DELIVERY PLATFORM AND TECHNOLOGY OVERVIEW

For more information please visit: www.opendns.com or call 877-811-2367

OpenDNS Enterprise Secures Internet Connections with 100% Uptime Our global security network, Anycast routing and SmartCache™ technologies deliver a simpler, faster and more reliable Internet experience without requiring you to change your network topology.

Let’s face it, if there were no security and compliance threats to protect users and devices from, you wouldn’t complicate and risk your network infrastructure by installing countless network devices (e.g. firewalls, in-line filters, proxies). You would deploy the minimum number of switches and routers between your devices and the Internet. Traffic would flow at the maximum speed and throughput provided by your ISPs (Internet Service Providers), and there would be no additional points of failure (or complication) to manage and maintain daily. You would be happy, and your end users would be happy. Regrettably, the risk of data loss, identity theft, inappropriate or malicious resource consumption, brand damage, etc. is great enough to justify adding network infrastructure risks and investing your time.

However, even if we lived in a threat-free world, you still would deal with the inherent complexity and inconsistency of several, less-than-100%-reliable recursive DNS services provided by your ISPs. This common situation impacts organizations that use redundant Internet pipes with more than one ISP or have multiple network locations with different ISPs.

OpenDNS addresses both these problems, while securing every Internet connection, by eliminating the common requirement to add network devices or in any way change your network topology, and simultaneously consolidating all these disparate recursive DNS services into one ultra-reliable global DNS service with the same two consistent IP addresses (208.67.222.222 and 208.67.220.220).

Connected at Internet’s Core Fabric for a Faster, More Global Service

The Internet is often referred to as a “Network of Networks”, as it consists of over 5,000 ISPs interconnected with one another in a sparsely meshed fabric. The core of the Internet’s fabric is created using peering agreements at IXPs (Internet Exchange Points), which allow first-tier ISPs or other service providers like OpenDNS to exchange traffic bound for one another’s customers. Millions of business networks and billions of home networks are connected via transit agreements for DIA (direct Internet access) from each ISP’s PoP (points of presence). Transit agreements are also used to connect OpenDNS to first-tier ISPs and first-tier ISPs to smaller ISPs, commonly at the Internet’s edges.

OpenDNS selects strategic IXPs to connect our PoPs to the Internet’s core using two criteria – Internet connectivity and geography. More peering and transit agreements established with ISPs at a IXP, translates to fewer connection hops and latency incurred between the customer’s

networks and OpenDNS’s services, as well as between authoritative DNS servers and OpenDNS’s services. More geographic isolation between IXPs, translates to fewer issues in one region spilling over and impacting another (e.g. disaster at datacenter, large-scale routing errors).

 

Many regional second- or third-tier ISPs that business or home networks receive DIA from have no peering agreements at IXPs or geographic dispersion making their DNS services susceptible to greater latency to retrieve DNS responses or outages, respectfully. OpenDNS currently has selected 12 PoPs, which interconnect with the number one, two and three most well-connected IXPs globally, and in particular in the Americas, Europe and Asia-Pacific. While OpenDNS is

available everywhere today, there are further plans to increase usage in Asia-Pacific and South America.

“All Roads Lead to Rome” for a Faster, Simpler Internet Experience

Most local network setups or global services use traditional Unicast routing, for which each server at each location advertises a unique IP address. In regards to an ISP’s DNS service, it would mean that every recursive DNS resolver is assigned a different IP address. Some services may offer a single IP address per PoP even if it consists of hundreds of servers, which is commonly implemented by load-balancers deployed at each location, but this has the same drawbacks of Unicast routing. Anycast routing enables multiple servers at multiple locations to advertise the same IP address globally, not per location, and without load balancers adding more latency and risk of failure. In regards to OpenDNS’s DNS service, it enables our global PoPs consisting of 1000s of identical recursive DNS resolvers to advertise the same IP address pair. OpenDNS absorbs the time, cost and complexity to setup our true Anycasted security network. It requires that we maintain our own hardware, a large IP address space, direct relationships with your upstream ISPs, and sophisticated network routing policies. The benefit to you is that it is much simpler to setup every network device by using the same

pair of IP addresses. Such as configuring DHCP servers and creating, backing up or cloning hard disk or virtual machine images used anywhere, at any time. The benefit to your end users is faster connections to the Internet. OpenDNS blends Anycast’s fewest-hop routing logic to ensure your DNS queries go to the nearest PoP, and our proprietary network topology using two overlapping global Anycast “clouds” with different routing policies to enable your stub DNS resolvers to pick the lowest-latency route.

For more information please visit: www.opendns.com or call 877-811-2367

Self-Healing Routes Lead to a More Reliable Internet Experience

Rather than crude round-robin methods or physical load balancers, Anycast uses load-balanced routing logic, which is invisible to individual servers or entire PoPs. If a server or entire PoP is taken offline for maintenance, disasters, failures or attacks, it ceases to advertise its shared IP address and upstream layer-3 network devices will transparently re-route the traffic. So when you send a DNS query to OpenDNS, it will always return a response from the quickest, closest available DNS resolver! This eliminates you ever needing to make changes because we are conducting maintenance on servers closest to your network locations or we experience a major failure,

as other global services

claiming 99.999% up-time SLAs (service level

agreements) so often do. It’s that reliable and why we can truly claim that

we’ve had 100% uptime since we launched our services in 2006.

SmartCache Leads to a Even Faster and Smarter Internet Experience

OpenDNS receives billions of DNS queries daily from almost 2% of the Internet’s users and their devices. When OpenDNS receives each subsequent DNS query, we already know the answer (much more often than your regional ISPs), so we do not make you wait on the authoritative DNS servers to return this same answer. While we know almost every server’s address across entire global Internet at any given, this is not what makes our caching technology unique.

Many authoritative DNS outages, attacks or failures have impacted business-critical sites such as salesforce.com, amazon.com and petco.com, or even millions of domain, such as when the top-level domain used by Germany (.de) was unreachable. When such incidents occur, which is not uncommon, OpenDNS still returns the last-known correct address using our exclusive caching logic, whereas the rest of the Internet’s users will not be able to reach the domain.

DNS RESOLVER:

What uses it? Every device worldwide

(e.g. clients, servers) OPTION 1

Regional ISP Servers OPTION 2

Global OpenDNS Servers Third-party servers

worldwide

How does it work?

Non-Cached Query: “where is foo.com?”

+ lookup latency

Gets Answer #1: “foo.com is at 1.2.3.4” (always with OpenDNS)

or

Gets Answer #2: “Server Failed”

(sometimes with ISP)

STEP 1: IS THERE A VALID/NON-EXPIRED CACHED ANSWER?

Answer #1 (GOOD): “foo.com is at 1.2.3.4”

or

Answer #2 (BAD): “Server Failed”

Less likely with only regional coverage

No Cached Response (added latency) ê

Very likely with 40+ billion global queries daily

Cached Response: “foo.com is at 1.2.3.4”

STEP 2: IF THERE IS NO/EXPIRED CACHED ANSWER, THEN...

Query: “where is foo.com?” + lookup latency New Response: (#1)“foo.com is at 1.2.3.4” or

New Response: (#2) “Server Failed”

Last-Known Cached Response: “foo.com is at 1.2.3.4”

STUB   AUTHORITATIVE  RECURSIVE