CNAME Chain Latency vs. ALIAS / ANAME › event › 27 › contributions › ... · CNAMES 63.18 ms vs. the ALIAS record 44.96 ms, a difference of 18.22 ms” This is a start...but

Copyright©2016,Oracleand/oritsaffiliates.Allrightsreserved.

CNAMEChainLatencyvs.ALIAS/ANAMEHowtoUseAliasRecordstoImproveCNAMEFlaJeningPerformance

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 2

WhatIsaCNAME?

•DefinedinRFC1035as“thecanonicalnameforanalias”

•Itmeans“thatnameisreallythisothername”

•Nothingelse(includingSOA,thezoneapex)canexistataCNAME

feeds.example.comfeeds2.example.com

CNAME

xxxxxx.feedproxy.ghs.containercult.com

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 3

WhyaCNAME?Oneuseistoletsomeoneelsemanagesomething.Example:Cloudproviderresource

•www.dyn.com loadbalancer.example.com•CloudprovidermanagesIPresourcesbehindthescenesensurestheaddressassociatedwiththeCNAMEisavailable

Example:marke4ngautoma4onpla8orm

•marke]ng.dyn.com market-site.example.com•Marke]ngautoma]oncompanycandoalltheywantinsidemarket-site.example.com,anditjustshowsuponmarke]ng.dyn.com

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |

CNAMEattheApex

•Userswanttoconfiguretheirdomaintobecompletelyhostedbysomeoneelse•Thefirstins]nctistoputaCNAMEattheapextomapthedomaintoaproviderendpoint•Bydefini]onaCNAMEcan’tcoexistwithanyotherrecordstype• YouneedtohaveSOA(StartofAuthority)recordsintheapexofthezone•ALIASrecordsprovidethefunc]onalityofaCNAMEattheapexbutitisn’tcompa]ble

6

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 5

PerformanceImplica]onsofCNAMEs

Example

marke]ng.dyn.comINCNAMEmarket-site.example.commarket-site.example.comINA192.0.2.10Thecostofthisabstrac]onisanotherDNSquery

•Theclientneedstorequestmarke]ng.dyn.com•Thenrequestmarket-site.example.com

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 6

Cloud-eraCNAMEChains

•CloudprovidersofenofferserviceendpointsintheformofCNAMEsCloudloadbalancers,computeresources,databases…etc.

•Whataretheperformanceconsidera]onsaschainsofCNAMEsgetlonger?

www.containercult.net. 60 IN CNAME www-containercult-com.wafservice.com.

www-containercult-com.wafservice.com 300 IN CNAME control.wafservice.com.

control.wafservice.com. 120 IN CNAME endpoint-cloud-vip.wafservice.com.

endpoint-cloud-vip.wafservice.com. 3600 IN CNAME loadbalancer1337.cloudregion.lb.cloudprovider.io.

loadbalancer1337.cloudregion.lb.cloudprovider.io. 60 IN A 192.0.2.50

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 7

TheCostofVanity...

Anumberofservicesimplementa“vanityCNAME”tohidethefactthatthecustomerisnotdoingeverythingitself.

Rememberthatnooneshouldeverseethese...

http://thefineartdiner.blogspot.com/2012/03/walt-disney-brothers-grimm-comparative.html

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 8

CNAMEUnwindingasaService

UserWantstoreach

www.example.com

Recursive.com

example.comwww.example.com

Authorita8veexample

TopLevelDomain.com

In-houseResolver

aws.elb.amazonaws.com

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 9

UnderstandingVariables

EndUser/Client

RecursiveResolver•TTL/Cachesize/Pre-Caching

Authorita8veResolver(s)

Networks•Clienttorecursiveresolver•Recursiveresolvertoauthorita]veresolvers

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 10

Tes]ngALIASAddressingVariables

EndUser/Clients/RecursiveResolvers

•Testsampleloca]onsbasedoncurrenttopqueryingnetworksandRIPEAtlasProbeavailability

•Lookingattheprobeschoiceofresolver

ThiswillshowtheperformanceofusingGooglePublicDNSorISPrecursiveresolvers

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 11

MeasurementandQuan]fica]on

Twoscenarios1CNAMEand5CNAMESThecountoftheques4onaskeddoesn’tclarifytheimpacttoperformance.

Spoiler:“Themedianresponsefortheservicewhichuses5CNAMES63.18msvs.theALIASrecord44.96ms,adifferenceof18.22ms”

Thisisastart...butgiventhenumberofvariablesinvolveditmighthelptolookatthespecificnetworktounderstandthedynamics.

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 19

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 19

Outliers

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 19

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 20

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |

1stQuar]le(25%)

2ndQuar]le(25%)

3rdQuar]le(25%)

4thQuar]le(25%)

21

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 17

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 18

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 19

CompressingShortCNAMEChains

ALIASvs.CNAMEforCloudLoadBalancer

Medianresponse]meALIAS:38.89ms

Medianresponse]meCNAME:49.13ms

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 32

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 32

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 22

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 23

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 24

KinksintheCNAMEChain

WhathappensifoneofthelinksintheCNAMEchainisbroken/doesn’tresolve?

•ALIASrespondswiththefallbackdata(ifany)orNODATA.•InthecurrentdrafofIETFforANAME...thereisnofallbackmechanism.

Intherawboxplotsthesekindsmanifestastheoutliers,droppedpackets,mul]plecachemissesorlongnetworkpaths.

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 25

LastMileVariability

Understandingtheoutliers

Localcachemisses

Droppedpackets

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 26

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 27

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 28

AsfastasthenetworktopographyItispossibletocreatescenarioswhereALIAS/ANAMErecordsperformworsethanCNAMEchains.

Thisiswhereunderstandingunderlyinginfrastructurebecomescri]cal.

Iftheauthorita]veprovidersforthedomainswithintheCNAMEchainarecloserinnetworkproximity(withinKorea)totheALIASauthorita]ve...

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 29

“Asia”isnotoneloca]on

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 30

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 31

InSummary

•Thereareperformanceimplica]onswithCNAMESandCNAMEchaining

•ALIASRecordscanbeusedtoflaJenCNAMESasaservice

•Yourend-userexperienceisuniquetoyourservicebasedonwhereyourinfrastructureisandwheretheyarecomingfrom

•Monitorandmeasureofen