Virgin Revamps DNS Strategy
The U.K. cable operator, known as NTL before it adopted its new name earlier this year, is "investing a few hundred thousand pounds, much less than £1 million [US$2 million]" on new DNS equipment, which translates domain names into IP addresses, from Nominum Inc. (See Virgin Media Picks Nominum and NTL Relaunches as Virgin Media.)
The new gear, and the way it's being deployed, will have an impact on Web page response times and network security, says Keith Oborn, the operator's network systems product architect. Here's why. Oborn says both NTL and Telewest, the two U.K. cable operators that merged in late 2005 and then subsequently acquired Virgin Mobile (hence the new name), were both already using Nominum's Caching Name Server technology, though in a slightly different setup. (See NTL & Telewest: Together at Last! and NTL Takes Virgin.)
"We decided to revamp the DNS architecture for the relaunch as Virgin Media as, while Nominum's technology does exactly what it says on the tin, we had vulnerabilities in both legacy systems, which we're addressing by deploying a distributed architecture" and an inter-server communication technique called BGP anycast, says Oborn.
He says NTL previously had "two large DNS clusters with load balancers, but these created bottlenecks," which slowed down the time it took for domain name lookups to be executed.
Now, though, "we are distributing them around the edge of the network, and by September we will have 50 deployed, far more than we will actually need to meet traffic demands. Any one server will likely only ever be 5 percent busy, so if one fails, no one will notice, and we have tested this. It would take a lot of them to fail simultaneously to have an impact and the chances of that happening aren't even worth calculating."
The new setup will kill off any bottleneck problems and result in a better response time -- 10 milliseconds across the Virgin Media backbone.
"A fast DNS response time is critical to the level of service you can deliver, and that's why it's worth overscaling the system," says Oborn. "An average Web page will comprise a couple of dozen elements that could come from multiple servers, and on average there are 20 DNS lookups for a single Web page. If the DNS lookup is slow, a customer could have unlimited bandwidth, but still experience what seems like slow Internet access, as response times are impacted by DNS lookup times.
"Investing in DNS technology is a relatively cheap but critical way of making your service go faster."
Then there's the security element. "If you want to knock out an ISP, you attack the DNS system -– nothing works without it. We suffered a major DNS attack last year," admits the Virgin Media man, who believes that a distributed network of servers will provide additional security.
But even though the investment is relatively minor, couldn't the operator get by using the open source BIND (Berkeley Internet Name Domain) technology deployed by most ISPs?
Oborn admits that the commonly held view is, "Why pay for technology when you can use BIND for free?" But "with BIND you have to use 10 times as many servers, and it's not as secure -– operating expenses are higher and security isn't as good."
BIND isn't the only alternative to Nominum's technology, though. Infoblox Inc. has also developed commercial DNS technology. (See Infoblox Intros Appliance.)
Oborn says Virgin Media "put Infoblox through its paces in our labs, but decided the devil we know is still the best one. We're not denigrating the product in any way. It's a good solution for enterprises, but it's not as mature as Nominum's." (See Nominum Redirects, Nominum Takes Telefónica, IBM, Nominum Partner on DNS, Telmex Picks Nominum, and Nominum, Siemens Team.)
— Ray Le Maistre, International News Editor, Light Reading