• No results found

Internet Resiliency and Recovery

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Internet Resiliency and Recovery"

Copied!
11
0
0

Loading.... (view fulltext now)

Download now ( 11 Page )

Full text

(1)

Internet Resiliency and

Recovery

Scott Hofer

Executive Network Architect

Scott Hofer, Executive Network Architect, IBM

• IBM Certified Executive Network IT Specialist

• M.S. Telecommunications

• 11 years with IBM Business Continuity and Resiliency Services

– Network Offering Manager, 7 years

– Delivery Support for mainframe and open systems, 4 years

• Previously

– Network administrator, University of Colorado, Boulder – Satellite Tracking Station Manager, Defense Mapping Agency

• Patent: System, Method, and Program for Re-Routing Internet Packets

• Email: hofer@us.ibm.com

Abstract

• Internet connectivity is a critical network component for businesses. The need to keep employees, end-users and suppliers connected is no longer optional. The technology to prepare your environment for Internet recovery includes these key components: IP addressing and DNS (domain name server) resolution.

• Additionally, you should assess the resiliency of your Internet services both in production and recovery. Resiliency has many aspects, including both inbound and outbound connectivity to the Internet, connections to multiple ISPs, multiple WAN and LAN connections, and critical routing decisions.

• This session will review considerations for your Internet environment to address recovery and resiliency.

(2)

Agenda

• Why Internet Continuity?

• Internet Resiliency Overview

• Internet Recovery Methodologies Overview

• Preparing Your Environment for IP Redirect

Why Internet Continuity?

• Companies have implemented many mission critical tasks over the Internet: – eBusiness

– Suppliers – Customers – Business Partners – Remote Access

– Data Vaulting / Rapid Recovery • Internet Continuity includes resiliency AND recovery

– VoIP – Video Conferencing – eMeetings – e-mail – VPNs

Internet Resilience…

Internet Resiliency supports a businesses ability to adapt and respond to risks and opportunities

• Infrastructure strategy and design

• IT recovery

(3)

Agenda

• Why Internet Continuity?

• Internet Resiliency Overview

• Internet Recovery Methodologies Overview

• Preparing Your Environment for IP Redirect

Internet ISP 3

Edge Router 2 (BGP v4) ISP 1 ISP 2

Edge Router 1 (BGPv4)

Distribution Switch 1 Distribution Switch 2

Path Selection Device VLAN 1 VLAN 2 ISP N End Devices 1 2 3 4 5 6

Internet Resiliency Overview

–Multiple Internet Service Providers (ISPs)

–Physically diverse network pathing (separate sheathing, separate ingress and egress points into the building, diverse POPs)

–Multiple Edge Routers –Fully Redundant Cabling –Automatic failover –Redundant Distribution Layer –Redundant Connections to End Devices –Real time best path selection –Real time load balancing

1 2 3 4 5 6

(4)

Resilient Internet Front End

• Can survive all but a catastrophic site-wide outage. • No single point of failure.

Agenda

• Why Internet Continuity?

• Internet Resiliency Overview

• Internet Recovery Methodologies Overview

• Preparing Your Environment for IP Redirect

Internet Recovery

• What to consider for Internet Recovery options

– Static IP/No DNS (Domain Name System)

– DNS Based

(5)

Internet Recovery

Static IP/No DNS

Internet Any ISP Any ISP Production Site Recovery Site IP Address Range 1 IP Address Range 2

Internet Recovery

Static IP/No DNS Considerations

• Must plan time for system IP address change • Use different IP addresses at the recovery site

• More difficult for people to target IP addresses rather than

hostnames

– For example entering 192.168.0.1 into a web browser vs.

www.mycompany.com

• Must communicate all IP address changes to – System administrators

– End users – Business partners – Vendors – Other

• IP addresses typically change back to original state when

going home

Internet Recovery

DNS Based

Internet IP Address Range 1 Any ISP Any ISP Production Site Recovery Site Primary DNS Server Alternate DNS Server at Alternate Site (e.g. Recovery Site)

IP Address Range 2 Any

(6)

Internet Recovery

DNS Based Considerations

• Use new IP addresses at the recovery site along with DNS – The hostnames may stay the same

– Can pre-stage DNS configuration

– Must communicate all the hostname changes to interested parties – Can create test domains or hosts

• Example domain:

– Change host.mycompany.com to host.dr.mycompany.com • Example Host:

– Change host.mycompany.com to drhost.mycompany.com – Must plan for time to propagate changes worldwide

• Typically can cover the U.S. in 24 hours • International may take up to 72 hours – Must plan time for system IP address change

– IP addresses may not be available for permanent plan, may need to incorporate time to acquire, plan, and implement new IP addresses during an outage

– DNS server must be recovered before you can use this

Sample DNS Zone File

Production Zone File: ; Database file COMPANY.COM.dns for company.com zone. ; Zone version: 259 ; @ IN SOA dns. administrator. ( ... … ; Zone records hostname1 A 64.96.43.1 hostname2 A 64.96.43.2 hostname3 A 64.96.43.3

Recovery Zone File:

; Database file COMPANY.COM.dns for company.com zone. ; Zone version: 259 ; @ IN SOA dns. administrator. ( ... … ; Zone records hostname1 A 123.123.123.27 hostname2 A 123.123.123.28 hostname3 A 123.123.123.29

Internet Recovery

IP Address Redirect

(7)

Internet Recovery

IP Address Redirect Considerations

• Eliminates most previous issues

– static IP/No DNS and DNS issues revolve mostly around

changing IP addresses

• May plan to keep original Hostnames during outage – May use original or new Hostname during test • Planning Issues:

– Must move large block of addresses – OR use the same ISP at the production site and

recovery site

Agenda

• Why Internet Continuity?

• Internet Resiliency Overview

• Internet Recovery Methodologies Overview

• Preparing Your Environment for IP Redirect

Preparing for IP Redirect Internet Recovery

• Choose a methodology

– Single homed, same ISP, static routes – Single homed, same ISP, BGPv4 – Multi-homed, same ISPs, BGPv4 – Multi-homed, different ISPs, BGPv4

(8)

Preparing for IP Redirect Internet Recovery

• Single homed, same ISP, static routes

– Install same ISP at both the recovery and production

sites

– Create static routes between you and ISP (both sites) – Have ISP change static route for test/outage – Subject to ISP change windows, response time – Manual failover only

– Flexible down to 30-bit mask

Preparing for IP Redirect Internet Recovery

• Single homed, same ISP, BGPv4

– Install same ISP at both the recovery and production sites

– Run BGPv4 between you and ISP – Full or partial Internet routing tables – May use private (or public) ASN (Autonomous

System Number)

– Setup BGPv4 to prefer production site route(s) – Allows for automatic or manual failover – Flexible down to 30-bit mask

Preparing for IP Redirect Internet Recovery

• Multi-homed, same ISPs, BGPv4

– Install same ISPs at both the recovery and production sites

– Run BGPv4 between you and the ISPs

– Full Internet routing tables (requires 256M on router) – Public ASN required (www.arin.net)

(9)

pre-Preparing for IP Redirect Internet Recovery

• Multi-homed, different ISPs, BGPv4

– ISP independent at the recovery and production

sites

– Run BGPv4 between you and the ISPs

– Full Internet routing tables (requires 256M on router) – Public ASN required

– Work with ISPs or Continuity Service Provider to pre-configure BGP filters

– Allows for automatic or manual failover – Requires 24-bit mask or larger

IP Redirect Summary

Yes Yes No No Full routing tables? Yes Yes No No Public ASN? Full routing tables? Manual or Automatic? BGP? Same ISP? Yes Either Yes No Multi-homed, same ISPs, BGPv4 Yes Either Yes Yes Multi-homed, different ISPs, BGPv4 No Either Yes No

Single homed, same ISP, BGPv4

No Manual No

No

Single homed, same ISP, static routes

Ways to Speed Recovery

(or Ease the Pain)

• Setup a DHCP Server

– Save individual device configuration time – Ease end user pain configuring PCs

• Remote Access VPNs

– End users and/or administrators may be:

• Unable (or unwilling) to fly

• Sticking out (or stuck in) regional disaster (e.g. Hurricane)

• Consoling family • In a Hotel

• Site to Site VPNs

(10)

Creating a Test Plan

• Identify IP address ranges to test • Understand impact to production site • Many continuity service providers have

ranges of IP addresses available for test purposes

• Best to test actual redirect of all IP addresses

– Redirect of subset of IP addresses is the next best thing

Internet Security

• Assessment • Denial of Service • Intrusion Prevention • Anti-virus management • Penetration testing

• Emergency Response Services

Conclusion

• Internet connectivity is no longer a luxury, it is business

critical

(11)

Q&A

References

Download now ( PDF - 11 Page - 358.05 KB )

Related documents

DVG-5121SP VoIP Telephone Adapter. User s Manual

WAN Port IP Assignment: Select Static IP if your ISP (Internet Service Provider) assigned you a fixed IP address, subnet mask, and DNS server addresses.. Please contact your local

Vision 2030 Natural Gas Infrastructure in India. Report by Industry Group For Petroleum & Natural Gas Regulatory Board

Unbundling is expected to facilitate the development of a short-term transportation market in the country (where pipeline companies and transportation contract holders would be

IP Addresses for VPNs

If you do not define a network scope, the DHCP server assigns IP addresses in the order of the address pools configured. It goes through the pools until it identifies an

ebridge1spr - EoC Receiver ebridge4spt - 4 Port PoE/PoE+ EoC Transceiver Switch

Since every Network Configuration is different, please check with your Network Administrator to see if your eBridge4SPT should use static IP addresses, or DHCP assigned IP

Addressing the Achievement Gap in Pinellas County Schools: School Improvement Plan Compliance of Listing and Implementing Interventions

The data showed that most schools used the same strategies and found that small groups was the most effective strategy to use with Black students with 100% of Black

San Francisco State University Transcripts Request

Fees for degree and san francisco university request form or scanned and unofficial transcripts in logging in logging in order transcripts are residents of high school has

PERFORMANCE MANAGEMENT for COOK ISLANDS TEACHERS

Performance Dimension 3: Promotes a collaborative inclusive and supportive student learning environment Competent Beginning Teacher Competent Classroom Teacher Excellent

Briefing Paper. Housing Revenue Account Valuations, Depreciation and Impairment. June 2015

In April 2013 the Chartered Institute of Public Finance & Accountancy’s Finance Advisory Network issued a briefing entitled ‘Housing Revenue Account