TY - GEN
T1 - Topaz
T2 - 2024 ACM SIGCOMM Conference, ACM SIGCOMM 2024
AU - Larisch, James
AU - Thijm, Timothy Alberdingk
AU - Ahmad, Suleman
AU - Wu, Peter
AU - Arnfeld, Tom
AU - Fayed, Marwan
N1 - Publisher Copyright:
© 2024 Copyright is held by the owner/author(s). Publication rights licensed to ACM.
PY - 2024/8/4
Y1 - 2024/8/4
N2 - Today, when a CDN nameserver receives a DNS query for a customer's domain, it decides which CDN IP to return based on servicelevel objectives such as managing load or maintaining performance, but also internal needs like split testing. Many of these decisions are made a priori by assignment systems that imperatively generate maps from DNS query to IP address(es). Unfortunately, imperative assignments obfuscate nameserver behavior, especially when different objectives conflict.In this paper we present Topaz, a new authoritative nameserver architecture for anycast CDNs which encodes DNS objectives as declarative, modular programs called policies. Nameservers execute policies directly in response to live queries. To understand or change DNS behavior, operators simply read or modify the list of policy programs. In addition, because policies are written in a formally-verified domain-specific language (topaz-lang), Topaz can detect policy conflicts before deployment. Topaz handles ∼1M DNS queries per second at a global CDN, dynamically deciding addresses for millions of names on six continents. We evaluate Topaz and show that the latency overheads it introduces are acceptable.
AB - Today, when a CDN nameserver receives a DNS query for a customer's domain, it decides which CDN IP to return based on servicelevel objectives such as managing load or maintaining performance, but also internal needs like split testing. Many of these decisions are made a priori by assignment systems that imperatively generate maps from DNS query to IP address(es). Unfortunately, imperative assignments obfuscate nameserver behavior, especially when different objectives conflict.In this paper we present Topaz, a new authoritative nameserver architecture for anycast CDNs which encodes DNS objectives as declarative, modular programs called policies. Nameservers execute policies directly in response to live queries. To understand or change DNS behavior, operators simply read or modify the list of policy programs. In addition, because policies are written in a formally-verified domain-specific language (topaz-lang), Topaz can detect policy conflicts before deployment. Topaz handles ∼1M DNS queries per second at a global CDN, dynamically deciding addresses for millions of names on six continents. We evaluate Topaz and show that the latency overheads it introduces are acceptable.
KW - authoritative DNS
KW - CDN
KW - declarative
KW - formal verification
KW - network policies
UR - http://www.scopus.com/inward/record.url?scp=85202302908&partnerID=8YFLogxK
U2 - 10.1145/3651890.3672240
DO - 10.1145/3651890.3672240
M3 - Conference contribution
AN - SCOPUS:85202302908
T3 - ACM SIGCOMM 2024 - Proceedings of the 2024 ACM SIGCOMM 2024 Conference
SP - 891
EP - 903
BT - ACM SIGCOMM 2024 - Proceedings of the 2024 ACM SIGCOMM 2024 Conference
PB - ACM
Y2 - 4 August 2024 through 8 August 2024
ER -