ãç§ãã¡ãšSRIã®äººã ãšã®éã«é»è©±æ¥ç¶ã確ç«ããŸããâŠããšã¯ã©ã€ã³ããã¯æ°ã¯ã€ã³ã¿ãã¥ãŒã§èªã£ãã
ãç§ãã¡ã¯ L ãå ¥åããé»è©±ã§ãL ãèŠããŸãã?ããšå°ããŸããã
ãã¯ããLãèŠããŸãããšã®è¿äºãè¿ã£ãŠããã
ãç§ãã¡ã¯ O ãã¿ã€ãããŠããO ãèŠããŸããããšå°ããŸãããã
ãã¯ããOãèŠããŸããã
ããã®åŸãG ãå ¥åãããšãããã·ã¹ãã ãã¯ã©ãã·ã¥ããŸããããããã§ãé©åœã¯å§ãŸã£ãŠããâŠ
ã€ã³ã¿ãŒãããã®å§ãŸãã
ã¿ãªãããããã«ã¡ã¯ïŒ
ç§ã®ååã¯ã¢ã¬ã¯ãµã³ããŒã§ããLinxdatacenter ã®ãããã¯ãŒã¯ ãšã³ãžãã¢ã§ãã ä»æ¥ã®èšäºã§ã¯ããã©ãã£ãã¯äº€æãã€ã³ã (ã€ã³ã¿ãŒããã亀æãã€ã³ããIXP) ã«ã€ããŠèª¬æããŸãããã®ç»å Žã«å ç«ã£ãŠäœãè¡ãããã©ã®ãããªã¿ã¹ã¯ã解決ããã©ã®ããã«æ§ç¯ããããã«ã€ããŠèª¬æããŸãã ãŸãããã®èšäºã§ã¯ãEVE-NG ãã©ãããã©ãŒã ãš BIRD ãœãããŠã§ã¢ ã«ãŒã¿ãŒã䜿çšãã IXP ã®åäœåçã瀺ããIXP ããå éšã§ãã©ã®ããã«åäœããããç解ã§ããããã«ããŸãã
æŽå²ãå°ã
èŠãã°
ãã®ç¶æ³ã¯ã亀éãã©ãã£ãã¯ã®é ä¿¡ã³ã¹ãã ãã§ãªãããã£ãã«ã®å質ãé 延ã«ã圱é¿ãäžããŸããã ã€ã³ã¿ãŒããã ãŠãŒã¶ãŒã®æ°ãå¢å ããæ°ããéä¿¡äºæ¥è ãç»å Žãããã©ãã£ãã¯éãå¢å ããã€ã³ã¿ãŒããããæçããŸããã äžçäžã®éä¿¡äºæ¥è ã¯ãéä¿¡äºæ¥è éã®å¯Ÿââ話ãçµç¹ããããã®ããåççãªã¢ãããŒããå¿ èŠã§ããããšã«æ°ã¥ãå§ããŸããã ããªãããªãã¬ãŒã¿ãŒ A ã§ããç§ããé£ã®éãã«ãããªãã¬ãŒã¿ãŒ B ã«ãã©ãã£ãã¯ãå±ããããã«ãå¥ã®åœãçµç±ãã亀éè²»ãæ¯æããªããã°ãªããªãã®ã§ãããã?ã ããã¯ãåœæã®éä¿¡äºæ¥è ãèªåããçåãšã»ãŒåãã§ãã ãããã£ãŠã亀é亀æãã€ã³ãã¯äžçã®ããŸããŸãªå°åã®ãªãã¬ãŒã¿ãŒéäžãã€ã³ãã«åºçŸãå§ããŸããã
- 1994 â ãã³ãã³ã®ãªã³ã¯ã¹ã
- 1995 â ãã©ã³ã¯ãã«ãã® DE-CIXã
- 1995 â MSK-IXãã¢ã¹ã¯ã¯ãªã©
ã€ã³ã¿ãŒããããšç§ãã¡ã®æ代
æŠå¿µçã«ã¯ãçŸä»£ã®ã€ã³ã¿ãŒãããã®ã¢ãŒããã¯ãã£ã¯ãå€ãã®èªåŸã·ã¹ãã (AS) ãšãããã®éã®ç©ççããã³è«ççãªå€ãã®æ¥ç¶ã§æ§æãããŠãããAS ããå¥ã® AS ãžã®ãã©ãã£ãã¯ã®ãã¹ã決å®ãããŸãã
AS ã¯éåžžãéä¿¡äºæ¥è ãã€ã³ã¿ãŒããã ãããã€ããŒãCDNãããŒã¿ ã»ã³ã¿ãŒãããã³ãšã³ã¿ãŒãã©ã€ãº ã»ã°ã¡ã³ãäŒæ¥ã§ãã AS ã¯ãé垞㯠BGP ãããã³ã«ã䜿çšããŠãAS éã§è«çæ¥ç¶ (ãã¢ãªã³ã°) ãçµç¹ããŸãã
èªåŸã·ã¹ãã ããããã®æ¥ç¶ãã©ã®ããã«ç·šæãããã¯ã次ã®ãããªããŸããŸãªèŠå ã«ãã£ãŠæ±ºãŸããŸãã
- å°ççã
- çµæžçã
- æ¿æ²»çã
- ASææè éã®åæãšå ±éã®å©çã
- ç
ãã¡ããããã®ã¹ããŒã ã«ã¯ç¹å®ã®æ§é ãšéå±€ããããŸãã ãããã£ãŠããªãã¬ãŒã¿ã¯ Tier-1ãTier-2ãTier-3 ã«åãããŠãããããŒã«ã« ã€ã³ã¿ãŒããã ãããã€ã㌠(Tier-3) ã®ã¯ã©ã€ã¢ã³ããååãšããŠäžè¬ãŠãŒã¶ãŒã§ããå Žåãããšãã° Tier-1 ã¯ã¬ãã«ã®ãªãã¬ãŒã¿ãŒã¯ã¯ã©ã€ã¢ã³ãã¯ä»ã®ãªãã¬ãŒã¿ãŒã§ãã Tier-3 éä¿¡äºæ¥è ã¯å å ¥è ã®ãã©ãã£ãã¯ãéçŽããTier-2 éä¿¡äºæ¥è 㯠Tier-3 éä¿¡äºæ¥è ã®ãã©ãã£ãã¯ãéçŽããTier-1 (ãã¹ãŠã®ã€ã³ã¿ãŒããã ãã©ãã£ãã¯) ãéçŽããŸãã
æŠç¥çã«ã¯æ¬¡ã®ããã«è¡šãããšãã§ããŸãã
ãã®å³ã¯ããã©ãã£ãã¯ãäžããäžã«éçŽãããŠããããšã瀺ããŠããŸãã ãšã³ããŠãŒã¶ãŒãããã£ã¢1ãªãã¬ãŒã¿ãŒãŸã§ã äºãã«ã»ãŒåçã® AS éã§ã®ãã©ãã£ãã¯ã®æ°Žå¹³äº€æãè¡ãããŸãã
ãã®æ¹åŒã®äžå¯æ¬ ãªéšåã§ãããšåæã«æ¬ ç¹ã¯ãå°ççé åå ã§ãšã³ã ãŠãŒã¶ãŒã«è¿ãäœçœ®ã«ããèªåŸã·ã¹ãã éã®æ¥ç¶ãæ··ä¹±ããããšã§ãã 以äžã®å³ãèããŠã¿ãŸãããã
倧éœåžã« 5 ã€ã®éä¿¡äºæ¥è
ããããäœããã®çç±ã§ãããã®éã®ãã¢ãªã³ã°ãäžèšã®ããã«çµç¹ãããŠãããšä»®å®ããŸãã
Go ISP ã«æ¥ç¶ããŠãããŠãŒã¶ãŒ Petya ããASM ãããã€ããŒã«æ¥ç¶ãããŠãããµãŒããŒã«ã¢ã¯ã»ã¹ãããå Žåããããã®éã®ãã©ãã£ãã¯ã¯ 5 ã€ã®èªåŸã·ã¹ãã ã匷å¶çã«ééããããšã«ãªããŸãã ããã«ããé 延ãå¢å ããŸãã ãã©ãã£ãã¯ãééãããããã¯ãŒã¯ ããã€ã¹ã®æ°ãå¢å ããGo ãš ASM ã®éã®èªåŸã·ã¹ãã äžã®ééãã©ãã£ãã¯ã®éãå¢å ããŸãã
ãã©ãã£ãã¯ã匷å¶çã«ééãããã©ã³ãžãã AS ã®æ°ãæžããã«ã¯ã©ãããã°ããã§ãã? ããã亀é亀æµãã€ã³ãã§ãã
çŸåšãæ°ãã IXP ã®åºçŸã¯ã90 幎代ãã 2000 幎代åé ãšåãããŒãºã«ãã£ãŠæšé²ãããŠããŸãããéä¿¡äºæ¥è ããŠãŒã¶ãŒããã©ãã£ãã¯ã®æ°ã®å¢å ãCDN ãããã¯ãŒã¯ã«ãã£ãŠçæãããã³ã³ãã³ãã®éã®å¢å ã«å¯Ÿå¿ããŠãèŠæš¡ã¯çž®å°ããŠããŸãããããŠããŒã¿ã»ã³ã¿ãŒã
亀æãã€ã³ããšã¯äœã§ããïŒ
ãã©ãã£ãã¯äº€æãã€ã³ãã¯ãçžäºãã©ãã£ãã¯äº€æã«é¢å¿ã®ããåå è ãçžäºãã¢ãªã³ã°ãçµç¹ããç¹å¥ãªãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ãåããå Žæã§ãã ãã©ãã£ãã¯äº€æãã€ã³ãã®äž»ãªåå è ã¯ãéä¿¡äºæ¥è ãã€ã³ã¿ãŒããã ãããã€ããŒãã³ã³ãã³ã ãããã€ããŒãããŒã¿ ã»ã³ã¿ãŒã§ãã 亀é亀æãã€ã³ãã§ã¯ãåå è å士ãçŽæ¥æ¥ç¶ããŸãã ããã«ããã次ã®åé¡ã解決ã§ããŸãã
- ã¬ã€ãã³ã·ãççž®ãã
- 亀ééãæžããã
- ASéã®ã«ãŒãã£ã³ã°ãæé©åããŸãã
IXP ãäžçäžã®å€ãã®å€§éœåžã«ååšããŠããããšãèãããšãããã¯ãã¹ãŠã€ã³ã¿ãŒãããå šäœã«æçãªå¹æããããããŸãã
Petya ã«é¢ããäžèšã®ç¶æ³ã IXP ã䜿çšããŠè§£æ±ºãããšã次ã®ããã«ãªããŸãã
ãã©ãã£ãã¯äº€æãã€ã³ãã¯ã©ã®ããã«æ©èœããŸãã?
ååãšããŠãIXP ã¯ãããªã㯠IPv4/IPv6 ã¢ãã¬ã¹ã®ç¬èªã®ãããã¯ãæã€å¥åã® AS ã§ãã
IXP ãããã¯ãŒã¯ã¯ãã»ãšãã©ã®å Žåãé£ç¶ç㪠L2 ãã¡ã€ã³ã§æ§æãããŸãã å Žåã«ãã£ãŠã¯ãããã¯ãã¹ãŠã® IXP ã¯ã©ã€ã¢ã³ãããã¹ãããåãªã VLAN ã§ããããšããããŸãã 倧èŠæš¡ã§å°ççã«åæ£ããã IXP ã®å ŽåãMPLSãVXLAN ãªã©ã®ãã¯ãããžãŒã䜿çšã㊠L2 ãã¡ã€ã³ãæ§æã§ããŸãã
IXP èŠçŽ
- SKSã ããã«ã¯ãã©ãã¯ãå ã¯ãã¹ã³ãã¯ãããããããã«ãªã©ãçãããã®ã¯äœããããŸããã
- ã¹ã€ãã â IXPã®åºç€ã ã¹ã€ãã ããŒãã¯ãIXP ãããã¯ãŒã¯ãžã®ãšã³ã㪠ãã€ã³ãã§ãã ã¹ã€ããã¯ã»ãã¥ãªãã£æ©èœã®äžéšãå®è¡ããIXP ãããã¯ãŒã¯äžã«ååšãã¹ãã§ã¯ãªããžã£ã³ã¯ ãã©ãã£ãã¯ããã£ã«ã¿ãªã³ã°ããŸãã ååãšããŠãã¹ã€ããã¯ãä¿¡é Œæ§ããµããŒããããŠããããŒãé床ãã»ãã¥ãªãã£æ©èœãsFlow ãµããŒããªã©ã®æ©èœèŠä»¶ã«åºã¥ããŠéžæãããŸãã
- ã«ãŒããµãŒããŒ(RS) â çŸä»£ã®äº€é亀æãã€ã³ãã®äžå¯æ¬ ãã€å¿
èŠãªéšåã åäœåçã¯ãiBGP ã®ã«ãŒã ãªãã¬ã¯ã¿ãŸã㯠OSPF ã®æå®ã«ãŒã¿ãŒãšéåžžã«äŒŒãŠãããåãåé¡ã解決ããŸãã ãã©ãã£ãã¯äº€æãã€ã³ãã®åå è
ã®æ°ãå¢ãããšãååå è
ããµããŒãããå¿
èŠããã BGP ã»ãã·ã§ã³ã®æ°ãå¢å ããŸãã ããã¯ãiBGP ã®å€å
žçãªãã«ã¡ãã·ã¥ ããããžãæãåºãããŸãã RS ã¯ã次ã®æ¹æ³ã§åé¡ã解決ããŸããRS ã¯ãé¢å¿ã®ããå IXP åå è
ãšã® BGP ã»ãã·ã§ã³ã確ç«ãããã®åå è
ã RS ã¯ã©ã€ã¢ã³ãã«ãªããŸãã RS ã¯ãã¯ã©ã€ã¢ã³ãã® XNUMX ã€ãã BGP ã¢ããããŒããåä¿¡ãããšããã®ã¢ããããŒããåä¿¡ããã¯ã©ã€ã¢ã³ããé€ãä»ã®ãã¹ãŠã®ã¯ã©ã€ã¢ã³ãã«ãã®ã¢ããããŒããéä¿¡ããŸãã ãããã£ãŠãRS ã¯ãã¹ãŠã® IXP ã¡ã³ããŒéã§ãã«ã¡ãã·ã¥ã確ç«ããå¿
èŠæ§ãæé€ããã¹ã±ãŒã©ããªãã£ã®åé¡ããšã¬ã¬ã³ãã«è§£æ±ºããŸãã ã«ãŒã ãµãŒããŒã¯ãBGP ã«ãã£ãŠéä¿¡ãããå±æ§ãå€æŽããã«ããã AS ããå¥ã® AS ã«ã«ãŒããééçã«éä¿¡ããããšã«æ³šæããŠãã ãããããšãã°ãAS å
ã®çªå·ã AS ãã¹ã«è¿œå ããŸããã ãŸããRS ã«ã¯ã«ãŒãã®åºæ¬çãªãã£ã«ã¿ãªã³ã°ããããŸããããšãã°ãRS ã¯ç«æã®ãããã¯ãŒã¯ãš IXP èªäœã®ãã¬ãã£ãã¯ã¹ãåãå
¥ããŸããã
ãªãŒãã³ãœãŒã¹ ãœãããŠã§ã¢ ã«ãŒã¿ãŒã§ãã BIRD (ããŒã ã€ã³ã¿ãŒããã ã«ãŒãã£ã³ã° ããŒã¢ã³) ã¯ãã«ãŒã ãµãŒã㌠ãœãªã¥ãŒã·ã§ã³ãšããŠãã䜿çšãããŸãã ããã®è¯ãç¹ã¯ãç¡æã§ãã»ãšãã©ã® Linux ãã£ã¹ããªãã¥ãŒã·ã§ã³ã«è¿ éã«å°å ¥ã§ããã«ãŒãã£ã³ã°/ãã£ã«ã¿ãªã³ã° ããªã·ãŒãèšå®ããããã®æè»ãªã¡ã«ããºã ããããã³ã³ãã¥ãŒãã£ã³ã° ãªãœãŒã¹ãå¿ èŠãšããªãããšã§ãã ãŸããCiscoãJuniper ãªã©ã®ããŒããŠã§ã¢/ä»®æ³ã«ãŒã¿ã RS ãšããŠéžæã§ããŸãã
- ã»ãã¥ãªãã£ã IXP ãããã¯ãŒã¯ã¯å€æ°ã® AS ãéäžããŠããããããã¹ãŠã®åå è
ãåŸãå¿
èŠãããã»ãã¥ãªã㣠ããªã·ãŒãé©åã«äœæããå¿
èŠããããŸãã äžè¬ã«ãIXP å€éšã® XNUMX ã€ã®å¥åã® BGP ãã¢éã« BGP é£æ¥é¢ä¿ã確ç«ãããšãã«é©çšãããåãã¡ã«ããºã ããã¹ãŠããã«é©çšãããããã«ããã€ãã®è¿œå ã®ã»ãã¥ãªãã£æ©èœãé©çšãããŸãã
ããšãã°ãäºåã«ããŽã·ãšãŒããããIXP åå è ã®ç¹å®ã® MAC ã¢ãã¬ã¹ããã®ãã©ãã£ãã¯ã®ã¿ãèš±å¯ããããšããå§ãããŸãã 0x0800(IPv4)ã0x08dd(IPv6)ã0x0806(ARP) 以å€ã® ethertype ãã£ãŒã«ããæã€ãã©ãã£ãã¯ãæåŠããŸãã ããã¯ãBGP ãã¢ãªã³ã°ã«å±ããªããã©ãã£ãã¯ããã£ã«ã¿ãªã³ã°ããŠé€å€ããããã«è¡ãããŸãã GTSMãRPKI ãªã©ã®ã¡ã«ããºã ã䜿çšã§ããŸãã
ããããäžèšã¯ãèŠæš¡ã«é¢ä¿ãªããIXP ã®äž»èŠã³ã³ããŒãã³ãã§ãã ãã¡ããã倧èŠæš¡ãª IXP ã«ã¯è¿œå ã®ãã¯ãããžãŒããœãªã¥ãŒã·ã§ã³ãå°å
¥ãããŠããå¯èœæ§ããããŸãã
IXP ã¯åå è
ã«è¿œå ã®ãµãŒãã¹ãæäŸããŸãã
- IXP TLD DNS ãµãŒããŒã«é 眮ããã
- ããŒããŠã§ã¢ NTP ãµãŒããŒãã€ã³ã¹ããŒã«ããåå è ãæ£ç¢ºã«æå»ãåæã§ããããã«ããŸãã
- DDoS æ»æãªã©ã«å¯Ÿããä¿è·ãæäŸããŸãã
ã©ã®ããã«åäœããŸã
EVE-NG ã䜿çšããŠã¢ãã«åãããåçŽãª IXP ã®äŸã䜿çšããŠãã©ãã£ãã¯äº€æãã€ã³ãã®åäœåçãèŠãŠãããBIRD ãœãããŠã§ã¢ ã«ãŒã¿ãŒã®åºæ¬ã»ããã¢ãããæ€èšããŠã¿ãŸãããã å³ãç°¡ç¥åããããã«ãåé·æ§ãèé害æ§ãªã©ã®éèŠãªãã®ãçç¥ããŸãã
ãããã¯ãŒã¯ ããããžã次ã®å³ã«ç€ºããŸãã
å°èŠæš¡ãªäº€æãã€ã³ãã管çãã次ã®ãã¢ãªã³ã° ãªãã·ã§ã³ãæäŸãããšä»®å®ããŸãã
- ãããªãã¯ãã¢ãªã³ã°ã
- ãã©ã€ããŒããã¢ãªã³ã°ã
- ã«ãŒããµãŒããŒçµç±ã®ãã¢ãªã³ã°ã
åœç€Ÿã® AS çªå·ã¯ 555 ã§ãåœç€Ÿã¯ IPv4 ã¢ãã¬ã¹ã®ããã㯠(50.50.50.0/24) ãææããŠãããããããåœç€Ÿã®ãããã¯ãŒã¯ã«æ¥ç¶ããããŠãŒã¶ãŒã« IP ã¢ãã¬ã¹ãçºè¡ããŸãã
50.50.50.254 â ã«ãŒã ãµãŒã㌠ã€ã³ã¿ãŒãã§ã€ã¹ã«èšå®ããã IP ã¢ãã¬ã¹ããã® IP ã䜿çšãããšãã¯ã©ã€ã¢ã³ã㯠RS çµç±ã§ãã¢ãªã³ã°ããå Žåã« BGP ã»ãã·ã§ã³ã確ç«ããŸãã
ãŸããRS çµç±ã®ãã¢ãªã³ã°ã«ã€ããŠã¯ãBGP ã³ãã¥ããã£ã«åºã¥ããã·ã³ãã«ãªã«ãŒãã£ã³ã° ããªã·ãŒãéçºããŸãããããã«ãããIXP åå è ã¯ã誰ã«ã©ã®ã«ãŒããéä¿¡ããããå¶åŸ¡ã§ããŸãã
BGP ã³ãã¥ããã£
説æ
LOCAL_AS:PEER_AS
ãã¬ãã£ãã¯ã¹ã PEER_AS ã«ã®ã¿éä¿¡ãã
LOCAL_AS:IXP_AS
ãã¹ãŠã® IXP åå è
ã«ãã¬ãã£ãã¯ã¹ã転éããŸã
3 ã€ã®ã¯ã©ã€ã¢ã³ãã IXP ã«æ¥ç¶ããŠãã©ãã£ãã¯ã亀æããããšèããŠããŸãã ããããã€ã³ã¿ãŒããããããã€ããŒã ãšããŸãããã 圌ãã¯çãã«ãŒã ãµãŒããŒãä»ãããã¢ãªã³ã°ãçµç¹ããããšèããŠããŸãã 以äžã¯ãã¯ã©ã€ã¢ã³ãæ¥ç¶ãã©ã¡ãŒã¿ãå«ãå³ã§ãã
ã¯ã©ã€ã¢ã³ã
顧客 AS çªå·
ã¯ã©ã€ã¢ã³ããã¢ããã¿ã€ãºãããã¬ãã£ãã¯ã¹
IXPã«æ¥ç¶ããããã«ã¯ã©ã€ã¢ã³ãã«çºè¡ãããIPã¢ãã¬ã¹
ISP #1
100 AS
1.1.0.0/16
50.50.50.10/24
ISP #2
200 AS
2.2.0.0/16
50.50.50.20/24
ISP #3
300 AS
3.3.0.0/16
50.50.50.30/24
ã¯ã©ã€ã¢ã³ãã«ãŒã¿ãŒã§ã®åºæ¬ç㪠BGP ã»ããã¢ãã:
router bgp 100
no bgp enforce-first-as
bgp log-neighbor-changes
neighbor 50.50.50.254 remote-as 555
address-family ipv4
network 1.1.0.0 mask 255.255.0.0
neighbor 50.50.50.254 activate
neighbor 50.50.50.254 send-community both
neighbor 50.50.50.254 soft-reconfiguration inbound
neighbor 50.50.50.254 route-map ixp-out out
exit-address-family
ip prefix-list as100-prefixes seq 5 permit 1.1.0.0/16
route-map bgp-out permit 10
match ip address prefix-list as100-prefixes
set community 555:555
ãã㧠no bgp enforce-first-as èšå®ã«æ³šç®ãã䟡å€ããããŸãã ããã©ã«ãã§ã¯ãBGP ã§ã¯ãåä¿¡ãã BGP ã¢ããããŒãã® as-path ã«ãã¢ããããŒãã®åä¿¡å ãã¢ã® as bgp çªå·ãå«ãŸããŠããå¿ èŠããããŸãã ãã ããã«ãŒã ãµãŒããŒã¯ as-path ã«å€æŽãå ããªãããããã®çªå·ã¯ as-path ã«å«ãŸãããæŽæ°ã¯ç Žæ£ãããŸãã ãã®èšå®ã¯ãã«ãŒã¿ãŒã«ãã®ã«ãŒã«ãç¡èŠãããããã«äœ¿çšãããŸãã
ãŸããã¯ã©ã€ã¢ã³ãã bgp ã³ãã¥ãã㣠555:555 ããã®ãã¬ãã£ãã¯ã¹ã«èšå®ããŠããããšãããããŸããããã¯ãããªã·ãŒã«ããã°ãã¯ã©ã€ã¢ã³ãããã®ãã¬ãã£ãã¯ã¹ãä»ã®ãã¹ãŠã®åå è ã«ã¢ããã¿ã€ãºãããããšãæå³ããŸãã
ä»ã®ã¯ã©ã€ã¢ã³ãã®ã«ãŒã¿ãŒã®å Žåããåºæã®ãã©ã¡ãŒã¿ãŒãé€ããèšå®ã¯åæ§ã«ãªããŸãã
BIRD æ§æã®äŸ:
define ixp_as = 555;
define ixp_prefixes = [ 50.50.50.0/24+ ];
template bgp RS_CLIENT {
local as ixp_as;
rs client;
}
以äžã§ã¯ãç«æã®ãã¬ãã£ãã¯ã¹ãš IXP èªäœã®ãã¬ãã£ãã¯ã¹ãåãå ¥ããªããã£ã«ã¿ãŒã«ã€ããŠèª¬æããŸãã
function catch_martians_and_ixp()
prefix set martians;
prefix set ixp_prefixes;
{
martians = [
0.0.0.0/8+,
10.0.0.0/8+,
100.64.0.0/10+,
127.0.0.0/8+,
169.254.0.0/16+,
172.16.0.0/12+,
192.0.0.0/24+,
192.0.2.0/24+,
192.168.0.0/16+,
198.18.0.0/15+,
198.51.100.0/24+,
203.0.113.0/24+,
224.0.0.0/4+,
240.0.0.0/4+ ];
if net ~ martians || net ~ ixp_prefixes then return false;
return true;
}
ãã®é¢æ°ã¯ãåã«èª¬æããã«ãŒãã£ã³ã° ããªã·ãŒãå®è£ ããŸãã
function bgp_ixp_policy(int peer_as)
{
if (ixp_as, ixp_as) ~ bgp_community then return true;
if (ixp_as, peer_as) ~ bgp_community then return true;
return false;
}
filter reject_martians_and_ixp
{
if catch_martians_and_ixp() then reject;
if ( net ~ [0.0.0.0/0{25,32} ] ) then {
reject;
}
accept;
}
ãã¢ãªã³ã°ãæ§æããé©åãªãã£ã«ã¿ãŒãšããªã·ãŒãé©çšããŸãã
protocol as_100 from RS_CLIENT {
neighbor 50.50.50.10 as 100;
ipv4 {
export where bgp_ixp_policy(100);
import filter reject_martians_and_ixp;
}
}
protocol as_200 from RS_CLIENT {
neighbor 50.50.50.20 as 200;
ipv4 {
export where bgp_ixp_policy(200);
import filter reject_martians_and_ixp;
}
}
protocol as_300 from RS_CLIENT {
neighbor 50.50.50.30 as 300;
ipv4 {
export where bgp_ixp_policy(300);
import filter reject_martians_and_ixp;
}
}
ã«ãŒã ãµãŒããŒã§ã¯ãç°ãªããã¢ããã®ã«ãŒããç°ãªã RIB ã«é 眮ããããšããå§ãããŸãã BIRD ã䜿çšãããšããããå¯èœã«ãªããŸãã ãã®äŸã§ã¯ãç°¡åã«ããããã«ããã¹ãŠã®ã¯ã©ã€ã¢ã³ãããåä¿¡ãããã¹ãŠã®æŽæ°ã XNUMX ã€ã®å ±é RIB ã«è¿œå ãããŸãã
ããã§ã¯ãäœãåŸããããã確èªããŠã¿ãŸãããã
ã«ãŒã ãµãŒããŒã§ã¯ãXNUMX ã€ã®ã¯ã©ã€ã¢ã³ããã¹ãŠãšã® BGP ã»ãã·ã§ã³ã確ç«ãããŠããããšãããããŸãã
ãã¹ãŠã®ã¯ã©ã€ã¢ã³ããããã¬ãã£ãã¯ã¹ãåä¿¡ããŠââããããšãããããŸãã
as 100 ã«ãŒã¿ãŒã§ã¯ãã«ãŒã ãµãŒããŒãšã® BGP ã»ãã·ã§ã³ã 200 ã€ãããªãå Žåãã¯ã©ã€ã¢ã³ãéã®ãã¢ãªã³ã°ãçŽæ¥å®è¡ããããã®ããã«ãBGP å±æ§ã¯å€æŽãããŠããªãäžæ¹ã§ãas 300 ãš as XNUMX ã®äž¡æ¹ãããã¬ãã£ãã¯ã¹ãåä¿¡ããŠââããããšãããããŸãã
ãããã£ãŠãã«ãŒã ãµãŒããŒã®ååšã«ãããIXP ã§ã®ãã¢ãªã³ã°ã®æ§æã倧å¹
ã«ç°¡çŽ åãããããšãããããŸãã
ãã®ãã¢ããIXP ãã©ã®ããã«æ©èœãããããŸã IXP äžã§ã«ãŒã ãµãŒããŒãã©ã®ããã«æ©èœããããããããç解ããã®ã«åœ¹ç«ã€ããšãé¡ã£ãŠããŸãã
ãªã³ã¯ã¹ããŒã¿ã»ã³ã¿ãŒ IX
Linxdatacenter ã§ã¯ã2 ã€ã®ã¹ã€ãããš 2 ã€ã®ã«ãŒã ãµãŒããŒã®ãã©ãŒã«ã ãã¬ã©ã³ã ã€ã³ãã©ã¹ãã©ã¯ãã£ã«åºã¥ããŠç¬èªã® IXP ãæ§ç¯ããŸããã çŸåšãIXP ã¯ãã¹ã ã¢ãŒãã§å®è¡ãããŠããŸããçããã Linxdatacenter IX ã«æ¥ç¶ããŠãã¹ãã«åå ããŠãã ããã æ¥ç¶ãããšã垯åå¹
1 Gbit/s ã®ããŒããã«ãŒã ãµãŒããŒãä»ããŠãã¢ãªã³ã°ã§ããæ©èœãæäŸãããã»ãã次㮠Web ãµã€ãããå
¥æã§ãã IX ããŒã¿ã«ã®å人ã¢ã«ãŠã³ãã«ã¢ã¯ã»ã¹ã§ããŸãã
ãã¹ãã«ã¢ã¯ã»ã¹ããã«ã¯ãã³ã¡ã³ããŸãã¯ãã©ã€ããŒã ã¡ãã»ãŒãžã«æžã蟌ãã§ãã ããã
åºå
ãã©ãã£ãã¯äº€æãã€ã³ãã¯ãã€ã³ã¿ãŒãããã®é»ææã«ãéä¿¡äºæ¥è éã®æé©ã§ã¯ãªããã©ãã£ã㯠ãããŒã®åé¡ã解決ããããŒã«ãšããŠèªçããŸããã çŸåšãæ°ããã°ããŒãã« ãµãŒãã¹ã®åºçŸãš CDN ãã©ãã£ãã¯éã®å¢å ã«äŒŽãããšã¯ã¹ãã§ã³ãž ãã€ã³ãã¯ã°ããŒãã« ãããã¯ãŒã¯ã®éçšãæé©åãç¶ããŠããŸãã äžçäžã§ IXP ã®æ°ãå¢å ããããšã¯ããµãŒãã¹ã®ãšã³ã ãŠãŒã¶ãŒãšéä¿¡äºæ¥è ãã³ã³ãã³ã ãªãã¬ãŒã¿ãªã©ã®äž¡æ¹ã«å©çããããããŸãã IXP åå è ã«ãšã£ãŠã®å©ç¹ã¯ãå€éšãã¢ãªã³ã°ã®çµç¹åã«ãããã³ã¹ãã®åæžãäžäœã¬ãã«ã®ãªãã¬ãŒã¿ãæ¯æããªããã°ãªããªããã©ãã£ãã¯éã®åæžãã«ãŒãã£ã³ã°ã®æé©åãããã³ã³ã³ãã³ã ãªãã¬ãŒã¿ãšã®çŽæ¥ã€ã³ã¿ãŒãã§ã€ã¹ãæã€æ©èœã«è¡šããŸãã
䟿å©ãªãªã³ã¯é
- 亀é亀æãã€ã³ãã®å Žæã®å°å³ã衚瀺ããŸãã
www.internetexchangemap.com - IXP äžã®ååšãå«ããBGP ãã¢ãªã³ã°ã«é¢ãã詳现ãªçµ±èšã衚瀺ããŸãã
www.peeringdb.com
åºæïŒ habr.com