ARTICLES

Over the last decade, Internet usage has exploded throughout most of the world, opening up new channels for commerce and communication. We know how the Internet has brought the world closer together, and made it possible to do a variety of new things, such as easily being able to find long-lost relatives; map out a route to a new destination, while you’re on route to that destination; or transfer funds between bank accounts, without leaving the house or picking up the phone. But the Internet has had a fundamental impact that goes beyond these changes.

To begin with, the Internet has introduced the phenomenon of “Internet-scale applications,” which engage hundreds of millions of people, simultaneously, each one interacting with the application in slightly different ways. Traditional broadcast media might engage the same number of people, but such media typically deliver the same content to all users. Traditional telecommunications systems also involve millions of users, but unlike Internet-scale applications, they usually establish simple, one-to-one connections between two users at a time.

The Internet has also dramatically impacted the speed of production. Because Internet Protocol (IP) is publicly available, IP-based applications can be developed, tested, and deployed extremely rapidly, greatly accelerating the fundamental pace of innovation. In the automotive industry, new products take about seven years from concept to floor model, and in high tech, new microprocessors are developed roughly every 18 to 24 months. In contrast, new functionality can be introduced into Internet applications weekly, on a regular basis, allowing customer feedback to be instantly incorporated into the product development cycle. The increased pace of Internet innovation has changed daily operations across the entire business landscape.

Finally, the unprecedented scale of the Internet combined with this unprecedented speed of Internet innovation has created an “online ecosystem” that is rapidly enabling new types of applications that were simply not possible before, such as real-time news, which is beginning to supplant traditional media; today’s massively scaled multiplayer games, which push the technological envelope by combining 3D motion graphics, sound, and chat for many users simultaneously in an interactive context; or the real-time, collaborative manipulation of three-dimensional biological models. Such applications just scratch the surface of what’s possible today.

But exactly how did we get to this point?

The Internet: Under the Hood 
If we could take a look “under the hood” of the Internet, we’d find a variety of components, but mostly you’d see networks, because the Internet is, as has often been said before, a network of networks, connecting computers and servers. So there would be home networks, enterprise networks, Internet service provider (ISP) networks, and there would be the cabling structures that connect these networks, such as T1 and T3 lines, and the Internet backbone. You’d also see routers of every shape and size, routing Internet traffic to its intended destination.

You’d also see an infrastructure that runs alongside the Internet traffic, in the way that the system of signal lights runs alongside the streets in a city. It’s called the Domain Name System (DNS), and it’s one of the Internet’s most critical components; the DNS translates the name that you’re familiar with, such as VeriSign.com, into the IP address for the specific server housing the information you’re looking for. This system allows Web and email users to use sensible names in their communications rather than 10-digit codes, which would be difficult to remember and not at all intuitive. When you enter a URL into a browser and hit Enter, your computer sends a query to your local DNS server, such as the one run by your organization at work or your ISP, and that server usually knows the correct IP address; but if it doesn’t, it will consult another DNS server, and so on, until it gets to one of the Internet’s root DNS servers, which contain the authoritative list of IP addresses. Once your machine knows the IP address for the Web page you’re looking for, it can contact the server and begin downloading the images, text, etc. All of these activities happen behind the scenes, usually in fractions of a second. Without this critical service, the Internet would probably not have become the business cornerstone and household resource that it is today. 

The Early Nineties: Unprecedented Expansion 
In the early years, the entire root of the Internet was kept on one modest server, smaller than an average PC today, and it was stored in a VeriSign office. Due to the rate that Internet traffic was increasing, VeriSign had to replace these servers often, as they reached the limits of their capacities. Soon we realized that Internet usage was actually growing at an astounding rate, far beyond what anyone had anticipated. In fact in the early nineties Internet usage was doubling every four to six months; if we didn’t stay ahead of the curve, the root server could go down, and many, many sites would suddenly be unavailable, which of course would be unthinkable. What we were seeing was very rapidly outstripping anything that regular computing increases could provide; the normal technology approach, using off-the-shelf technology,  just wasn’t going to work for the long haul.

For these reasons we developed the Advanced Transaction Lookup And Signaling (ATLAS®) platform, which is made up of software, hardware, and methods, to replace the software we were using to run the root DNS servers. The ATLAS platform allowed the Internet to scale dramatically, far beyond the amount that it had so far demonstrated. This was not only to support the growth in usage that we were seeing, but also to be able to weather denial-of-service (DoS) attacks, in which a server is flooded with so much activity that it slows to a crawl and becomes inoperable.

Over time we learned that in order to sustain attacks of this nature, our servers needed to be able to support many many times the capacity for everyday traffic. In 2001, for example, our root servers were processing about 600 million DNS queries a day, and today, VeriSign’s Internet infrastructure processes as many as 32 billion queries in a single day. However, the ATLAS platform can provide many times that amount of throughput without sacrificing performance. Today, 13 geographically distributed root servers, housed in secure data centers and backed up in multiple instances throughout the globe, are responsible for updating somewhere between 2 million and 4 million recursive DNS servers, which cooperate to provide name service to hundreds of millions of individuals, billions of times a day. VeriSign operates two of these root servers, which provide authoritative DNS service to .com, .net, and other domains.

People often ask: “How much overcapacity is enough?” From our perspective, it’s not clear that it will ever be enough. Services that were once part of different infrastructures, such as telecommunications and television, are now migrating to the Internet. Soon you will be able to get any sort of broadcast of any program on any device that you want. Imagine watching part of a program at home then seeing the rest on your cell phone as you wait in line at the airport. All of that content will ultimately end up being a part of the Internet. What will the Internet look like, in terms of traffic, when every key-click on people’s TV remotes is an event on the Internet? VeriSign is ready for this kind of traffic.

We also needed the ATLAS platform to provide greatly enhanced data integrity, beyond what was previously possible. For example in the financial industry, some records might be worth a couple billion dollars. All of the records in the DNS literally determine what is on the Internet at a given point in time; it was critical that the ATLAS platform fully preserved the integrity of all records. Finally, we needed to build intelligence into the ATLAS platform; the ATLAS platform had to be able to identify and diagnose any problems and anomalies that might arise, so that they could be rapidly addressed.

One of the most powerful aspects of the ATLAS platform is that it can support other applications in addition to DNS. We currently run some telecommunications signaling processes on it, as well as a few key validation procedures for our digital certificates. Using Online Certificate Status Protocol (OCSP), certain browsers can validate individual certs in close to real time, rather than regularly downloading a large file containing a batch of certs. The ATLAS platform can be applied as a lookup system for any digital transactions in which one set of data is associated with one code.

Day-to-Day Scale and Trust: VeriSign’s DNA 
It was also critical that we build tremendous reliability into our Internet infrastructure, and that was something that we could only establish over time. The .com and .net DNS infrastructure has demonstrated 100% availability since 1998 and has never once delivered an incorrect IP address. Billions of times each day things, many critical transactions are made possible because of VeriSign’s Internet infrastructure. If you were a visitor at one of our data centers, you wouldn’t see dramatic scenes of people rushing around. Our staff is primarily looking for anomalies in traffic and data flow; our data centers are highly automated to lower the failure rate. 

Internet Infrastructure for the Future 
Today, VeriSign’s Internet infrastructure helps people to surf the Web with ease, protect critical transactions, and securely log on to private networks. We are always thinking as far ahead as possible, preparing for greater throughput, more devices, new formats, and new systems. We cannot predict exactly what the future holds, but it is clear that the Internet has created unprecedented innovation. More and more applications are going to allow people to integrate with the fabric of the Internet, in real time, with whatever they happen to be doing, whether it’s word processing, number-crunching, or gaming. Beyond this, new applications will be developed that we can only dream of today. The future will certainly involve an increase of Internet-scale applications, and VeriSign Internet infrastructure will be right in the center of that growth.

To learn about the products and services that are supported by VeriSign’s Internet infrastructure, visit the Domain Name Services, Secure Sockets Layer (SSL), Identity Protection, and Content and Messaging sections of the VeriSign Web site.