Sannu!
Duk labarai masu kyau sun zo ƙarshe. Kuma labarinmu game da yadda muka samar da mafita don hanzarta wuce ta Firewall na kasar Sin ba banda. Don haka na yi gaggawar raba muku na karshe. kashi na karshe akan wannan batu.
A bangaren da ya gabata mun yi magana kan benkunan gwaji da yawa da muka fito da kuma irin sakamakon da suka bayar. Kuma mun daidaita akan abin da zai yi kyau mu ƙara CDN! don danko a cikin tsarin mu.
Zan gaya muku yadda muka gwada Alibaba Cloud CDN, Tencent Cloud CDN da Akamai, da abin da muka ƙare. Kuma ba shakka, bari mu taƙaita.
Alibaba Cloud CDN
An shirya mu akan Alibaba Cloud kuma muna amfani da IPSEC da CEN daga gare su. Zai zama ma'ana a gwada mafitarsu tukuna.
Alibaba Cloud yana da nau'ikan samfura guda biyu waɗanda zasu dace da mu: CDN и DCDN. Zaɓin farko shine CDN na yau da kullun don takamaiman yanki (ƙarshen yanki). Zabi na biyu yana tsaye ga Hanya Mai Sauƙi don CDN (Ina kiran shi CDN mai ƙarfi), ana iya kunna shi a cikin cikakken yanayin rukunin yanar gizo (don wuraren yanki), yana kuma adana abun ciki a tsaye kuma yana haɓaka abun ciki mai ƙarfi akan kansa, wato, za a loda ƙarfin shafin ta hanyar mai samarwa. hanyoyin sadarwa masu sauri. Wannan yana da mahimmanci a gare mu, saboda ainihin rukunin yanar gizon mu yana da ƙarfi, yana amfani da yankuna da yawa, kuma ya fi dacewa don saita CDN sau ɗaya don "alama" - * .semrushchina.cn.
Mun riga mun ga wannan samfurin a cikin matakan farko na aikinmu na kasar Sin, amma daga baya bai yi aiki ba, kuma masu haɓakawa sun yi alkawarin cewa samfurin zai kasance ga duk abokan ciniki. Kuma ya aikata.
A cikin DCDN zaku iya:
- saita ƙarewar SSL tare da takardar shaidar ku,
- ba da damar haɓaka abun ciki mai ƙarfi,
- daidaita caching na fayilolin tsaye,
- cire cache,
- gaban yanar gizo sockets,
- ba da damar matsawa har ma da HTML Beautifier.
Gabaɗaya, komai iri ɗaya ne da manya da manyan masu samar da CDN.
Bayan an ƙayyade Asalin (wurin da sabobin CDN gefen za su je), duk abin da ya rage shine ƙirƙirar CNAME don alamar alama, yin magana. duk.semrushchina.cn.w.kunluncan.com (An karɓi wannan CNAME a cikin na'urar wasan bidiyo na Alibaba Cloud) kuma CDN zai yi aiki.
Dangane da sakamakon gwajin, wannan CDN ya taimaka mana da yawa. Ana nuna ƙididdiga a ƙasa.
yanke shawara
Kyau
Median
Kashi 75 cikin ɗari
Kashi 95 cikin ɗari
Cloudflare
86.6
18s
30s
60s
IPsec
99.79
18s
21s
30s
CEN
99.75
16s
21s
27s
CEN/IPsec + GLB
99.79
13s
16s
25s
Ali CDN + CEN/IPsec + GLB
99.75
10s
12.8s
17.3s
Waɗannan sakamako ne masu kyau, musamman idan kun kwatanta su da abin da lambobin suka kasance a farkon. Amma mun san cewa gwajin burauzar nau'in gidan yanar gizon mu na Amurka www.semrush.com yana gudana daga Amurka a matsakaicin 8.3s (madaidaicin ƙimar). Akwai wurin ingantawa. Bugu da ƙari, akwai kuma masu samar da CDN waɗanda ke da ban sha'awa don gwadawa.
Don haka a hankali mu matsa zuwa wani kato a kasuwar Sinawa - Tencent.
Tencent girgije
Tencent yana haɓaka girgijensa kawai - ana iya ganin wannan daga ƙaramin adadin samfuran. Yayin amfani da shi, muna so mu gwada ba kawai CDN ɗin su ba, har ma da hanyoyin sadarwar su gabaɗaya:
- suna da wani abu mai kama da CEN?
- Ta yaya IPSEC ke aiki a gare su? Yana da sauri, menene lokacin aiki?
- suna da Anycast?
Bari mu kalli waɗannan tambayoyin daban.
Analogue CEN
Tencent yana da samfur Cloud Connect Network (), ba ka damar haɗa VPCs daga yankuna daban-daban, gami da yankuna ciki da wajen China. Samfurin yanzu yana cikin beta na ciki, kuma kuna buƙatar ƙirƙirar tikitin neman haɗawa da shi. Mun koyi daga tallafi cewa asusun duniya (ba muna magana game da 'yan kasar Sin ko hukumomin doka ba) ba za su iya shiga cikin shirin gwajin beta ba, kuma, gabaɗaya, haɗa wani yanki a cikin Sin tare da yanki a waje. 1-0 ta hannun Ali Cloud
IPSEC
Yankin kudu na Tencent shine Guangzhou. Mun hada rami kuma muka haɗa shi zuwa yankin Hong Kong a GCP (to wannan yanki ya riga ya zama samuwa). Ramin na biyu na Ali Cloud daga Shenzhen zuwa Hong Kong shi ma an taso shi a lokaci guda. Ya bayyana cewa ta hanyar hanyar sadarwa ta Tencent, latency zuwa Hong Kong gabaɗaya ya fi (10ms) fiye da daga Shenzhen zuwa Hong Kong zuwa Ali (120ms - menene?). Amma wannan ba ta kowace hanya ya hanzarta aikin rukunin yanar gizon da ke da nufin yin aiki ta hanyar Tencent da wannan rami, wanda a cikin kansa ya kasance gaskiya mai ban mamaki kuma ya sake tabbatar da haka: latency - ga kasar Sin wannan ba alama ce ta gaske ba. mai da hankali kan lokacin samar da mafita don wucewa ta wuta ta kasar Sin.
Haɓakar Intanet ta Anycast
Wani samfurin da ke ba ku damar yin aiki ta hanyar kowanecast IP shine . Amma kuma ba a samuwa ga asusun duniya, don haka ba zan gaya muku game da shi ba, amma sanin cewa akwai irin wannan samfurin na iya zama da amfani.
Amma gwajin CDN ya nuna wasu kyawawan sakamako masu ban sha'awa. Ba za a iya kunna CDN na Tencent akan cikakken rukunin yanar gizo ba, kawai akan takamaiman yanki. Mun ƙirƙiri yanki kuma mun aika masu zirga-zirga zuwa gare su:
Ya bayyana cewa wannan CDN yana da ayyuka masu zuwa: Haɓaka zirga-zirgar kan iyaka. Wannan fasalin yakamata ya rage farashi lokacin da zirga-zirgar ababen hawa ke wucewa ta cikin Tacewar zaɓi na China. Kamar yadda Origin Adireshin IP na Google GLB (GLB anycast) an ƙayyade. Don haka, muna so mu sauƙaƙe tsarin gine-ginen aikin.
Sakamakon ya yi kyau sosai - a matakin Ali Cloud CDN, kuma a wasu wurare ma ya fi kyau. Wannan abin mamaki ne, saboda idan gwaje-gwajen sun yi nasara, za ku iya barin wani muhimmin bangare na abubuwan more rayuwa, tunnels, CEN, injunan kama-da-wane, da sauransu.
Ba mu yi murna na dogon lokaci ba, kamar yadda aka bayyana matsala: gwaje-gwaje a cikin Catchpoint sun kasa ga mai ba da Intanet na China Mobile. Daga kowane wuri mun sami ƙarewar lokaci ta CDN na Tencent. Haɗin kai tare da tallafin fasaha bai haifar da komai ba. Mun yi ƙoƙarin magance wannan matsalar kusan kwana ɗaya, amma babu wani aiki.
Na kasance a China a lokacin, amma ban iya samun Wi-Fi na jama'a akan hanyar sadarwar wannan mai bada don tabbatar da matsalar da kaina ba. In ba haka ba duk abin da ya dubi sauri da kyau.
Duk da haka, saboda gaskiyar cewa China Mobile na ɗaya daga cikin manyan kamfanoni uku, an tilasta mana mayar da zirga-zirga zuwa Ali CDN.
Amma gabaɗaya, wannan mafita ce mai ban sha'awa wacce ta cancanci gwaji mai tsawo da magance matsalar wannan matsala.
Akamai
Mai bada CDN na ƙarshe da muka gwada shine Akamai. Wannan babban mai bada sabis ne wanda ke da hanyar sadarwarsa a China. Tabbas, ba za mu iya wucewa ba.
Tun daga farko, mun amince da Akamai na lokacin gwaji don mu canza yankin mu ga yadda zai yi aiki a kan hanyar sadarwar su. Zan bayyana sakamakon duk gwaje-gwaje a cikin nau'in "Abin da nake so" da "Abin da ban so," kuma zan ba da sakamakon gwajin.
Abin da nake so:
- Mutanen Akamai sun taimaka sosai a duk tambayoyin kuma suna tare da mu a duk matakan gwaji. Kullum muna ƙoƙarin inganta wani abu a gefenmu. Sun ba da shawara mai kyau na fasaha.
- Akamai yana kusan 10-15% a hankali fiye da maganinmu ta hanyar Ali Cloud CDN. Abin ban sha'awa shi ne cewa a Asalin Akamai mun ƙayyade adireshin IP na GLB, ma'ana zirga-zirgar ba ta bi ta hanyar maganinmu ba (yiwuwar za mu iya barin wani ɓangare na abubuwan more rayuwa). Amma har yanzu, sakamakon gwajin ya nuna cewa wannan maganin ya fi muni fiye da sigar mu na yanzu (sakamakon kwatancen da ke ƙasa).
- An gwada duka Origin GLB da Origin a China. Duk zaɓuɓɓukan biyu kusan iri ɗaya ne.
- Akwai Tabbas Hanyar (ingantawa ta atomatik). Kuna iya ɗaukar nauyin abin gwaji akan Origin, kuma sabobin Akamai Edge za su yi ƙoƙarin ɗauka (GET na yau da kullun). Don waɗannan buƙatun, ana auna saurin gudu da sauran ma'auni, bisa ga hanyar sadarwar Akamai ta inganta hanyoyin ta yadda zirga-zirgar ke tafiya cikin sauri ga rukunin yanar gizonmu kuma a bayyane yake cewa ba da damar wannan fasalin yana da tasiri mai ƙarfi akan saurin rukunin yanar gizon.
- Ƙirƙirar ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙirar gidan yanar gizon yana da kyau. Kuna iya yin Kwatanta don sigogin, duba diff. Duba sigogin da suka gabata.
- Kuna iya fitar da sabon sigar farko kawai akan hanyar sadarwar Akamai Staging - hanyar sadarwa iri ɗaya da samarwa, wannan hanyar kawai ba zata shafi masu amfani da gaske ba. Don wannan gwajin, kuna buƙatar zubar da bayanan DNS akan injin ku na gida.
- Saurin zazzagewa da sauri ta hanyar hanyar sadarwar su don manyan fayilolin tsaye, kuma, a fili, kowane fayiloli. Ana dawo da fayil daga ma'ajin "sanyi" sau da yawa cikin sauri fiye da fayil iri ɗaya daga ma'ajiyar "sanyi" na Ali CDN. Daga cache "zafi", saurin ya riga ya zama iri ɗaya, ƙari ko ragi.
Gwajin Ali CDN:
root@shenzhen1:~# curl -o /dev/null -w@curl_time https://en.semrushchina.cn/my_reports/build/scripts/simpleInit.js?v=1551879212
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 5757k 0 5757k 0 0 513k 0 --:--:-- 0:00:11 --:--:-- 526k
time_namelookup: 0.004286
time_connect: 0.030107
time_appconnect: 0.117525
time_pretransfer: 0.117606
time_redirect: 0.000000
time_starttransfer: 0.840348
----------
time_total: 11.208119
----------
size_download: 5895467 Bytes
speed_download: 525999.000B/sGwajin Akamai:
root@shenzhen1:~# curl -o /dev/null -w@curl_time https://www.semrushchina.cn/my_reports/build/scripts/simpleInit.js?v=1551879212
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 5757k 0 5757k 0 0 1824k 0 --:--:-- 0:00:03 --:--:-- 1825k
time_namelookup: 0.509005
time_connect: 0.528261
time_appconnect: 0.577235
time_pretransfer: 0.577324
time_redirect: 0.000000
time_starttransfer: 1.327013
----------
time_total: 3.154850
----------
size_download: 5895467 Bytes
speed_download: 1868699.000B/sMun lura cewa halin da ake ciki a cikin misalin da ke sama ya dogara da dalilai daban-daban. A lokacin rubuta wannan batu, na sake yin gwajin. Sakamakon dandali guda biyu sun kasance kusan iri ɗaya. Wannan yana nuna mana cewa Intanet a kasar Sin, har ma da manyan ma'aikata da masu samar da gajimare, suna nuna hali daban-daban daga lokaci zuwa lokaci.
A babin da ya gabata, zan kara ma Akamai wani babban abin karawa: idan Ali ya nuna irin wannan filasha na manyan ayyuka da kuma karancin aiki (wannan ya shafi Ali CDN, Ali CEN, da Ali IPSEC), sannan Akamai, a kowane lokaci, komai. yadda nake gwada hanyar sadarwar su, komai yana aiki a tsaye.
Akamai yana da ɗaukar hoto da yawa a China kuma yana aiki ta hanyar masu samarwa da yawa.
Abin da ban so:
- Ba na son haɗin yanar gizo da kuma yadda yake aiki - yana da talauci sosai. Amma a zahiri ka saba da shi (wataƙila).
- Sakamakon gwaji ya fi muni.
- Akwai ƙarin kurakurai yayin gwaje-gwaje fiye da kan rukunin yanar gizon mu (lokacin aiki a ƙasa).
- Ba mu da namu sabobin DNS a China. Don haka akwai kurakurai da yawa a cikin gwaje-gwaje saboda lokacin warwarewar DNS.
- Ba sa samar da kewayon IP ɗin su -> babu wata hanyar yin rajistar daidaitattun saita_real_ip_daga akan sabobin mu.
Ma'auni (~ 3626 yana gudana; duk ma'auni ban da Uptime, a cikin ms; ƙididdiga na lokaci ɗaya):
Mai ba da CDN
Median
75%
95%
Response
Martanin Shafin Yanar Gizo
Kyau
DNS
connect
Jira
load
SSL
AliCDN
9195
10749
17489
1,715
10,745
99.531
57
17
927
479
200
Akamai
9783
11887
19888
2,352
11,550
98.980
424
91
1408
381
50
Rarraba ta Kashi (a cikin ms):
Kashi dari
Akamai
AliCDN
10
7,092
6,942
20
7,775
7,583
30
8,446
8,092
40
9,146
8,596
50
9,783
9,195
60
10,497
9,770
70
11,371
10,383
80
12,670
11,255
90
15,882
13,165
100
91,592
91,596
Ƙarshen ita ce: zaɓin Akamai mai yiwuwa ne, amma ba ya samar da kwanciyar hankali da sauri kamar namu mafita tare da Ali CDN.
Ƙananan bayanin kula
Wasu lokuta ba a haɗa su cikin labarin ba, amma zan so in rubuta game da su kuma.
Beijing + Tokyo da Hong Kong
Kamar yadda na fada a sama, mun gwada hanyar IPSEC zuwa Hong Kong (HK). Amma kuma mun gwada CEN zuwa HK. Kudinsa kaɗan kaɗan, kuma ina mamakin yadda zai yi aiki tsakanin biranen da nisan ~ 100 km. Ya zama mai ban sha'awa cewa latency tsakanin waɗannan biranen ya fi 100ms sama da na mu na asali (zuwa Taiwan). Gudun, kwanciyar hankali kuma ya fi kyau ga Taiwan. A sakamakon haka, mun bar HK a matsayin madadin IPSEC yankin.
Bugu da kari, mun yi ƙoƙarin shigar da shigarwa mai zuwa:
- Kashe abokan ciniki a Beijing,
- IPSEC da CEN zuwa Tokyo,
- a Ali CDN an nuna uwar garken da ke birnin Beijing a matsayin asalinsa.
Wannan makircin bai tsaya tsayin daka ba, ko da yake ta fuskar saurin gudu bai yi kasa da maganinmu ba. Game da rami, na ga raguwar raguwa ko da na CEN, wanda yakamata ya tsaya tsayin daka. Don haka, mun koma ga tsohon makirci kuma muka wargaza wannan shiri.
A ƙasa akwai ƙididdiga akan latency tsakanin yankuna daban-daban don tashoshi daban-daban. Wataƙila wani zai yi sha'awar shi.
IPsec
Ali cn-beijing <-> GCP asia-arewa maso gabas1 - 193ms
Ali cn-shenzhen <-> GCP asia-east2 - 91ms
Ali cn-shenzhen <—> GCP us-east4 — 200ms
CEN
Ali cn-beijing <—> Ali a-arewa maso gabas-1 — 54ms (!)
Ali cn-shenzhen <—> Ali cn-hongkong — 6ms (!)
Ali cn-shenzhen <—> Ali us-gabas1 — 216ms
Gabaɗaya bayanai game da Intanet a China
A matsayin ƙari ga matsaloli tare da Intanet da aka bayyana a farkon farkon, a cikin ɓangaren farko na labarin.
- Intanet a China yana da sauri a ciki.
- An ƙaddamar da ƙarshen ne bisa gwada hanyoyin sadarwar Wi-Fi na jama'a a wurare daban-daban inda mutane da yawa ke amfani da waɗannan cibiyoyin.
- Saurin zazzagewa da lodawa zuwa sabobin a cikin China sun kasance kusan 20 Mbit/s da 5-10 Mbit/s, bi da bi.
- Gudun zuwa sabobin a wajen China ba shi da yawa, ƙasa da 1 Mbit/s.
- Intanet a kasar Sin ba ta da kwanciyar hankali sosai.
- Wani lokaci shafuka na iya buɗewa da sauri, wani lokacin a hankali (a lokaci ɗaya na rana a ranaku daban-daban), muddin tsarin bai canza ba. Mun lura da wannan tare da misalin semrushchina.cn. Ana iya danganta wannan ga Ali CDN, wanda kuma yana aiki ta wannan hanyar kuma ya danganta da lokacin rana, matsayin taurari, da sauransu.
- Intanit ta wayar hannu kusan ko'ina yana 4G ko 4G+. Kama shi a cikin jirgin karkashin kasa, elevators - a takaice, ko'ina.
- Tatsuniya ce cewa masu amfani da Sinawa sun amince da yanki ne kawai a cikin yankin .cn. Mun koyi wannan kai tsaye daga masu amfani.
- Kuna iya ganin yadda tura zuwa www.baidu.com (a kasar Sin ma).
- Lallai an toshe albarkatu da yawa. Na farko: google.com, Facebook, Twitter. Amma yawancin albarkatun Google suna aiki (ba shakka, ba akan duk Wi-Fi da VPN ba a yi amfani da su (a gefen na'ura mai ba da hanya tsakanin hanyoyin sadarwa ma, wannan tabbas ne).
- Yawancin wuraren "fasahar" na kamfanoni da aka katange suma suna aiki. Wannan yana nufin cewa bai kamata a koyaushe ku yanke duk Google da sauran albarkatun da aka toshe ba. Kuna buƙatar nemo wasu jerin wuraren da aka haramta.
- Suna da manyan kamfanonin Intanet guda uku: China Unicom, China Telecom, China Mobile. Akwai ma kanana, amma kasuwarsu ba ta da kima
Bonus: zane na ƙarshe na bayani
Sakamakon
Shekara guda kenan da fara aikin. Mun fara da gaskiyar cewa rukunin yanar gizon mu gabaɗaya ya ƙi yin aiki akai-akai daga China, kuma kawai GET curl ya ɗauki daƙiƙa 5.5.
Sannan, tare da waɗannan alamomin a farkon bayani (Cloudflare):
yanke shawara
Kyau
Median
Kashi 75 cikin ɗari
Kashi 95 cikin ɗari
Cloudflare
86.6
18s
30s
60s
A ƙarshe mun kai sakamako masu zuwa (ƙididdiga na watan da ya gabata):
yanke shawara
Kyau
Median
Kashi 75 cikin ɗari
Kashi 95 cikin ɗari
Ali CDN + CEN/IPsec + GLB
99.86
8.8s
9.5s
13.7s
Kamar yadda kake gani, har yanzu ba mu sami damar cimma 100% uptime ba, amma za mu fito da wani abu, sannan kuma za mu gaya muku game da sakamakon a cikin sabon labarin :)
Girmamawa ga waɗanda suka karanta duka sassa uku har zuwa ƙarshe. Ina fatan kun sami duk waɗannan abubuwan ban sha'awa kamar yadda na yi lokacin da na yi.
PS Abubuwan da suka gabata
source: www.habr.com