Umfanekiso:
Namhlanje, inxalenye ebalulekileyo yawo wonke umxholo kwi-Intanethi isasazwa kusetyenziswa iinethiwekhi zeCDN. Kwangaxeshanye, uphando malunga nendlela abavelisi abahlukeneyo abayandisa ngayo impembelelo yabo kuthungelwano olunjalo. Izazinzulu ezivela kwiYunivesithi yaseMassachusetts iindlela ezinokwenzeka zokuvala umxholo we-CDN usebenzisa umzekelo wezenzo zabasemagunyeni baseTshayina, kwaye kwakhona uphuhlise isixhobo sokudlula ukuvala okunjalo.
Silungiselele imathiriyeli yophononongo kunye nezigqibo eziphambili kunye neziphumo zolu vavanyo.
Intshayelelo
I-Censorship sisisongelo sehlabathi kwinkululeko yokuthetha kwi-Intanethi kunye nokufikelela simahla kulwazi. Oku kunokwenzeka kakhulu ngenxa yokuba i-Intanethi iboleke imodeli "yokugqibela yonxibelelwano" kwiinethiwekhi zefowuni ze-70s zenkulungwane yokugqibela. Oku kukuvumela ukuba uthintele ukufikelela kumxholo okanye unxibelelwano lomsebenzisi ngaphandle komgudu obalulekileyo okanye iindleko ezisekelwe kwidilesi ye-IP. Kukho iindlela ezininzi apha, ukusuka ekuthinteleni idilesi ngokwayo ngomxholo owalelweyo ukuya ekuthinteleni amandla abasebenzisi ukuba bayibone besebenzisa i-DNS inkohliso.
Nangona kunjalo, uphuhliso lwe-Intanethi luye lwakhokelela ekuveleni kweendlela ezintsha zokusasaza ulwazi. Enye yazo kukusetyenziswa komxholo ogciniweyo ukuphucula ukusebenza kunye nokukhawulezisa unxibelelwano. Namhlanje, ababoneleli be-CDN baqhuba isixa esibalulekileyo sayo yonke i-traffic emhlabeni - u-Akamai, inkokeli kweli candelo, yedwa i-akhawunti ukuya kuthi ga kwi-30% ye-intanethi ye-intanethi ye-intanethi.
Inethiwekhi ye-CDN yinkqubo esasaziweyo yokuhambisa umxholo we-Intanethi ngesantya esiphezulu. Inethiwekhi ye-CDN eqhelekileyo iqulathe iiseva kwiindawo ezahlukeneyo zejografi ezigcina umxholo wokuwusebenzisa kubasebenzisi abakufutshane naloo seva. Oku kukuvumela ukuba unyuse kakhulu isantya sonxibelelwano lwe-intanethi.
Ukongeza ekuphuculeni amava kubasebenzisi bokugqibela, ukusingathwa kweCDN kunceda abadali bomxholo balinganise iiprojekthi zabo ngokunciphisa umthwalo kwiziseko zabo.
Ukuthintela umxholo we-CDN
Ngaphandle kwento yokuba i-CDN traffic sele yenze inxalenye ebalulekileyo yalo lonke ulwazi oludluliselwe kwi-Intanethi, kusekho phantse akukho phando malunga nokuba i-censors kwihlabathi lokwenyani isondela njani kulawulo lwayo.
Ababhali bophononongo baqale ngokuphonononga iindlela zokuhlola ezinokuthi zisetyenziswe kwii-CDN. Emva koko bafunda ezona ndlela zisetyenziswa ngabasemagunyeni baseTshayina.
Okokuqala, makhe sithethe ngeendlela ezinokubakho zokuxilonga kunye nokwenzeka kokuzisebenzisa ukulawula i-CDN.
Uhluzo lwe-IP
Le yeyona ndlela ilula kwaye ingabizi kakhulu yokujonga i-Intanethi. Ukusebenzisa le ndlela, i-censor ichonga kwaye ichonge iidilesi ze-IP zemithombo ebambe umxholo owalelweyo. Emva koko ababoneleli be-Intanethi abalawulwayo bayayeka ukuhambisa iipakethi ezithunyelwe kwiidilesi ezinjalo.
I-IP-based blocking yenye yeendlela eziqhelekileyo zokuvavanya i-Intanethi. Uninzi lwezixhobo zenethiwekhi zorhwebo zixhotyiswe ngemisebenzi yokuphumeza ukuvala okunjalo ngaphandle komzamo omkhulu wokubala.
Nangona kunjalo, le ndlela ayifanelekanga kakhulu ukuvala itrafikhi ye-CDN ngenxa yeempawu ezithile zetekhnoloji ngokwayo:
- Ukuhanjiswa kweCaching -ukuqinisekisa ukufumaneka okugqwesileyo komxholo kunye nokwandisa ukusebenza, i-CDN networks cache i-cache umxholo womsebenzisi kwinani elikhulu leeseva ezinqamlekileyo ezibekwe kwiindawo ezisasazwe ngokwejografi. Ukuhluza umxholo onje ngokusekwe kwi-IP, umvavanyi uya kufuna ukufumana iidilesi zabo bonke abancedisi bomda kwaye baludwe olumnyama. Oku kuya kuphazamisa iimpawu eziphambili zendlela, kuba inzuzo yayo ephambili kukuba kwisikimu esiqhelekileyo, ukuvimba umncedisi omnye kukuvumela ukuba "unqumle" ukufikelela kumxholo onqatshelwe inani elikhulu labantu kanye.
- ii-IPs ekwabelwana ngazo - ababoneleli be-CDN yorhwebo babelana ngeziseko zabo (oko kukuthi amaseva e-edge, inkqubo yemephu, njl.) phakathi kwabaxhasi abaninzi. Ngenxa yoko, umxholo we-CDN ovaliweyo ulayishwe kwiidilesi ze-IP ezifanayo njengomxholo ongavinjelwanga. Ngenxa yoko, nayiphi na inzame yokucoca i-IP iya kubangela inani elikhulu leendawo kunye nomxholo ongenamdla kwi-censors uvaliwe.
- Isabelo se-IP esinamandla kakhulu -ukwandisa ukulinganisa umthwalo kunye nokuphucula umgangatho wenkonzo, imephu yeeseva ezinqamlekileyo kunye nabasebenzisi bokugqibela benziwa ngokukhawuleza nangokuguquguqukayo. Umzekelo, uhlaziyo lukaAkamai lubuyise iidilesi ze-IP ngomzuzu ngamnye. Oku kuya kwenza ukuba phantse kungenzeki ukuba iidilesi zidityaniswe nomxholo owalelweyo.
Ukuphazamiseka kweDNS
Ngaphandle kohluzo lwe-IP, enye indlela edumileyo yokujongwa kukuphazamiseka kweDNS. Le ndlela ibandakanya izenzo ze-censors ezijoliswe ekuthinteleni abasebenzisi ukuba baqaphele iidilesi ze-IP zemithombo enomxholo onqatshelwe. Oko kukuthi, ungenelelo lwenzeka kwinqanaba lesisombululo segama lesizinda. Kukho iindlela ezininzi zokwenza oku, kubandakanywa ukuqweqwedisa imidibaniso ye-DNS, ukusebenzisa iindlela ze-DNS zetyhefu, kunye nokuthintela izicelo ze-DNS kwiindawo ezingavumelekanga.
Le yindlela esebenza kakhulu yokuthintela, kodwa inokugqithwa ukuba usebenzisa iindlela zokusonjululwa kwe-DNS ezingekho mgangathweni, umzekelo, amajelo angaphandle kwebhendi. Ke ngoko, i-censors ihlala idibanisa i-DNS blocking kunye nokucoca i-IP. Kodwa, njengoko kuchaziwe ngasentla, ukuhluzwa kwe-IP akusebenzi ekuvavanyeni umxholo we-CDN.
Hlunga nge-URL/amagama angundoqo usebenzisa iDPI
Izixhobo zanamhlanje zokujonga umsebenzi womnatha zingasetyenziselwa ukuhlalutya ii-URL ezithile kunye namagama angundoqo kwiipakethi zedatha ezithunyelwayo. Le teknoloji ibizwa ngokuba yiDPI (ukuhlolwa kwepakethi enzulu). Iinkqubo ezinjalo zifumana ukukhankanywa kwamagama kunye nezixhobo ezingavumelekanga, emva koko ziphazamisa unxibelelwano lwe-intanethi. Ngenxa yoko, iipakethi zilahlwa nje.
Le ndlela iyasebenza, kodwa intsonkothe ββngakumbi kwaye inzima kakhulu kuba ifuna ukucalulwa kwazo zonke iipakethi zedatha ezithunyelwe ngaphakathi kwemijelo ethile.
Umxholo we-CDN unokukhuselwa kuluhlu olunjalo ngendlela efanayo nomxholo "oqhelekileyo" - kuzo zombini iimeko ukusetyenziswa kwe-encryption (okt HTTPS) kunceda.
Ukongeza ekusebenziseni i-DPI ukufumana amagama angundoqo okanye ii-URL zemithombo evaliweyo, ezi zixhobo zingasetyenziselwa uhlalutyo oluphambili. Ezi ndlela ziquka uhlalutyo lwamanani e-intanethi / ngaphandle kwe-intanethi kunye nohlalutyo lwemigaqo yokuchonga. Ezi ndlela zibaluleke kakhulu kubutyebi kwaye okwangoku akukho bungqina bokusetyenziswa kwazo ngabahloli ukusa kwinqanaba elibi ngokwaneleyo.
Ukuzihlola kubaboneleli be-CDN
Ukuba i-censor ngumbuso, ke unalo lonke ithuba lokuthintela abo baboneleli be-CDN ukuba basebenze kwilizwe abangathobeli imithetho yendawo elawula ukufikelela kumxholo. Ukuzihlola akukwazi ukuchaswa nangayiphi na indlela - ngoko ke, ukuba inkampani yomnikezeli we-CDN inomdla ekusebenzeni kwilizwe elithile, iya kunyanzeliswa ukuba ihambelane nemithetho yendawo, nokuba iyayinqanda inkululeko yokuthetha.
I-China iqinisekisa njani umxholo we-CDN
I-Firewall enkulu yaseTshayina ithathwa ngokufanelekileyo njengeyona nkqubo isebenzayo nephucukileyo yokuqinisekisa ukubalwa kwe-Intanethi.
Indlela yophando
Izazinzulu zenze iimvavanyo zisebenzisa indawo yeLinux ebekwe ngaphakathi eTshayina. Bakwakwazi ukufikelela kwiikhompyuter ezininzi ngaphandle kwelizwe. Okokuqala, abaphandi bahlola ukuba i-node yayiphantsi kovavanyo olufana nolusetyenziswa kwabanye abasebenzisi baseTshayina - ukwenza oku, bazama ukuvula iziza ezahlukeneyo ezithintelweyo kulo matshini. Ke ubukho benqanaba elifanayo lokuvalelwa kwaqinisekiswa.
Uluhlu lweewebhusayithi ezivaliweyo eTshayina ezisebenzisa ii-CDN zathathwa kwi-GreatFire.org. Indlela yokuthintela kwimeko nganye yahlalutywa.
Ngokwedatha yoluntu, ekuphela komdlali ophambili kwimarike yeCDN eneziseko zayo eTshayina nguAkamai. Abanye ababoneleli abathatha inxaxheba kwisifundo: CloudFlare, Amazon CloudFront, EdgeCast, Fastly kunye neSoftLayer.
Ngexesha lovavanyo, abaphandi bafumanisa iidilesi ze-Akamai edge servers ngaphakathi kwelizwe, kwaye emva koko bazama ukufumana umxholo ovumelekileyo ngabo. Kwakungenakwenzeka ukufikelela kumxholo onqatshelwe (i-HTTP 403 impazamo engavumelekanga yabuyiswa) - ngokucacileyo inkampani iyazihlola ukuze igcine amandla okusebenza kweli lizwe. Kwangaxeshanye, ukufikelela kwezi zibonelelo kwahlala kuvulekile ngaphandle kwelizwe.
Ii-ISPs ezingenazo iziseko zophuhliso e-China azibeki abasebenzisi basekhaya.
Kwimeko yabanye ababoneleli, eyona ndlela ixhaphakileyo yokuthintela yayiyi-DNS filtering - izicelo kwiindawo ezivaliweyo zixazululwa kwiidilesi ze-IP ezingalunganga. Kwangaxeshanye, i-firewall ayivaleli i-CDN edge servers ngokwazo, kuba zigcina zombini iinkcukacha ezithintelweyo nezivunyelweyo.
Kwaye ukuba kwimeko ye-traffic engabhalwanga abasemagunyeni banamandla okuvimba amaphepha ngamnye kwiziza usebenzisa i-DPI, ngoko xa usebenzisa i-HTTPS banokukhanyela kuphela ukufikelela kwi-domain yonke. Oku kukhokelela ekuthinteleni umxholo ovunyelweyo.
Ukongeza, iChina inababoneleli bayo be-CDN, kubandakanywa amanethiwekhi afana neChinaCache, iChinaNetCenter kunye neCDNetworks. Zonke ezi nkampani zithobela ngokupheleleyo imithetho yelizwe kwaye zivimba umxholo onqatshelwe.
I-CacheBrowser: isixhobo sokugqitha iCDN
Njengoko uhlalutyo lubonisile, kunzima kakhulu ukuba abahloli bavimbe umxholo we-CDN. Ngoko ke, abaphandi bagqiba ekubeni baqhubele phambili kwaye baphuhlise i-intanethi ye-block bypass tool engasebenzisi iteknoloji ye-proxy.
Umbono osisiseko wesixhobo kukuba i-censors kufuneka iphazamise i-DNS ukuvala ii-CDN, kodwa akunyanzelekanga ukuba usebenzise isisombululo segama lesizinda ukulayisha umxholo we-CDN. Ngaloo ndlela, umsebenzisi unokufumana umxholo awudingayo ngokuqhagamshelana ngokuthe ngqo nomncedisi we-edge, apho sele igcinwe khona.
Lo mzobo ungezantsi ubonisa uyilo lwesixokelelwano.
Isoftware yomxhasi ifakwe kwikhompyuter yomsebenzisi, kwaye isikhangeli esiqhelekileyo sisetyenziselwa ukufikelela kumxholo.
Xa i-URL okanye isiqwenga somxholo sele siceliwe, isikhangeli senza isicelo kwinkqubo ye-DNS yendawo (LocalDNS) ukufumana idilesi ye-IP yokubamba. I-DNS eqhelekileyo ibuzwa kuphela imimandla engekabikho kuvimba we-LocalDNS. Imodyuli ye-Scraper ngokuqhubekayo ihamba ngee-URL eziceliwe kwaye ikhangele uluhlu lwamagama anokuthi avinjwe. I-Scraper ke ibiza imodyuli yoMsombululi ukusombulula iindawo ezivaliweyo ezisanda kufunyanwa, le modyuli yenza umsebenzi kwaye yongeza ukungena kwi-LocalDNS. I-cache ye-DNS yesikhangeli iyacinywa ukuze kususwe iirekhodi ze-DNS ezikhoyo kwindawo evaliweyo.
Ukuba imodyuli yoMsombululi ayikwazi ukufumanisa ukuba yeyiphi i-CDN umboneleli wesizinda, iyakucela imodyuli yeBootstrapper yoncedo.
Indlela esebenza ngayo
Isoftware yomxhasi wemveliso yaphunyelelwa iLinux, kodwa inokufakwa ngokulula nakwiWindows. I-Mozilla eqhelekileyo isetyenziswa njengesikhangeli
IFirefox. Iimodyuli ze-Scraper kunye ne-Resolver zibhalwe kwi-Python, kwaye i-Customer-to-CDN kunye ne-CDN-toIP yolwazi zigcinwe kwiifayile ze-txt. Idatabase yeLocalDNS yifayile yesiqhelo/etc/hosts kwi Linux.
Ngenxa yoko, kwi-URL evaliweyo njenge Iskripthi siya kufumana idilesi ye-IP ye-edge kwi-/etc/hosts ifayile kwaye ithumele isicelo se-HTTP GET sokufikelela kwi-BlockedURL.html nge-Host HTTP header fields:
blocked.com/ and User-Agent: Mozilla/5.0 (Windows
NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1Imodyuli yeBootstrapper iphunyeziwe ngokusebenzisa isixhobo sasimahla digwebinterface.com. Esi sombululi se-DNS asinakuthintelwa kwaye siphendula imibuzo ye-DNS egameni leeseva ezininzi ze-DNS ezisasazwe ngokwejografi kwimimandla eyahlukeneyo yomsebenzi wothungelwano.
Ukusebenzisa esi sixhobo, abaphandi bakwazi ukufikelela kwi-Facebook kwi-node yabo yaseTshayina, nangona inethiwekhi yoluntu sele ivaliwe eChina.
isiphelo
Uvavanyo lubonise ukuba ukuthatha inzuzo yeengxaki ze-censors amava xa uzama ukubhloka umxholo we-CDN ungasetyenziselwa ukudala inkqubo yokudlula iibhloko. Esi sixhobo sikuvumela ukuba udlule iibhloko nakwi-China, eneyona nkqubo inamandla yokuhlolwa kwe-intanethi.
Amanye amanqaku ngesihloko sokusetyenziswa kwishishini:
umthombo: www.habr.com