main

Application DeliverySecurity

Simple to Use Link Availability Solutions

November 1, 2018 — by Daniel Lakier0

simple_to_use_link_availability_solutions_blog-960x640.jpg

Previously, I discussed how rerouting data center host infrastructure should be part of next-generation DDoS solutions. In this blog, I will discuss how link availability solutions should also play a part. Traditional DDoS solutions offer us a measure of protection against a number of things that can disrupt service to our applications or environment. This is good, but what do we do when our mitigation solutions are downstream from the problem? In other words, what do we do if our service provider goes down either from a cyberattack or other event?

What if we had the capacity to clean the bandwidth provided by our service provider, but the service provider itself is down. How do we prepare for that eventuality? Admittedly, in first world nations with modern infrastructure, this is a less likely scenario. In third world nations with smaller carriers/ISPs and/or outdated infrastructure, it is more common. However, times are changing. The plethora of IoT devices deploying throughout the world makes this scenario more likely. While there is no silver bullet, there are several strategies to help mitigate this risk.

[You may also like: Disaster Recovery: Data Center or Host Infrastructure Reroute]

Is Border Gateway Protocol the Right Solution?

Most companies who consider a secondary provider for internet services have been setting up Border Gateway Protocol (BGP) as the service mechanism. While this can work, it may not be the right choice. BGP is a rigid protocol that takes a reasonable skill level to configure and maintain. It can often introduce complexity and some idiosyncrasies that can cause their own problems—not to mention it tends to be an either-or protocol. You cannot set all traffic to take the best route at all times. It has thresholds and not considered a load balancing protocol. All traffic configured to move in a certain route will move that way until certain thresholds are met and will only switch back once those thresholds/parameters change again. It can also introduce its own problems, including flapping, table size limitations, or cost overruns when it has been used to eliminate pay for usage links.

Any solution in this space needs to solve both the technical and economic issues associated with link availability. The technical issues are broken into two parts: people and technology. In other words, make it easy to use and configure; make it work for multiple use cases that include both inbound and outbound; and if possible eliminate the risk factors that can be associated with rigid solutions like link flapping and the associated downtime that can be caused via re-convergence. The second problem is economic.  Allow people to leverage their investments’ fully. If they pay for bandwidth they should be able to use it. Both links should be active (and load balanced if the customer wants). A common problem with BGP is that one link is fully leveraged, and therefore hits its maximum threshold, while the other link sits idle due to lack of flow control or load balancing.

For several years, organizations have looked for alternatives. The link load balancing and VXLAN marketplace have both been popular alternatives, especially as it relates to branch edge redundancy solutions. Most of these solutions have limitations with inbound network load balancing, resulting in curtailed adoption. In many data centers, especially cloud deployments, the usual flow of traffic involves out-of-network users from the outside initiating the traffic flow.  Most link load balancing solutions and VXLAN solutions are very good at load balancing outbound traffic. The key reason for the technology adoption has been two-fold: the ability to reduce cost with WAN/internet providers and the ability to reduce complexity.

The reduction in cost is focused on two main areas:

  • The ability to use less costly bandwidth (and traditionally less reliable) because the stability was compensated for by load balancing links dynamically
  • The ability to use what we were paying for a buy only the required bandwidth

The reduction in complexity comes from the ease in configuration and simplicity of being able to buy link redundancy solutions as a service.

The unique value of this solution is that you can protect yourself from upstream service outages or upstream burst attacks that trip thresholds in your environment and cause the BGP environment to transition back and forth as failover parameters are met, essentially causing port flapping. The carrier may not experience an outage, but if someone can insert enough latency into the link on a regular basis it could cause a continual outage. Purpose-built link protection and load balancing solutions not only serve an economic purpose but also protect your organization from upstream cyberattacks.

Read “Flexibility Is The Name of the Game” to learn more.

Download Now

Security

How to Prepare for the Biggest Change in IT Security in 10 Years: The Availability Threat

July 12, 2017 — by Carl Herberger0

availability-threat-960x511.jpg

Availability, or the big “A” is often the overlooked corner of the CIA triad. Perhaps a contributing factor is the common belief among security professionals that if data is not available, it is secure.  Corporate executives have a different opinion, as downtime carries with it a hefty price tag. While today’s corporate risk assessment certainly involves the aspect of availability, it is focused on redundancy, not on security.  Penetration tests, a result of the corporate risk assessment, also fail to test on availability security.  In fact, pen testing and vulnerability scanning contracts specifically avoid any tests which might cause degradation of service, often leaving these vulnerabilities unknown until it’s too late.  Availability is commonly handed off to be addressed by network engineering to design and build resilient networks.  Common risk mitigations in this arena include redundant power, internet links, routers, firewalls, web farms, storage, and even geographic diversity with use of hot, warm and cold data centers.  You get the picture; there is a ton of money invested in building network infrastructure to meet corporate availability requirements.

Application DeliveryWPO

Networks Are Not Always Up or Down

March 3, 2016 — by Frank Yue0

networks-up-or-down-2-960x639.png

I recently spent time travelling internationally for work. During my trip in one of the countries, I caught a nasty bug.  I won’t give you the details, but suffice to say I was not working at 100% physically and mentally.  Of course, I spent a lot of time planning this trip, speaking at certain events, and meeting different teams and customers.  I had to find a way to perform to meet everyone’s expectations.  I had to identify the cause of my sub-par state and then find a solution to fix it which included hydration, vitamins, and medicine.

DDoSSecurity

Your Internet or Your Candy

March 2, 2016 — by David Storch0

internet-or-candy-2-960x629.png

David Storch is a Product Manager and Principal Consultant at Atos and a featured guest blogger

According to the UK’s The Telegraph, ‘eight out of ten parents with children aged 14 or under say restricting their offspring’s use of gadgets is their preferred form of discipline because it stopped them from communicating with their friends. Youngsters saw having their tablets and phones taken away as the worst method of punishment.’

Application DeliveryWPO

An Introductory Guide to Developing Fault-Tolerant Networks

February 10, 2016 — by Frank Yue0

Guide-to-Developing-Fault-Tolerant-chart-960x499.jpg

In Greek mythology, the Titan Prometheus was chained to a rock. Every day, an eagle flew down and ate part of his liver. The organ regenerated during the night, replenishing the food source. The liver is one of the few organs in the human body that can spontaneously regenerate. Even more impressive, is the fact that while the liver is regenerating and fixing itself, it is still functional. The ancient Greeks knew of this capability and incorporated it to their mythology almost 3000 years ago.

Application DeliveryWPO

Networks Are Built to Be Up, But Often Are Not

February 2, 2016 — by Frank Yue0

networks-built-to-be-up-2-960x642.jpg

I am constantly driving around town.  When I am lucky, there are no problems and I can easily get to my destination.  Rarely, there will be a scheduled event like a holiday parade or triathlon going through part of town requiring roads to be closed. Instead of trying to find an alternate path, I often end up turning around and going home.

In between these two situations, I usually end up stuck in some traffic.  It may be the lunch time rush or the school bus is dropping off students after school.  This delays my journey, but I bear with the unforeseen circumstances and eventually make it where I was trying to get to.

Application Delivery

Application Availability is NOT Like Traveling in a Nor’Easter

January 29, 2016 — by Frank Yue0

nor-easter-2-960x640.jpg

Recently, I was trapped in the New York area due to a large snowstorm that we like to call a nor’easter. From midnight Thursday, January 21 until the evening of Sunday Jan 24 over a period of 68 hours, I had 5 or six flight cancellations, stayed in 3 different hotels, and ultimately went from LaGuardia to JFK to Newark to Philadelphia International airport by car/taxi/minivan.

Application DeliverySSLWPO

For Financial Services, An Outage May Be Preferable to This

January 5, 2016 — by Frank Yue0

financial-services-2-960x672.jpg

It is easy to know when there is an outage.  Things do not work, people complain, and businesses lose money.  It is much harder to know when an application is working, but in a sub-par manner.  These scenarios are harder to identify and fix.  Ultimately, these degradation situations may be costing the company more money than the outages.

Application Delivery

Application Service Level Assurance is Like Car Diagnostics

December 1, 2015 — by Frank Yue3

I own a car and drive it regularly.  I keep it maintained according to a schedule and make sure it is running well.  To ensure that vehicles are running properly, auto manufacturers introduced the on board diagnostics (OBD) standard.  Since 1996, the OBD-II standard has been required on all vehicles in the United States and Europe has the EOBD equivalent.