HYPERSCALE AND PROTECT YOUR DNS WHILE OPTIMIZING GLOBAL APP DELIVERY
Scaling and securing every environment helps protect your business from site outages and improves DNS and application performance. Securing DNS infrastructures from the latest distributed denial-of-service (DDoS) attacks and protecting DNS query responses from cache-poisoning redirects will help keep your business online and viable. To fully achieve these goals, you need efficient ways to monitor DNS infrastructure and application health, and to scale on-demand.
F5 BIG-IP DNS distributes DNS and user application requests based on business policies, data center and cloud service conditions, user location, and application performance. The BIG-IP platform delivers F5’s high-performance DNS services with visibility, reporting, and analysis; hyperscales and secures DNS responses geographically to survive DDoS attacks; delivers a real-time DNSSEC solution; and ensures high availability of global applications in all cloud environments.
KEY BENEFITS OF BIG-IP DNS
1. Hyperscale DNS up to 100 million RPS with a fully loaded chassis
2. Protect against DNS attacks and ensure availability
3. Improve global application performance
4. Deploy flexibly, scale as you grow, and manage efficiently
UNMATCHED DNS PERFORMANCE
BIG-IP DNS delivers hyperscale performance that can handle even the busiest apps and websites. When apps have a volume spike in DNS queries due to legitimate requests or DDoS attacks, BIG-IP DNS manages requests with multicore processing and F5 DNS Express™, dramatically increasing authoritative DNS performance up to 50 million RPS to quickly respond to all queries.
This scalability helps your organization provide the best quality of service (QoS) for your users while eliminating poor application performance. In cases of very high volumes for apps and services or a DNS DDoS attack, BIG-IP DNS with DNS Express enabled plus in Rapid Response Mode (RRM) hyperscales up to 100 million RPS. It extends availability with unmatched performance and security—absorbing and responding to queries up to 200 percent of the normal limits. See page 17 for performance metrics and details.
DNS CACHING AND RESOLVING
DNS latency can be reduced by enabling a DNS cache on BIG-IP DNS and having it respond immediately to client requests. BIG-IP DNS can consolidate the cache and increase the cache hit rate. This reduces DNS latency up to 80 percent, with F5 DNS Caching reducing the number of DNS queries for the same site. When used in hardware on the F5 VIPRION platform, DNS caching hyper scales for ultimate query response performance and delivers linear scalability across multibladed chassis. In addition to caching, BIG-IP DNS allows the device to do its own DNS resolving without requiring the use of an upstream DNS resolver.
BIG-IP DNS reduces the average DNS response time and latency for mobile and desktop devices from an average of 300 milliseconds (ms) and 100 ms respectively to as little as 15 ms, depending on workloads.
SECURE APPLICATIONS
DNS denial-of-service attacks, cache poisoning, and DNS hijacking threaten the availability and security of your applications. BIG-IP DNS protects against DNS attacks and enables you to create polices that provide an added layer of protection for your applications and data.DNS attack protection features include Hardened device, DNS attack protection, DNS load balancing, Security control, Packet filtering, etc.
1. DNS firewall
DNS DDoS, cache poisoning of LDNS, and other unwanted DNS attacks and volume spikes can cause DNS outage and lost productivity. These attacks and traffic spikes increase volume dramatically and can take down DNS servers. BIG-IP DNS, with security, scale, performance, and control functionality, provides DNS firewall benefits. It shields DNS from attacks such as reflection or amplification DDoS attacks and other undesired DNS queries and responses that reduce DNS performance.
With BIG-IP DNS, you can install a third-party domain filtering service such as SURBL or Spamhaus and prevent client infection or intercept infected responses to known sources of malware and viruses. F5 DNS firewall services reduce the costs of infection resolution and increase user productivity.
2. Advanced global load balancing
BIG-IP DNS includes the industry’s most advanced traffic distribution capabilities to match the needs of any organization or globally deployed application.
1. Hyperscale DNS up to 100 million RPS with a fully loaded chassis
• Round robin
• Round trip time
• Global availability
• Hops
• LDNS persistence
• User-defined QoS
• Application availability
• Packet completion rate
• Geography
• Dynamic ratio
• Virtual server capacity
• LDNS
• Least conections
• Ratio
• Packets per second
• Kilobytes per second
With BIG-IP DNSSEC validation, administrators can easily offload and validate DNSSEC on the client side using BIG-IP DNS for resolving. This results in superior DNS performance and a dramatic increase in the site response to users.
GLOBALLY AVAILABLE APPLICATIONS
BIG-IP DNS offers global application availability and sophisticated health monitoring that support a wide variety of application types, giving organizations the flexibility to adapt quickly and stay competitive.
These global availability and health monitoring features include: Global load balancing, Dynamic ratio load balancing, Wide area persistence, Geographic load balancing, Custom topology mapping, Infrastructure monitoring, etc.
1. Application health monitoring
BIG-IP DNS improves the application experience by intelligently monitoring the availability of resources. It expands application resilience by flexibly selecting and using the best available BIG-IP solutions for health monitoring. BIG-IP DNS reduces application downtime and enables easy availability with multiple settings in application monitoring.
BIG-IP DNS provides pre-defined, out-of-the-box health monitoring support for more than 18 different applications, including SAP, Oracle, LDAP, and MySQL. BIG-IP DNS performs targeted monitoring of these applications to accurately determine their health.
2. Disaster recovery/business continuity planning
In addition to performing comprehensive site availability checks, you can define the conditions for shifting all traffic to a backup data center, failing over an entire site, or controlling only the affected applications.
SIMPLE MANAGEMENT
BIG-IP DNS provides tools that give you a global view of your infrastructure with the means to manage the network and add polices to ensure the highest availability for your business-critical applications. The tools reduce DNS delivery deployment time with centralized and easy-to-find configuration and management sequences.Features include:
• Web-based user interface—Manage global infrastructure from a centralized UI using
• Streamlined and centralized DNS and GSLB menus for fast configuration.
• Efficient list and object management for complete visibility of global resources.
• Unique naming of objects to reduce administration and build business policies.
• Enhanced management of distributed applications as part of one collective group.
• Context-sensitive help for information on objects, commands, and configuration examples.
BIG-IQ Centralized Management
The F5 iRules scripting language enables programmatic analysis, manipulation, and detection of all aspects of the traffic in your networks. Customers routinely implement security mitigation rules, support new protocols, and fix application-related errors in real time. With robust and flexible iRules, you can easily and rapidly develop solutions that you can confidently deploy across multiple applications.
MORE INFORMATION
To learn more about BIG-IP DNS, search on f5.com to find these and other resources.