In light of recent Internet attacks, whether a sound HA architecture should withstand a massive (distributed) denial-of-service ([D]DoS) attack or be able to mitigate its effects has become a legitimate question. From my point of view, a state-of-the-art HA architecture should have some inherent self-healing capabilities; HA architects should also add another line of defense to assist in at least crippling or weakening (D)DoS attacks and their progeny. Several, sometimes complementary and orthogonal, lines of defense are crucial to prevent (D)DoS attacks, as they are to overall security architectures.
HA in terms of almost 100 percent service availability within strict service level agreements (SLAs) and monitored key performance indicators (KPIs) represents a significant challenge for today's finest engineers and designers. The problem with any (D)DoS defense is that every system's strength defines its weaknesses, too. For example, handing over control of a firewall ruleset to a network intrusion detection system (NIDS) means that any successful trigger of this defense mechanism (spoofing) effectively locks out legitimate networks from crucial services. Therefore, a system designed to protect or prevent might become the perfect DoS trap.
NOTE
Recent hostile activities on the Internet have proven to me that, in general, operational staff are overwhelmed by and overburdened with reactive actions because of weak underlying network design and planning.
Network HA Approaches
The fundamental principle, and the foundation of network HA, is network link redundancy and redundant hardware (network elements).
Redundant Paths
The underlying design principle is that, for a critical service, at least two equivalent systems should be provided and topologies chosen in a way that there always exist, at the least, two redundant paths to the next device. This is why for so many years many robust and scalable photonic network approaches have been based successfully on protected ring topologies (for example, Synchronous Digital Hierarchy/Synchronous Optical Network [SDH/SONET]) and Resilient Packet Ring (RPR). Just because a lot of folks disliked Token Ring technology for no apparent reason does not mean that ring topologies per se are inferior to bus architectures or star topologies; on the contrary. With a small number of network elements, point-to-point links will suffice. Usually a collapsed network core consists of three or four network elements (as shown in
My approach to network redundancy is that more than one alternative link is unnecessary and unjustifiable commercially.
Standby Equipment
Another concept is the provisioning of cold- and hot-standby equipment, meaning components that need power up and hardware configuration (versus up-and-running failover candidates). Occasionally, engineers or management throw hardware resources at a simple design problem. However, HA concepts that are too exhaustive add considerable complexity to networks, occasionally defeating the purpose (and at unjustifiable expense).
As an introduction to the challenge of HA, Figure 12-2 presents a typical corporate Internet connectivity example in two variants.
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment