"Re thehile khokahano ea mohala lipakeng tsa rona le bashanyana ba SRI ...", Kleinrock ... o boletse puisanong:
Re ile ra thaepa L mme ra botsa mohaleng, "Na u bona L?"
“E, re bona Jehova,” ha hlaha karabelo.
Re ile ra thaepa O, 'me ra botsa, "Na u bona O."
"E, re bona O."
"Eaba re thaepa G, mme sistimi ea senyeha"...Leha ho le joalo phetohelo e ne e qalile ...
Tšimoloho ea inthanete.
Hello mong le e mong!
Lebitso la ka ke Alexander, ke moenjiniere oa marang-rang Linxdatacenter. Sehloohong sa kajeno re tla bua ka lintlha tsa phapanyetsano ea sephethephethe (Internet Exchange Points, IXP): ke eng e etelletseng pele ponahalo ea bona, ke mesebetsi efe eo ba e rarollang le hore na ba hahiloe joang. Hape sehloohong sena ke tla bontša molao-motheo oa ts'ebetso ea IXP ho sebelisa sethala sa EVE-NG le router ea software ea BIRD, e le hore u be le kutloisiso ea hore na e sebetsa joang "tlas'a hood".
Pale ea histori
Haeba u sheba , joale u ka bona hore keketseho e potlakileng ea palo ea libaka tsa phapanyetsano ea sephethephethe e qalile ka 1993. Sena se bakoa ke taba ea hore boholo ba sephethe-phethe sa li-telecom operators tse neng li le teng ka nako eo li ne li feta marang-rang a mokokotlo oa US. Kahoo, ho etsa mohlala, ha sephethephethe se tloha ho opareitara ea Fora ho ea ho opareitara Jeremane, se ile sa qala ho tloha Fora ho ea USA, ebe se tloha USA ho ea Jeremane. Marang-rang a mokokotlo tabeng ena a sebetsa e le sepalangoang pakeng tsa Fora le Jeremane. Esita le sephethephethe ka hare ho naha e le 'ngoe hangata se ne se sa fete ka ho toba, empa ka marang-rang a mokokotlo oa basebetsi ba Amerika.
Boemo bona ba litaba ha boa ka ba ama feela litšenyehelo tsa ho tsamaisa sephethephethe, empa hape le boleng ba likanale le tieho. Palo ea basebelisi ba Marang-rang e ile ea eketseha, basebelisi ba bacha ba hlaha, palo ea sephethephethe e ile ea eketseha, 'me Inthanete e ile ea hōla. Basebelisi lefatšeng ka bophara ba ile ba qala ho hlokomela hore ho hlokahala mokhoa o utloahalang haholoanyane oa ho hlophisa tšebelisano ea li-inter-operator. Ke hobane'ng ha 'na, motsamaisi oa A, ke lokela ho lefella leeto la ho haola le naha e 'ngoe e le hore ke ise sephethe-phethe ho opareitara B, e seterateng se latelang?" Ena ke potso eo basebelisi ba mehala ea mehala ba neng ba ipotsa eona ka nako eo. Kahoo, libaka tsa phapanyetsano ea sephethephethe li ile tsa qala ho hlaha likarolong tse fapaneng tsa lefats'e libakeng tsa mahloriso tsa basebetsi:
- 1994 - LINX London,
- 1995 - DE-CIX e Frankfurt,
- 1995 - MSK-IX, Moscow, joalo-joalo.
Internet le matsatsi a rona
Ka mohopolo, moralo oa Marang-rang oa sejoale-joale o na le litsamaiso tse ngata tse ikemetseng (AS) le likhokahano tse ngata lipakeng tsa tsona, tsa 'mele le tse utloahalang, tse khethollang tsela ea sephethephethe ho tloha ho AS ho ea ho se seng.
Li-AS hangata ke basebelisi ba mehala, bafani ba Marang-rang, li-CDN, litsi tsa data, le lik'hamphani tsa karolo ea likhoebo. Li-ASes li hlophisa likhokahano tse utloahalang (ho shebisisa) har'a tsona, hangata li sebelisa protocol ea BGP.
Hore na litsamaiso tse ikemetseng li hlophisa likhokahano tsena joang ho khethoa ke lintlha tse 'maloa:
- sebaka,
- moruo,
- lipolotiki,
- litumellano le lithahasello tse tšoanang pakeng tsa beng ba AS,
- joalo-joalo.
Ha e le hantle, morero ona o na le sebopeho se itseng le bolaoli. Ka hona, basebetsi ba arotsoe ka tier-1, tier-2 le tier-3, 'me haeba bareki ba mofani oa marang-rang oa lehae (tier-3) e le molao, basebelisi ba tloaelehileng, ka mohlala, bakeng sa karolo-1 Basebelisi ba boemo ba bareki ke basebelisi ba bang. Basebeletsi ba Tier-3 ba kopanya sephethephethe sa ba ngolisitseng, li-telecom operators tsa tier-2, le bona, ba kopanya sephethephethe sa li-operators tsa tier-3, le tier-1 - sephethephethe sohle sa Marang-rang.
Ka mokhoa o hlophisitsoeng e ka emeloa tjena:
Setšoantšo sena se bontša hore sephethephethe se kopantsoe ho tloha tlaase ho ea holimo, i.e. ho tloha ho basebelisi ba ho qetela ho ea ho basebetsi ba tier-1. Ho boetse ho na le phapanyetsano ea sephethephethe lipakeng tsa li-AS tse batlang li lekana.
Karolo ea bohlokoa 'me ka nako e ts'oanang bofokoli ba morero ona ke pherekano e itseng ea likamano pakeng tsa litsamaiso tse ikemetseng tse fumanehang haufi le mosebedisi oa ho qetela, ka har'a sebaka sa libaka. Nahana ka setšoantšo se ka tlase:
A re nke hore motseng o moholo ho na le li-telecom operators tse 5, tse shebileng pakeng tsa tsona, ka lebaka le leng, li hlophisitsoe joalokaha ho bontšitsoe ka holimo.
Haeba mosebelisi Petya, a hokahaneng le Go ISP, a batla ho fihlella seva e hokahantsoeng le mofani oa ASM, joale sephethephethe se pakeng tsa bona se tla qobelloa ho feta lits'ebetsong tse 5 tse ikemetseng. Sena se eketsa tieho hobane palo ea lisebelisoa tsa marang-rang tseo sephethephethe se tla tsamaea ka tsona li eketseha, hammoho le palo ea sephethephethe sa lipalangoang ho litsamaiso tse ikemetseng pakeng tsa Go le ASM.
Joang ho fokotsa palo ea li-AS tsa lipalangoang tseo sephethephethe se qobelloang ho feta ho tsona? Ho joalo - sebaka sa phapanyetsano ea sephethephethe.
Kajeno, ho hlaha ha li-IXP tse ncha ho khannoa ke litlhoko tse tšoanang le tsa 90-2000 tsa pele, feela ka tekanyo e nyenyane, ho arabela palo e ntseng e eketseha ea basebetsi ba thelevishene, basebelisi le sephethephethe, palo e ntseng e eketseha ea litaba tse hlahisoang ke marang-rang a CDN. le litsi tsa data.
Phapanyetsano ke eng?
Sebaka sa phapanyetsano ea sephethephethe ke sebaka se nang le lisebelisoa tse khethehileng tsa marang-rang moo barupeluoa ba nang le thahasello ea phapanyetsano ea sephethephethe ba hlophisang ho shebana. Barupeluoa ba ka sehloohong ba lintlha tsa phapanyetsano ea sephethephethe: basebetsi ba telecom, bafani ba Inthanete, bafani ba litaba le litsi tsa data. Libakeng tsa phapanyetsano ea sephethephethe, barupeluoa ba ikopanya ka ho toba. Sena se o nolofalletsa ho rarolla mathata a latelang:
- fokotsa latency,
- fokotsa bongata ba sephethephethe sa lipalangoang,
- ntlafatsa tsela pakeng tsa AS.
Ha ho nahanoa hore li-IXP li teng metseng e mengata e meholo ho pota lefatše, sena sohle se na le phello e molemo ho Internet ka kakaretso.
Haeba boemo bo ka holimo le Petya bo rarolloa ka IXP, ho tla hlaha ntho e kang ena:
Sebaka sa phapanyetsano ea sephethephethe se sebetsa joang?
Joalo ka molao, IIXP ke AS e arohaneng e nang le liaterese tsa eona tsa sechaba tsa IPv4/IPv6.
Marang-rang a IXP hangata a na le sebaka se tsoelang pele sa L2. Ka linako tse ling sena ke feela VLAN e amohelang bareki bohle ba IIXP. Ha ho tluoa tabeng ea li-IXP tse khōloanyane, tse ajoang ka libaka, mahlale a kang MPLS, VXLAN, joalo-joalo a ka sebelisoa ho hlophisa sebaka sa L2.
Lintlha tsa IXP
- SKS. Ha ho letho le sa tloaelehang mona: li-racks, li-optical cross-connects, li-patch panels.
- Liphetoho - motheo oa IXP. Boema-kepe ke sebaka sa ho kena marang-rang a IXP. Li-switch li boetse li etsa karolo ea mesebetsi ea ts'ireletso - li hloekisa sephethephethe se sa lokelang ho ba teng marang-rang a IXP. E le molao, li-switches li khethoa ho latela litlhoko tsa ts'ebetso - ho tšepahala, lebelo le tšehetsoeng la li-port, likarolo tsa ts'ireletso, tšehetso ea sFlow, joalo-joalo.
- Seva ea tsela (RS) - karolo ea bohlokoa le e hlokahalang ea sebaka sefe kapa sefe sa sejoale-joale sa phapanyetsano ea sephethephethe. Molao-motheo oa ts'ebetso o ts'oana haholo le mokhoa oa ho bonahatsa tsela ho iBGP kapa router e khethiloeng ho OSPF le ho rarolla mathata a tšoanang. Ha palo ea barupeluoa sebakeng sa phapanyetsano ea sephethephethe e ntse e eketseha, palo ea liboka tsa BGP tseo morupeluoa e mong le e mong a hlokang ho li tšehetsa e eketseha, ke hore. sena se re hopotsa topology ea khale e tletseng mesh ho iBGP. RS e rarolla bothata ka tsela e latelang: e theha seboka sa BGP le monkakarolo e mong le e mong oa IXP ea nang le thahasello, 'me monkakarolo eo e ba moreki oa RS. Ha e fumana ntlafatso ea BGP ho tsoa ho e mong oa bareki ba eona, RS e romella ntlafatso ena ho bareki ba eona ba bang, ehlile, ntle le eo ntlafatso ena e amohetsoeng ho eona. Kahoo, RS e felisa tlhoko ea ho theha marang-rang a felletseng lipakeng tsa litho tsohle tsa IXP le ho rarolla bothata ba scalability ka bokhabane. Ke habohlokoa ho hlokomela hore seva sa tsela se fetisa ka mokhoa o hlakileng litsela ho tloha ho AS ho ea ho se seng ntle le ho etsa liphetoho ho litšobotsi tse fetisitsoeng ke BGP, mohlala, ha e kenye palo ho AS ea eona ho AS-path. Hape ho RS ho na le mokhoa oa motheo oa ho sefa litsela: mohlala, RS ha e amohele marang-rang a Martians le li-prefixes tsa IXP ka boeona.
Sesebelisoa se bulehileng sa software, BIRD (daemon ea marang-rang ea nonyana), hangata e sebelisoa e le tharollo ea seva sa tsela. Ntho e ntle ka eona ke hore ha e lefelloe, e sebelisoa ka potlako ho li-distributions tse ngata tsa Linux, e na le mokhoa o feto-fetohang oa ho theha maano a ho tsamaisa / ho sefa, 'me ha e hloke lisebelisoa tsa k'homphieutha. Hape, hardware / router ea sebele ho tloha Cisco, Juniper, joalo-joalo e ka khethoa e le RS.
- Tshireletso. Kaha marang-rang a IXP ke motsoako oa palo e kholo ea li-AS, leano la tšireletso leo barupeluoa bohle ba lokelang ho le latela le tlameha ho ngoloa hantle. Ka kakaretso, mekhoa eohle e ts'oanang e sebetsang ha ho theha kamano ea BGP lipakeng tsa lithaka tse peli tse arohaneng tsa BGP kantle ho IXP li sebetsa mona, hammoho le likarolo tse ling tsa ts'ireletso.
Ka mohlala, ke mokhoa o motle oa ho lumella sephethephethe feela ho tloha atereseng e itseng ea mac ea motlatsi oa IXP, e buisanoang esale pele. Ho hana sephethephethe ka masimo a ethertype ntle le 0x0800(IPv4), 0x08dd(IPv6), 0x0806(ARP); sena se etsoa molemong oa ho sefa sephethephethe se seng sa BGP. Mekhoa e kang GTSM, RPKI, joalo-joalo e ka boela ea sebelisoa.
Mohlomong tse ka holimo ke likarolo tse ka sehloohong tsa IIXP efe kapa efe, ho sa tsotelehe sekala. Ehlile, li-IXP tse kholo li kanna tsa ba le mahlale a eketsehileng le tharollo sebakeng.
Hoa etsahala hore IXP e boetse e fa barupeluoa ba eona litšebeletso tse eketsehileng:
- e behiloe ho seva sa IIXP TLD DNS,
- kenya li-server tsa NTP tsa Hardware, tse lumellang barupeluoa ho hokahanya nako ka nepo,
- fana ka tšireletso khahlanong le litlhaselo tsa DDoS, joalo-joalo.
Kamoo e ea sebetsang
Ha re shebeng molao-motheo oa ts'ebetso ea sebaka sa phapanyetsano ea sephethephethe re sebelisa mohlala oa IXP e bonolo, e entsoeng ka EVE-NG, ebe re nahana ka setaele sa mantlha sa router ea software ea BIRD. Ho nolofatsa sets'oants'o sena, re tla siea lintho tsa bohlokoa joalo ka bofokoli le mamello ea liphoso.
Topology ea marang-rang e bontšoa setšoantšong se ka tlase.
Ha re nke hore re fana ka sebaka se senyenyane sa phapanyetsano mme re fana ka likhetho tse latelang tsa lithaka:
- ho shebisisa sechaba,
- ho shebisisa boinotšing,
- ho sheba ka tsela ea seva.
Nomoro ea rona ea AS ke 555, re na le block ea liaterese tsa IPv4 - 50.50.50.0/24, moo re ntšang liaterese tsa IP bakeng sa ba batlang ho hokela marang-rang a rona.
50.50.50.254 - Aterese ea IP e lokiselitsoeng ho sebopeho sa seva sa tsela, ka bareki bana ba IP ba tla theha seboka sa BGP tabeng ea ho shebella ka RS.
Hape, bakeng sa ho nyarela ka RS, re thehile leano le bonolo la ho tsamaisa litsela le ipapisitseng le sechaba sa BGP, le lumellang bankakarolo ba IXP ho laola hore na ba rometsoe ho mang le litsela life:
Sechaba sa BGP
tlhaloso
LOCAL_AS:PEER_AS
Romela lihlohopele ho PEER_AS feela
LOCAL_AS:IXP_AS
Fetisetsa li-prefixes ho barupeluoa bohle ba IXP
Bareki ba 3 ba batla ho hokela ho IIXP ea rona le ho fapanyetsana sephethephethe; Ha re re bana ke bafani ba Marang-rang. Kaofela ba batla ho hlophisa ho sheba ka har'a seva sa tsela. Ka tlase ke setšoantšo se nang le li-parameter tsa khokahanyo ea bareki:
Moreki
Customer AS nomoro
Li-prefixes tse phatlalalitsoeng ke moreki
Aterese ea IP e fuoeng moreki hore a hokahane le IIXP
ISP #1
NKA 100
1.1.0.0/16
50.50.50.10/24
ISP #2
NKA 200
2.2.0.0/16
50.50.50.20/24
ISP #3
NKA 300
3.3.0.0/16
50.50.50.30/24
Tlhophiso ea mantlha ea BGP ho router ea bareki:
router bgp 100
no bgp enforce-first-as
bgp log-neighbor-changes
neighbor 50.50.50.254 remote-as 555
address-family ipv4
network 1.1.0.0 mask 255.255.0.0
neighbor 50.50.50.254 activate
neighbor 50.50.50.254 send-community both
neighbor 50.50.50.254 soft-reconfiguration inbound
neighbor 50.50.50.254 route-map ixp-out out
exit-address-family
ip prefix-list as100-prefixes seq 5 permit 1.1.0.0/16
route-map bgp-out permit 10
match ip address prefix-list as100-prefixes
set community 555:555
Ho bohlokoa ho hlokomela hore no bgp enforce-pele-joalo ka ha e behiloe mona. Ka kamehla, BGP e hloka hore tsela ea ntlafatso e amohetsoeng ea BGP e na le nomoro ea bgp ea thaka eo ntlafatso e amohetsoeng ho eona. Empa kaha sebatli sa tsela ha se etse liphetoho tseleng, palo ea eona e ke ke ea e-ba teng 'me ntlafatso e tla lahloa. Litlhophiso tsena li sebelisetsoa ho etsa hore router e hlokomolohe molao ona.
Hape rea bona hore moreki o behile bgp community 555:555 ho sehlomathiso sena, seo ho latela leano la rona se bolelang hore moreki o batla ho bapatsa sehlomathiso sena ho barupeluoa ba bang kaofela.
Bakeng sa li-routers tsa bareki ba bang, litlhophiso li tla tšoana, ntle le li-parameter tsa bona tse ikhethang.
Mohlala oa tlhophiso ea BIRD:
define ixp_as = 555;
define ixp_prefixes = [ 50.50.50.0/24+ ];
template bgp RS_CLIENT {
local as ixp_as;
rs client;
}
Se latelang se hlalosa sefe se sa amoheleng li-prefixes tsa martians, hammoho le li-prefixes tsa IXP ka boeona:
function catch_martians_and_ixp()
prefix set martians;
prefix set ixp_prefixes;
{
martians = [
0.0.0.0/8+,
10.0.0.0/8+,
100.64.0.0/10+,
127.0.0.0/8+,
169.254.0.0/16+,
172.16.0.0/12+,
192.0.0.0/24+,
192.0.2.0/24+,
192.168.0.0/16+,
198.18.0.0/15+,
198.51.100.0/24+,
203.0.113.0/24+,
224.0.0.0/4+,
240.0.0.0/4+ ];
if net ~ martians || net ~ ixp_prefixes then return false;
return true;
}
Ts'ebetso ena e sebelisa leano la ho tsamaisa tsela leo re le hlalositseng pejana.
function bgp_ixp_policy(int peer_as)
{
if (ixp_as, ixp_as) ~ bgp_community then return true;
if (ixp_as, peer_as) ~ bgp_community then return true;
return false;
}
filter reject_martians_and_ixp
{
if catch_martians_and_ixp() then reject;
if ( net ~ [0.0.0.0/0{25,32} ] ) then {
reject;
}
accept;
}
Re hlophisa ho sheba, ho sebelisa li-filters le maano a nepahetseng.
protocol as_100 from RS_CLIENT {
neighbor 50.50.50.10 as 100;
ipv4 {
export where bgp_ixp_policy(100);
import filter reject_martians_and_ixp;
}
}
protocol as_200 from RS_CLIENT {
neighbor 50.50.50.20 as 200;
ipv4 {
export where bgp_ixp_policy(200);
import filter reject_martians_and_ixp;
}
}
protocol as_300 from RS_CLIENT {
neighbor 50.50.50.30 as 300;
ipv4 {
export where bgp_ixp_policy(300);
import filter reject_martians_and_ixp;
}
}
Ke habohlokoa ho hlokomela hore ho seva sa litsela ke mokhoa o motle oa ho beha litsela ho tloha ho lithaka tse fapaneng ho ea ho li-RIB tse fapaneng. NONYANA e o dumella ho etsa sena. Mohlala oa rona, bakeng sa ho nolofatsa, lintlafatso tsohle tse amoheloang ho tsoa ho bareki bohle li kenyellelitsoe ho RIB e le 'ngoe e tloaelehileng.
Kahoo, ha re hlahlobeng seo re nang le sona.
Ho seva sa tsela re bona hore seboka sa BGP se thehiloe le bareki bohle ba bararo:
Re bona hore re fumana li-prefixes ho tsoa ho bareki bohle:
Ho router ea 100, re bona hore haeba ho na le seboka se le seng sa BGP le seva sa tsela, re fumana li-prefixes ho tloha ka bobeli e le 200 le 300, ha litšoaneleho tsa BGP li sa fetoha, joalokaha eka ho shebella pakeng tsa bareki ho entsoe ka ho toba:
Kahoo, rea bona hore ho ba teng ha seva sa litsela ho nolofatsa haholo mokhatlo oa ho shebella ho IXP.
Ke tšepa hore pontšo ena e u thusitse ho utloisisa hamolemo hore na IXPs e sebetsa joang le hore na seva sa tsela se sebetsa joang ho IXP.
Linxdatacenter IX
Ho Linxdatacenter, re iketselitse IXP ea rona ho ipapisitse le meaho e mamellang liphoso ea li-switch tse 2 le li-server tse peli tsa tsela. IXP ea rona e se e sebetsa ka mokhoa oa teko, 'me re mema bohle hore ba ikopanye le Linxdatacenter IX le ho kenya letsoho tekong. Ha o hokahantsoe, o tla fuoa boema-kepe bo nang le bandwidth ea 2 Gbit/s, bokhoni ba ho bona li-server tsa rona, hammoho le phihlello ea akhaonto ea hau ea portal ea IX, e fumanehang ho. .
Ngola maikutlo kapa melaetsa ea lekunutu hore u fihlele liteko.
fihlela qeto e
Lintlha tsa phapanyetsano ea sephethephethe li hlahile qalong ea Marang-rang e le sesebelisoa sa ho rarolla bothata ba phallo e tlase ea sephethephethe lipakeng tsa basebelisi ba mehala. Hona joale, ka ho fihla ha litšebeletso tse ncha tsa lefats'e le keketseho ea palo ea sephethephethe sa CDN, lintlha tsa phapanyetsano li tsoela pele ho ntlafatsa ts'ebetso ea marang-rang a lefats'e. Keketseho ea palo ea li-IXP lefatšeng e tsoela molemo mosebelisi oa ho qetela oa lits'ebeletso le basebelisi ba mehala ea mehala, basebelisi ba litaba, jj. Bakeng sa barupeluoa ba IXP, molemo o bontšoa ka ho fokotsa litšenyehelo tsa ho hlophisa lithaka tsa ka ntle, ho fokotsa palo ea sephethephethe seo basebetsi ba boemo bo phahameng ba lokelang ho se lefa, ho ntlafatsa tsela, le bokhoni ba ho ba le sebopeho se tobileng le basebelisi ba litaba.
likhokahano tse sebetsang
- Sheba 'mapa oa sebaka sa libaka tsa phapanyetsano ea therafiki:
- Sheba lipalo-palo tse felletseng mabapi le ho shebana le BGP, ho kenyelletsa le boteng ho IXP:
Source: www.habr.com