was inspected • Then returned back to the payment card network © 2017 ThousandEyes Inc. All Rights Reserved. 25 A New Approach to Managing Internet Outages © 2017 ThousandEyes Inc. All Rights Reserved. 26 Collect performance data from every perspective NY Branch INTERNET Apps Data Center Enterprise Agents Cloud Agents Hom e Endpoint Agents HK Branch © 2017 ThousandEyes Inc. All Rights Reserved. 27 A unified view of performance from user to app End-to-End Performance Data App Performance User Experience Network Connectivity Routing Network Topology User Routing Topology App Enterprise, Endpoint and Cloud Agents © 2017 ThousandEyes Inc. All Rights Reserved. 28 See every network like it’s your own Washington, DC Visualize your network topologies the way that critical services flow over it ston, MA San Francisco, CA 182.50.78.4 182.50.78.41 1 See faults and 182.50.78.16 182.50.78.169 dependencies in context 9 Hong Kong Dallas, TX 3 Vancouver, © 2017 ThousandEyes Inc. All Rights Reserved. 29 Quickly surface insights from a global data set Algorithms sort through the data of all ThousandEyes users to find the answer Immediately identify issues from complex behaviors NTT in Virginia New York Cloud Agent Salesforce Customer 1 Boston Enterprise Agent Customer 2 Los Angeles Cloud Agent Google Comcast in Denver AW S © 2017 ThousandEyes Inc. All Rights Reserved. 30 Washington, DC Solve issues across shared infrastructure Alerts Dashboards / Reports Snapshots Your Network Your ISP Cloud or CDN © 2017 ThousandEyes Inc. All Rights Reserved. 31 About Us We’re a team of network experts, committed to helping you best connect your business FOUNDED IN 2010 HEADQUARTERS IN: San Francisco OFFICES IN: New York | London | Austin © 2017 ThousandEyes Inc. All Rights Reserved. 32 Thank You Confidential © 2017 ThousandEyes Inc. All Rights Reserved. 33