DOC PREVIEW
Duke CPS 214 - Engineering a Content Delivery Network

This preview shows page 1-2-21-22 out of 22 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 22 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 22 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 22 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 22 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 22 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Engineering a Content Delivery NetworkNetwork DeploymentPart I: ServicesDesign ThemesFirstPoint – DNS (e.g., Yahoo!)Embedded Image Delivery (e.g., Amazon)Akamai DNS ResolutionLive Streaming ArchitectureSiteShield (www.fbi.gov)Part II: FailuresHardware / Server FailuresAkamai ClusterSlide 13View of ClustersNetwork FailuresCore PointsCore PointsEngineering MethodologyPerceived FailuresCascading FailuresAttacksLost in SpaceEngineering a Content Engineering a Content Delivery NetworkDelivery NetworkCOMPSCI 214COMPSCI 214Computer Networks andComputer Networks andDistributed SystemsDistributed SystemsBruce MaggsCurrent InstallationsNetwork Deployment Network Deployment 20000+Servers1200+Networks72+CountriesPart I: ServicesPart I: Serviceshttp://www.yahoo.comhttp://www.yahoo.comhttp://www.amazon.comhttp://www.amazon.comhttp://windowsupdate.microsoft.comhttp://windowsupdate.microsoft.comhttp://www.apple.com/quicktime/whatsonhttp://www.apple.com/quicktime/whatsonhttp://www.fbi.govhttp://www.fbi.govDesign ThemesDesign Themes•RedundancyRedundancy•Self-assessmentSelf-assessment•Fail-over at multiple levelsFail-over at multiple levels•Robust algorithmsRobust algorithmsFirstPoint – DNS (e.g., Yahoo!)FirstPoint – DNS (e.g., Yahoo!)•Selects from among several mirror sites Selects from among several mirror sites operated by content provideroperated by content providerEmbedded Image DeliveryEmbedded Image Delivery (e.g., Amazon) (e.g., Amazon)<html><html><head><head><title>Welcome to xyz.com!</title><title>Welcome to xyz.com!</title></head></head><body><body><img src=“<img src=“<img src=“ <img src=“ <h1>Welcome to our Web site!</h1><h1>Welcome to our Web site!</h1><a href=“page2.html”>Click here to enter</a><a href=“page2.html”>Click here to enter</a></body></body></html></html>http://www.xyz.com/logos/logo.gifhttp://www.xyz.com/logos/logo.gif”>”>http://www.xyz.com/jpgs/navbar1.jpghttp://www.xyz.com/jpgs/navbar1.jpg”>”>Embedded URLs are Converted to ARLsEmbedded URLs are Converted to ARLsakakEnd UserAkamai DNS ResolutionAkamai DNS ResolutionAkamai High-Level DNS Servers10g.akamai.net1Browser’s CacheOS2Local Name Server3xyz.com’s nameserver66ak.xyz.comak.xyz.com77a212.g.akamai.net9915.15.125.616151120.20.123.55Akamai Low-Level DNS Servers12 a212.g.akamai.net30.30.123.513144xyz.comxyz.com.com .net Root(Verisign)10.10.123.555akamai.net88select clusterselect servers within clusterRegionsLive Streaming ArchitectureLive Streaming Architecture1 2 3 41 2 3 411 22 3 3 44x1 2 1 2 33 4 41 2 3 41 2 3 4X X X X11 22 3 4 3 4xSatelliteDownlinkEntry PointSatelliteUplinkTop-level reflectorsEncodingSiteShield (www.fbi.gov)SiteShield (www.fbi.gov)Content provider’swebsiteHacker!Hacker!Hacker!AKAMAIAKAMAIAKAMAIPart II: FailuresPart II: Failures1. Hardware2. Network3. Software4. Configuration5. Misperceptions6. AttacksHardware / Server FailuresHardware / Server Failures Linux boxes with large RAM and disk capacity, Windows serversSample Failures:1. Memory SIMMS jumping out of their sockets2. Network cards screwed down but not in slot3. Etc.Akamai ClusterAkamai ClusterServers pool resources•RAM•Disk•ThroughputView of ClustersView of Clustershardwarefailurebuddysuspendedsuspendeddatacenterodd manoutNetwork FailuresNetwork FailuresE.g., congestion at public and private peering points, misconfigured routers, inaccessible networks, etc., etc., etc.Core Points Core Points •Core point X is the first router at which all Core point X is the first router at which all paths to nameservers 1, 2, 3, and 4 paths to nameservers 1, 2, 3, and 4 intersect.intersect.•X can be viewed as the straddling the X can be viewed as the straddling the core and the edge of the network.core and the edge of the network.X12 3 4Core PointsCore Points500,000 nameservers 500,000 nameservers reduced toreduced to 90,000 core points 90,000 core points 7,000 account for 95% end-user load7,000 account for 95% end-user loadEngineering MethodologyEngineering Methodology•C programming language (gcc).•Reliance on open-source code.•Large distributed testing systems.•Burn-in on “invisible” system.•Staged rollout to production.•Backwards compatibility.Perceived FailuresPerceived FailuresExamples1. Personal firewalls2. Reporting tools3. Customer-side problems4. Third-party measurementsCascading FailuresCascading FailuresMTU adjustment problem in Linux 2.0.38 kernelLinux 2.0.38 crashes when TCP connection forces it to reduce MTU to approximately 570 bytes.Someone in Malaysia configured a router to use this value as its MTU.Client connecting through the router caused a cascade of Akamai servers to fail.AttacksAttacks•8Gb/s attack inflicted on Akamai customer, October 2003•Attack on Akamai FirstPoint DNS system, July 2004Lost in SpaceLost in SpaceThe most worrisome “attack” we faced:The most worrisome “attack” we faced:One of our servers started receiving properly One of our servers started receiving properly authenticated control messages from an authenticated control messages from an unknown host.unknown host.Fortunately, the messages were not formatted Fortunately, the messages were not formatted correctly and were discarded by our server.correctly and were discarded by our server.After two days of investigation, we discovered After two days of investigation, we discovered that the “attacker” was an old server we had lost that the “attacker” was an old server we had lost track of, trying to rejoin the system.track of, trying to rejoin the system.It had been sending these messages for months It had been sending these messages for months before we noticed!before we


View Full Document

Duke CPS 214 - Engineering a Content Delivery Network

Download Engineering a Content Delivery Network
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Engineering a Content Delivery Network and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Engineering a Content Delivery Network 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?