Global Site Selector

courageouscellistΤεχνίτη Νοημοσύνη και Ρομποτική

29 Οκτ 2013 (πριν από 3 χρόνια και 11 μήνες)

695 εμφανίσεις

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
1
Global Site Selector

ADBU Product Management

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
2
PRODUCT UPDATE

Global Site Selector

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
3
Highlights


3X

R&D headcount increase
YoY
!


Release 4.1 (
Q4CY11
)

New Feature:
GeoIP

Support

IPv6

Support

Support for Existing
HW

GSS4492R


Concept Committing Release 5.1 (
HW

refresh,
DNSSEC
) in
1HCY11

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
4
2011

2010

Release 4.1 (Q4CY11)

IPv6 Support (AAAA)

Full GeoIP GSLB



2012

G
SS Planning

Release
3.2 (Feb, 2011)

HTTPs KAL

DNSSec

Forwarding

Critical Bug Fixes

Release 3.3

Available as private image


not on CCO

Configuration Scalability (8K Answers)

Proximity Enhanced with GeoIP

GUI Makeover (Cisco Kubric)


Release 5.0 (Planning)

DNSSec with FIPS

SOA & NS Record

HW Refresh

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
5
GSS

Road to
IPv6

Jan

Feb

Mar

Apr

May

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

2011

2012

Release 3.3 (Private Only)


-

Geo IP Proximity



-

8K

Answers Support



-

ANM

support for
8K

Answers

Release 3.2


-

HTTPs
KAL


-

Workaround
DNSSEC



-

Bug Fixes

Release 4.1


-

IPv6

Support



-

Geo IP
GSLB



-

ANM

support for
8K

Answers

Release 4.1.1


-

IPv6

dot.ONE release


-

Bug Fixes

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
6
GSS

4.1


Q4CY11

(a)
GeoIP

based
GSLB


GeoIP

based proximity


GeoIP

based DNS Rules and Sticky


(
b
)
IPv6



Support for
AAAA

response


Support for persistence


IPv6

Management over
IPv6

interface


(
c
)
New GUI Design (
Kubric

Look & Feel)


(
d
)
Configuration Scalability


8000 answers




a

User

2001:0DB8:AC10:FE01
::

LDNS

GSS

Network

SLB

Datacenter A

SLB

Datacenter B

b

d

c

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
7
GSS Roadmap

Rel

4.0

Q4CY11

Rel

5.0

1HCY12

1

1

2

1

2

3

3

4

4

DCI Services


Automation to support
Vmotion

over DCI


User

LDNS

GSS
Network

SLB

Datacenter A

SLB

Datacenter B

2

4

3

DCI Services


Automation through
integration with
ANM


Exploring LISP Support


GSLB Services



Geo IP based Proximity


DNS Services



IPv6
: Support for
AAAA
,
A6
,
CNAME

DNS Records


DNS Services



DNSSEc

with
FIPS


SOA

& NS Record Support


GSLB Services



Share
KAL

Status Among
Peers


KAL
-
AP with VIP
Capacity/Load



Operation Optimization



Audit Logs


Log Source IP


Sync CLI and GUI User


View KAL logs through GUI

Operational Optimization



Authentication using AD


Automated Backup


Activate/Suspend Answers


Enhanced Reporting


Alerts/Alarms


5

5

Hardware Platform


GSS
-
4492R


Hardware Platform


Hardware Refresh with
FIPS

compliance


© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
8
Cisco GSS in a Nutshell

DNS Services

DNS authority for A
-
records and
AAAA

records (Rel. 4.1)

Answ ers of type: A
-
record,
AAAA
, NS and CRA

Ddos

for DNS Security

12K


28K DNS RPS depending upon configuration complexity

GSS Network
Configuration
Limits

Destination
: 2000 hosted domains (128 chars with wildcards)

Source
: 60 Source Address Lists

Resources
: 4000 VIPs across 256
SLBs

(increasing to
8K

in
Rel

4.1)

KALs
: MP, ICMP, T CP, HT T P/Head, KAL
-
AP, SNMP, CRA, NS

Policy
: 4000 DNS rules across GSS Network

GSLB Services

Av ailability
: Site

Level Failover

GSLB Methods
:
Geographical, T opological, Least Loaded, Client Source Resolver

Hast,
Ordered List, Ratio, RR/WRR

Resource

Affinity
: Sticky, Cookies.

Management,
Monitoring &
Logging

User Interface
: GUI (with new Cisco
Kubric

Look & feel)

& CLI

Authorization
: RBAC

Management Station Support
: ANM Support


Pricing

$
20K

plus licenses for
DDOS
,
GeoIP

and
IPv6
.



IPv6

Support



DDoS

Protection



Geographical and Resource Affinity



Supports Cisco ACE/CSS/CSM

http://cio.cisco.com/en/US/products/hw/contnetw/ps4162/products_install
ation_and_configuration_guides_list.html

ACE
GSS4492R
-
K9


HW

SF
-
GSS
-
V1.3
-
K9


SW

SF
-
GSS
-
DDOSLIC


DDoS

SF
-
GSS
-
GIPLICFX

GeoIP

GSLB

Support

SF
-
GSS
-
V6LICFX

IPv6

Support

Upto

16
GSSes

can work in conjunction to meet the needs of large Enterprise and
Service Provider.

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
9
PRODUCT OVERVIEW

Global Site Selector

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
10
Types of GSLB Solutions

Underlying

Platform

Network

Insertion

Pros

Cons

Dominant Use Case

DNS Based GLSB

DNS Authority

DNS Proxy

DNS Traffic Intercept

Accurate Load Info

Accurate Proximity Info


Proximity between Client
and Resolver


Caching at
client/server/proxy

Disaster Recovery

and
Business Continuance


Global Traffic Management


DNS Security


Host

Route
Injection

SLB Add
-
On

Router Add
-
On

Server Add
-
On

No new

protocols required

GSLB is a routing
problem

Support for multiple ISP

Route Flapping

Less accurate
Load/Proximity Info

No dominant use case

Triangle Data Flow

SLB Add
-
On

Accurate Proximity

Reverse Path

Traffic

Localization to nearest
Datacenter

GSS is a DNS based GSLB Solution

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
11
More specifically …


Provides Universal DNS
-
based Disaster Recovery



redirects clients to
back
-
up data center for any device that support SNMP MIB and uses DNS


Protects the DNS infrastructure

with DNS
-
based DDOS mitigation
software


Delivers Advance Global Traffic Management


Global Server Load Balancing (GSLB) for geographically dispersed Server Load
Balancers and Caches

Connect clients to the best server based on:


Network topology


Server load


Availability of content and devices


GSS participates in your DNS Infrastructure to enforce BCDR, GSLB, DNS
Security policies.

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
12
Ease of Deployment

Mobile

Fixed

Wireless

Dedicated/

ATM/FR

ISDN/Dial

IP Control/Forwarding Plane

Cable

DSL


Data Center #1


DNS Global
Control Plane

Clients

Requesting

Web Sites

DNS Requests

DNS Response

Layer 3 Communications

DNS Resolvers (DNSR): IE, Firefox, etc.

BIND

CNR

QIP

ISP#1

ISP#2

Client
Name
servers

(D
-
proxy)

ISP#3

Root Name Server


Data Center #2


Intermediate
Name
Server

Supporting: .com


GSS becomes the Authoritive Name Server for
the entire Zone supporting all applications for
the SP



DNS

DNS

GSS participates in the DNS infrastructure


Lower Latency

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
13

GSS is a system not a device


Self synchronization of
upto

16
GSSes


Single Point of management via GUI


Does not sacrifice device level access (SSH to box)


Any GSS can run GUI and a 2
nd

GSS serves as standby


Easy to use Interface


IOS Syntax


100 new CLI commands since v1.3


Single interface for monitoring, troubleshooting and configuration


Supports Import/Export of Configuration in industry standard formats


Role based Access Control


Remote Syslog Support


Management Integration with ANM


ANM
-

support the activation and suspension of a DNS rules and
answers


ANM


communicates to the primary GSS manager (PGSSM) via CLI,
RMI and SSH. Configuration parameters to establish this
communication is the GSS IP address and SSH credentials


Four of eight Administrators Logon consumed by ANM


ANM issues commands to the PGSSM then the PGSSM relays these
commands to the rest of the GSSs in the cluster.



GSS
Network

Ease of Management

Ease of Management

ANM

GSS

GUI

GSS network is managed as a system


reduces number of
touchpoints

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
14
www.fifa.com

Use Case: Policy based GSLB

User

Mesh
Link

nameserver.fifa.com

www.fifa.com

“NS” Record
10.86.191.150



“NS
” Record 10.86.191.134

VIP=10.86.191.147

SLB

Datacenter B

DNS query

www.fifa.com

A” Record

10.86.191.147


Proximity


Selects Answer based on lowest RTT.


RTT measured between client’s d
-
proxy and a probing device (Cisco
Router and/or GSS)


GSS uses DRP to communicate with
probes


Disaster Recovery


Site Health Check


Datacenter Load


KAL
-
AP


Ratio based GLSB


GSLB Can Redirect Traffic Based On

DNS

GSS Milan

10.86.191.134

DNS

GSS Johannesburg

10.86.191.150

SLB

Datacenter A

VIP=10.86.191.131

1

Add NS Record
for both
GSSes

2

Create Mesh
Link

3

Add DNS Rules



+ SAL



+ DDL



+
Qtype



+ Add Clauses

P
-
DNS2

16.1.1.1

DNS Query

www.fifa.com

10.86.191.134

GSLB policy enables redirection based on proximity, site health, server load and
user preferences

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
15
Mobile

Fixed

Wireless

Cable

DSL

Dedicated/

ATM/FR

ISDN/Dial


Tokyo

Data
Center #2

DNS Global Control Plane

Resolver

Use Case: BCDR

DNS Name

Servers

NJ

Back
-
up

Data
Center #3

Chicago

Data
Center #1

IP Control/

Forwarding Plane

GSS Cluster

Recovering Service Availability after Failure

Active
-
Passive Design

Network fail
-
over can happen within 10s
Application/Server


Recovery time is based on the time it take to
complete data Synchronization of back
-
end
data base, application servers and Web
servers


Supported by Cisco’s Solutions

GSS, CSS, CSM, ACE

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
16
Mobile

Fixed

Wireless

Cable

DSL

Dedicated/

ATM/FR

ISDN/Dial


Tokyo

Data
Center #2

DNS Global Control Plane

Resolver

Use Case: Securing DNS Infrastructure

Compromised DNS Name

Servers or DNS bots

NJ

Back
-
up

Data
Center #3

Chicago

Data
Center #1

IP Control/

Forwarding Plane

Provides Security Focused,

highly available, DNS/DHCP/TFTP
infrastructure for one or more data
centers.

Automatically identifies DNS
-
based
DDOS attack and mitigates the attacks

Rate limits these
specific DNS Request

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
17
GSS Release 3.1.2

Before

After

1

1

2

1

2

3

3

No support for IDNA

Limited Integration with
SLB Management (ANM)

Bug Fixes

IDNA Support

4

4

4

Tentative

Bug Fixes

KALs did not support
HTTPs transport

KALs on HTTPs
Transport

User

LDNS

GSS
Network

SLB

Datacenter A

SLB

Datacenter B

KAL

2

Integration with SLB
Management (ANM)

4

3

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
18
GSS Release 3.2.0

Before

After

1

1

2

4

2

3

3

No HTTPs KAL

DNSSec

Deployments
Break

GUI based
Config

Changes not logged

HTTPs KAL

4

4

Audit Log for GUI based

Config

Changes

SSL Vulnerabilities

Secure Communication
on SSL

User

LDNS

GSS
Network

SLB

Datacenter A

SLB

Datacenter B

KAL

2

DNSSec

workaround to
forward A4 records

1

3

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
19
GSS 3.2.0 Bug Fixes

Identifier

Headline

Comments

CSCsz42912

Request to implement the show
mem

command in SNMP



CSCtc38727

Manual Reactivation answers in OS with secondary circuit specified kalap



CSCtc39127

GSS Running Config is gone, GUI is unavailable but is passing traffic



CSCtd01467

IMPORTANT TLS/SSL SECURITY UPDATE



CSCte64381

Cisco GSS not functioning as per Internet DNS Standards

Fix for Chrystler

CSCtf30643

getBulkRequest with max repetitions 0 crashes snmp on GSS



CSCtg60511

GSS sticky mesh staying in INIT state and not replicating sticky entries



CSCti20170

High rate of tcp dns request causing dnsserver to crash

COPART issue

CSCti91605

GSS running out of inodes, unable to ssh



CSCti93734

During initialzation GSS returns NXDomain



CSCtj23186

Need check to prevent answer
-
group being added to dns rule w/out answers



CSCtj24854

GSS running out of inodes, needs cleanup on /tmp

JPMC issue

CSCtj28476

ENH
: Need to add "core
-
files verbose" output to
gss

tech
-
report

Enh

request from escalation

CSCtj55505

Tech report should be enhanced & add more sticky and selector logs

To get more debugs from cases like stream the
world

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
20
GeoIP

Support

(a)
GeoIP

based Proximity


Proximity calculations using
GeoIP

distances


(
b
)
GeoRegions
:
GeoIP

based Regions


Regions based on
GeoIP

database entries. (Add
single country or multiple countries). Granularity
down to
states


Sticky support for
GeoRegions


(c)
GeoSAL
:
GeoIP

based Source
Address Lists


SALs

can be based on
GeoIP

based
Regions


(
d
)
New GUI Design (
Kubric

Look & Feel)


GUI option to configure all
GeoIP

functionality





a

User

2001:0DB8:AC10:FE01
::

LDNS

GSS

Network

SLB

Datacenter A

SLB

Datacenter B

b

d

Available in
GSS

4.1 in
Q4CY11

c

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
21
GSS Competitive Side by Side

Feature

F5 GTM

Netscalar

GSLB

Brocade GSLB

RadWare

GSLB

Cisco


DNS
Services

DNS Services

Uses

Bind

Uses Bind

Uses Bind

Uses Bind

CNR*

DNS Defense

Yes

No

No

Unknown

Yes

GSLB Services

Dedicated Appl.

Yes

Yes

No

Yes

Yes

GLSB

Functions

Yes, 7 methods

Yes, 3 method

Yes, 3 methods

Yes,

3 methods

Yes,

7 methods

Dynamic

Ratio

Yes

No

No

Unknown

Yes

Persistence

Yes

Yes

No

Yes

Yes

Topological

Yes

No

No

Yes

Yes (manual load)

Geographical

Yes

Yes

Yes

Yes

Yes (manual load)

Management

GUI,

CLI and
Wizard

Yes

No

No

Unknown

Yes

Administrative
Login

Authentication

Local Only

Local Only

Local Only

Local Only

RADIUS

and
RBAC

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
22
Questions?

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
23
BACKUP

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
24
GSS Capacity Details

Hosted Domains
-

max 1000 per SLB, 128
characters max per domain

2K

Hosted Domain Lists

2K

Maximum Domains per Domain List

500

Administrative Owners

500

Administrative Regions

20

Administrative Locations

1K

128

Max concurrent GUI sessions

Max administer / user ids

256

Max concurrent CLI sessions

(simultaneous SSH + telnet sessions)

8

Source IP addresses configurable for DNS
Rules

500

Source Address Groups (30
members max per group)

60

200

DNS Race Content Routing Agent devices
(20 max per race & answer group)

GSS Configuration Limits

V3.0

100

Name Server addresses for NS Forwarding
(30 max per answer group)

Answer Groups
(100 members max per group)

2K

GSS Performance Limits

V3.
0

DNS Requests / Second (Single VIP)

~30K

DNS Requests / Second (Complex
Config)

~13K

NS Forwarding Requests / Second

~1.5
K

16

Number of GSS in a Cluster

2K/4K

Virtual IP Addresses


Standard / Shared

256

Active Server Load Balancers

4K

DNS Rules

GSS Configuration Limits

V3.0

40

KAL AP Probes


Fast

384

Scripted (SNMP) Probes


Standard

500

HTTP Probes


Standard

100

HTTP Probes


Fast

ICMP Probes


Standard

750

ICMP Probes


Fast

150

TCP Probes


Standard

1.5K

TCP Probes


Fast

150

KAL AP Probes


Standard

128

120

Scripted (SNMP) Probes


Fast

1K

Answers per KAL AP Probe

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
25
GSS

Performance & Configuration Scalability

Performance

Single VIP (
ans
/sec)

30,000

Complex Configuration (
ans
/sec)

13,000

NS Forwarding

1500

DNS Rules

4000

VIP (Standard/Shared)

2000/4000

# of Active
SLBs

Probed

256

Max

a
ctive
GSSes

in Mesh

16

HTTP Probes (Standard/Fast)

500/100

ICMP

Probes (Standard/Fast)

750/150

TCP Probes (Standard/Fast)

1500/150

Scripted SNMP Probes (Standard/Fast)

384/120

KALAP

Probes (Standard/Fast)

128/40

Answer Groups (per group max)

2000 (100)

Name Server addresses for NS Forwarding (max
per answer

group)

100 (30)

DNS

Race
CRA

Devices (max per race, max per
answer group)

200 (20,20)

Source IP Addresses configurable

for DNS
Rules

500

Source Address Groups (Max per group)

60 (30)

Hosted Domains (Max per
SLB
)

2000 (1000)

Hosted Domain Lists (Max per Domain List)

2000 (500)

Administrative Owners

500

Administrative Regions (Locations)

20 (1000)

Max user ids

256

Max GUI (CLI) sessions

128 (8)

Configuration Limits

Configuration Limits

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
26
Security Focused Functionality


Improves availability and
resiliency of DNS infrastructure
with high performance and self
protecting DDOS software


Offloads and optimizes BIND/DNS
processing and selects the best
site based on:


Intelligent load balancing algorithms &
“clauses”


Proximity to user request


Data center and server loads, availability
& health


Persistence to prevent lost session
information



Complete and Centralized DNS/DHCP/TFTP
management for network
-
enabled applications



Security conscious features:


DDOS Mitigation Software


Client to GSS and GSS to GSS
communication encrypted



Private DNS code base


Supports all DNS
-
compatible devices


Can be deployed with or without content
switches

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
27
Security Focused GSS deployment

ISP
-
1

ISP
-
2

Public

Web Servers

Secure Web Servers

DNS Server

Datacenter A

Cisco GSS

Why here?

-
Public IP and DNS Host Names

-

Layers of firewalls and Nating
between DNS and internal servers




Not here?

-
If hacked private IP available

-
-

DNS traffic Tunneled though
firewall

-

Violates recommend “Split DNS”
Best Practices


Others

DMZ

Un
-
secure DNS traffic

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
28
GSS
vs

F5 GTM

Feature

GSS

F5

Global Traffic Management

Advance Multi
-
Site Traffic Management w/ Persistence

Yes

Yes

Integrate DC selection with Server Load

Yes

Yes

Universal Health checks for Traffic Management

Yes

Yes

Leverages Cisco Router Technology for DC selection

Yes

NO!

Business Continuance

Provides HA for any type of DNS traffic

Yes

Yes

Manageability

Yes

Dynamic configuration , secure Auto
-
sync

Yes

Network Server Consolidation

Appliance Based DNS

Yes (but we have retired CNR)

Yes (with
Bind)

Full DHCP/TFTP Services

Yes (but we have retired CNR)

NO!

Security Focused DNS Infrastructure

Integrated DNS
-
based DDOS protection

Yes

NO!

Protects BIND Infrastructure

Yes

NO!

Not
-
Subject to BIND vulnerabilities

Yes

NO!

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
29
Improving DNS Survivability

Detects and mitigates

the DNS focused Distributed Denial of Service
(
DDoS
) attacks. Multiple defenses including source verification

With the granularity and accuracy to
provide new levels of business
continuity

by processing only legitimate DNS requests

Delivering the performance and architecture suitable for the
largest
enterprises and providers


Addresses
DDoS

attacks today, and its
network
-
based behavioral anomaly
capability

will be extended to additional DNS focused threats



© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
30
GSLB Core Balance Functions

Load Balancing Methods

1. Ordered List

-
Uses next VIPs when all previous VIPs are
overloaded or down

6. Source Address and Domain hash

-
IP address of client’s DNS proxy and domain used

-
Always sticks same client to same VIP

2. Static Based on Client’s DNS Address

-
Maps IP address of client’s DNS to available VIPs

7. DNS Race


Initiates race of A
-
record responses to client


Finds closest SLB to client’s d
-
proxy

3. Round Robin



Cycles through available VIPs in order

8.

DRP
-
based Dynamic Network Proximity


Actively localizes client traffic by probing the client
DNS Name servers and routing the client to the
closest data center based on the lowest RTT
measurement.


Scales to greater than 400,000


4.

Weighted Round Robin


Weighting causes repeat hits (up to 10) to a VIP


9. Global Sticky DNS Database


Dynamically tracks where clients are sent then
ensures they are sent to the same device for
subsequent requests


Entries are based the IP address of client name
server and the domain name requested


Sticky answers are shared between GSSs

5.

Least Loaded


Least connections on CSM and least loaded on CSS


Load communicated via CAPP UDP


10.

Drop


Silently discards the DNS request

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
31
CSS
-
B

CSS
-
A

Servers

Site 1

Keepalives:

TCP

ICMP

HTTP
-
Head

SNMP


CSS
-
B

CSS
-
A

Servers

Site 2

Keep
Alives

(KAL)


KALs


back
-
end process gathers state and load information
from devices within the data center such as local server load
balancers, and origin servers


KAL can be grouped and logically “AND” together


V2.0 added a new KAL type
---

SNMP based


© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
33
GlobalStrike

GSS

5.1

1. Security and Compliance


(
a
)
DNSSEC

strengthens the integrity of DNS Query/Response
transaction from threats such as


Forged or bogus response


Removal of Records (RRs) in responses


Incorrect application of wildcard expansion rules


(b)
USGv6

and
IPv6

Ph

2 Logo certification


FIPS

compliant or validated encryption with acceleration


Common Criteria
EAL
-
2


2.
Platfom

Refresh


(c)
UCS

server based appliance (San Luis)


vGSS



3.
GeoIP

Enhancements


(d) Logical
Grouping of Geo
Regions


4.

KAL
-

AP


Enhancements and scalability

Key Asks in

GlobalStrike

a

User

2001:0DB8:AC10:FE01
::

LDNS

GSS

Netw
ork

SLB

Datacenter A

SLB

Datacenter B

b

d

c

Concept Committed 8/22/2011

© 2006 Cisco Sy stems, Inc. All rights reserv ed. Cisco Conf idential Presentation_ID
34