ææ°ã®ããŒã¿ã»ã³ã¿ãŒã«ã¯ãããŸããŸãªçš®é¡ã®ç£èŠã®å¯Ÿè±¡ãšãªãã¢ã¯ãã£ããªããã€ã¹ãæ°çŸå°ãããŸãã ããããå®ç§ãªç£èŠãåããå®ç§ãªãšã³ãžãã¢ã§ãããããæ°åã§ãããã¯ãŒã¯é害ã«é©åã«å¯Ÿå¿ã§ããã§ãããã Next Hop 2020 ã«ã³ãã¡ã¬ã³ã¹ã®ã¬ããŒãã§ãç§ã¯ãããŒã¿ã»ã³ã¿ãŒãããªç§ã§èªåçã«ä¿®åŸ©ãããšãããŠããŒã¯ãªæ©èœãæã€ããŒã¿ã»ã³ã¿ãŒ ãããã¯ãŒã¯èšèšæ¹æ³è«ã玹ä»ããŸããã ããæ£ç¢ºã«ã¯ããšã³ãžãã¢ã¯åé¡ãå·éã«è§£æ±ºããŸããããµãŒãã¹ã¯åã«ããã«æ°ä»ããªãã ãã§ãã
å€ãã®ãããã¯ãŒã¯ ãšã³ãžãã¢ã«ãšã£ãŠãããŒã¿ã»ã³ã¿ãŒ ãããã¯ãŒã¯ã¯ããã¡ãããã©ãã¯å ã®ã¹ã€ããã§ãã ToR ããå§ãŸããŸãã ToR ã«ã¯éåžž 5 çš®é¡ã®ãªã³ã¯ããããŸãã å°ããªã¹ãã€ã³ã¯ãµãŒããŒã«éä¿¡ããããã®ä»ã®ã¹ãã€ã³ã¯ãN åã®ã¹ãã€ã³ãããã第 XNUMX ã¬ãã«ã®ã¹ãã€ã³ãã€ãŸãã¢ãããªã³ã¯ã«éä¿¡ãããŸãã éåžžãã¢ãããªã³ã¯ã¯åçãšã¿ãªãããã¢ãããªã³ã¯éã®ãã©ãã£ãã¯ã¯ãprotoãsrc_ipãdst_ipãsrc_portãdst_port ãå«ã XNUMX ã¿ãã« ããã·ã¥ã«åºã¥ããŠãã©ã³ã¹ããšãããŸãã ããã§ã¯é©ãã¹ãããšã¯ãããŸããã
次ã«ãé£è¡æ©ã®æ§é ã¯ã©ã®ãããªãã®ã§ãããã? 第 XNUMX ã¬ãã«ã®ã¹ãã€ã³ã¯äºãã«æ¥ç¶ãããŠããŸããããã¹ãŒããŒã¹ãã³ã«ãã£ãŠæ¥ç¶ãããŠããŸãã æå X ã¯ã¹ãŒããŒã¹ãã³ãæ åœããã¯ãã¹ã³ãã¯ãã«äŒŒãŠããŸãã
ãããŠãã®äžæ¹ã§ãããŒãªã第 1 ã¬ãã«ã®ãã¹ãŠã®èæ€ã«æ¥ç¶ãããŠããããšã¯æããã§ãã ãã®çµµã®äžã§äœãéèŠã§ãã? ã©ãã¯å ã§ã€ã³ã¿ã©ã¯ã·ã§ã³ãããå Žåããã®ã€ã³ã¿ã©ã¯ã·ã§ã³ã¯åœç¶ ToR ãçµç±ããŸãã ã€ã³ã¿ã©ã¯ã·ã§ã³ãã¢ãžã¥ãŒã«å éšã«å ¥ãå Žåãã€ã³ã¿ã©ã¯ã·ã§ã³ã¯æåã®ã¬ãã«ã®ã¹ãã€ã³ãééããŸãã ã€ã³ã¿ã©ã¯ã·ã§ã³ãã¢ãžã¥ãŒã«éã§ããå Žå (ããã§ã¯ ToR 2 ãš ToR XNUMX)ãã€ã³ã¿ã©ã¯ã·ã§ã³ã¯ç¬¬ XNUMX ã¬ãã«ãšç¬¬ XNUMX ã¬ãã«ã®äž¡æ¹ã®ã¹ãã€ã³ãééããŸãã
çè«çã«ã¯ããã®ãããªã¢ãŒããã¯ãã£ã¯å®¹æã«æ¡åŒµå¯èœã§ãã ããŒã容éãããŒã¿ã»ã³ã¿ãŒå ã®ã¹ããŒã¹ã®äºåãããã³äºåã«æ·èšããããã¡ã€ããŒãããã°ããã¬ãŒã³ã®æ°ã¯ãã€ã§ãå¢ããããšãã§ããããã«ãã£ãŠã·ã¹ãã å šäœã®å®¹éãå¢ããããšãã§ããŸãã çŽã®äžã§ã¯ãããã¯éåžžã«ç°¡åã«å®è¡ã§ããŸãã çŸå®ã§ããããªãã ããã ããããä»æ¥ã®è©±ã¯ããã«ã€ããŠã§ã¯ãããŸããã
æ£ããçµè«ãå°ãããŠã»ããã ããŒã¿ã»ã³ã¿ãŒå ã«ã¯å€ãã®ãã¹ããããŸãã ãããã¯æ¡ä»¶ä»ãã§ç¬ç«ããŠããŸãã ããŒã¿ã»ã³ã¿ãŒå ãžã®çéã¯ToRå ã®ã¿å¯èœã§ãã ã¢ãžã¥ãŒã«å ã«ã¯ããã¬ãŒã³ã®æ°ãšåãæ°ã®ãã¹ããããŸãã ã¢ãžã¥ãŒã«éã®ãã¹ã®æ°ã¯ããã¬ãŒã³ã®æ°ãšåãã¬ãŒã³ã®ã¹ãŒããŒã¹ãã³ã®æ°ã®ç©ã«çãããªããŸãã ããæ確ã«ããèŠæš¡ãæããããã«ãYandex ããŒã¿ã»ã³ã¿ãŒã® XNUMX ã€ã«æå¹ãªæ°åã瀺ããŸãã
32 ã€ã®ãã¬ãŒã³ããããåãã¬ãŒã³ã«ã¯ 256 ã®ã¹ãŒããŒã¹ãã³ããããŸãã ãã®çµæãã¢ãžã¥ãŒã«å ã« XNUMX ã€ã®ãã¹ããããã¢ãžã¥ãŒã«éã®çžäºäœçšã«ããããã§ã« XNUMX ã®ãã¹ãååšããããšãããããŸãã
ã€ãŸããã¯ãã¯ããã¯ãéçºããèªå·±ä¿®åŸ©ãããã©ãŒã«ããã¬ã©ã³ããªããŒã¿ã»ã³ã¿ãŒãæ§ç¯ããæ¹æ³ãåŠãŒããšããŠããå Žåãå¹³é¢ã¢ãŒããã¯ãã£ãæ£ããéžæãšãªããŸãã ããã«ããã¹ã±ãŒãªã³ã°ã®åé¡ã解決ã§ããçè«çã«ã¯ç°¡åã§ãã ç¬ç«ããéããããããããŸãã çåã¯æ®ããŸãããã®ãããªã¢ãŒããã¯ãã£ã¯é害ã«ã©ããã£ãŠèããããã®ã§ãããã? è²ã
ãªã¯ã©ãã·ã¥ããããŸãã ãããŠãããã«ã€ããŠã¯ä»ããè°è«ããŸãã
ã¹ãŒããŒã¹ãã³ã® 11 人ãç
æ°ã«ãªã£ãŠã¿ãŸãããã ããã§ç§ã¯ XNUMX ã€ã®å¹³é¢ã®ã¢ãŒããã¯ãã£ã«æ»ããŸããã å¯åéšåãå°ãªãã»ãããããã§äœãèµ·ãã£ãŠããã®ããç解ãããããªããããäŸãšããŠãã®ãŸãŸäœ¿çšããŸãã XXNUMX ãç
æ°ã«ããŸãããã ããã¯ããŒã¿ã»ã³ã¿ãŒå
ã«ãããµãŒãã¹ã«ã©ã®ãããªåœ±é¿ãäžããã®ã§ãããã? 倱æãå®éã«ã©ã®ããã«èŠãããã«ãã£ãŠå€§ããç°ãªããŸãã
倱æãè¯å¥œã§ãåã BFD ã®èªååã¬ãã«ã§ææãããèªååãåãã§åé¡ã®çµåéšåãé
眮ããŠåé¡ãåé¢ããã°ããã¹ãŠãããŸããããŸãã å€ãã®ãã¹ãããããã©ãã£ãã¯ã¯å³åº§ã«ä»£æ¿ã«ãŒãã«åã«ãŒãã£ã³ã°ãããŸããããµãŒãã¹ã¯äœãèªèããŸããã ããã¯è¯ãã·ããªãªã§ãã
æªãã·ããªãªã¯ãæ倱ãç¶ç¶çã«çºçããèªååãåé¡ã«æ°ä»ããªãå Žåã§ãã ãããã¢ããªã±ãŒã·ã§ã³ã«ã©ã®ãããªåœ±é¿ãäžããããç解ããã«ã¯ãTCP ãããã³ã«ãã©ã®ããã«æ©èœããããå°ãæéããããŠèª¬æããå¿
èŠããããŸãã
ãã®æ
å ±ã§èª°ãã«è¡æãäžããªãããšãé¡ããŸããTCP ã¯ãã³ãã·ã§ã€ã¯ ãããã³ã«ã§ãã ã€ãŸããæãåçŽãªã±ãŒã¹ã§ã¯ãéä¿¡è
㯠XNUMX ã€ã®ãã±ãããéä¿¡ãããããã«å¯Ÿãã环ç©ç㪠ACK ãåä¿¡ããŸãããXNUMX ã€ã®ãã±ãããåä¿¡ããŸãããã
ãã®åŸãããã« XNUMX ã€ã®ãã±ãããéä¿¡ããç¶æ³ãç¹°ãè¿ãããŸãã äžéšç°¡ç¥åããŠããããšãããããããè©«ã³ç³ãäžããŸãã ãã®ã·ããªãªã¯ããŠã£ã³ã㊠(éä¿¡äžã®ãã±ããæ°) ã XNUMX ã®å Žåã¯æ£ããã§ãã ãã¡ãããããã¯äžè¬ã«å¿
ãããåœãŠã¯ãŸãããã§ã¯ãããŸããã ãã ãããã±ãã転éã³ã³ããã¹ãã¯ãŠã£ã³ã㊠ãµã€ãºã®åœ±é¿ãåããŸããã
ããã±ãŒãž 3 ãçŽå€±ããå Žåã¯ã©ããªããŸãã? ãã®å Žåãåä¿¡è
ã¯ãã±ãã 1ã2ãããã³ 4 ãåä¿¡ããŸãããããŠåä¿¡è
ã¯ãSACK ãªãã·ã§ã³ã䜿çšããŠéä¿¡è
ã«ããåç¥ã®ãšããã2 ã€æ¥ãŸããããçãäžã倱ãããŸãããããšæ瀺çã«éç¥ããŸãã 圌ã¯ãAck 4ãSACK XNUMXããšèšããŸãã
ãã®æç¹ã§ãéä¿¡è
ã¯å€±ããããã±ãããåé¡ãªãç¹°ãè¿ããŸãã
ãããããŠã£ã³ããŠå
ã®æåŸã®ãã±ããã倱ãããå Žåãç¶æ³ã¯å€§ããç°ãªããŸãã
åä¿¡è
ã¯æåã® XNUMX ã€ã®ãã±ãããåä¿¡ãããŸãåŸ
æ©ãéå§ããŸãã Linux ã«ãŒãã« TCP ã¹ã¿ãã¯ã®æé©åã®ãããã§ããã©ã°ã«ãããæåŸã®ãã±ããã§ããããšãªã©ã®æ瀺çãªæ瀺ããªãéãããã¢ã«ãªã£ããã±ãããåŸ
ã¡ãŸãã é
延 ACK ã¿ã€ã ã¢ãŠããæéåãã«ãªããŸã§åŸ
æ©ããæåã® XNUMX ã€ã®ãã±ããã«å¯Ÿãã確èªå¿çãéä¿¡ããŸãã ããããéä¿¡è
ã¯ä»åŸ
ã£ãŠããŸãã XNUMX çªç®ã®è·ç©ãçŽå€±ããã®ãããããšãããããå±ãã®ãã¯ããããŸããã ãŸãããããã¯ãŒã¯ã«éè² è·ãããããªãããã«ããã±ããã倱ããããšããæ瀺çãªæ瀺ããŸã㯠RTO ã¿ã€ã ã¢ãŠãã®æéãåãããŸã§åŸ
æ©ããããšããŸãã
RTO ã¿ã€ã ã¢ãŠããšã¯äœã§ãã? ããã¯ãTCP ã¹ã¿ãã¯ãšäœããã®å®æ°ã«ãã£ãŠèšç®ããã RTT ããã®æ倧å€ã§ãã ãã®å®æ°ãšã¯äœãªã®ãããããã説æããŸãã
ãã ããéæªãåã³ XNUMX çªç®ã®ãã±ããã倱ãããå ŽåãRTO 㯠XNUMX åã«ãªãããšãéèŠã§ãã ã€ãŸããè©Šè¡ã倱æãããã³ã«ã¿ã€ã ã¢ãŠãã XNUMX åã«ãªããŸãã
次ã«ããã®åºæ°ãäœã«çããããèŠãŠã¿ãŸãããã ããã©ã«ãã§ã¯ãæå° RTO 㯠200 ããªç§ã§ãã ããã¯ããŒã¿ ãã±ããã®æå° RTO ã§ãã SYN ãã±ããã®å Žåã¯ç°ãªãã1 ç§ã§ãã ã芧ã®ãšãããæåã®ãã±ããåéä¿¡è©Šè¡ã§ãã£ãŠããããŒã¿ã»ã³ã¿ãŒå
ã® RTT ããã 100 åã®æéãããããŸãã
ããŠãã·ããªãªã«æ»ããŸãããã ãµãŒãã¹ã¯ã©ããªã£ãŠããã®ã§ããããïŒ ãµãŒãã¹ã§ãã±ããã倱ããå§ããŸãã ãµãŒãã¹ãæåã¯å¹žéã§ããŠã£ã³ããŠã®éäžã§äœãã倱ã£ãå ŽåããµãŒãã¹ã¯ SACK ãåä¿¡ãã倱ããããã±ãããåéä¿¡ããŸãã
ããããäžéãç¹°ãè¿ãããå Žåã¯ãRTO ãå¿
èŠã«ãªããŸãã ããã§éèŠãªããšã¯äœã§ãã? ã¯ãããããã¯ãŒã¯ã«ã¯ããããã®ãã¹ããããŸãã ãã ããç¹å®ã® TCP æ¥ç¶ã® TCP ãã©ãã£ãã¯ã¯ãåãå£ããã¹ã¿ãã¯ãééãç¶ããŸãã Magic X11 ãèªåçã«åäœããªããªãéãããã±ããæ倱ãçºçããŠããåé¡ã®ãªããšãªã¢ã«ãã©ãã£ãã¯ãæµããããšã¯ãããŸããã åãå£ããã¹ã¿ãã¯ãä»ããŠãã±ãããé
ä¿¡ããããšããŠããŸãã ããã¯é£éçãªé害ã«ã€ãªãããŸããããŒã¿ ã»ã³ã¿ãŒã¯å¯Ÿè©±ããã¢ããªã±ãŒã·ã§ã³ã®ã»ããã§ãããããããã¹ãŠã®ã¢ããªã±ãŒã·ã§ã³ã® TCP æ¥ç¶ã®äžéšãäœäžãå§ããŸããããã¯ãã¹ãŒããŒã¹ãã³ãããŒã¿ ã»ã³ã¿ãŒå
ã®ãã¹ãŠã®ã¢ããªã±ãŒã·ã§ã³ã«åœ±é¿ãäžããããã§ãã ããšããã«ããããã«ã銬ã«éŽãå±¥ããªããã°ã銬ã¯è¶³ãåŒããã£ãŠããŸããŸãã 銬ã¯è¶³ãåŒããã£ã - å ±åæžã¯å±ããããªãã£ãã ã¡ãã»ãŒãžã¯å±ããããªãã£ã - 圌ãã¯æŠäºã«è² ããã ããã§ã®ã¿ãåé¡ãçºçããç¬éãããµãŒãã¹ã®äœäžãæãããå§ãããŸã§ã®ç§æ°ãã«ãŠã³ããããŸãã ããã¯ããŠãŒã¶ãŒãã©ããã§äœããåãåããªãå¯èœæ§ãããããšãæå³ããŸãã
çžäºã«è£å®ãã XNUMX ã€ã®å€å
žçãªãœãªã¥ãŒã·ã§ã³ããããŸãã XNUMX ã€ç®ã¯ã次ã®ãããªåé¡ã解決ããããšããŠãããµãŒãã¹ã§ãããTCP ã¹ã¿ãã¯ã®äœãã調æŽããŸããããã ãããŠãå
éšãã«ã¹ãã§ãã¯ã䜿çšããŠãã¢ããªã±ãŒã·ã§ã³ã¬ãã«ã®ã¿ã€ã ã¢ãŠããŸãã¯åç¶æéã®é·ã TCP ã»ãã·ã§ã³ãäœæããŸãããã åé¡ã¯ããã®ãããªãœãªã¥ãŒã·ã§ã³ã次ã®ãšããã§ããããšã§ãã a) ãŸã£ããæ¡åŒµã§ããªãã b) ãã¹ããéåžžã«äžååã§ããã ã€ãŸãããµãŒãã¹ã誀ã£ãŠ TCP ã¹ã¿ãã¯ãæ§æããŠæ¹åããããšããŠãã第äžã«ãããããã¹ãŠã®ã¢ããªã±ãŒã·ã§ã³ãšãã¹ãŠã®ããŒã¿ã»ã³ã¿ãŒã«é©çšã§ããå¯èœæ§ã¯äœãã第äºã«ãäœãæ£ããå®è¡ãããã®ããäœãè¡ãããã®ããç解ã§ããªãå¯èœæ§ãé«ããªããŸãããããã ã€ãŸããæ©èœããŸãããæ©èœãäœããæ¡åŒµæ§ããããŸããã ãããã¯ãŒã¯ã«åé¡ãçºçããå Žåã誰ã責任ãè² ãã®ã§ãããã? ãã¡ããNOCã§ãã NOCã£ãŠäœãããã®ïŒ
å€ãã®ãµãŒãã¹ã¯ãNOC ã§ã¯ä»äºã¯æ¬¡ã®ããã«è¡ããããšèããŠããŸãã ããããæ£çŽã«èšããšãããã ãã§ã¯ãããŸããã
NOC ã¯å€å
žçãªã¹ããŒã ã§å€ãã®ã¢ãã¿ãªã³ã°ã®éçºã«åãçµãã§ããŸãã ãããã¯ããã©ã㯠ããã¯ã¹ ã¢ãã¿ãªã³ã°ãšãã¯ã€ã ããã¯ã¹ ã¢ãã¿ãªã³ã°ã®äž¡æ¹ã§ãã ã¹ãã€ã³ã®ãã©ãã¯ããã¯ã¹ã¢ãã¿ãªã³ã°ã®äŸã«ã€ããŠ
äœãåãåãããã§ããïŒ ç§ãã¡ã«ã¯ããããã®éââããããŸãã ãããŠãéãæªã TCP ãããŒãåãã«ãŒãã䜿çšãç¶ããããã«åé¡ãçºçããŸãã åäžã® TCP æ¥ç¶å
ã§è€æ°ã®ã«ãŒãã䜿çšã§ããããã«ãããã®ãå¿
èŠã§ãã 解決çã¯ããããã§ãã TCP ã«ã¯ããããããã«ããã¹ TCPãã€ãŸãå€ãã®ãã¹ã® TCP ããããŸãã 確ãã«ãããã¯ãŸã£ããç°ãªãã¿ã¹ã¯ãã€ãŸãè€æ°ã®ãããã¯ãŒã¯ããã€ã¹ãåããã¹ããŒããã©ã³çšã«éçºãããŸããã 転éãæ倧åãããããã©ã€ããª/ããã¯ã¢ãã ã¢ãŒããäœæãããããããã«ãã¢ããªã±ãŒã·ã§ã³çšã«è€æ°ã®ã¹ã¬ãã (ã»ãã·ã§ã³) ãééçã«äœæããé害ãçºçããå Žåã«ããããåãæ¿ããããšãã§ããã¡ã«ããºã ãéçºãããŸããã ãããã¯ãå
ã»ã©ãè¿°ã¹ãããã«ã垯åå¹
ãæ倧åããŸãã
ããããããã«ã¯ãã¥ã¢ã³ã¹ããããŸãã ãããäœã§ããããç解ããã«ã¯ãã¹ããªãŒã ãã©ã®ããã«èšå®ãããŠãããã確èªããå¿
èŠããããŸãã
ã¹ã¬ããã¯é çªã«èšå®ãããŸãã æåã®ã¹ããªãŒã ãæåã«ã€ã³ã¹ããŒã«ãããŸãã åŸç¶ã®ãããŒã¯ããã®ã¹ã¬ããå
ã§ãã§ã«åæãããŠãã Cookie ã䜿çšããŠèšå®ãããŸãã ãããŠããã«åé¡ããããŸãã
åé¡ã¯ãæåã®ã¹ã¬ãããã€ã³ã¹ããŒã«ãããªããšãXNUMX çªç®ãš XNUMX çªç®ã®ã¹ã¬ããã決ããŠèµ·åããªãããšã§ãã ã€ãŸãããã«ããã¹ TCP ã§ã¯ãæåã®ã¹ããªãŒã ã® SYN ãã±ããã®æ倱ã¯è§£æ±ºãããŸããã ãŸããSYN ã倱ããããšããã«ããã¹ TCP ã¯éåžžã® TCP ã«ãªããŸãã ãããã£ãŠãããŒã¿ã»ã³ã¿ãŒç°å¢ã§ã¯ãå·¥å Žã§ã®æ倱ã®åé¡ã解決ããããé害ãçºçããå Žåã«è€æ°ã®ãã¹ã䜿çšããæ¹æ³ãåŠç¿ãããããããšã¯ã§ããŸããã
äœãç§ãã¡ãå©ããŠãããã§ããããïŒ ååãããä»åŸã®è©±ã§éèŠãªãã£ãŒã«ãã IPv6 ãã㌠ã©ãã« ããã㌠ãã£ãŒã«ãã§ããããšããã§ã«æšæž¬ããŠããæ¹ãããã§ãããã å®éããã㯠v6 ã«ç»å Žãããã£ãŒã«ãã§ãããv4 ã«ã¯ãªãã20 ãããå¿
èŠã§ããããã®äœ¿çšã«ã€ããŠã¯é·ãéè«äºããããŸããã ããã¯éåžžã«èå³æ·±ãããšã§ããè«äºããããRFC ã®æ çµã¿å
ã§äœããä¿®æ£ãããåæã«ãã©ãã«ãææžåãããŠããªãå®è£
ã Linux ã«ãŒãã«ã«ç»å ŽããŸããã
ã¡ãã£ãšãã調æ»ã«åå ããããšããå§ãããŸãã éå»æ°å¹Žéã« Linux ã«ãŒãã«ã§äœãèµ·ãã£ãã®ããèŠãŠã¿ãŸãããã
2014幎ã è©å€ã®é«ã倧äŒæ¥ã®ãšã³ãžãã¢ããLinux ã«ãŒãã«ã®æ©èœã«ããœã±ããã®ããã·ã¥ã«å¯Ÿãããã㌠ã©ãã«ã®å€ã®äŸåæ§ãè¿œå ããŸããã 圌ãã¯ããã§äœãçŽãããšããŠããã®ã§ããããïŒ ããã¯ã次ã®åé¡ã«ã€ããŠèª¬æãã RFC 6438 ã«é¢é£ããŠããŸãã ããŒã¿ã»ã³ã¿ãŒå
ã§ã¯ãå·¥å Žèªäœã IPv4 ã§ãããããIPv6 ã IPv6 ãã±ããã«ã«ãã»ã«åãããããšããããããŸãããäœããã®æ¹æ³ã§ IPv4 ãé
åžããå¿
èŠããããŸãã ã¹ã€ããã«ã¯é·ãéã5 ã€ã® IP ããããŒã調ã¹ãŠ TCP ãŸã㯠UDP ã«ã¢ã¯ã»ã¹ããããã«ãã src_ports ãš dst_ports ãèŠã€ããããšãã§ããªããšããåé¡ããããŸããã æåã® XNUMX ã€ã® IP ããããŒãèŠããšãããã·ã¥ã¯ã»ãŒä¿®æ£ãããŠããããšãããããŸããã ãããåé¿ããŠããã®ã«ãã»ã«åããããã©ãã£ãã¯ã®ãã©ã³ã·ã³ã°ãæ£ããæ©èœããããã«ãXNUMX ã¿ãã«ã®ã«ãã»ã«åããããã±ããã®ããã·ã¥ããã㌠ã©ãã« ãã£ãŒã«ãã®å€ã«è¿œå ããããšãææ¡ãããŸããã ä»ã®ã«ãã»ã«åã¹ããŒã ãUDPãGRE ã«ã€ããŠãã»ãŒåãããšãè¡ãããåŸè
ã§ã¯ GRE Key ãã£ãŒã«ãã䜿çšãããŸããã ãããã«ãããããã§ã®ç®æšã¯æ確ã§ãã ãããŠãå°ãªããšããã®æç¹ã§ã¯ããããã¯åœ¹ã«ç«ã¡ãŸããã
2015 幎ãåãå°æ¬ããããšã³ãžãã¢ããæ°ããããããæäŸãããŸããã 圌ã¯ãšãŠãèå³æ·±ã人ã§ãã ããã«ã¯æ¬¡ã®ããã«æžãããŠããŸã - ãã¬ãã£ããªã«ãŒãã£ã³ã° ã€ãã³ãã®å Žåã«ã¯ããã·ã¥ãã©ã³ãã åããŸãã ãã¬ãã£ã ã«ãŒãã£ã³ã° ã€ãã³ããšã¯äœã§ãã? ããã¯ãå
ã»ã©èª¬æãã RTO ã§ããã€ãŸãããŠã£ã³ã㊠ããŒã«ã®æ倱ã¯ãéåžžã«ãã¬ãã£ããªã€ãã³ãã§ãã 確ãã«ããããäœã§ããããæšæž¬ããã®ã¯æ¯èŒçå°é£ã§ãã
2016 幎ãè©å€ã®è¯ãäŒæ¥ã§ããã¡ãã倧æã§ãã ããã¯æåŸã®æŸèæã解æãã以åã«ã©ã³ãã åããããã·ã¥ã SYN åéä¿¡ããšãããã³ RTO ã¿ã€ã ã¢ãŠãããšã«å€æŽãããããã«ããŸãã ãããŠãã®æçŽã§ã¯ãæåã§æåŸãšãªãæçµçãªç®æšãæ²ããããŠããŸããããã¯ããã£ãã«ã®æ倱ãŸãã¯éè² è·ãçºçããå Žåã«ããã©ãã£ãã¯ãè€æ°ã®ãã¹ã䜿çšããŠãœããåã«ãŒãã£ã³ã°ã§ããããã«ããããšã§ãã ãã¡ããããã®åŸãåºçç©ã¯ããããåºãŠããŠãç°¡åã«èŠã€ããããšãã§ããŸãã
ããããã§ããŸãããããã®ãããã¯ã«é¢ããåºçç©ã¯äžåãååšããªãããã§ãã ããããç§ãã¡ã¯ç¥ã£ãŠããŸãïŒ
äœãè¡ãããã®ãå®å
šã«ç解ããŠããªãå Žåã¯ãä»ãã説æããŸãã
Linux ã«ãŒãã«ã«ã¯äœãè¡ãããã©ã®ãããªæ©èœãè¿œå ãããŸããã? txhash ã¯ãRTO ã€ãã³ããçºçãããã³ã«ã©ã³ãã ãªå€ã«å€æŽãããŸãã ããã¯åããã¬ãã£ãé
ç·çµæã§ãã ããã·ã¥ã¯ãã® txhash ã«äŸåãããã㌠ã©ãã«ã¯ skb ããã·ã¥ã«äŸåããŸãã ããã«ã¯é¢æ°ã«é¢ããèšç®ãããã€ãããããã¹ãŠã®è©³çŽ°ã XNUMX ã€ã®ã¹ã©ã€ãã«é
眮ããããšã¯ã§ããŸããã èå³ã®ãã人ã¯ãã«ãŒãã« ã³ãŒãã調ã¹ãŠç¢ºèªããŠãã ããã
ããã§éèŠãªããšã¯äœã§ãã? ãã㌠ã©ãã« ãã£ãŒã«ãã®å€ã¯ãRTO ããšã«ä¹±æ°ã«å€ãããŸãã ããã¯ç§ãã¡ã®äžé㪠TCP ã¹ããªãŒã ã«ã©ã®ãããªåœ±é¿ãäžããã§ãããã?
SACK ã®å Žåãæ¢ç¥ã®å€±ããããã±ãããåéä¿¡ããããšããŠãããããäœãå€åããŸããã ãããŸã§ã¯é 調ã§ããã
ãã ããRTO ã®å ŽåãToR ã®ããã·ã¥é¢æ°ã«ãã㌠ã©ãã«ãè¿œå ããŠããã°ããã©ãã£ãã¯ã¯å¥ã®ã«ãŒããéãããšãã§ããŸãã ãŸããé£è¡æ©ã®æ°ãå€ãã»ã©ãç¹å®ã®ããã€ã¹ã®ã¯ã©ãã·ã¥ã®åœ±é¿ãåããªããã¹ãèŠã€ããå¯èœæ§ãé«ããªããŸãã
RTO ãšããåé¡ã 200 ã€æ®ã£ãŠããŸãã ãã¡ãããå¥ã®ã«ãŒããèŠã€ãããŸãããããã«ã¯å€ãã®æéãããããŸãã 1ããªç§ã¯é·ãã§ãã XNUMXçªç®ã¯äžè¬çã«éçã§ãã åã«ããµãŒãã¹ãæ§æããã¿ã€ã ã¢ãŠãã«ã€ããŠèª¬æããŸããã ãããã£ãŠãXNUMX çªç®ã¯ãéåžžã¯ã¢ããªã±ãŒã·ã§ã³ ã¬ãã«ã§ãµãŒãã¹ãèšå®ããã¿ã€ã ã¢ãŠãã§ããããã®å ŽåããµãŒãã¹ã¯æ¯èŒçé©åã§ãã ããã«ãç¹°ãè¿ããŸãããææ°ã®ããŒã¿ã»ã³ã¿ãŒå
ã®å®éã® RTT ã¯çŽ XNUMX ããªç§ã§ãã
RTO ã¿ã€ã ã¢ãŠãã«ã€ããŠäœãã§ããã§ãããã? ããŒã¿ ãã±ããæ倱ã®å Žåã« RTO ã®åå ãšãªãã¿ã€ã ã¢ãŠãã¯ããŠãŒã¶ãŒç©ºéããæ¯èŒçç°¡åã«èšå®ã§ããŸããIP ãŠãŒãã£ãªãã£ãããããã®ãã©ã¡ãŒã¿ã® XNUMX ã€ã«åã rto_min ãå«ãŸããŠããŸãã ãã¡ãããRTO ãã°ããŒãã«ã«ã§ã¯ãªããç¹å®ã®ãã¬ãã£ãã¯ã¹ã«å¯ŸããŠæå¹ã«ããå¿
èŠãããããšãèæ
®ãããšããã®ãããªã¡ã«ããºã ã¯éåžžã«æ©èœããŠããããã«èŠããŸãã
確ãã«ãSYN_RTO ã䜿çšãããšããã¹ãŠãå€å°æªããªããŸãã èªç¶ãšå®çããŠãããŸãã å€ã¯ã³ã¢ã§åºå®ãããŠããŸã - 1 ç§ãããã ãã§ãã ãŠãŒã¶ãŒç©ºéããã¯ã¢ã¯ã»ã¹ã§ããŸããã æ¹æ³ã¯ XNUMX ã€ã ãã§ãã
eBPF ãå©ãã«ãªããŸãã ç°¡åã«èšããšããããã¯å°ã㪠C ããã°ã©ã ã§ãããã«ãŒãã« ã¹ã¿ãã¯ãš TCP ã¹ã¿ãã¯ã®å®è¡ã®ããŸããŸãªå Žæã«ããããã¯ã«æ¿å
¥ã§ããããã䜿çšããŠéåžžã«å€ãã®èšå®ãå€æŽã§ããŸãã äžè¬ã«ãeBPF ã¯é·æçãªåŸåã§ãã æ°åã®æ°ãã sysctl ãã©ã¡ãŒã¿ãè¿œå ã㊠IP ãŠãŒãã£ãªãã£ãæ¡åŒµãã代ããã«ããã®åã㯠eBPF ãšãã®æ©èœãæ¡åŒµããæ¹åã«ãããŸãã eBPF ã䜿çšãããšã茻茳å¶åŸ¡ããã®ä»ã®ããŸããŸãª TCP èšå®ãåçã«å€æŽã§ããŸãã
ãããããããå©çšã㊠SYN_RTO ã®å€ãå€æŽã§ããããšãéèŠã§ãã ãããŠãå
¬éãããŠããäŸããããŸãã
ç§ãã¡ããã§ã«ç¥ã£ãŠããããšã¯äœã§ãããã? å¹³é¢ã¢ãŒããã¯ãã£ã«ãã£ãŠã¹ã±ãŒãªã³ã°ãå¯èœã«ãªããããToR ã§ãã㌠ã©ãã«ããªã³ã«ããŠãåé¡é åãåé¿ããæ©äŒãåŸããšãã«éåžžã«äŸ¿å©ã§ããããšãããããŸãã RTO ããã³ SYN-RTO å€ãäžããæè¯ã®æ¹æ³ã¯ãeBPF ããã°ã©ã ã䜿çšããããšã§ãã ãããŒã©ãã«ããã©ã³ã·ã³ã°ã«äœ¿çšããŠãå®å
šãªã®ããšããçåãæ®ããŸãã ãããŠãããã«ã¯ãã¥ã¢ã³ã¹ããããŸãã
ãããã¯ãŒã¯äžã«ãšããŒãã£ã¹ãã§åäœãããµãŒãã¹ããããšããŸãã æ®å¿µãªããããšããŒãã£ã¹ãã«ã€ããŠè©³ãã説æããæéããããŸããããããã¯ãåã IP ã¢ãã¬ã¹äžã§ç°ãªãç©çãµãŒããŒãå©çšã§ããåæ£ãµãŒãã¹ã§ãã ãããŠãããã«èããããåé¡ããããŸããRTO ã€ãã³ãã¯ããã©ãã£ãã¯ãå·¥å Žãééãããšãã ãã§ã¯ãªãçºçããå¯èœæ§ããããŸãã ãã㯠ToR ãããã¡ ã¬ãã«ã§ãçºçããå¯èœæ§ããããŸããã€ã³ãã£ã¹ã ã€ãã³ããçºçãããšãããã¹ããäœããã¹ãã«ãããšãã«ãã¹ãäžã§ãçºçããå¯èœæ§ããããŸãã RTO ã€ãã³ããçºçãããã㌠ã©ãã«ãå€æŽããããšãã ãã®å Žåããã©ãã£ãã¯ã¯å¥ã®ãšããŒãã£ã¹ã ã€ã³ã¹ã¿ã³ã¹ã«éä¿¡ãããå¯èœæ§ããããŸãã ãããã¹ããŒããã« ãšããŒãã£ã¹ãã§ãããšä»®å®ãããšãããã«ã¯æ¥ç¶ç¶æ
ãå«ãŸããŠãããL3 ãã©ã³ãµãŒãŸãã¯ãã®ä»ã®ãµãŒãã¹ã§ããå¯èœæ§ããããŸãã RTO ã®åŸãTCP æ¥ç¶ã¯ãµãŒããŒã«å°çããŸããããµãŒããŒã¯ãã® TCP æ¥ç¶ã«ã€ããŠäœãç¥ããªããããåé¡ãçºçããŸãã ãŸãããšããŒãã£ã¹ã ãµãŒããŒéã§ç¶æ
ãå
±æããŠããªãå Žåããã®ãããªãã©ãã£ãã¯ã¯ãããããããTCP æ¥ç¶ã¯åæãããŸãã
ããã§äœãã§ããã§ããããïŒ ãã㌠ã©ãã« ãã©ã³ã·ã³ã°ãæå¹ã«ããå¶åŸ¡ãããç°å¢å
ã§ã¯ããšããŒãã£ã¹ã ãµãŒããŒã«ã¢ã¯ã»ã¹ãããšãã«ãã㌠ã©ãã«ã®å€ãä¿®æ£ããå¿
èŠããããŸãã æãç°¡åãªæ¹æ³ã¯ãåã eBPF ããã°ã©ã ãéããŠãããè¡ãããšã§ãã ããããããã§éåžžã«éèŠãªç¹ããããŸããããŒã¿ã»ã³ã¿ãŒ ãããã¯ãŒã¯ãéçšããŠããªããéä¿¡äºæ¥è
ã§ããå Žåã¯ã©ãããã°ããã§ããããã ããã¯ããªãã®åé¡ã§ããããŸããJuniper ãš Arista ã®ç¹å®ã®ããŒãžã§ã³ãããããã©ã«ãã§ããã·ã¥é¢æ°ã«ãã㌠ã©ãã«ãå«ãŸããããã«ãªããŸãããæ£çŽã«èšããšãçç±ã¯ããããŸããã ããã«ããããããã¯ãŒã¯ãçµç±ãããŠãŒã¶ãŒããã® TCP æ¥ç¶ãåæãããå¯èœæ§ããããŸãã ãããã£ãŠããã®å Žæã§ã«ãŒã¿ãŒã®èšå®ã確èªããããšã匷ããå§ãããŸãã
ãããã«ãããå®éšã«ç§»ãæºåãã§ããŠããããã«æããŸãã
ToR ã§ãã㌠ã©ãã«ããªã³ã«ãããã¹ãäžã«ååšãããšãŒãžã§ã³ãã® eBPF ãæºåãããšãã次ã®å€§ããªé害ãåŸ
ã€ã®ã§ã¯ãªããå¶åŸ¡ãããççºãå®è¡ããããšã«ããŸããã ç§ãã¡ã¯ 75 ã€ã®ã¢ãããªã³ã¯ãæ〠ToR ãæ¡çšãããã®ãã¡ã® 25 ã€ã«ãããããäœæããŸããã 圌ãã¯ã«ãŒã«ã決ãããã€ãŸãä»ã§ã¯ãã¹ãŠã®ãã±ããã倱ãããšã«ãªãããšåœŒãã¯èšããŸããã å·ŠåŽã«ããããã«ããã±ããããšã®ã¢ãã¿ãªã³ã°ãè¡ãããŠããŸããããã㯠25% ã«äœäžããŠããŸããã€ãŸãããã±ããã® 3% ã倱ãããŠããŸãã å³åŽã¯ããã® ToR ã®èåŸã«ãããµãŒãã¹ã®ã°ã©ãã§ãã å®éããããã¯ã©ãã¯å
ã®ãµãŒããŒãšã®æ¥ç¶éšåã®ãã©ãã£ã㯠ã°ã©ãã§ãã ã芧ã®ãšãããããã«äœãæ²ã¿ãŸããã ãªãã4% ã§ã¯ãªããå Žåã«ãã£ãŠã¯ XNUMX ïœ XNUMX åãäœäžããã®ã§ãããã? TCP æ¥ç¶ãããŸããããªãå Žåã¯ãå£ããã€ã³ã¿ãŒãã§ã€ã¹ãä»ããŠæ¥ç¶ãè©Šè¡ãç¶ããŸãã ããã¯ãDC å
ã®ãµãŒãã¹ã®äžè¬çãªåäœã«ãã£ãŠããã«æªåããŸããXNUMX ã€ã®ãŠãŒã¶ãŒèŠæ±ã«å¯ŸããŠãå
éšãµãŒãã¹ãžã® N åã®èŠæ±ãçæããããã¹ãŠã®ããŒã¿ ãœãŒã¹ãå¿çããããã¿ã€ã ã¢ãŠããããªã¬ãŒããããšãã«ãå¿çããŠãŒã¶ãŒã«éä¿¡ãããŸããã¢ããªã±ãŒã·ã§ã³ ã¬ãã«ããŸã æ§æããå¿
èŠããããŸãã ã€ãŸãããã¹ãŠãéåžžã«æªããšããããšã§ãã
åãå®éšã§ããããã㌠ã©ãã«ãæå¹ã«ãªã£ãŠããŸãã å·ŠåŽã«ããããã«ããããç£èŠã¯åã 25% æžå°ããŸããã ããã¯ãŸã£ããæ£ããã§ããåéä¿¡ã«ã€ããŠã¯äœãç¥ããããã±ãããéä¿¡ããåã«é
ä¿¡ããããã±ãããšå€±ããããã±ããã®æ°ã®æ¯çãã«ãŠã³ãããã ãã§ãã
ãããŠå³åŽã«ã¯ãµãŒãã¹ã¹ã±ãžã¥ãŒã«ã衚瀺ãããŸãã ããã§ã¯åé¡ã®ãããžã§ã€ã³ãã®åœ±é¿ã¯èŠã€ãããŸããã åãããªç§éã®ãã©ãã£ãã¯ã¯ãåé¡ãšãªã¢ããåé¡ã®åœ±é¿ãåããªãã£ãæ®ãã® XNUMX ã€ã®ã¢ãããªã³ã¯ã«æµããŸããã ç§ãã¡ã¯èªãã修埩ãããããã¯ãŒã¯ãæã«å ¥ããŸããã
ãããæåŸã®ã¹ã©ã€ãã§ããè©äŸ¡ããŠã¿ãŸãããã ããã§ãèªå·±ä¿®åŸ©ããŒã¿ã»ã³ã¿ãŒ ãããã¯ãŒã¯ãæ§ç¯ããæ¹æ³ãç解ã§ãããšæããŸãã Linux ã«ãŒãã« ã¢ãŒã«ã€ãã調ã¹ãŠããã§ç¹å¥ãªããããæ¢ãå¿
èŠã¯ãããŸããããã®å ŽåãFlow ã©ãã«ãåé¡ã解決ããããšã¯ããã£ãŠããŸããããã®ã¡ã«ããºã ã«ã¯æ
éã«åãçµãå¿
èŠããããŸãã ãããŠãéä¿¡äºæ¥è
ã®å Žåã¯ããã㌠ã©ãã«ãããã·ã¥é¢æ°ãšããŠäœ¿çšãã¹ãã§ã¯ãªãããšãå床匷調ããŸããããããªããšããŠãŒã¶ãŒã®ã»ãã·ã§ã³ãäžæãããŠããŸããŸãã
ãããã¯ãŒã¯ ãšã³ãžãã¢ã«ãšã£ãŠããããã¯ãŒã¯ã¯ ToR ããããã¯ãŒã¯ ããã€ã¹ããã§ã¯ãªãããã¹ãããå§ãŸããšããæŠå¿µã®å€åãèµ·ããå¿ èŠããããŸãã ããªãå°è±¡çãªäŸã¯ãRTO ã®å€æŽãšãšããŒãã£ã¹ã ãµãŒãã¹ãžã®ãã㌠ã©ãã«ã®ä¿®æ£ã®äž¡æ¹ã« eBPF ã䜿çšããæ¹æ³ã§ãã
ãã㌠ã©ãã«ã®ä»çµã¿ã¯ãå¶åŸ¡ããã管çã»ã°ã¡ã³ãå
ã®ä»ã®çšéã«ã確ãã«é©ããŠããŸãã ããã¯ããŒã¿ã»ã³ã¿ãŒéã®ãã©ãã£ãã¯ã§ããå Žåãããã°ããã®ãããªä»çµã¿ãç¹å¥ãªæ¹æ³ã§äœ¿çšããŠçºä¿¡ãã©ãã£ãã¯ãå¶åŸ¡ããããšãã§ããŸãã ããããããã«ã€ããŠã¯æ¬¡åã話ãã§ããã°ãšæããŸãã ãæž
èŽããããšãããããŸããã
åºæïŒ habr.com