Hoto:
A yau, an rarraba wani muhimmin yanki na duk abun ciki akan Intanet ta amfani da cibiyoyin sadarwar CDN. A lokaci guda, bincike kan yadda masu tace bayanai daban-daban ke fadada tasirin su akan irin waɗannan hanyoyin sadarwa. Masana kimiyya daga Jami'ar Massachusetts hanyoyin da za a iya bi don toshe abubuwan CDN ta hanyar amfani da misalin ayyukan hukumomin kasar Sin, da kuma samar da kayan aiki na ketare irin wannan toshewar.
Mun shirya kayan bita tare da babban ƙarshe da sakamakon wannan gwaji.
Gabatarwar
Cece-kuce barazana ce ta duniya ga 'yancin fadin albarkacin baki a Intanet da damar samun bayanai kyauta. Wannan yana yiwuwa ne sosai saboda gaskiyar cewa Intanet ta karɓi samfurin “sadarwar ƙarshe zuwa ƙarshen” daga hanyoyin sadarwar tarho na 70s na ƙarni na ƙarshe. Wannan yana ba ku damar toshe damar yin amfani da abun ciki ko sadarwar mai amfani ba tare da gagarumin ƙoƙari ko farashi kawai bisa adireshin IP ba. Akwai hanyoyi da yawa a nan, daga toshe adireshin da kansa tare da abubuwan da aka haramta zuwa toshe ikon masu amfani don gane shi ta amfani da magudin DNS.
Sai dai kuma ci gaban yanar gizo ya haifar da bullar sabbin hanyoyin yada bayanai. Ɗayan su shine amfani da abubuwan da aka ɓoye don inganta aiki da kuma hanzarta sadarwa. A yau, masu ba da CDN suna aiwatar da adadi mai yawa na duk zirga-zirgar ababen hawa a duniya - Akamai, jagora a wannan sashin, shi kaɗai ya kai kashi 30% na zirga-zirgar gidan yanar gizo a tsaye.
Cibiyar sadarwa ta CDN tsarin rarrabawa ce don isar da abun ciki na Intanet a matsakaicin sauri. Hanyar sadarwar CDN ta yau da kullun ta ƙunshi sabobin a wurare daban-daban waɗanda ke adana abun ciki don ba da sabis ga masu amfani waɗanda ke kusa da waccan uwar garken. Wannan yana ba ku damar haɓaka saurin sadarwar kan layi sosai.
Bugu da ƙari, haɓaka ƙwarewa don masu amfani na ƙarshe, CDN hosting yana taimakawa masu ƙirƙirar abun ciki su daidaita ayyukan su ta hanyar rage nauyin kayan aikin su.
Takaddama abun ciki na CDN
Duk da cewa zirga-zirgar CDN ta riga ta zama babban kaso na duk bayanan da ake watsawa ta Intanet, har yanzu babu wani bincike kan yadda masu tace bayanai a duniyar gaske ke tunkarar sa.
Marubutan binciken sun fara ne ta hanyar binciko dabarun tantancewa waɗanda za a iya amfani da su ga CDNs. Sannan sun yi nazarin ainihin hanyoyin da hukumomin kasar Sin ke amfani da su.
Da farko, bari mu yi magana game da yuwuwar hanyoyin tantancewa da yuwuwar amfani da su don sarrafa CDN.
IP tace
Wannan ita ce hanya mafi sauƙi kuma mafi arha don bincikar Intanet. Yin amfani da wannan hanyar, tantanin halitta yana ganowa kuma ya sanya baƙaƙen adiresoshin IP na albarkatun da aka haramta abun ciki. Sa'an nan kuma masu samar da Intanet masu sarrafawa suna daina isar da fakitin da aka aika zuwa irin waɗannan adireshi.
Katange tushen IP yana ɗaya daga cikin hanyoyin da aka fi sani da bincika Intanet. Yawancin na'urorin cibiyar sadarwar kasuwanci suna sanye da ayyuka don aiwatar da irin wannan toshewa ba tare da gagarumin ƙoƙarin lissafi ba.
Koyaya, wannan hanyar ba ta dace sosai don toshe zirga-zirgar CDN ba saboda wasu kaddarorin fasahar kanta:
- Rarraba Caching - don tabbatar da mafi kyawun samuwa na abun ciki da haɓaka aiki, CDN cibiyoyin sadarwar cache abun ciki na mai amfani akan babban adadin sabobin gefen da ke cikin wuraren da aka rarraba. Don tace irin wannan abun cikin dangane da IP, mai tace bayanai zai buƙaci nemo adiresoshin duk sabar gefen kuma a lissafta su. Wannan zai lalata mahimman kaddarorin hanyar, saboda babban fa'idarsa shine cewa a cikin makircin da aka saba, toshe uwar garken ɗaya yana ba ku damar "yanke" damar yin amfani da abubuwan da aka haramta ga yawancin mutane a lokaci ɗaya.
- IPs masu rabawa - Masu samar da CDN na kasuwanci suna raba kayan aikin su (watau sabar gefen, tsarin taswira, da sauransu) tsakanin abokan ciniki da yawa. Sakamakon haka, an ɗora abun ciki na CDN da aka haramta daga adiresoshin IP iri ɗaya kamar abun da ba a hana shi ba. Sakamakon haka, duk wani yunƙuri na tacewa na IP zai haifar da ɗimbin rukunin shafuka da abun ciki waɗanda ba su da sha'awar toshe tashe-tashen hankula.
- Ayyukan IP mai ƙarfi sosai - don haɓaka ma'aunin nauyi da haɓaka ingancin sabis, taswirar sabar gefen da masu amfani da ƙarshen ana yin su cikin sauri da kuzari. Misali, sabunta Akamai suna mayar da adiresoshin IP kowane minti daya. Wannan zai sa kusan ba zai yiwu a haɗa adireshi da abubuwan da aka haramta ba.
Tsangwama na DNS
Bayan tacewar IP, wata shahararriyar hanyar tantancewa ita ce kutse ta DNS. Wannan hanya ta ƙunshi ayyuka ta masu tace bayanai da nufin hana masu amfani gane adiresoshin IP na albarkatu tare da abubuwan da aka haramta. Wato, sa baki yana faruwa a matakin ƙudurin sunan yankin. Akwai hanyoyi da yawa don yin hakan, gami da satar haɗin yanar gizo na DNS, ta amfani da dabarun guba na DNS, da toshe buƙatun DNS zuwa wuraren da aka haramta.
Wannan hanya ce ta toshewa mai tasiri sosai, amma ana iya ƙetare ta idan kuna amfani da hanyoyin ƙudurin DNS mara daidaitattun, misali, tashoshi na waje. Saboda haka, censors yawanci hada DNS tarewa tare da IP tace. Amma, kamar yadda aka bayyana a sama, tacewar IP ba ta da tasiri wajen tantance abubuwan CDN.
Tace ta URL/Kalmomi ta amfani da DPI
Ana iya amfani da kayan aikin saka idanu na ayyukan cibiyar sadarwa na zamani don nazarin takamaiman URLs da kalmomin shiga cikin fakitin bayanai da aka watsa. Ana kiran wannan fasaha DPI (Deep packet inspection). Irin waɗannan tsarin suna samun ambaton kalmomin da aka haramta da albarkatun, bayan haka suna tsoma baki tare da sadarwar kan layi. Sakamakon haka, fakitin ana sauke su kawai.
Wannan hanya tana da tasiri, amma ta fi rikitarwa kuma tana da ƙarfi saboda tana buƙatar ɓarna duk fakitin bayanan da aka aika cikin wasu rafukan.
Ana iya kiyaye abun ciki na CDN daga irin wannan tacewa kamar yadda abun cikin "na yau da kullun" yake - a cikin lokuta biyu amfani da boye-boye (watau HTTPS) yana taimakawa.
Baya ga amfani da DPI don nemo kalmomi ko URLs na albarkatun da aka haramta, ana iya amfani da waɗannan kayan aikin don ƙarin bincike mai zurfi. Waɗannan hanyoyin sun haɗa da nazarin ƙididdiga na zirga-zirgar kan layi/a kan layi da kuma nazarin ƙa'idojin tantancewa. Waɗannan hanyoyin suna da matuƙar amfani da albarkatu kuma a halin yanzu babu wata shaida ta yin amfani da su ta masu tace bayanai zuwa isasshe mai tsanani.
Takaddar kai na masu samar da CDN
Idan censor ita ce jihar, to tana da kowane damar da za ta hana waɗancan masu samar da CDN aiki a cikin ƙasar waɗanda ba sa bin dokokin gida waɗanda ke jagorantar samun damar abun ciki. Ba za a iya tsayayya da kai tsaye ta kowace hanya ba - don haka, idan kamfani na CDN yana sha'awar yin aiki a wata ƙasa, za a tilasta masa ya bi dokokin gida, koda kuwa sun hana 'yancin magana.
Yadda China ke tantance abubuwan CDN
An yi la'akari da Babban Wutar Wuta ta kasar Sin a matsayin mafi inganci kuma tsarin ci gaba don tabbatar da tace bayanan Intanet.
Hanyar Bincike
Masana kimiyya sun gudanar da gwaje-gwaje ta hanyar amfani da kumburin Linux da ke cikin China. Sun kuma sami damar yin amfani da kwamfutoci da dama a wajen kasar. Da farko, masu binciken sun bincika cewa kumburin yana fuskantar takunkumi irin na sauran masu amfani da Sinawa - don yin hakan, sun yi ƙoƙarin buɗe wuraren da aka haramta daga wannan na'ura. Don haka an tabbatar da kasancewar matakin tantancewa.
Jerin gidajen yanar gizo da aka toshe a China masu amfani da CDNs an ɗauke su daga GreatFire.org. An yi nazarin hanyar toshewa a kowane hali.
Bisa bayanan jama'a, babban dan wasa daya tilo a kasuwar CDN da ke da ababen more rayuwa a kasar Sin shi ne Akamai. Sauran masu samarwa da ke shiga cikin binciken: CloudFlare, Amazon CloudFront, EdgeCast, Fastly da SoftLayer.
A yayin gwaje-gwajen, masu binciken sun gano adiresoshin sabobin Akamai a cikin ƙasar, sannan suka yi ƙoƙarin samun damar adana abubuwan da aka yarda ta hanyar su. Ba a samu damar shiga abubuwan da aka haramta ba (An dawo da HTTP 403 Kuskuren da aka haramta) - a fili kamfanin yana yin tabo da kansa don kiyaye ikon yin aiki a cikin ƙasa. Haka kuma, damar samun waɗannan albarkatun ya kasance a buɗe a wajen ƙasar.
ISPs ba tare da ababen more rayuwa ba a China ba sa tantance masu amfani da gida.
A cikin yanayin sauran masu samarwa, hanyar toshewa da aka fi amfani da ita ita ce tacewa DNS - buƙatun wuraren da aka katange an warware su zuwa adireshin IP na kuskure. A lokaci guda kuma, Tacewar zaɓi ba ta toshe sabobin gefen CDN da kansu, tunda suna adana duk bayanan da aka haramta da izini.
Kuma idan a yanayin zirga-zirgar da ba a ɓoye ba hukumomi suna da ikon toshe shafukan yanar gizo guda ɗaya ta hanyar amfani da DPI, to lokacin amfani da HTTPS kawai za su iya hana shiga yankin gaba ɗaya. Wannan kuma yana haifar da toshe abubuwan da aka halatta.
Bugu da kari, kasar Sin tana da nata na'urorin CDN, gami da cibiyoyin sadarwa irin su ChinaCache, ChinaNetCenter da CDNetworks. Duk waɗannan kamfanoni suna cika cikakken bin dokokin ƙasar kuma suna toshe abubuwan da aka haramta.
CacheBrowser: Kayan aikin Ketare CDN
Kamar yadda bincike ya nuna, yana da wahala ga masu tace bayanai su toshe abun ciki na CDN. Don haka, masu binciken sun yanke shawarar ci gaba da haɓaka kayan aikin toshe kan layi wanda baya amfani da fasahar wakili.
Babban ra'ayin kayan aiki shine cewa masu tace bayanai dole ne su tsoma baki tare da DNS don toshe CDNs, amma ba lallai ne ku yi amfani da ƙudurin sunan yanki don saukar da abun ciki na CDN ba. Don haka, mai amfani zai iya samun abubuwan da yake buƙata ta hanyar tuntuɓar uwar garken kai tsaye, inda aka riga aka adana shi.
Hoton da ke ƙasa yana nuna tsarin tsarin.
An shigar da software na abokin ciniki akan kwamfutar mai amfani, kuma ana amfani da mai bincike na yau da kullun don samun damar abun ciki.
Lokacin da aka riga an nemi URL ko yanki na abun ciki, mai binciken yana buƙatar tsarin DNS na gida (LocalDNS) don samun adireshin IP na baƙi. DNS na yau da kullun ana tambayarsa kawai don wuraren da basu riga sun kasance a cikin bayanan LocalDNS ba. Tsarin Scraper yana ci gaba da tafiya ta URLs da ake buƙata kuma yana bincika jerin sunayen yanki mai yuwuwar katange. Scraper sannan ya kira tsarin Resolver don warware sabbin wuraren da aka katange, wannan rukunin yana yin aikin kuma yana ƙara shigarwa zuwa LocalDNS. Ana share cache na mai binciken DNS don cire bayanan DNS da ke akwai don yankin da aka katange.
Idan tsarin Resolver ba zai iya gano wane mai bada CDN na yankin yake ba, zai nemi taimakon Bootstrapper module.
Yadda yake aiki a aikace
An aiwatar da software na abokin ciniki na samfurin don Linux, amma ana iya aikawa da shi cikin sauƙi don Windows. Ana amfani da Mozilla na yau da kullun azaman mai bincike
Firefox. Abubuwan Scraper da Resolver an rubuta su a cikin Python, kuma ana adana bayanan Abokin Ciniki zuwa CDN da CDN-toIP a cikin fayilolin .txt. Bayanan LocalDNS shine fayil na yau da kullun /etc/hosts a cikin Linux.
Sakamakon haka, don URL da aka katange kamar Rubutun zai sami adireshin IP na gefen sabar daga fayil ɗin /etc/hosts kuma aika buƙatun HTTP GET don samun damar BlockedURL.html tare da filayen taken HTTP Mai watsa shiri:
blocked.com/ and User-Agent: Mozilla/5.0 (Windows
NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1Ana aiwatar da tsarin Bootstrapper ta amfani da kayan aikin kyauta digwebinterface.com. Ba za a iya katange wannan mai warwarewar DNS ba kuma yana amsa tambayoyin DNS a madadin sabar DNS masu yawa da aka rarraba a yankuna daban-daban na cibiyar sadarwa.
Ta hanyar amfani da wannan kayan aiki, masu binciken sun yi nasarar samun damar shiga Facebook daga kullinsu na kasar Sin, kodayake an dade da toshe hanyar sadarwar zamantakewa a China.
ƙarshe
Gwajin ya nuna cewa cin gajiyar matsalolin da masu tace bayanai ke fuskanta lokacin ƙoƙarin toshe abubuwan CDN ana iya amfani da su don ƙirƙirar tsarin ketare tubalan. Wannan kayan aikin yana ba ku damar ƙetare shinge ko da a cikin China, wanda ke da ɗayan mafi girman tsarin sa ido kan layi.
Sauran labaran kan batun amfani don kasuwanci:
source: www.habr.com