March 8, 2008 – 6:54 PM
Increasingly popular social-networking sites such as MySpace, YouTube and Facebook are accounting for such huge volumes of DNS queries and bandwidth consumption that carriers, universities and corporations are scrambling to keep pace.
The trend is prompting some network operators to upgrade their DNS systems, while others are blocking the sites altogether. Moreover, the “MySpace Effect” is expected to hit many more nets soon, as these network-intensive interactive features migrate from specialty sites to mainstream e-commerce operations and intranets.
“Social media is not just going to be in pure-play sites like MySpace and Facebook. It’s going to become increasingly prevalent across retailers, media and entertainment,” says Mike Afergan, CTO of Akamai, a content delivery network company that supports MySpace, Facebook and Friendster. “It drives a lot more requests and a lot more bit-traffic across these networks.”
The demanding nature of social-networking sites was highlighted in May when the Department of Defense announced it was blocking worldwide access to 13 Web sites, including MySpace and YouTube.
“The Commander of DoD’s Joint Task Force, Global Network Operations has noted a significant increase in use of DoD network resources tied up by individuals visiting certain recreational Internet sites,” Army General B.B. Bell said in a memo. “This recreational traffic impacts our official DoD network and bandwidth availability, while posing a significant operational security challenge.”
The Defense Department began blocking access to these sites on May 14 on its unclassified IP network, which is called NIPRNET for Non-secure Internet Protocol Routed Network.
The military isn’t the only organization to notice how taxing these sites are on network resources.
“One of the things we’re hearing more and more from carriers is that social-networking sites like MySpace and YouTube are contributing to an exponential increase in DNS traffic,” says Tom Tovar, president and COO of Nominum, which sells high-end DNS software to carriers and enterprises.
Social-networking sites create large volumes of DNS traffic because they pull content from all over the Internet. Most of these sites use content-delivery networks to extend the geographical reach of their content so users can access it closer to home.
“A single MySpace page can have anywhere from 200 to 300 DNS lookups, while a normal news site with ads might have 10 to 15 DNS lookups,” Tovar says. “It’s an exponential increase.”
Virgin Media, a cable service provider with 10 million subscribers (including 3.5 million broadband users) in the United Kingdom, has found that the amount of DNS traffic generated by social-networking sites has grown dramatically in the past 10 months. YouTube and Facebook traffic has doubled in that time frame but still represents a fraction of Virgin Media’s overall DNS traffic. YouTube grew from 0.5 percent to 0.75 percent of the carrier’s DNS traffic, while Facebook grew from 0.5 percent to 1 percent.
In contrast, MySpace now represents 10 percent of Virgin Media’s DNS traffic, up from 7.2 percent last fall.
The social-networking sites “are generating much more DNS queries per user than other sites,” says Keith Oborn, network systems product architect with Virgin Media. “Because of the way MySpace pages are structured, a single page can generate hundreds of DNS queries.”
Oborn says the fact that many of these social-networking sites, including MySpace and YouTube, are served by content-delivery networks adds to the DNS traffic.
“They’re making use of an awful lot of short TTLs [time to live values],” Oborn says. “That increases the load on the DNS servers. The same thing would happen for an enterprise customer as you see happening on a service provider network.”
Oborn says it’s rare for one Web site to account for 10 percent of DNS traffic.
“MySpace is the one that everybody knows about,” he says. “It’s the thing we need to keep a careful eye on in DNS land.”
Virgin Media is addressing this phenomenon by upgrading its DNS infrastructure to the latest version of Nominum’s software, which uses a technique called Anycast to provide load balancing for improved redundancy. Virgin Media will complete the upgrade this summer.
With the new configuration, Virgin Media says it “could do 2.5 million DNS queries per second, but all we need is 50,000 or 60,000,” Obort says. “We have a lot of overcapacity in DNS, which is both cheap and good to have. … It cost us a few hundred thousand pounds at most.”
Virgin Media is anticipating continued growth in its DNS traffic, driven in part by social-networking sites. “Overall our DNS traffic is growing twice as fast as the number of users,” Oborn says.
At the University of Kansas, social-networking sites, including MySpace, Facebook and YouTube, are among the 10 most popular destinations for a user population that averages 20,000 per day, including faculty, staff and students.
These sites “generate a lot of DNS requests since each item on the Web pages is spread over dozens and dozens of servers,” says Travis Berkley, supervisor of LAN support services at the university.
The school hasn’t needed to upgrade its DNS infrastructure yet to handle the extra traffic that social-networking sites generate. It runs BIND Version 9 software for its DNS servers.
“We have two servers that are the primary for campus, and they seem to keep up just fine,” Berkley says, adding that “some departments have set up their own workgroup DNS servers.”
One advantage for the the university is that it already limits how much Internet bandwidth students can consume from their dorm rooms. So even though the university doesn’t limit access to social-networking sites, it can ensure that usage of these sites is limited to a fixed proportion of its Internet bandwidth.
“We did that independent of these sites or even peer-to-peer,” Berkley added.
MySpace seems to be the biggest contributor of the social-networking sites in terms of fostering DNS queries. MySpace declined to comment for this article.
“MySpace is really a pain in the butt,” says Cricket Liu, vice president of architecture at InfoBlox, which sells DNS appliances to carriers and corporations. “It generates an enormous number of DNS queries because of the way it refers to content. The domain names they are using all seem to be part of their own content-delivery network.”
Liu says any organization running a recursive name server will feel the pinch from MySpace’s DNS-heavy design. That includes carriers, universities and corporations.
“The recursive name server is ultimately responsible for getting the answer on behalf of the resolver on the laptop or desktop machine,” Liu explains. “So it’s the one that has to go out and navigate the Internet’s name space, find the authoritative name server for MySpace.com and get the data back. Then it has to keep going back to the MySpace.com name servers to resolve the different domain names on a page. … It might have to hit those MySpace.com name servers 45 times or more for a particular page.”
MySpace’s own DNS servers are less affected by this situation than those run by carriers or enterprises.
“The amount of horsepower it takes to handle a recursive query is more than it takes to handle an authoritative query,” Liu explains. “MySpace has to run name servers that are authoritative for MySpace.com. … The same piece of hardware can do an order of magnitude more responses when it’s authoritative for MySpace.com than it can do acting as a recursive server. That’s because it doesn’t have to track the ongoing progress of the name resolution process; it just has to answer it.”
The impact of sites like MySpace is also minor on the root servers and top-level domains. For example, VeriSign estimates that social-networking sites account for less than 1 percent of the DNS queries at the .com and .net level. VeriSign handles 32 billion DNS queries a day.
Experts agree that carriers and enterprises are the ones that will need to watch their DNS traffic trends in light of the “MySpace Effect.”
“The rise of social-networking sites is just one of a number of factors that are causing the increase in DNS queries,” Liu says. “Another would be antispam mechanisms and just the increasing penetration of broadband.”
And it’s not just DNS queries that social-networking sites like MySpace drive, but also large volumes of traffic.
“Social-media sites are driving a fantastic amount of usage,” Akamai’s Afergan says. “These sites are motivating their users to be interacting with their sites in a very engaging way, which is driving a large experience time.”
Afergan says social-networking sites affect network utilization in two ways: the profile-based sites like MySpace generate a lot of requests per user for small files, while the video-based sites like YouTube demand a lot of bandwidth for large video files to be transmitted across the network.
“Most of our networking partners are seeing these sites drive an incredible amount of traffic, both in the number of requests and the bytes involved in those requests,” says Afergan.
The heavy network demand of these Web sites is one reason that seven of the top 10 social-networking sites use Akamai’s content-delivery service to offload traffic. It’s also a reason that many carriers allow Akamai to put edge servers inside their networks to serve up rich content locally.
“Part of what we do for carriers is minimize the traffic on their networks,” Afergan says, adding that Akamai’s servers also reduce DNS traffic.
The impact of social-networking sites is primarily on carrier and university networks today, but it is likely to affect more corporations as they add social-networking features to their e-commerce and intranet sites.
IBM, for example, runs its own social network called BluePages, which allows employees to provide information about themselves to other employees.
Meanwhile, Coca-Cola this month is set to launch a mobile phone-based social-networking community for Sprite drinkers called Sprite Yard.
“Imagine when there are thousands of these sites,” says Ken Silva, CSO of VeriSign. “Then they will be a more significant share of overall DNS queries.”
Silva worries more about the impact on DNS from the migration of telephony and television services to the Internet than he does about social-networking sites.
“If one big telephony provider migrates to the Internet, they could bring millions of users and generate big chunks of bursty growth,” he says.
VeriSign is in the midst of a three-year, US$100 million upgrade to its DNS infrastructure, which supports the .com and .net registries and two root servers. The upgrade will increase the company’s DNS capacity tenfold.
“Planning for these things like social-networking sites and large infrastructure moving to IP is what this upgrade is all about,” Silva adds.
www.pcworld.com/article/id,133350/article.html
Posted in Internet, Privacy, Security | No Comments
