WHITEPAPER Utility-Grade Core Network Services The infoblox appliance-based platform integrates distributes, and manages DNS, DHCP, IPAM, TFTP, NTP and more to drive networks and applications Executive Summary

Networks and applications have become highly dependent on a collection of essential core network services that are not always “visible” or on the forefront of IT project lists. For example, virtually all applications, including web, e-mail, ERP, CRM, and Microsoft’s Active Directory require the Domain Name System (DNS) for their basic operation. Most IP-based devices, including laptops and desktops, require Dynamic Host Configuration Protocol (DHCP) to obtain an IP address. Newer devices such as IP phones, RFID readers, and cameras that are network-connected require file transfer services (via TFTP or HTTP) to receive configuration information and firmware updates. If core network services are compromised, networks and applications fail. These failures often manifest themselves as “network” or “application” issues but are often caused by failure of the underlying core network services themselves. A majority of enterprises still use an “ad-hoc” collection of disparate systems to deploy core network services and are, therefore, experiencing growing problems with availability, security, audit-ability, and real-time data integration that threaten current and future applications.

For more than a decade, the focus of networking professionals has been on physical network architectures with high levels of redundancy and fault-tolerance. From the endpoint inward, enterprise networks are designed to provide high availability with device redundancy and multiple paths among users and data. One of the key components of these architectures has been the network appliance, purpose-built devices that are designed to perform a specific function such as routing, switching, or gateway applications. In fact, today it is very difficult to find an enterprise network using general-purpose hardware running an off-the-shelf operating system for network infrastructure functions like routing, because appliances have proven to be far superior in terms of reliability, availability, and serviceability.

Interestingly, core network services—like DNS, DHCP, IPAM, RADIUS, NTP, and file distribution—are deployed primarily using the same architectural design approaches that network designers abandoned a decade ago. Most core network services “infrastructures” are built on general-purpose servers running common operating systems with off-the-shelf or open-source software. Managing and coordinating these disparate servers is difficult, especially when they are administered by different departments and functional areas. The need to integrate these services is a challenge that will only grow in the future as new devices and applications are added to IP networks.

Since current and future service delivery architectures are dependent on core network services, it makes sense to design and deploy these services to the same “utility-grade” standards that enterprises currently use for their physical networks and mission-critical applications. This paper presents a review of core network services and their functions and presents key considerations for achieving and maintaining utility-grade service levels.

1 WHITEPAPER Utility-Grade Core Network Services MSFT AD Web CRM E-Commerce IP Tel ERP Messaging

Applications

NAMING ADDRESSING IP ADDRESS MGMNT Core Network (DNS) (DHCP) (IPAM) Services FILE DELIVERY AUTHENTICATION TIME (TFTP/HTTP) (RADIUS) (NTP)

Network Infrastructure Routing IDS WAN Switching Wireless Firewalls

Figure 1: Core network services provide the “glue” between networks and applications.

What are Core Network Services?

Enterprises make significant investments in key elements of their IT infrastructure. Major network components such as routing and firewalls, major application components such as databases, middleware, and ERP are treated as “infrastructure,” which means that they have clear accountability, service metrics, strategies, and roadmaps. As a result, organizations focus resources on building highly available and fully redundant physical networks and business applications. However, core network services—the “glue” between networks and applications—are typically not accorded the same level of attention as the networks and applications that depend upon them.

Core network services include:

• DNS or the Domain Name System is the protocol that translates a server name or other resource into an IP address. It’s unacceptable to require users or application designers to know the IP addresses of every device in an infrastructure—hence the value of DNS. If an enterprise uses Windows Active Directory, e-mail, extranet services, or builds Service-Oriented-Architecture-based applications, DNS is a requirement if users are to access servers and data. If DNS fails, the user cannot access applications even if the network is available. In fact, DNS issues are often reported as “network” or “application” problems. If an end user cannot resolve a web-site URL or find their Windows domain controller to log in, it appears as if the network is not working.

• DHCP or Dynamic Host Configuration Protocol is how network users typically acquire an IP address on a given network. There are dozens of options and configuration variables available to a DHCP environment that can fine tune how a user acquires a specific address on a network. DHCP should also be considered the foundation for controlling user access to the network. Most companies allow “anonymous networks” in which anybody with an Ethernet connection can get an IP address and, therefore, security measures such as network access control (NAC) depend upon control over DHCP to support functions such as guest access and network quarantine. Without DHCP, IP address assignment is nearly impossible in all but the smallest networks because assigning addresses manually is very labor intensive and difficult to track. If DHCP fails, all but the most sophisticated users are unable to access the network.

2 • RADIUS, used to provide authentication, authorization and accounting (AAA) services, is essential for controlling access to wireless and wired networks. Sarbanes-Oxley and other regulatory requirements are moving enterprise networks from the anonymous network access model currently in use at most enterprises to a user/device/location model where users have to be correlated with IP addresses in real-time. RADIUS is increasingly required in distributed locations, such as schools, factories, warehouses, hospitals and retail stores that are deploying wireless networks for access by computers as well as by devices such as bar code scanners and other hand-held devices.

• IPAM or IP Address Management can quickly become a major administrative burden, especially if it is not integrated into the DNS and DHCP infrastructure. Many administrators use spreadsheets, text files, disconnected databases, and other techniques to manage their IP address space. In large networks, this simply becomes too complex and inefficient—especially as the addition of IP phones and other devices rapidly increases the number of IP-based devices in use. A fully integrated IPAM capability streamlines change management and the addition and removal of network resources, and also ensures that changes are auditable for compliance purposes.

• TFTP and HTTP for file transfer are critical services for the smooth functioning of IP phones and other devices that require periodic updates to their configuration or firmware. Frequent configuration and firmware updates are required to assure a highly reliable IP telephony system. As phone images are increasing in size and IP Telephony becomes more widely deployed, availability and local survivability requirements for file delivery services are increasing. Integrating this functionality into a core network services infrastructure (as opposed to an extension of the VoIP system) assures local survivability, WAN bandwidth optimization, and security.

• NTP or Network Time Protocol provides a consistent and highly accurate basis for recording and auditing network activity. Accurate and reliable delivery of time is essential for accurate event logging, security analysis, and forensics.

Together, these core services represent the “glue” that links users, networks, and applications. When core network services aren’t designed and built to the same standards as network and application infrastructure, users will experience latencies and outages that appear as problems with the network or the applications. Given their essential role, core network services need to be treated as critical IT infrastructure and designed accordingly. The following sections cover key design, integration, management, and security considerations.

Designing Core Network Services to Physical Network Standards

Many, in fact most, core network services architectures are built to different reliability standards than physical networks. Nearly all physical networks are designed with high levels of capacity, redundancy, and failover, and networking products—including routers, switches, gateways, and firewalls—have long been manufactured on purpose- built hardware with highly integrated firmware that is optimized for performance, reliability, and fault tolerance.

3 WHITEPAPER Utility-Grade Core Network Services Conversely, most core network services are deployed on general-purpose hardware using general-purpose operating systems and open source or “free” software. While it is possible to build fault tolerance into these architectures, it takes careful planning and implementation to assure that levels of capacity planning, redundancy, failover, and disaster recovery meet the same standards and goals as those of physical networks.

Applying the availability and fault tolerance goals used in designing network infrastructures to designing core network services architectures is necessary to assure a high degree of availability and end-user satisfaction. These goals include addressing requirements for capacity, continuity, and availability.

Service Capacity Planning

Capacity planning assures network services will meet peak demand. By understanding the capacity required by business users, potential outages or inconsistent performance can be avoided. Network architects must examine several factors and questions, including:

• Peak operating hours and demands. Typical requirements for core network services include DNS queries/second, DHCP leases/sec, Dynamic DNS updates, user authentications/sec, file downloads/sec, etc. • Understanding the impact of a major disruption. What would happen if a large campus was affected by a mid-afternoon power blackout? Would there be heavy DHCP traffic when the power is restored and devices such as IP phones come back online? • Location of various applications and data relative to the user. DNS and DHCP must often be locally available at remote sites along with applications to ensure survivability in the event of a WAN failure. Performing DNS lookups over WAN connections can add significantly to latency and the resulting poor user experience. • Adequate resource availability. Use of IPAM to understand the distribution and current utilization of IP addresses on the network can avoid exhaustion of an IP addresses on under-provisioned subnets. • Understanding the relationship between DHCP users and their DNS requirements. Many users will acquire several IP addresses in a single day—by moving around a campus, working from home in the evenings, etc. Each of these new IP addresses typically require a Dynamic DNS (DDNS) update as well. DDNS can place an additional load on DHCP and DNS servers. • Authentication requirements. Estimating the RADIUS authentication load at peak periods such as the morning log-on rush, as well as estimating the impact of a failure of a WAN link or central RADIUS server. • Outages. Predicting the time required for all phones to download firmware and configuration files after a power outage, especially at remote sites.

4 Service Continuity: Disaster Recovery

As with physical networks, core network services must survive even a catastrophic loss of any particular infrastructure component. Since the integrity of DNS, DHCP, and RADIUS services is highly dependent on real-time updates, the ability to quickly recover from a loss of service is critical.

Most companies have a Recovery Time Objective (RTO) for their network and critical business applications during a disaster recovery outage. However, they often do not understand that some of the first services which need to be restored are core network services to remap server names and IP addresses. Therefore, the RTO for core network services needs to be shorter than that for the most critical application.

Service Availability: Redundancy and Failover

Providing redundancy and eliminating single points of failure is a tried and true strategy for ensuring that there’s always a path to applications and data. The core physical infrastructure from the building floor distribution closet to the data center is typically redundant, including LAN, WAN, and uplinks. Physical network components such as routers, switches, gateways, and load balancers are all designed with redundancy and failover as a critical feature set.

Conventional Microsoft and open-source DNS servers offer redundancy by using secondary servers. For large-scale implementations, these devices can be assigned in a group using either a load balancer or as a group of DNS servers. However, for fast failover and recovery, it is difficult to build a network-layer, high-availability (HA) pair of devices. Also, during an outage of the primary name server, zone changes cannot be implemented.

DHCP redundancy is generally accomplished using a combination of two techniques. The first is by building an HA pair of devices and synchronizing all configuration and data while providing a virtual IP that can be answered by either system in the HA pair. The challenging problem in this case is how to keep active leases synchronized in real-time to avoid handing out duplicate leases during a failover event. It is critical that the two systems implement a system to only hand out a lease from the active device once it has synchronized the lease to the passive and this needs to happen in real- time to avoid DHCP lags.

The second approach is to use geographic diversity to provide DHCP failover. This is often done in remote locations that might have a local DHCP server that will be primary but will failover to a peer in a central datacenter in the event of a failure. Microsoft uses a method called “split scope” that divides an available address pool between the primary and the backup (typically 80/20). However, this results in poor address utilization and may result in address exhaustion during an extended outage because the backup, with only 20% of the total address space, may eventually run out of available IPs.

The most resilient DHCP architectures utilize both HA and failover methods in combination to provide local network-layer, HA pair devices with failover configured to a remote site with another HA pair.

5 WHITEPAPER Utility-Grade Core Network Services Like DNS and DHCP clients, RADIUS clients can be configured to try backup servers if a primary server fails. However, unlike DNS and DHCP, RADIUS has no built-in notion of service distribution, backup, or failover. New technologies are required to imbue RADIUS with capabilities such as server-level HA and synchronization of credentials across a system of distributed RADIUS servers. The same is true of other “stovepipe” network services such as TFTP.

It is necessary to engineer effective redundancy and failover strategies for all core network services in order to be able to establish and meet stringent SLA requirements.

Integrating Core Network Services

As mentioned above, core network services have traditionally been deployed as standalone, “stovepipe” applications. And while that was acceptable in the past, the requirements of modern networks and applications demand tight, real-time coupling among core network service protocols and data: IPAM DNS DHCP RADIUS TFTP/HTTP

www PCs Remote Access IP Phones Intranet Laptops 802.1X PDAs MS AD Wireless NAC Cameras SIP VoIP/IPT NAP RFID Figure 2: Core network services are becoming stressed and more interdependent.

• Integrated DNS and DHCP. When a new IP address is provided to a user, it typically requires an update to DNS so that applications can find hosts by name. The most secure way to provide these so-called dynamic DNS (DDNS) updates is to have the DHCP server update DNS directly, rather than rely on the client to update DNS. For security reasons, the fewer devices that are able to update DNS the better. Dynamic updates from the DHCP server should be cryptographically signed to ensure the validity of updates. If dynamic DNS updates directly from Microsoft clients are to be supported, then digitally signed updates using Microsoft GSS-TSIG security should be enforced. • Integrated audit. One of the most difficult challenges for regulatory compliance and investigations is correlating the logs from DHCP, DNS, and RADIUS. Integrated network applications provides a single record with the user, device, configuration, location, and time in context.

6 • Integrating DHCP and file delivery provides a single source for configuration and firmware management and addressing. Logging from these applications can simplify IP telephony diagnostics and management. • Integrated DHCP and RADIUS. Network access control (NAC) requires the ability to validate the trustworthiness of a user before issuing an IP address on the enterprise network. Integrating DHCP with RADIUS provides a method for authenticating users and making policy-based decisions regarding which users and devices should be granted a network IP address on the production network versus a guest IP address or a quarantined address.

Integrating core network services onto a common platform is essential in order to address these current and emerging requirements.

Managing Core Network Services

Management of core network services typically suffers from three weaknesses: 1) homegrown, text-based management architectures that are hard to maintain; 2) a variety of different management applications and consoles; and 3) difficulty in keeping operating systems and applications patched. Since there is a distinct lack of integration, and the services are typically deployed on disparate systems, managing these architectures can be a challenge.

Homegrown management of DNS and DHCP using text files and scripts is employed by many organizations but does not scale, is costly, requires deep technical expertise to build and maintain, and is vulnerable to the loss of key personnel who are familiar with the inner workings of the homegrown system. Typically the DNS and DHCP administrator(s) build libraries of scripts to perform functions like pushing new configurations, restarting servers, initiating transfers, etc. In a Microsoft environment, this is accomplished with SMS or other Windows management platforms. The overhead to build and maintain these ad hoc management environments tends to erase the cost advantages of using open source or Microsoft-based solutions. Patching general-purpose and open-source operating systems and applications can take it toll on productivity in many ways:

• System administrators must constantly evaluate threat levels and assure a new exploit or threat does not impact their existing environment. • Patches take time to download, test and deploy. They are not predictable, and a new exploit can be discovered and require an emergency upgrade at virtually any time. • Installing patches on each individual server one-at-a-time is costly and ineffective in an emergency when systems need a critical security patch installed. • All general-purpose and open-source software needs to be hardened with unnecessary services and modules removed. This is a time-consuming exercise and susceptible to mistakes.

To make matters more difficult, management of core network services is often split among different organizations within the enterprise with ad-hoc interaction and coordination, but can lack both strong controls and an overall strategy.

7 WHITEPAPER Utility-Grade Core Network Services SERVICES CONVENTIONAL MANAGEMENT METHODS/SYSTEMS

Text files, scripts, open-source management, some commercial BIND prod- DNS ucts; Microsoft Active Directory, SMS, and third-party products

Text files, scripts, open source management for ISC DHCPd; Microsoft DHCP Active Directory, SMS, and a few third-party products

Spread sheets, text files, manuals, open source; Third-party IPAM overlay products for Microsoft and ISC BIND/DHCP networks

Vendor proprietary GUIs, open source (FreeRADIUS); Microsoft Active RADIUS Directory

File Distribution Telephony vendor call managers

NTP Mainly text files

Core Network Services and Security

Core network services are positioned as the foundation of network access. Until recently, nearly all network access was anonymous, meaning that any device could acquire an IP address on the internal network with minimal scrutiny of the device or the person using it. With various regulatory requirements and the cost of malware attacks and theft of data, enterprises are becoming very concerned with allowing “just any device” on the network.

DHCP plays a critical role in allowing access to the network. By tightly integrating the DHCP transaction with RADIUS (and 802.1X) authentication, network access is less anonymous. This leads to the next stage: implementing network access control (NAC) or Microsoft NAP, which provide a way to assure the configuration and integrity of the device accessing the network in addition to the user. DHCP is the foundation for any network access control system.

Core Network Services and Regulatory Compliance

Core network services are affected in two ways by compliance concerns. First, control over core network services such as address assignment and authentication is key to enforcing policies that ensure only appropriate users and devices gain network access. In addition, core network services infrastructures need to provide the logging required to establish an audit trail for all administrative activities.

It is often very difficult to obtain correlated information about a user, their location, the device they connected from, the IP address they were using, and the time they were on the network. Correlating multiple logs from several disparate systems is difficult and often inaccurate—not to mention time consuming. By integrating network services, especially DHCP and RADIUS, it’s possible to provide a view of user data that include all the key elements:

• Username – Captured through the authentication process either via a captive portal or an 802.1X supplicant • Device – The MAC address and DHCP options provide both configuration and details of the device itself (type of device) • IP Address – The DHCP-assigned address

8 • Hostname – Either the assigned or configured hostname • Location – Captured using DHCP option 82 or option 123 to identify the logical location (i.e., switch port or access point) or physical GPS location • Network timestamp – The day and time of network access, whether IP address leases were renewed and when

Correlating this data with actual application logs makes it much easier to investigate a security-related event or to provide proof of audit-ability.

Obtaining administrative audit information from conventional, software-on-server- based approaches to core network services can be difficult or impossible. Logging data may be minimal, and in some cases, administrators may gain root access to servers and perform administrative changes that are not logged at all. Core network services systems need to enable definition and enforcement of strict, granular administrative rights and detailed logging of all changes to enable compliance with regulatory requirements.

The Infoblox Advantage: Core Network Services Deployed to Physical Network Standards

Deploying an Infoblox core network services solution as a unified, centrally managed, real-time architecture allows companies to meet the design standards and operational standards of physical networks. Infoblox appliances are built around the primary design concepts that physical network elements such as routers, switches, gateways, and firewalls have been using for over a decade, with unique new capabilities targeted to distributed systems and data management.

Purpose-built hardware designed to network appliance standards provides right-sized models to serve a range of needs. Infoblox appliances range from high-performance, data-center-class devices with hot-swap features and redundancy to economical branch office solutions. All Infoblox appliances have been designed to meet the US and Canadian government FIPS 140-2 standard.

Two cornerstones of Infoblox technology, Infoblox NIOS™ software and grid technologies, create a purpose-built, integrated, and hardened architecture that is designed to meet current and future requirements for service delivery and meeting SLA obligations.

Infoblox NIOS ™ Software

Infoblox NIOS software delivers reliable, manageable, scalable, and secure core network services at a lower cost and with higher security than server-software combinations and with greater network availability than any other approach.

9 WHITEPAPER Utility-Grade Core Network Services P S I P T U I M S I Q T P C T P l N P T P A N D T a F H E A t N P D A i T H I D M V d R E

G ™

A INFOBLOX NIOS SOFTWARE G r i N bloxSDB™ bloxHA™ ™

A bloxSYNC

M Database Failover Data Assurance HQ/Data Center DEDICATED HARDWARE PLATFORM

• Single point of management • Real-time monitoring, reporting, control • Automatic distribution of software updates Branch • Real-time data synchronization Regional • One-touch backup & restore Office/DR site • Built-in, one-click disaster recovery

Branch Figure 3: Infoblox NIOS Software Architecture.

The services included in Infoblox NIOS software include:

• Integrated, Zero-admin Database. Infoblox NIOS software stores all network data—including IP addresses, host names, MAC addresses, user credentials, and other data—in the integrated bloxSDB™ database. The bloxSDB database is designed specifically to support integrated network services and provides unmatched consistency between service and management views of IP network data without compromising performance. The bloxSDB database provides a common framework for delivering consistent availability and management functions for DNS, DHCP, RADIUS, TFTP, HTTP, NTP, and any other service modules supported. • High-availability Services. High-availability (HA) services are supported by bloxHA™ technology, which uses industry-standard Virtual Router Redundancy Protocol (VRRP) for sub-5-second network failover between active and backup appliances, and bloxSYNC™ technology to ensure real-time database synchronization with no loss or duplication of data. Together, these two technologies allow critical DNS, DHCP, RADIUS, TFTP, and other services to always remain responsive and up-to-date and eliminate common but challenging problems such as issuing duplicate IP addresses. • Easy-to-use GUI. The Infoblox Grid Manager GUI can be run from any PC running Windows XP or Linux. The abstracted, data-centric interface streamlines complex and repetitive management operations and enables administrators to focus on data and services rather than boxes and protocols. This reduces management time and eliminates many common data entry errors.

10 • Integrated Management. Infoblox NIOS software provides practical operational efficiencies that lower total cost of ownership. For example, creating a DHCP range automatically creates an associated DNS record, reducing the number of tasks required of network administrators. User credentials are automatically distributed to appliances in the grid that are providing RADIUS services and one certificate can be shared by all of the appliances serving RADIUS. Files served by the TFTP and servers are uploaded to the grid master and automatically distributed to all appliances serving files via TFTP and HTTP. • Granular, Role-based Administration. Administrators can delegate the management of particular zones, networks, and devices to other administrators, and they can also create “read-only” profiles for delegated administrators. This allows companies to grant individuals in different parts of an organization management authority over only a portion of the network’s resources. All administrative actions are logged. • Security Hardened. Infoblox NIOS software is hardened and consistently withstands security scans and attacks from the most demanding government and military organizations. In the event that a new exploit is discovered, the underlying software can be upgraded in minutes via a single, simple operation. This makes it much more difficult to penetrate than general-purpose operating systems with known vulnerabilities. Management communication is secured using Secure Sockets Layer (SSL)-encrypted VPNs for protection against management compromise.

Infoblox Grid Technology

Infoblox NIOS software also supports patent-pending Infoblox technology for linking distributed appliances into a unified Infoblox grid. The embedded databases in all Infoblox appliances within an Infoblox grid are intelligently interconnected so that they share a common, real-time view of host names, IP leases, user credentials, and other core network services data. The Infoblox grid uses secure SSL-based communication among appliances and also uses sophisticated database technology to maintain data integrity. This ensures that all appliances in the grid have the right data and that the grid continues to deliver services without data loss or corruption in the face of a wide range of device or WAN failures.

The Infoblox grid provides a distributed, real-time replication architecture that is always current. All changes to DHCP, DNS, RADIUS, and TFTP are replicated in real- time among the appliances in the grid as necessary to assure all network services data is current and that the entire system is operating correctly. Any disruption among grid members is detected and mitigated using services from other appliances in the grid. All appliances in the grid run identical software and can be configured to serve one or more of the following roles:

11 WHITEPAPER Utility-Grade Core Network Services Infoblox-1050-A Regional Infoblox-2000 Intranet, DNS/DNSSEC. DHCP, DNS/DNSSEC. DHCP, Extranet Microsoft IPAM, TFTP, NTP IPAM, TFTP, NTP Active Directory

E-mail VoIP

Web Headquarters Infoblox-1552-A DNS/DNSSEC. DHCP, ERP, CRM, IPAM, TFTP, NTP eCommerce

Infoblox-550-A Disaster DNS/DNSSEC. DHCP, Recovery Branch IPAM, TFTP, NTP

Figure 4: Infoblox grids allow distributed appliances to perform and be managed as a unified system.

• The grid master is a designated appliance that serves as the seat of administration for the grid and contains the complete database of all services and configuration data across all member appliances. The grid master provides an interface for the Grid Manager application which is the GUI used to enable centralized and delegated management for all grid members and services. As noted above, the grid master uses the same hardware and software as the systems that provide services; in fact, the grid master can also provide services. It is important to note that the grid master is not an overlay or add-on hardware device or software product.

• Grid master candidate(s) are any other devices that are configured to take over the grid master role if needed, such as in a disaster recovery event. All grid master candidates receive a full replication of all configuration and data for all appliances in the grid master. Changing control from a grid master to a grid master candidate is a single operation and enables recovery of core network services administration in minutes in event of loss of an active grid master. • The grid members are appliances that provide network services to users and devices and are managed by the grid master.

Together, Infoblox appliances, Infoblox NIOS software, and grid technology provide a new type of IT infrastructure solution that delivers core network services to “utility- grade”, physical network standards.

12 Conclusion

Your core network services architecture must perform to the same reliability, scalability, and manageability standards as your physical network architecture and application server infrastructure. Deploying a hardened, appliance-based infrastructure for your core network services is the best way to achieve those standards. Infoblox solutions enable the deployment of nonstop, utility-grade services at the lowest possible total cost of ownership.

About Infoblox

Infoblox (NYSE:BLOX) helps customers control their networks. Infoblox solutions help businesses automate complex network control functions to reduce costs and increase security and uptime. Our technology enables automatic discovery, real-time configuration and change management and compliance for network infrastructure, as well as critical network control functions such as DNS, DHCP and IP Address Management (IPAM) for applications and endpoint devices. Infoblox solutions help over 6,500 enterprises and service providers in 25 countries control their networks.

13 WHITEPAPER Utility-Grade Core Network Services CORPORATE HEADQUARTERS: EMEA HEADQUARTERS: APAC HEADQUARTERS:

+1.408.986.4000 +32.3.259.04.30 +852.3793.3428

+1.866.463.6256 [email protected] [email protected]

(toll-free, U.S. and Canada) [email protected] www.infoblox.com

© 2013 Infoblox Inc. All rights reserved. infoblox-whitepaper-core-network-services-July/2013