CTIT University of Twente
Research Business & Innovation About CTIT Research Calls Looking for a job? Intranet

SAND - Self-Managing Anycast Networks for the DNS

Project Number: 
Project Manager: Prof. dr. ir. Aiko Pras
Faculty of Electrical Engineering, Mathematics and Computer Science
Tel.: +31-53-4893778
Email: a.pras@utwente.nl

Project website: http://www.sand-project.nl/


The Domain Name System (DNS) infrastructure is a hierarchical distributed naming system for computer, services, and resources connected to the Internet. The hierarchical naming scheme of DNS starts with so-called top-level domains, e.g., ccTLDs for country top-level domains, gTLD for generic top-level domains. A requirement for operating a TLD is high availability and low latency, amongst others.

High availability can be achieved by distributing services, and for DNS this implies that the set of name server for the TLD is distributed, geographically and topologically (wrt. Internet). By distributing and strategically positioning DNS name servers for a TLD, one can also reduce the average latency for the clients resolving a name in the TLD zone, which contributes to a fast "Internet experience" for end-users.

Distributing DNS name servers can be achieved by different methods, but for TLDs one specific method has many advantages: DNS anycast addressing and routing. With anycast routing, one can take advantage of the robustness of the BGP routing infrastructure, where the same server IP address exists in multiple locations, possibly on different continents, to provide a decentralized service. While conceptually simple, namely the simultaneous announcement of an IP address (range) from different networks on the Internet, it is not trivial to implement. In particular if latency, robustness, and resilience are considered in the equation for selecting the locations of anycast nodes.

This project proposal focuses on solutions for dynamic DNS anycast services to deal with changes in Internet connectivity, DNS query traffic, and other factors influencing their service in terms of availability, performance, and possibly security. And while optimizing for these quality of service terms, the operational costs have to be considered also. To achieve these operational performance and cost goals, we believe an automated management system potentially offers the best possible course of action. We call this concept Self-Managing Anycast Networks for the DNS (SAND).

The main objectives of the project are two-fold. The first objective is the development of a graph theoretic approach for optimal placement of DNS anycast nodes, given the Internet topology and some operational performance and costs parameters. The result is a SAND "node placement graph", which is a description of the anycast network for one a specific snapshot of the Internet's state. The second objective of the project is to design, develop and evaluate the SAND system, which adds self-management capabilities to existing DNS anycast services. The three responsibilities of the SAND system are: (i) monitor the pivotal performance parameters of the DNS anycast services, (ii) continuously and dynamically recalculate node placement graphs, and (iii) dynamically instantiate new anycast nodes in the form of virtual machines, using the nodes placement graphs and the capabilities of parties that are capable of hosting nodes. We expect that the SAND system will come with a tool that runs on a longer time scale and that uses (i) and (ii) to determine the locations in the network that require a physical anycast node rather than a virtual one.

The resulting SAND-based DNS anycast infrastructure provides self-management capabilities by optimizing operational performance and costs, and improves on security and denial-of-service resilience.

Project duration: November 2014 - November 2016
Project budget: 162 k-€ funding
Number of person/months: 2 fte
Project Coordinator: UT
Participants: UT, NLnet Labs, SIDN labs, SIDN
Involved groups: DACS
CTIT Research Centre:
C.S4: Centre for Safety and Security of Systems and Society (collaboration Centre for Dependable Systems and Networks and Centre for Cyber Security and Public Safety)