"Takagadzira runhare pakati pedu nevakomana veSRI ...", Kleinrock ... akadaro mubvunzurudzo:
"Taipa L uye takabvunza parunhare," Uri kuona L here?
βHongu, tinoona Jehovha,β yakauya mhinduro.
"Takanyora O, uye tikabvunza kuti, "Uri kuona O."
"Ehe, tinoona O."
"Takabva tanyora iyo G, system ikadonha"...Asi chimurenga changa chatanga...
Kutanga kweInternet.
Hello vose!
Ini ndinonzi Alexander, ndiri network injinjini kuLinxdatacenter. Muchinyorwa chanhasi tichataura nezve traffic exchange points (Internet Exchange Points, IXP): chii chakatangira chitarisiko chavo, ndeapi mabasa avanogadzirisa uye kuti anovakwa sei. Uyewo munyaya ino ini ndicharatidza mutemo wekushanda kweIXP uchishandisa EVE-NG platform uye BIRD software router, kuitira kuti uve nekunzwisisa kuti inoshanda sei "pasi pehodhi".
A bit of history
Kana iwe ukatarisa , ipapo unogona kuona kuti kukurumidza kukura kwenhamba yenzvimbo dzekuchinjana traffic kwakatanga muna 1993. Izvi zvinokonzerwa nekuti traffic yakawanda yevafambisi venharembozha yaivepo panguva iyoyo yakapfuura nemuUS backbone network. Saka, semuenzaniso, apo traffic yakaenda kubva kune opareta muFrance kuenda kune anoshanda muGermany, yakatanga kubva kuFrance ichienda kuUSA, uyezve kubva kuUSA kuenda kuGermany. Iyo backbone network munyaya iyi yakaita sekufambisa pakati peFrance neGermany. Kunyangwe traffic mukati meimwe nyika kazhinji yaipfuura kwete zvakananga, asi kuburikidza nemusana network yevashandisi veAmerica.
Mamiriro ezvinhu aya haana kungokanganisa mutengo wekuendesa traffic, asiwo kunaka kwemachaneli uye kunonoka. Huwandu hwevashandisi veInternet hwakawedzera, vashandisi vatsva vakaonekwa, huwandu hwetraffic hwakawedzera, uye Internet yakakura. Vafambisi pasi rese vakatanga kuona kuti imwe nzira inonzwisisika yekuronga kupindirana kwevashandisi yaidiwa. "Nei ini, anoshanda A, ndichibhadhara chekufambisa kuburikidza neimwe nyika kuti ndiendese traffic kune anoshanda B, ari mumugwagwa unotevera?" Uyu ndiwo mubvunzo wakabvunzwa nevashandisi venharembozha panguva iyoyo. Saka, nzvimbo dzekuchinjana dzetraffic dzakatanga kuoneka munzvimbo dzakasiyana dzepasi panzvimbo dzevasungwa:
- 1994 - LINX muLondon,
- 1995 - DE-CIX muFrankfurt,
- 1995 - MSK-IX, muMoscow, nezvimwewo.
Internet uye mazuva edu
Sezvineiwo, dhizaini yeInternet yemazuva ano ine akawanda anozvimiririra masisitimu (AS) uye akawanda akabatana pakati pawo, ese emuviri uye ane musoro, ayo anotarisisa nzira yetraffic kubva kune imwe AS kuenda kune imwe.
MaAS anowanzo shandisa telecom operators, Internet providers, CDNs, data centers, uye makambani echikamu chemakambani. ASes vanoronga zvine musoro kubatana (kutarisa) pakati pavo, kazhinji vachishandisa BGP protocol.
Magadzirirwo anozvimiririra masisitimu anoronga izvi zvinongedzo zvinotemwa nezvakati wandei zvinhu:
- Geographical,
- zveupfumi,
- zvematongerwo enyika,
- zvibvumirano uye zvakajairika pakati pevaridzi veAS,
- uye zvakadaro.
Zvechokwadi, chirongwa ichi chine imwe chimiro uye hierarchy. Saka, vashandisi vakakamurwa kuita tier-1, tier-2 uye tier-3, uye kana vatengi vemunharaunda Internet provider (tier-3) vari, semutemo, vashandisiwo zvavo, saka, semuenzaniso, kune tier-1. level operators the clients mamwe maoperator. Tier-3 vanoshanda vanounganidza traffic yevanyoreri vavo, tier-2 telecom operators, zvakare, inounganidza traffic yevatier-3 vanoshanda, uye tier-1 - yese Internet traffic.
Schematically inogona kumiririrwa seizvi:
Mufananidzo uyu unoratidza kuti traffic yakaunganidzwa kubva pasi kusvika kumusoro, i.e. kubva kuvashandisi vekupedzisira kuenda kune tier-1 vanoshanda. Kune zvakare kuchinjika kwakachinjika kwetraffic pakati peASs dzinenge dzakaenzana kune imwe neimwe.
Chikamu chakakosha uye panguva imwechete kukanganisa kwechirongwa ichi ndechimwe chikanganiso chekubatana pakati pezvirongwa zvekuzvidzivirira zviri pedyo nemushandisi wekupedzisira, mukati menzvimbo. Chimbofunga mufananidzo uri pasi apa:
Ngatifungei kuti muguta guru mune 5 telecom operators, vachitarisa pakati payo, nokuda kwechikonzero chimwe kana chimwe, yakarongeka sezvakaratidzwa pamusoro apa.
Kana mushandisi Petya, akabatana neGo ISP, achida kuwana sevha yakabatana neiyo ASM mupi, ipapo traffic iri pakati pavo ichamanikidzwa kupfuura ne5 yakazvimirira masisitimu. Izvi zvinowedzera kunonoka nekuti nhamba yemidziyo yetiweki kuburikidza iyo traffic ichaenda inowedzera, pamwe neiyo vhoriyamu yekufambisa traffic pane yakazvimirira masisitimu pakati peGo neASM.
Nzira yekudzikisa sei huwandu hwemaAS ekufambisa ayo traffic inomanikidzwa kupfuura? Ndizvozvo - traffic exchange point.
Nhasi, kubuda kweIXPs itsva kunotungamirirwa nezvinodiwa zvakafanana nepakutanga 90s-2000s, chete pachikamu chiduku, maererano nenhamba inowedzera yevafambisi venhare, vashandisi uye traffic, kuwedzera kwehuwandu hwehuwandu hunogadzirwa neCDN network. uye data centers.
Chii chinonzi exchange point?
Nzvimbo yekuchinjana traffic inzvimbo ine yakakosha network network uko vatori vechikamu vanofarira mukuwirirana traffic exchange vanoronga kutarisana. Vatori vechikamu vakuru venzvimbo dzekutsinhana kwetraffic: telecom operators, Internet vanopa, vanopa zvemukati uye nzvimbo dzedata. Panzvimbo dzekuchinjana traffic, vatori vechikamu vanobatana zvakananga kune mumwe nemumwe. Izvi zvinokubvumira kugadzirisa matambudziko anotevera:
- kuderedza latency,
- kuderedza huwandu hwetraffic traffic,
- gadzirisa nzira pakati peAS.
Tichifunga kuti maIXPs aripo mumaguta makuru akawanda pasi rose, izvi zvese zvine mhedzisiro inobatsira paInternet zvachose.
Kana iyo iri pamusoro apa nePetya yakagadziriswa uchishandisa IXP, ichaita seizvi:
Iyo traffic exchange point inoshanda sei?
Semutemo, IIXP yakaparadzana AS ine block yayo yeruzhinji IPv4/IPv6 kero.
Iyo IXP network kazhinji ine inoenderera L2 domain. Dzimwe nguva iyi ingori VLAN inobata vese vatengi veIXP. Kana zvasvika kune yakakura, yakagovaniswa IXPs, matekinoroji akadai seMPLS, VXLAN, nezvimwewo anogona kushandiswa kuronga L2 domain.
Zvinhu zveIXP
- SKS. Hapana chinhu chisina kujairika pano: racks, optical cross-connects, patch panels.
- Swichi - hwaro hweIXP. Iyo switch port ndiyo nzvimbo yekupinda muIXP network. Iwo ma switch anoitawo chikamu chekuchengetedza mabasa - anosefa junk traffic iyo isingafanirwe kunge iripo paIXP network. Semutemo, ma switch anosarudzwa zvichienderana nezvinodiwa zvinoshanda - kuvimbika, inotsigirwa kumhanya kwechiteshi, kuchengetedza maficha, sFlow rutsigiro, nezvimwe.
- Route server (RS) - yakakosha uye inodiwa chikamu chemazuva ano chekuchinjana traffic. Nheyo yekushanda yakafanana neyo nzira yekuratidzira muBGP kana router yakasarudzwa muOSPF uye inogadzirisa matambudziko akafanana. Sezvo nhamba yevatori vechikamu munzvimbo yekuchinjana kwemotokari inokura, nhamba yezvikamu zveBGP izvo mubatanidzwa mumwe nomumwe anoda kutsigira zvinowedzera, i.e. izvi zvinoyeuchidza yekirasi yakazara-mesh topology muBGP. RS inogadzirisa dambudziko nenzira inotevera: inotangisa musangano weBGP nemunhu wese anofarira IXP, uye uyo anotora chikamu anova mutengi weRS. Kugamuchira BGP update kubva kune mumwe wevatengi vayo, RS inotumira iyi update kune vamwe vese vatengi vayo, hongu, kunze kweiyo iyo iyi update yakagamuchirwa. Nekudaro, RS inobvisa kukosha kwekumisikidza yakazara-mesh pakati penhengo dzese dzeIXP uye inogadzirisa zvine hungwaru dambudziko re scalability. Zvakakosha kucherechedza kuti sevha yenzira inoendesa pachena nzira kubva kune imwe AS kuenda kune imwe pasina kuita shanduko kune hunhu hunoparidzirwa neBGP, semuenzaniso, haiwedzeri nhamba muAS yayo kune AS-nzira. Zvakare paRS pane kusefa kwekutanga kwenzira: semuenzaniso, RS haigamuchire Martians network uye prefixes yeIXP pachayo.
Iyo yakavhurika sosi software router, BIRD (shiri internet routing daemon), inowanzo shandiswa senzira sevha mhinduro. Chinhu chakanaka pamusoro payo ndechekuti ndeyemahara, inotumirwa nekukurumidza pane mazhinji maLinux kugovera, ine inochinjika nzira yekumisikidza marongero ekufambisa / kusefa, uye haisi kuda pamakomputa zviwanikwa. Zvakare, hardware / virtual router kubva kuCisco, Juniper, nezvimwewo inogona kusarudzwa seRS.
- Chengetedzo. Sezvo network yeIXP iri muunganidzwa wenhamba huru yeASes, mutemo wekuchengetedza uyo vatori vechikamu vese vanofanirwa kutevedzera unofanirwa kunyorwa zvakanaka. Kazhinji, nzira dzese dzakafanana dzinoshanda pakumisikidza BGP padhuze pakati pevaviri vakasiyana veBGP kunze kweIXP inoshanda pano, pamwe nemamwe maficha ekuchengetedza.
Semuenzaniso, itsika yakanaka kubvumira traffic chete kubva kune yakatarwa mac kero yeIXP anotora chikamu, iyo inokurukurwa pamberi. Kuramba traffic ine ethertype ndima kunze kwe0x0800(IPv4), 0x08dd(IPv6), 0x0806(ARP); izvi zvinoitwa kuitira kusefa traffic isiri muBGP peering. Nzira dzakadai seGTSM, RPKI, nezvimwe zvinogona kushandiswawo.
Zvichida zviri pamusoro apa ndizvo zvikamu zvikuru zveIXP chero ipi zvayo, pasinei nechiyero. Ehe, maIXP akakura anogona kunge aine mamwe matekinoroji uye mhinduro munzvimbo.
Izvo zvinoitika kuti IXP inopawo vatori vechikamu mamwe masevhisi:
- yakaiswa paIXP TLD DNS server,
- gadza Hardware NTP maseva, uchibvumira vatori vechikamu kunyatso wiriranisa nguva,
- kupa dziviriro kubva kuDDoS kurwiswa, nezvimwe.
Ainoita
Ngatitarisei musimboti wekushanda kwenzvimbo yekutsinhana kwetraffic tichishandisa muenzaniso weIXP yakapfava, yakamisikidzwa uchishandisa EVE-NG, uye tofunga nezvekutanga kuseta yeBIRD software router. Kurerutsa dhiyagiramu, isu tinosiya zvinhu zvakakosha zvakadai sedundancy uye kukanganisa kushivirira.
Iyo network topology inoratidzwa mumufananidzo uri pazasi.
Ngatifungei kuti isu tinopa nzvimbo diki yekutsinhana uye tinopa anotevera ezera sarudzo:
- kutarisisa paruzhinji,
- kutarisisa wega,
- kutarisisa uchishandisa nzira server.
Yedu AS nhamba i555, isu tine block ye IPv4 kero - 50.50.50.0/24, kubva kwatinoburitsa IP kero kune avo vanoda kubatana kune network yedu.
50.50.50.254 - IP kero yakagadziridzwa pane nzira server interface, neiyi IP vatengi vanogadzira musangano weBGP kana uchitarisa kuburikidza neRS.
Zvakare, yekutarisisa kuburikidza neRS, isu takagadzira yakapusa routing mutemo yakavakirwa panharaunda yeBGP, iyo inobvumira vatori vechikamu veIXP kutonga kunaani uye nzira dzekutumira:
BGP nharaunda
tsananguro
LOCAL_AS:PEER_AS
Tumira prefixes chete kuPEER_AS
LOCAL_AS:IXP_AS
Shandura prefixes kune vese IXP vatori vechikamu
Vatengi vatatu vanoda kubatana neIXP yedu uye kuchinjanisa traffic; Ngatitii ava ndivo vanopa Internet. Vese vanoda kuronga kutarisisa kuburikidza nesevha yenzira. Pazasi pane dhayagiramu ine mutengi yekubatanidza paramita:
Mutengi
Mutengi AS nhamba
Mutengi akashambadza prefixes
IP kero yakapihwa mutengi kuti abatanidze kuIXP
ISP #1
AS100
1.1.0.0/16
50.50.50.10/24
ISP #2
AS200
2.2.0.0/16
50.50.50.20/24
ISP #3
AS300
3.3.0.0/16
50.50.50.30/24
Basic BGP setup pane mutengi router:
router bgp 100
no bgp enforce-first-as
bgp log-neighbor-changes
neighbor 50.50.50.254 remote-as 555
address-family ipv4
network 1.1.0.0 mask 255.255.0.0
neighbor 50.50.50.254 activate
neighbor 50.50.50.254 send-community both
neighbor 50.50.50.254 soft-reconfiguration inbound
neighbor 50.50.50.254 route-map ixp-out out
exit-address-family
ip prefix-list as100-prefixes seq 5 permit 1.1.0.0/16
route-map bgp-out permit 10
match ip address prefix-list as100-prefixes
set community 555:555
Izvo zvakakosha kucherechedza iyo kwete bgp enforce-kutanga-sekugadzika pano. By default, BGP inoda kuti se-nzira yakagamuchirwa BGP update ine sezvo bgp nhamba yevezera kubva update yakagamuchirwa. Asi sezvo sevha yenzira isingaite shanduko kune-se-nzira, nhamba yayo haizove mu-se-nzira uye iyo yekuvandudza icharaswa. Kuseta uku kunoshandiswa kuita kuti router isateerere mutemo uyu.
Isu tinoona zvakare kuti mutengi akaisa bgp nharaunda 555:555 kune iyi prefix, izvo zvinoenderana nemutemo wedu zvinoreva kuti mutengi anoda kushambadza prefix iyi kune vamwe vatori vechikamu.
Kune mamwe ma-routers evatengi, zvigadziriso zvichange zvakafanana, kunze kwemaparamita avo akasiyana.
Muenzaniso BIRD kumisikidza:
define ixp_as = 555;
define ixp_prefixes = [ 50.50.50.0/24+ ];
template bgp RS_CLIENT {
local as ixp_as;
rs client;
}
Izvi zvinotevera zvinotsanangura sefa isingagamuchire martians prefixes, pamwe ne prefixes yeIXP pachayo:
function catch_martians_and_ixp()
prefix set martians;
prefix set ixp_prefixes;
{
martians = [
0.0.0.0/8+,
10.0.0.0/8+,
100.64.0.0/10+,
127.0.0.0/8+,
169.254.0.0/16+,
172.16.0.0/12+,
192.0.0.0/24+,
192.0.2.0/24+,
192.168.0.0/16+,
198.18.0.0/15+,
198.51.100.0/24+,
203.0.113.0/24+,
224.0.0.0/4+,
240.0.0.0/4+ ];
if net ~ martians || net ~ ixp_prefixes then return false;
return true;
}
Iri basa rinoshandisa mutemo wekufambisa watakatsanangura pakutanga.
function bgp_ixp_policy(int peer_as)
{
if (ixp_as, ixp_as) ~ bgp_community then return true;
if (ixp_as, peer_as) ~ bgp_community then return true;
return false;
}
filter reject_martians_and_ixp
{
if catch_martians_and_ixp() then reject;
if ( net ~ [0.0.0.0/0{25,32} ] ) then {
reject;
}
accept;
}
Isu tinogadzirisa kutarisisa, kushandisa mafirita akakodzera uye marongero.
protocol as_100 from RS_CLIENT {
neighbor 50.50.50.10 as 100;
ipv4 {
export where bgp_ixp_policy(100);
import filter reject_martians_and_ixp;
}
}
protocol as_200 from RS_CLIENT {
neighbor 50.50.50.20 as 200;
ipv4 {
export where bgp_ixp_policy(200);
import filter reject_martians_and_ixp;
}
}
protocol as_300 from RS_CLIENT {
neighbor 50.50.50.30 as 300;
ipv4 {
export where bgp_ixp_policy(300);
import filter reject_martians_and_ixp;
}
}
Izvo zvakakosha kucherechedza kuti pane sevha yenzira itsika yakanaka kuisa nzira kubva kune vakasiyana vezera muRIB dzakasiyana. SHIRI inokubvumira kuita izvi. Mumuenzaniso wedu, kuti zvive nyore, zvese zvigadziriso zvakagamuchirwa kubva kune vese vatengi zvinowedzerwa mune imwechete yakafanana RIB.
Saka, ngatitarisei zvatinazvo.
Pane sevha yenzira tinoona kuti musangano weBGP wakamiswa nevatengi vese vatatu:
Isu tinoona kuti tinogashira prefixes kubva kune vese vatengi:
Pane iyo se100 router, tinoona kuti kana paine imwe chete BGP musangano neiyo nzira sevha, tinogashira prefixes kubva kune ese 200 uye se300, nepo BGP hunhu husina kuchinja, sekunge kutarisisa pakati pevatengi kwakaitwa zvakananga:
Nokudaro, tinoona kuti kuvapo kwevhavha yenzira kunorerutsa zvikuru sangano rekutarisa paIXP.
Ndinovimba kuti ratidziro iyi yakakubatsira kuti unzwisise zviri nani mashandiro eIXPs uye mashandiro anoita sevha yenzira paIXP.
Linxdatacenter IX
PaLinxdatacenter, isu takavaka yedu IXP zvichibva pane inoshivirira-inoshivirira zvivakwa zve 2 switch uye 2 nzira maseva. Yedu IXP yave kushanda muyedzo modhi, uye isu tinokoka munhu wese kuti abatanidze kuLinxdatacenter IX uye kutora chikamu mukuyedza. Kana yabatanidzwa, iwe uchapihwa chiteshi chine bandwidth ye1 Gbit/s, kugona kutarisa kuburikidza nemasevha enzira yedu, pamwe nekuwana account yako yeIX portal, inowanikwa pa. .
Nyora mumashoko kana mameseji akavanzika kuti uwane mukana wekuyedzwa.
mhedziso
Trafiki dzekuchinjana nzvimbo dzakamuka pakutanga kweInternet sechishandiso chekugadzirisa nyaya ye suboptimal traffic kuyerera pakati pevafambisi venhare. Ikozvino, nekuuya kwemasevhisi matsva epasi rose uye kuwedzera kwehuwandu hweCDN traffic, nzvimbo dzekutsinhana dzinoramba dzichiwedzera kushanda kwe network yepasi rose. Kuwedzera kwehuwandu hweIXPs munyika kunobatsira vese mushandisi wekupedzisira wesevhisi uye telecom vanoshanda, zvemukati vanoshanda, nezvimwe. Kune vatori vechikamu IXP, kubatsirwa kunoratidzwa mukuderedza mari yekuronga kutarisisa kwekunze, kuderedza huwandu hwemotokari iyo vashandi vepamusoro-soro vanofanira kubhadhara, kugadzirisa nzira, uye kukwanisa kuva nehurukuro yakananga nevashandisi vezvinyorwa.
Useful links
- Wona mepu yenzvimbo yenzvimbo dzekuchinjana traffic:
- Wona huwandu hwakadzama hweBGP kutarisa, kusanganisira kuvapo paIXP:
Source: www.habr.com