ã¢ããªã·ã㯠ã¢ããªã±ãŒã·ã§ã³ãããã€ã¯ããµãŒãã¹ ã¢ãŒããã¯ãã£ã«ç§»è¡ããã«ã€ããŠãç§ãã¡ã¯æ°ããªèª²é¡ã«çŽé¢ããŸãã
ã¢ããªã·ã㯠ã¢ããªã±ãŒã·ã§ã³ã§ã¯ãéåžžãã·ã¹ãã ã®ã©ã®éšåã§ãšã©ãŒãçºçããããå€æããã®ã¯éåžžã«ç°¡åã§ãã ãããããåé¡ã¯ã¢ããªã¹èªäœã®ã³ãŒããŸãã¯ããŒã¿ããŒã¹ã«ãããŸãã ãããããã€ã¯ããµãŒãã¹ ã¢ãŒããã¯ãã£ã®åé¡ãæ¢ãå§ãããšããã¹ãŠãããã»ã©æçœã§ã¯ãªããªããŸãã ãªã¯ãšã¹ããæåããæåŸãŸã§ãã©ã£ããã¹å šäœãèŠã€ããŠãæ°çŸã®ãã€ã¯ããµãŒãã¹ããéžæããå¿ èŠããããŸãã ããã«ããããã®å€ãã¯ç¬èªã®ã¹ãã¬ãŒãžæ©èœãåããŠãããããããã©ãŒãã³ã¹ãèé害æ§ã®åé¡ã ãã§ãªããè«çãšã©ãŒãçºçããå¯èœæ§ããããŸãã
ç§ã¯ãã®ãããªåé¡ã«å¯ŸåŠããã®ã«åœ¹ç«ã€ããŒã«ãé·ãéæ¢ããŠããŸãã (ããã«ã€ããŠã¯ Habré ã§æžããŸãã:
åæ£ãã¬ãŒã¹ã¯ãåæ£ã·ã¹ãã ã§ãšã©ãŒãèŠã€ããåé¡ã«å¯Ÿããäžè¬çãªè§£æ±ºçã§ãã ãããããããã¯ãŒã¯ ã€ã³ã¿ã©ã¯ã·ã§ã³ã«é¢ããæ å ±ãåéãããã®ã¢ãããŒãããŸã ã·ã¹ãã ã«å®è£ ãããŠããªãå Žåããããã¯ããã«æªãããšã«ãã·ã¹ãã ã®äžéšã§ã¯æ¢ã«é©åã«åäœããŠãããã®ã®ãå€ããµãŒãã¹ã«è¿œå ãããŠããªãããã«éšåçã«ã¯åäœããŠããªãå Žåã¯ã©ããªãã§ããããã ? åé¡ã®æ£ç¢ºãªæ ¹æ¬åå ãç¹å®ããã«ã¯ãã·ã¹ãã å ã§äœãèµ·ãã£ãŠããã®ããå®å šã«ææ¡ããå¿ èŠããããŸãã ã©ã®ãã€ã¯ããµãŒãã¹ãäž»èŠãªããžãã¹ã¯ãªãã£ã«ã«ãªãã¹ã«é¢äžããŠããããç解ããããšãç¹ã«éèŠã§ãã
ããã§ã¯ããµãŒãã¹èªäœãåäœãããããäœãã¬ãã«ã§ãããã¯ãŒã¯æ å ±ãåéããããã®ãã¹ãŠã®æ©æ§ãåŠçãããµãŒãã¹ ã¡ãã·ã¥ ã¢ãããŒãã圹ã«ç«ã¡ãŸãã ãã®ã¢ãããŒãã«ããããã¹ãŠã®ãã©ãã£ãã¯ãååãããã®å Žã§åæããããšãã§ããŸãã ããã«ãã¢ããªã±ãŒã·ã§ã³ã¯ããã«ã€ããŠäœãç¥ãå¿ èŠãããããŸããã
ãµãŒãã¹ã¡ãã·ã¥ã¢ãââããŒã
ãµãŒãã¹ ã¡ãã·ã¥ ã¢ãããŒãã®äž»ãªã¢ã€ãã¢ã¯ããããã¯ãŒã¯äžã«å¥ã®ã€ã³ãã©ã¹ãã©ã¯ãã£å±€ãè¿œå ããããšã§ããããã«ããããµãŒãã¹éã®å¯Ÿè©±ã§ããããåŠçãå¯èœã«ãªããŸãã ã»ãšãã©ã®å®è£ ã¯æ¬¡ã®ããã«æ©èœããŸããééçãªãããã·ãåããè¿œå ã®ãµã€ãã«ãŒ ã³ã³ãããŒãåãã€ã¯ããµãŒãã¹ã«è¿œå ããããµãŒãã¹ã®ãã¹ãŠã®åä¿¡ããã³éä¿¡ãã©ãã£ãã¯ãééããŸãã ãããŠãããã¯ãŸãã«ã¯ã©ã€ã¢ã³ãã®ãã©ã³ã¹ã調æŽããã»ãã¥ãªã㣠ããªã·ãŒãé©çšãããªã¯ãšã¹ãã®æ°ã«å¶éã課ããå®çšŒåç°å¢ã§ã®ãµãŒãã¹ã®çžäºäœçšã«é¢ããéèŠãªæ å ±ãåéã§ããå Žæã§ãã
РеÑеМОÑ
ãã®ã¢ãããŒãã®å®è£
ã¯ãã§ã«ããã€ããããŸãã
ãã®çµæãçŸåšå¿ èŠãªæ©èœãæ£ç¢ºã«æ€èšãããã®ãããªãœãªã¥ãŒã·ã§ã³ã®å®è£ ãéå§ããäž»ãªçç±ã¯ãã·ã¹ãã å šäœãããã¬ãŒã¹æ å ±ãééçã«åéã§ããæ©èœã§ãããšå€æããŸããã ãŸãããµãŒãã¹ã®çžäºäœçšãå¶åŸ¡ãããµãŒãã¹éã§è»¢éãããããããŒã䜿çšããŠããŸããŸãªæäœãå®è¡ããããšèããŠããŸããã
ãã®çµæã次ã®ãããªæ±ºå®ã«è³ããŸãããâ
ãããã©ã¡ãã·ã¥
æ°ãããœãªã¥ãŒã·ã§ã³ã®äž»ãªç®æšã¯ããªãœãŒã¹ã®ãªãŒããŒããããäœãæããé«ãããã©ãŒãã³ã¹ãå®çŸããããšã§ããã äž»ãªæ©èœã®äžã§ãç§ãã¡ã¯ããã«ããã¬ãŒã¹ ã¹ãã³ãã€ã§ãŒã¬ãŒ ã·ã¹ãã ã«ééçã«éä¿¡ã§ããããã«ããããšèããŸããã
çŸåšãã»ãšãã©ã®ã¯ã©ãŠã ãœãªã¥ãŒã·ã§ã³ã¯ Golang ã§å®è£ ãããŠããŸãã ãããŠãã¡ãããããã«ã¯çç±ããããŸãã I/O ãšéåæã«åäœããå¿ èŠã«å¿ããŠã³ã¢éã§æ¡åŒµã§ãããããã¯ãŒã¯ ã¢ããªã±ãŒã·ã§ã³ã Golang ã§äœæããã®ã¯äŸ¿å©ã§éåžžã«ç°¡åã§ãã ãããŠããããéåžžã«éèŠãªããšã§ãããæ§èœã¯ãã®åé¡ã解決ããã®ã«ååã§ãããšããããšã§ãã ãããç§ãã¡ã Golang ãéžãã çç±ã§ãã
ÐÑПОзвПЎОÑелÑМПÑÑÑ
ç§ãã¡ã¯æ倧éã®çç£æ§ãéæããããšã«æ³šåããŠããŸããã ãµãŒãã¹ã®åã€ã³ã¹ã¿ã³ã¹ã®é£ã«ãœãªã¥ãŒã·ã§ã³ããããã€ããå Žåãå¿ èŠãª RAM ãš CPU æéã¯ãããã§ãã ãããŠåœç¶ã®ããšãªãããå¿çé 延ãå°ããå¿ èŠããããŸãã
ã©ã®ãããªçµæãåŸãããããèŠãŠã¿ãŸãããã
RAM
Netramesh ã¯ããã©ãã£ãã¯ãªãã§æ倧 10Mb ãæ¶è²»ããã€ã³ã¹ã¿ã³ã¹ãããæ倧 50 RPS ã®è² è·ãããå Žåã¯æ倧 10000Mb ãæ¶è²»ããŸãã
Istio envoy ãããã·ã¯ãæ°åã®ã€ã³ã¹ã¿ã³ã¹ãæã€ã¯ã©ã¹ã¿ãŒã§åžžã«æ倧 300 MB ãæ¶è²»ããŸãã ããã«ãããã¯ã©ã¹ã¿ãŒå šäœã«ã¹ã±ãŒã«ããããšãã§ããªããªããŸãã
Netramesh ã䜿çšãããšãã¡ã¢ãªæ¶è²»éãæ倧 10 åã® XNUMX ã«åæžãããŸããã
CPU
è² è·ãããã£ãç¶æ ã§ã CPU 䜿çšçã¯æ¯èŒçåçã«ãªããŸãã ããã¯ããµã€ãã«ãŒã«å¯Ÿããåäœæéãããã®ãªã¯ãšã¹ãã®æ°ã«ãã£ãŠç°ãªããŸãã ããŒã¯æã® 3000 ç§ããã XNUMX ãªã¯ãšã¹ãã®å€:
ãã XNUMX ã€éèŠãªç¹ããããŸãã Netramesh - ã³ã³ãããŒã« ãã¬ãŒã³ãè² è·ããªããœãªã¥ãŒã·ã§ã³ã¯ãCPU æéãæ¶è²»ããŸããã Istio ã§ã¯ããµã€ãã«ãŒã¯åžžã«ãµãŒãã¹ ãšã³ããã€ã³ããæŽæ°ããŸãã ãã®çµæãè² è·ãªãã§æ¬¡ã®å³ã衚瀺ãããŸãã
ãµãŒãã¹éã®éä¿¡ã«ã¯ HTTP/1 ã䜿çšããŸãã envoy ãä»ããŠãããã·ããå Žåã® Istio ã®å¿çæéã®å¢å ã¯æ倧 5 ïœ 10 ããªç§ã§ãããããã¯ãããªç§ä»¥å ã«å¿çã§ãããµãŒãã¹ãšããŠã¯éåžžã«é·ãæéã§ãã Netramesh ã䜿çšãããšããã®æé㯠0.5 ïœ 2 ããªç§ã«ççž®ãããŸããã
ã¹ã±ãŒã©ããªãã£
åãããã·ã«ãã£ãŠæ¶è²»ããããªãœãŒã¹ã®éãå°ãªãããããããã·ãåãµãŒãã¹ã®é£ã«é 眮ããããšãã§ããŸãã Netramesh ã¯ãåã«åãµã€ãã«ãŒã軜éã«ä¿ã€ããã«ãã³ã³ãããŒã« ãã¬ãŒã³ ã³ã³ããŒãã³ãã䜿çšããã«æå³çã«äœæãããŸããã å€ãã®å ŽåããµãŒãã¹ ã¡ãã·ã¥ ãœãªã¥ãŒã·ã§ã³ã§ã¯ãã³ã³ãããŒã« ãã¬ãŒã³ããµãŒãã¹ ãã£ã¹ã«ããªæ å ±ãåãµã€ãã«ãŒã«é åžããŸãã ããã«ã¯ãã¿ã€ã ã¢ãŠããšãã©ã³ã¹èšå®ã«é¢ããæ å ±ãå«ãŸããŸãã ããã«ãããå€ãã®äŸ¿å©ãªããšãå¯èœã«ãªããŸãããæ®å¿µãªããšã«ããµã€ãã«ãŒã®ãµã€ãºãè¥å€§åããŸãã
ãµãŒãã¹ã®çºèŠ
Netramesh ã¯ããµãŒãã¹æ€åºã®ããã®è¿œå ã¡ã«ããºã ãè¿œå ããŸããã ãã¹ãŠã®ãã©ãã£ãã¯ã¯ãnetra ãµã€ãã«ãŒãéããŠééçã«ãããã·ãããŸãã
Netramesh 㯠HTTP/1 ã¢ããªã±ãŒã·ã§ã³ ãããã³ã«ããµããŒãããŸãã ãããå®çŸ©ããã«ã¯ãæ§æå¯èœãªããŒãã®ãªã¹ãã䜿çšãããŸãã éåžžãã·ã¹ãã ã«ã¯ HTTP éä¿¡ãè¡ãããè€æ°ã®ããŒãããããŸãã ããšãã°ããµãŒãã¹ãšå€éšãªã¯ãšã¹ãã®éã®å¯Ÿè©±ã«ã¯ 80ã8890ã8080 ã䜿çšããŸãããã®å Žåããããã¯ç°å¢å€æ°ã䜿çšããŠèšå®ã§ããŸãã NETRA_HTTP_PORTS
.
Kubernetes ããªãŒã±ã¹ãã¬ãŒã¿ãŒãšããŠäœ¿çšãããã®ãµãŒãã¹ ãšã³ãã£ã㣠ã¡ã«ããºã ããµãŒãã¹éã®ã¯ã©ã¹ã¿ãŒå éä¿¡ã«äœ¿çšããå Žåãã¡ã«ããºã ã¯ãŸã£ããåããŸãŸã«ãªããŸãã ãŸãããã€ã¯ããµãŒãã¹ã¯ kube-dns ã䜿çšããŠãµãŒãã¹ IP ã¢ãã¬ã¹ãååŸãããããžã®æ°ããæ¥ç¶ãéããŸãã ãã®æ¥ç¶ã¯æåã«ããŒã«ã« netra ãµã€ãã«ãŒã§ç¢ºç«ããããã¹ãŠã® TCP ãã±ãããæåã« netra ã«å°çããŸãã 次ã«ãnetra-sidecar ã¯å ã®å®å ãšã®æ¥ç¶ã確ç«ããŸãã ããŒãäžã®ããã IP äžã® NAT ã¯ãnetra ããªãå ŽåãšãŸã£ããåããŸãŸã§ãã
åæ£ãã¬ãŒã¹ãšã³ã³ããã¹ã転é
Netramesh ã¯ãHTTP ã€ã³ã¿ã©ã¯ã·ã§ã³ã«é¢ãããã¬ãŒã¹ ã¹ãã³ãéä¿¡ããããã«å¿
èŠãªæ©èœãæäŸããŸãã Netra-sidecar ã¯ãHTTP ãããã³ã«ã解æãããªã¯ãšã¹ãã®é
延ã枬å®ããHTTP ããããŒããå¿
èŠãªæ
å ±ãæœåºããŸãã æçµçã«ã¯ãåäžã®ã€ã§ãŒã¬ãŒ ã·ã¹ãã ã§ãã¹ãŠã®çè·¡ãååŸã§ããŸãã ãã现ããèšå®ãè¡ãã«ã¯ãå
¬åŒã©ã€ãã©ãªãæäŸããç°å¢å€æ°ã䜿çšããããšãã§ããŸãã
ãããåé¡ãããã ãµãŒãã¹ãç¹å¥ãª uber ããããŒãçæããŠéä¿¡ãããŸã§ãã·ã¹ãã å
ã«æ¥ç¶ããããã¬ãŒã¹ ã¹ãã³ã¯è¡šç€ºãããŸããã ããã¯ãåé¡ã®åå ãè¿
éã«èŠã€ããããã«å¿
èŠãªãã®ã§ãã ããã§ã Netramesh ã解決çãæäŸããŸãã ãããã·ã¯ HTTP ããããŒãèªã¿åããuber ãã¬ãŒã¹ ID ãå«ãŸããŠããªãå Žåã¯ãããããŒãçæããŸãã Netramesh ã¯ãŸããåä¿¡ãªã¯ãšã¹ããšéä¿¡ãªã¯ãšã¹ãã«é¢ããæ
å ±ããµã€ãã«ãŒã«ä¿åããå¿
èŠãªéä¿¡ãªã¯ãšã¹ã ããããŒã§æ
å ±ã匷åããããšã§ããããç
§åããŸãã ãµãŒãã¹å
ã§è¡ãå¿
èŠãããã®ã¯ãããããŒã XNUMX ã€éä¿¡ããã ãã§ã X-Request-Id
ãç°å¢å€æ°ã䜿çšããŠæ§æã§ããŸãã NETRA_HTTP_REQUEST_ID_HEADER_NAME
ã Netramesh ã§ã³ã³ããã¹ãã®ãµã€ãºãå¶åŸ¡ããã«ã¯ã次ã®ç°å¢å€æ°ãèšå®ããŸãã NETRA_TRACING_CONTEXT_EXPIRATION_MILLISECONDS
(ã³ã³ããã¹ããä¿åãããæé) ããã³ NETRA_TRACING_CONTEXT_CLEANUP_INTERVAL
(ã³ã³ããã¹ãã®ã¯ãªãŒã³ã¢ããã®é »åºŠ)ã
ç¹å¥ãªã»ãã·ã§ã³ ããŒã¯ã³ã§ããŒã¯ãä»ããããšã«ãããã·ã¹ãã äžã®è€æ°ã®ãã¹ãçµåããããšãã§ããŸãã Netra ã䜿çšãããšã€ã³ã¹ããŒã«ã§ããŸã HTTP_HEADER_TAG_MAP
HTTP ããããŒã察å¿ãããã¬ãŒã¹ ã¹ãã³ ã¿ã°ã«å€æããŸãã ããã¯ãã¹ãã«ç¹ã«åœ¹ç«ã¡ãŸãã æ©èœãã¹ãã«åæ Œãããšã察å¿ããã»ãã·ã§ã³ ããŒã«ãããã£ã«ã¿ãªã³ã°ã«ãã£ãŠã·ã¹ãã ã®ã©ã®éšåã圱é¿ãåãããã確èªã§ããŸãã
ãªã¯ãšã¹ããœãŒã¹ã®ç¹å®
ãªã¯ãšã¹ãã®éä¿¡å
ãç¹å®ããã«ã¯ããœãŒã¹ã«ããããŒãèªåçã«è¿œå ããæ©èœã䜿çšã§ããŸãã ç°å¢å€æ°ã®äœ¿çš NETRA_HTTP_X_SOURCE_HEADER_NAME
èªåçã«ã€ã³ã¹ããŒã«ãããããããŒåãæå®ã§ããŸãã ã䜿çšããããšã§ NETRA_HTTP_X_SOURCE_VALUE
ãã¹ãŠã®éä¿¡ãªã¯ãšã¹ãã«å¯Ÿã㊠X-Source ããããŒãèšå®ãããå€ãèšå®ã§ããŸãã
ããã«ããããã®äŸ¿å©ãªããããŒããããã¯ãŒã¯å šäœã«åäžã«é åžã§ããŸãã ãã®åŸãããããµãŒãã¹ã§äœ¿çšãããããã°ãã¡ããªã¯ã¹ã«è¿œå ãããã§ããŸãã
ãã©ãã£ã㯠ã«ãŒãã£ã³ã°ãš Netramesh ã®å éšæ§é
Netramesh 㯠XNUMX ã€ã®äž»èŠã³ã³ããŒãã³ãã§æ§æãããŸãã XNUMX ã€ç®ã® netra-init ã¯ããã©ãã£ãã¯ãååãããããã¯ãŒã¯ ã«ãŒã«ãèšå®ããŸãã 圌ã¯äœ¿ã INBOUND_INTERCEPT_PORTS, OUTBOUND_INTERCEPT_PORTS
.
ãã®ããŒã«ã«ã¯ã確ççã«ãŒãã£ã³ã°ãšããèå³æ·±ãæ©èœããããŸãã Netramesh ããã¬ãŒã¹ ã¹ãã³ã®åéå°çšã«äœ¿çšããå Žåãéçšç°å¢ã§ã¯ãªãœãŒã¹ãç¯çŽããå€æ°ã䜿çšãã確ççã«ãŒãã£ã³ã°ãæå¹ã«ããããšãã§ããŸãã NETRA_INBOUND_PROBABILITY
О NETRA_OUTBOUND_PROBABILITY
(0ãã1ãŸã§)ã ããã©ã«ãå€ã¯ 1 (ãã¹ãŠã®ãã©ãã£ãã¯ãååãããŸã) ã§ãã
ã€ã³ã¿ãŒã»ãããæåãããšãnetra ãµã€ãã«ãŒã¯æ°ããæ¥ç¶ãåãå
¥ãã SO_ORIGINAL_DST
å
ã®å®å
ãååŸããããã®ãœã±ãã ãªãã·ã§ã³ã Netra ã¯ãå
ã® IP ã¢ãã¬ã¹ãžã®æ°ããæ¥ç¶ãéããåæ¹åã® TCP éä¿¡ã確ç«ããééãããã¹ãŠã®ãã©ãã£ãã¯ããªãã¹ã³ããŸãã ããŒãã HTTP ãšããŠå®çŸ©ãããŠããå ŽåãNetra ã¯ãã®ããŒãã解æããŠãã¬ãŒã¹ããããšããŸãã HTTP 解æã倱æããå ŽåãNetra 㯠TCP ã«ãã©ãŒã«ããã¯ããééçã«ãã€ãããããã·ããŸãã
äŸåé¢ä¿ã°ã©ãã®æ§ç¯
Yeter ã§å€§éã®ãã¬ãŒã¹æ
å ±ãåä¿¡ããåŸãã·ã¹ãã å
ã®ã€ã³ã¿ã©ã¯ã·ã§ã³ã®å®å
šãªã°ã©ããååŸããããšèããŠããŸãã ãã ããã·ã¹ãã ã®è² è·ãé«ããXNUMX æ¥ã«äœååãã®ãã¬ãŒã¹ ã¹ãã³ãèç©ãããå ŽåãããããéçŽããããšã¯ããã»ã©ç°¡åãªäœæ¥ã§ã¯ãããŸããã ãããè¡ãããã®å
¬åŒã®æ¹æ³ããããŸãã
Elasticsearch ã䜿çšããŠãã¬ãŒã¹ ã¹ãã³ãä¿åããŠããå Žåã¯ã次ã®ããã«äœ¿çšã§ããŸãã
ãããã©ã¡ãã·ã¥ã®äœ¿ãæ¹
Netra ã¯ããªãŒã±ã¹ãã¬ãŒã¿ãŒãå®è¡ããŠãããµãŒãã¹ã«ç°¡åã«è¿œå ã§ããŸãã äŸãèŠãããšãã§ããŸã
çŸæç¹ã§ã¯ãNetra ã«ã¯ãµãŒãã¹ã«ãµã€ãã«ãŒãèªåçã«å®è£ ããæ©èœã¯ãããŸããããå®è£ ã®èšç»ã¯ãããŸãã
ãããã©ã¡ãã·ã¥ã®æªæ¥
äž»ãªç®ç
å°æ¥çã«ã¯ãNetramesh 㯠HTTP 以å€ã®ã¢ããªã±ãŒã·ã§ã³å±€ãããã³ã«ããµããŒãããäºå®ã§ãã L7 ã«ãŒãã£ã³ã°ã¯è¿ãå°æ¥å©çšå¯èœã«ãªãäºå®ã§ãã
åæ§ã®åé¡ãçºçããå Žå㯠Netramesh ã䜿çšãã質åãææ¡ãç§ãã¡ã«æžããŠãã ããã
åºæïŒ habr.com