24 Shared Registration System (SRS) Performance
|gTLD||Full Legal Name||E-mail suffix||Detail|
|.tci||Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti.||nsline.com||View|
The .tci TLD will be added to CoCCAʹs existing SRS, which currently has its primary Network Operations Centre (NOC) in Sydney Australia. The Sydney primary SRS is a single SRS instance currently hosting a dozen ccTLDs. CoCCAʹs Sydney SRS runs the latest versions of their ʺpamojaʺ TLD software application in a High Availability (HA) configuration. The Sydney SRS registry that will host .tci currently complies with the requirements Specifications 4, 6 and 10 and will be scaled or modified to meet SLA requirements or any future ICANN gTLD specifications. Because of CoCCAʹs commercial model and technology the primary SRS can be moved from one data center to another with only a few minutes outage.
From an Internet users perspective trusted, secure and responsive DNS implementations are the ultimate objective of Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. To ensure this CoCCA will use PCHʹs DNSSEC and anycast infrastructure for offline storage, signing and resolving the .tci TLD, additional DNS resolution will be provided by the ISC SNS anycast platform and two CoCCA unicast DNS servers. Additional information and technical details on the DNSSEC and anycast DNS services can be found in the answers to questions 34, 35 and 43.
24.1 Scale of Operations
A decade of operational experience with TLDs that have implemented polices to discourage tasting or otherwise incentivize add-drop registrations confirms the widely held belief that SRS registry databases are largely static. Once registered data associated with a domain is not frequently modified. More than 99% of the queries seen by CoCCA on a daily basis are WHOIS, EPP Domain:Info or Domain:Check queries (read queries) and do not tax a SRSʹs resources excessively. Direct experience and anecdotal evidence from other small and mid-sized registries suggest that between 2% and 5% of the records in the register change daily through db ʺwriteʺ operations - new registrations, renewals, name server changes, contact updates automated changes of status, transfers etc.
For a theoretical registry of 1 million domains this equates to roughly 50,000 ʺwriteʺ transactions a day - or an average of 35 a min (50,000 ⁄ 1440 min⁄day). A recent test of CoCCAʹs SRS software on an single 8GB cloud server revealed that the pamoja software was able to process 4 million unique EPP registrations in a little over 5 hours. Performance tests can be designed in any number of ways, real world performance depends on a variety of factors- the specific policy and account settings for a given zone.
In terms of both transactional capability and storage, todays ʺoff the rackʺ hardware and the open source PostgreSQL database used by CoCCA can easily cope with demands that a small to medium sized registry is ever likely to make on an SRS system. While the CoCCA SRS EPP and WHOIS infrastructure and platform may seem comparatively modest, a decade of experience confirms it is more than capable of meeting the ICANNʹs gTLD SLA requirements and comply with the required RFCʹs.
If future demands require it, CoCCAʹs SRS can easily (and affordably) be scaled by adding additional load balanced application servers and bandwidth.
24.1 SRS | High Level Description
Comprehensive information on and descriptions of the CoCCA SRS and NOC may be found the answers to questions 25-42 that follow.
24.1.1 SRS Infrastructure ⁄ Architecture
The following describes the key features of CoCCAʺs current production SRS that will be utilized for the .tci:
* Primary SRS is operated from Global Switch, a tier 3 + facility and one of the largest carrier-neutral data centers in the Southern Hemisphere.
* Redundant links to the Internet through PIPE networks and Telstra
* DNSSEC Key storage (offline) in Singapore at a PCH facility hosted by the National University of Singapore, on behalf of the Singaporean Infocomm Development Agency (IDA). Failover storage at a facility is hosted in Zurich by SWITCH, the Swiss national research and education network and in the U.S. at facility is hosted by Equinix in San Jose.
* .tci zones signed by PCH in Frankfurt or Palo Alto
* SRS Escrow at tier three co-location facility (Maxnet) in Auckland NZ and Failover a tier four facility (Equnix) supported by PCH in Palo Alto, CA US. A fourth SRS ʺinstanceʺ is planned for Paris in early 2013.
* Dedicated, routable CoCCA Critical Infrastructure IPv4 and IPv6 address blocks.
IPv4 resources: 22.214.171.124⁄24 (crit-infra)
IPv6 resources: 2001:dd8:3::⁄48 (crit-infra)
* Routers, Firewalls, Switches and Load balancers all configured for failover.
* CoCCAʺs pamoja SRS application load balanced and configured for failover.
* PostgesSQL 9.1.3 database replicated synchronously to two secondary DB servers.
* DS Keys lodged by registrars via EPP or the CoCCA SRS GUI
* Servers Virtualized (VMware vsphere v5)
* VM image-based replication for high availability and off-site disaster recovery http:⁄⁄www.veeam.com⁄vmware-esx-backup.html
* Critical Data continuously replicated asynchronously to two off-site SRS instances - PCH, Equinix Palo Alto CA (pch.net) and CoCCA Data Escrow (NZ) Limited, Auckland NZ (maxnet.co.nz)
* OT&E Environment for Registrars
* Primary and Secondary hidden master DNS ( failover masters ).
* CoCCA operated unicast DNS in Sydney Australia and Auckland New Zealand.
* Two anycast solutions operated by PCH and ISC - over 80 DNS nodes.
24.1.2 Specification 6, Section 1.2 Compliance.
The .tci TLD will be added to CoCCAʺs production SRS that currently hosts 12 ccTLDs under a single RFC 5730-5743, RFC 5910 and 3915 compliant EPP interface.
A list of the Registrars that currently connect to the CoCCA SRS for one or more ccTLDs follows bellow.
24.2 EPP Interface
The port 700 EPP interface for .tci will listen on the same IP and port as the EPP server for the other TLDs hosted by CoCCA - currently ʺproduction.coccaregistry.net:700ʺ, on launch the production EPP interface for .tci will be branded as epp.nic.tci.
24.3 WHOIS Interface (port 43 and 443)
The WHOIS Interface(s) for .tci will listen on the same IP and port as the WHOIS server for the ccTLDs and prospective gTLDs to be hosted by CoCCA - currently ʺwhois.coccaregistry.net:43⁄443ʺ on launch the interface for .tci will be branded as ʺwhois.nic.tciʺ. Each TLD ( ccTLD⁄ gTLD ) in the CoCCA SRS may have different WHOIS disclosure settings based on the TLD policy. The .tci will comply with the ICANN gTLD disclosure requirements.
24.4 GUI Interface (port 443)
The GUI Interface for .tci will listen on the same IP and port as the GUI server for ccTLDs and prospective gTLDs to be hosted by CoCCA - currently https:⁄⁄production.coccaregistry.net:443. On launch, the interface for .tci will be branded as ʺregistry.nic.tciʺ.
24.5 Hidden Master DNS (s) (port 53)
The there are two hidden master servers. CoCCA will transfer the .tci zone from the ʺsignature masterʺ to PCH for DNSSEC signature using TSIG IXFR ⁄ AXFR and IP restrictions at the OS and firewall level. PCH will sign the Zone and transfers it back to CoCCA using TSIG and IXFER⁄ AXFER, CoCCA will then loads the zone on a second ʺdistribution masterʺ which allows distribution to the PCH and ISC anycast transfer points and the CoCCA unicast DNS servers.
24.6 CoCCA Public Unicast DNS
DNS servers on virtual machines running BIND in the Sydney NOC and NZ SRS will pull and resolve the .tci TLD zones.
24.7 Public anycast DNS
CoCCAʹs distribution master notifies the anycast providers (PCH and ISC) and .tci TLD zones are transferred to the respective providerʹs transfer point IPs (hidden IPS for DNS transfers only) using TSIG IXFER ⁄ AXFR and then propagated by PCH and ISC across their respective anycast networks.
24.8 ftp Server
Server to distribute zone files as required under Specification 4 Section 2.
24.9 Escrow Server
Server used to deposit TLD data with NCC and transfer data to CoCCAʺs Failover and Escrow SRS. Uses Secondary IP range.
24.10 Number of Servers
There are seven physical server appliances in Sydney NOC configured such that they host 17 virtual machines.
24.11 High Availability (HA) Configuration
The Sydney NOCʹs network appliances are configured for failover and HA in either hot or warm standby mode. The PostgreSQL databases are locally replicated using 9.1.3ʹs synchronous replication and asynchronously over the WAN to the Failover facilities. The status of the local and off-site replication is continuously monitored by the CoCCA NOC. CoCCA also ships WAL files so that in the event of an extend WAN outage the offsite SRS can be updated using Point in Time Recovery (PITR).
RDDS and EPP services are load balanced between two different application servers at the primary SRS ( more application servers can easily be added ). Public read-only RDDS may also load balanced by simply having the nagios monitoring software automatically modify the resource records and send WHOIS traffic to either of the secondary ⁄ failover SRSʹs for near-real time WHOIS, When the primary becomes available or SLA issues ( DoS etc ) are resolved, RDDS services are automatically switched back to the primary SRS.
The public IPs at the NOC used for EPP, WHOIS and GUI are on routable critical infrastructure ranges assigned to CoCCA by APNIC. In the event of an issue with the primary Internet link at the Sydney NOC (PIPE networks) CoCCA may either modify A and AAA records for GUI ⁄ RDDS and EPP services to the local failover link, or the entire IP range can be re-routed using BGP routing to a COCCA failover SRS. If the entire Sydney NOC suffers an extended outage the traffic can be routed to the the failover SRS (Palo Alto) or Escrow SRS (Auckland) as conditions dictate by either modification of resource records ( A, cname ) or BGP of the CoCCA AS.
VMware images of all virtual machines are made daily using Veeam Backup & Replication software
In addition to streaming replication, SRS data is sent to CoCCAʹs failover SRS and Escrow sites every 10 minutes (or sooner depending on activity) via SCP in the form of postgresql PITR files, and daily in the form of compressed database dumps and VMware images.
24.12 List of Registrars Connected to the CoCCA SRS in Sydney AU as of March 30, 2012
12idn Limited NZ
1API GmbH DE
3w Media GmbH DE
AB NameISP SE
Active24 .CZ CZ
AFGNIC Registrar AF
AGJ Times GB
Alpha Communications Network HT
Ascio Technologies DK
Atlantis North Ltd GB
Automattic Inc US
Bamik Network Information AF
BBCWYSE Technology Co. Ltd MU
BB Online UK Limited GB
Beijing Guoxu Network CN
Bizcn.com, Inc. CN
Biz.Vi Networks Ltd. HT
Blacknight Internet Solutions IE
Brights Consulting Inc. JP
Brown Domain Services HT
Cogent IPC SE
Com Laude GB
Communigal Communication Ltd IL
Core | Council of Registrars CH
CPS-Datensysteme GmbH DE
Cronon AG AF
Corporation Service Company CA
Consortium For Success, Inc. US
Cybernaptics Ltd MU
DA Domains DM
Digital Technology GY
Dinahosting SL ES
Dipcon AB SE
documentdata anstalt LI
Domaininfo AB SE
Domain The Net Technologies IL
Dominiando IT IT
Dynamic Network Services US
E-advert Ltd MU
Easy Line Host FI
Easyspace Ltd GB
Enet Corporation JP
Entorno Digital S.A ES
EPAG Domainservices DE
Euro Billing Grona Verket AB SE
IVX B.V. NL
FING GLOBAL NETWORK Inc JP
Fody Technologies Ltd. MU
FRCI eServices Ltd MU
Gabia, Inc KR
Gandi SAS FR
Gastein IT Services AT
Gauss research Laboratory, Inc. PR
Government Online Centre (MU) MU
GoHoto Pty Ltd AU
Golden Internet RU
Gransy s.r.o. CZ
HAICOM ( HAITI Communications ) HT
HAINET S.A. HT
Haiti Domain HT
Haqmal ICT Solution Services AF
Hikaru Kitabayashi JP
Hostnet bv NL
Ultraspeed UK GB
FSM II FM
GaMa Consulting S.A. HT
Indeca GmbH DE
Innovative Systems GY
Instra Corporation AU
InterNetworX Ltd. & Co. KG DE
InterNetX GmbH DE
Indian Ocean Territories CX
IP Mirror Pte Ltd SG
Iron Mountain IPM US
Jestina Mesepitu SB
Jms-Networks (TM) GB
J SQUAD SYSTEMS INC. AF
Kawing Chiu US
Keiichi SHIGA (old: Keiichi dot business) JP
Klute-Thiemann GmbH DE
Larsen Data DK
Legekko Info Ltd MU
Lexsynergy Limited GB
MailClub (France) FR
Marcus Cake AU
MARIDAN InterNET GmbH DE
Maudeline Auguste HT
MediaWars CO LTD JP
Melbourne IT CBS AB SE
Moniker Online Services, LLC. US
Mauritius Domains MU
LIVING BY BLUE CO.,LTD JP
Name.com LLC US
NameWeb BVBA BE
NATCOM S.A HT
National Computer Board MU
Nemesys Ltd MU
Nessus GmbH AT
NetAccess ⁄ AccessHaiti S.A. HT
NetNames Ltd GB
Net-Chinese Co., Ltd. TW
NETCOM S.A. HT
Network Solutions, LLC US
Mauritius.biz Hosting MU
NICE S.r.l. d⁄b⁄a niceweb.eu IT
Norfolk Island Data Services NF
Novutec Inc. US
OFFICE DE MANAGEMENT ET DE RESSOURCES HUMAINES HT
MB OPTIMAL SYSTEMS LTD GB
Our Telekom SB
OXWELL CC VG
Multilink S.A HT
Peweb Ltda BR
PlanA Corp AI
Quick Net HT
Register.it spa IT
Domain Name Registration Service Reg.Net.Ua UA
101Domain, Inc. US
Solomon Telekom SB
Solutions S.A. HT
SpeedPartner GmbH DE
SunnyNames LLP US
Telecommunications Authority of Kiribati KI
Telecom Plus Ltd MU
TierraNet Inc. US
Timor Hosting TL
TradeMark Unlimited, Inc US
TPP Domains Pty Ltd AU
I.C.S. Trabia-Network S.R.L. MD
TRANSNET S.A HT
Timor Telecom TL
UNICART Ltd. BG
united-domains AG DE
Variomedia AG DE
Melbourne IT DBS, Inc. US
V-Trade Ltd MU
Visiant Outsourcing S.r.l. IT
Web Commerce Communications WebCC MY
WEB Development and Hosting Ltd MU
WEB Ltd MU
Web Solutions ApS DK
WebWorkers Internet Consultants cc NA
NamIT cc Namibia NA
WSR Corporation GB
Xcess Interactive GY
Xin Net Technology Corp . CN
Similar gTLD applications: (9)
|gTLD||Full Legal Name||E-mail suffix||z||Detail|
|.nowruz||Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti.||nsline.com||-2.37||Compare|
|.shia||Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti.||gmail.com||-2.37||Compare|
|.halal||Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti.||nsline.com||-2.37||Compare|
|.pars||Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti.||agitsys.com||-2.37||Compare|
|.islam||Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti.||nsline.com||-2.37||Compare|
|.persiangulf||Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti.||gmail.com||-2.37||Compare|
|.همراه||Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti.||nsline.com||-2.26||Compare|
|.ummah||Ummah Digital Limited||gmail.com||-2.26||Compare|