network services geoff huston. ip access is not enough zan isp service also requires: ymail &...
Post on 27-Mar-2015
214 Views
Preview:
TRANSCRIPT
Network Services
Geoff HUSTON
IP Access is not enough
An ISP service also requires: mail & mailing lists DNS web usenet ftp ...
Mail Services
Mail ServerMail Alias Local Access
Account
SecondaryMail Server
Inbound Mail delivery
Backup
MailClient
POP or IMAP Accessto Mail Account
Outgoing Mail server
Outbound MailServer
Outbound Mail
Mail Services
Customer mailboxes SMTP server POP / IMAP access server account management alias management
Mail Services
SMTP relay for outbound mailSecondary MX for customersMail List management for customers
DNS Services
Hosting Primary Domain ServiceSecondary DNS ServerDNS Forwarder
Web Caching
improved fetch performanceISP cost reductionvirtual web servers (virtual domains)proxy serversaccepting advertisements on the
web page
Caching
GET www.stuff.isp/page.html
www.stuff.isp
cache
GET www.stuff.isp/page.html
GET www.stuff.isp/page.html
cache
1
2
Large Scale Caching
ISP Network
cache server 172.16.0.1
client
cache
172.16.0.1
cache
172.16.0.1cache
172.16.0.1
cache server 172.16.0.1
client
cache server 172.16.0.1
clientICP requests
Core Cache System
POP Cache Architecture
CoreNetwork
tocustomer
sites
Access Servers
LAN Switches
Servers
Core Router
Cache
Redirect TCP port 80 requeststo local cache system
Web Hosting
Virtual web hosts
sub 11
sub 121
sub 12
sub 1 sub 2
sub 31
sub 321 sub 322
sub 32 sub 33
sub 3
sub 4
sub 4
user page
sub 11
sub 121
sub 12
sub 1 sub 2
sub 31
sub 321 sub 322
sub 32 sub 33
sub 3
sub 4
sub 4
user page
sub 11
sub 121
sub 12
sub 1 sub 2
sub 31
sub 321 sub 322
sub 32 sub 33
sub 3
sub 4
sub 4
user page
sub 11
sub 121
sub 12
sub 1 sub 2
sub 31
sub 321 sub 322
sub 32 sub 33
sub 3
sub 4
sub 4
user page
http://www.net.isp
http://www.client1.dom172.16.0.2
http://www.client2.dom172.16.0.3
http://www.client3.dom172.16.0.4
http://www.client4.dom172.16.0.5
172.16.0.1
172.16.0.2 172.16.0.3 172.16.0.4172.16.0.5
USENET servers
can be a valuable servicecan be expensive!
too much traffic getting-in too much hard disk capacity maintenance cost a lot!
Games and Entertainment
The Internet is not intended to be serious and there’s a perfectly good market for games and entertainment Game servers Streaming audio/video servers …
Upstream ISP
Upstream Feed RouterLocal OfficeAccess Router
Network AccessServer
AccessFilters
RadiusServer
MailServer
DNSServer
WWWCache
WWWServer
UsenetServer
AccountingData
NetworkManagement
Server
Local OfficeLocal OfficeLocal Office
45Mbps Backbone45Mbps Backbone
RadiusServer
MailServer
DNSServer
WWWCache
WWWServer
UsenetServer
AccountingData
NetworkMgmtServer
Dial-Up NetworkAccess Server
Network ClientAccess Router
Network ClientAccess Router
Backbone RouterBackbone Router
622MbpsSONET Backbone
Dial-Up NetworkAccess Servers
Network ClientAccess Routers
Backbone RouterBackbone Router
Add Drop Mux
Fast Ethernet Switch
Fast Ethernet Switch
RadiusServer
MailServer
DNSServer
WWWCache
WWWServer
UsenetServer
AccountingData
NetworkMgmtServer
155Mbps Fiber Connectors
Adding Security to the Design
Network Router
Local OfficeAccess Router
Network AccessServer
RadiusServer
MailServer
DNSServer
WWWCache
WWWServer
UsenetServer
AccountingData
NetworkManagement
Server
Service Plane
Control and Management Plane
NetworkManagement
Server
Upstream Feed RouterLocal OfficeAccess Router
Network AccessServer
RadiusServer
MailServer
DNSServer
WWWCache
WWWServer
UsenetServer
AccountingServer
Local OfficeLocal OfficeLocal Office
Network Carriage Plane
TCP loggingSYN protectionpermit any source connect to TCP port 119permit NetOpsCenter source to any portdeny all else
no loose source routingno directed broadcastpermit any source to usenet server TCP port 119permit NetOpsCenter source to usenet serverdeny all else
ISP Service Plane
Example: Securing the Usenet ServerExample: Securing the Usenet Server
ISP Management Plane
Service Issues
Do ISP services attract a different tariff?
How are service ports accounted?
top related