24 Shared Registration System (SRS) Performance

Prototypical answer:

SHARED REGISTRATION SYSTEM (SRS) PERFORMANCE:

NIC Mexico will provide registry services for the .LAT TLD that cover the five critical registry functions:

A. Receipt of data from registrars concerning registration of domain names and name servers
B. Dissemination of TLD zone files.
C. Dissemination of contact or other information concerning domain name registrations (Whois service)
D. Internationalized Domain Names.
E. DNS Security Extensions (DNSSEC)

All of these functions will be supported by the Shared Registration System (SRS) as the point of entrance of all data to the registry database.

The SRS will enable registrars to provide domain registration services in the .LAT TLD, thus the SRS must be robust and reliable. .LAT registry will implement SRS according to the industry’s best practices including both EPP and web-based interfaces.

The EPP is widely adopted as the standard for domain name management in generic TLDs. It is also used by competitive ccTLDs that want to make their ccTLDs available to a wider market. NIC Mexico has a fully EPP compliant SRS that will make available for registrars all commands necessary for domain name provisioning for their clients..

The web interface will provide registrars with all other administrative tools needed to maintain their accounts within the registry. Services like billing, reporting and account management will be available to registrars via the web interface.

NIC Mexico’s SRS and EPP implementations comply with RFCs 5910, 5730, 5731, 5732, 5733 and 5734, according to Specification 6 of the Registry Agreement. It will also comply with RFC 3915 for the RGP implementation.

SRS DESCRIPTION AND PERFORMANCE

The SRS solution is an in-house development that has evolved through more than 10 years to achieve the required attributes needed to support the operations of the .MX ccTLD with high security, stability and performance. This evolution was the result of the availability of new and better technology, improvement of the skills of the technical staff and new business requirements that demanded technical improvements. NIC Mexico ´s SRS went from a monolithic system, to a pure Registry-Registrar mode currently supporting the operations of the .MX ccTLD with more than half a million domain names. Nevertheless, NIC Mexico’s SRS implementation can support up to 8X (4 million domain names) the actual load of the .MX registry without any degradation in performance. This capacity exceeds the requirements of a TLD of the planned size of the .LAT TLD, yet the system can still augment its capacity to handle more domain names if necessary.

The SRS is hosted in two carrier class datacenters located in Monterrey, MX. Triara is the main datacenter and Axtel is the secondary datacenter, which is equipped and configured to operate as a hot backup datacenter. The datacenters have the following certifications:

Triara has a Level 5 certification from ICREA (International Computer Room Expert Association) Level 5 refers to a HSHA-WCQA, High Security High Available-World Class Quality Assurance Data Center. Triara is the only datacenter with Level 5 certification in Latin America.

Axtel Data Center has a Level 3 certification from ICREA, which refers to S-WCQA, Safety-World Class Quality Assurance Data Center and is currently working on TIER 3 Certification.

NIC Mexico’s registry solution is built on top of a technical architecture designed to provide security, reliability and performance at all levels. All servers and devices installed in the infrastructure go through a hardening process following best practices. This architecture features a multiple layer design (See Attached File, Network Diagram):

INTERNET LAYER

This layer provides interconnection to ISPs and WAN interconnections. In each datacenter NIC Mexico deployed two routers which are connected to two different routers of the ISP using different links. NIC Mexico’s routers are connected to the edge routers of the ISPs. Telmex and Axtel are the main connectivity providers of NIC Mexico and they have multiple redundant links to major providers in the USA. Telmex is the largest ISP in Latin America and Axtel is the second largest ISP in Mexico.

NIC Mexico’s infrastructure is linked by three WAN links. Two WAN links of 100Mbps interconnect the infrastructure in Triara and Axtel datacenters. Redundancy is necessary because the databases on both sites are synchronized in almost real time. This link between datacenters is also used as a solution to provide multihoming to both sites. NIC Mexico’s main office is connected to Axtel datacenter by a WAN link of 48Mpbs. NIC Mexico’s main office is also connected to the Internet with a 100Mpbs broadband connection which can be used as backup in case the WAN link to Axtel is not working.

SECURITY LAYER

Firewalls, IDSs and VPN Gateways are located in this layer. All external traffic is handled in this layer and has to go through multiple security filters before it can reach the Application and Internal Network Layers. The firewalls implement algorithms to help mitigate DDoS attacks. An IDS analyzes all the traffic coming from the internet connections with ISP before it continues to the Internal Network Layer. If suspicions traffic is detected an alert is sent to the NOC team to perform further analysis. VPN gateways are deployed in the two datacenters and in the main office so that all traffic that goes through NIC Mexico’s Internal Networks is encrypted with IPSEC.

APPLICATION LAYER

In the application layer we find the server farms for the EPP, HTTP load balancers, WWW Extranet, WHOIS and DNS stealth servers. The servers located in this layer use High Availability Clustering and load balancing with DNS Round Robin. Auxiliary components that require Internet connectivity like the credit card payment components are also located in this layer.

INTERNAL NETWORK LAYER

In the Internal Network Layer communications between the different components and the database takes place. The Internal Network Layer also gives access to NIC Mexico’s specialized IT Staff to perform administrative and maintenance tasks On the SRS itself and all of its components.

ABOUT THE DATABASE

The database is fine tuned for high volume online transactions. All access is secured and monitored to maintain data integrity and prevent unauthorized access. The main database servers are DELL R910 servers.

SYNCHRONIZATION BETWEEN MAIN DATABASE AND MIRROR DATABASE

Updates at the primary datacenter are replicated to the database servers at the backup datacenter using a custom designed procedure that avoids database locking in case of communication problems in the wan links that interconnect both datacenters. The database server is configured to provide high availability and resilience. Redundancy is one of the main configuration directives for the hardware setup. LUNs are configured in RAID 1+0 and RAID1 arrays. The Oracle archiving system generates archive files that are synchronized in almost real-time with the secondary datacenter. This is possible because the primary and secondary datacenters are interconnected with redundant wan links.

HARDWARE AND SOFTWARE

Both interfaces, EPP and WEB are java-based and the software and the application containers are tuned to deliver top performance at any time. NIC Mexico keeps at least 2 spare servers that can be added to any service in case of an unusual peak of transactions to avoid any performance degradation.

RDBMS is provided by Oracle as the industry leader for relational databases. NIC Mexico has long experience using Oracle Database for its mission critical applications. IT Staff is highly experienced in the deployment and fine tuning of Oracle to provide for the best performance to .LAT Registry users.

Applications run in DELL M610 high capacity servers. NIC México has implemented 1+1 redundancy in all networking and processing hardware to provide for reliability and resiliency.

INTERACTION WITH OTHER SYSTEMS

The SRS interacts with other registry systems to provide integrated services to registrars. The main interfaces are EPP and the .LAT Registry Website. Both will operate together to provide a complete experience to the registrar. EPP will accept commands from registrars for the provisioning of registry objects, while the web page will offer EPP and account management functionality to registrars and other administrative tasks like reporting and account balance management. Other registry systems that interact with the SRS are:

Billing System. This system handles registrar’s payments and invoices. It works with the payment module to process payments with credit cards. The payment module supports multiple credit card processing service providers; it has a primary service provider and a backup in case of failure. This system tracks all registrars’ transactions and keeps their balance updated. The registrar can make credit card payments or wire deposits to its account on the .LAT Registry and the Billing System will debit all registry’s billable operations from its account.

Batch Scheduling System. The scheduler runs all automated processes like domain renewals, programmed deletions and sends all related warnings and notifications to registrars. All these processes run automatically and include a full execution report that is sent to NIC Mexico’s IT staff for verification. They also perform business rules validations and security checks and can send alerts to a system operator if anything needs attention.

Mailing System. It handles all e-mail communication initiated by the SRS and all related systems. It keeps a searchable archive available to registrars and system administrators.

Registry Intranet. Is the tool used to operate the Registry and also is used by the customer support agents to offer assistance to registrars. It includes management capabilities for all registry objects, also provides registrar activity tracking, configuration of registry parameters like grace periods, management of the firewall access control for registrars, and others. The application has fine-grain access control over system functions and users. Administrators can give privileges over certain functions of the application to predefined user groups or individual users. Special operations like domain deletion require confirmation by a supervisor using a second password scheme User authentication in the intranet is validated with an OTP solution.

RDDS (Whois). The SRS is the point of entry of all information in the .LAT Registry. All information delivered by the RDDS is taken from the SRS. A special automated process synchronizes the information in the RDDS with the last updates from the SRS. Both TCP port 43 and Web version of the RDDS use the same database different from the main database.

Zone File Manager System. The Zone File Management System takes care of maintaining the SRS database with domain name delegation information and the DNS zone files synchronized. The system polls the SRS database to generate journal files containing only updates since the last synchronization. The journal files are then transformed in AXFR and IXFR commands that are sent to DNS master servers to be propagated to the DNS anycast clouds. The Zone File Manager System verifies zone file integrity before and after sending any updates.

WORKING WITH ICANN ACCREDITED REGISTRARS.

Domain registration will be provided for all ICANN accredited registrars through the SRS via an EPP interface. Authentication will be made both at network level with TLS using certificates signed with .LAT registry’s CA, and at application level via username and password.

The registrars will be able to register domain names for the desired term defined in yearly increments from one to ten years.

NIC Mexico will provide technical support to registrars both for the initial setup and for the daily operations. The call center will be available on business ours to service support requests by phone and email. There will be also live-chat assistance. Outside business hours, there will be an emergency response team available on-call for participating registrars.

The accreditation process will be agile and will include signing of the LAT addendum to the Registrar Agreement and testing the interoperability of the registrar´s system with the SRS. .LAT registry will have a full featured test environment available to interested registrars to test and verify the correct integration of their systems with the .LAT SRS.

Similar gTLD applications: (0)