ื•ื•ื™ ืฆื• ื‘ืึทืฉื™ืฆืŸ ื“ื™ื™ืŸ ืขืคื ื˜ืœืขืš ื•ื•ืขื‘ื–ื™ื™ื˜ืœ ืžื™ื˜ ESNI

ื”ืขืœื ื”ืึทื‘ืจ, ืžื™ื™ืŸ ื ืึธืžืขืŸ ืื™ื– ื™ืœื™ืึท, ืื™ืš ืึทืจื‘ืขื˜ ืื™ืŸ ื“ื™ ืคึผืœืึทื˜ืคืึธืจืžืข ืžืึทื ืฉืึทืคึฟื˜ ืื™ืŸ ืขืงืกื ืขืกืก. ืžื™ืจ ืึทื ื˜ื•ื•ื™ืงืœืขืŸ ืื•ืŸ ื™ื ืกื˜ืจื•ืžืขื ื˜ ื“ื™ ื”ืึทืจืฅ ื™ื ืคืจืึทืกื˜ืจืึทืงื˜ืฉืขืจ ืงืึทืžืคึผืึธื•ื ืึทื ืฅ ื•ื•ืึธืก ืื•ื ื“ื–ืขืจ ืคึผืจืึธื“ื•ืงื˜ ืึทื ื˜ื•ื•ื™ืงืœื•ื ื’ ื˜ื™ืžื– ื ื•ืฆืŸ.

ืื™ืŸ ื“ืขื ืึทืจื˜ื™ืงืœ, ืื™ืš ื•ื•ืึธืœื˜ ื•ื•ื™ ืฆื• ื˜ื™ื™ืœืŸ ืžื™ื™ืŸ ื“ืขืจืคืึทืจื•ื ื’ ืคื•ืŸ ื™ืžืคึผืœืึทืžืขื ื™ื ื’ ืขื ืงืจื™ืคึผื˜ื™ื“ SNI (ESNI) ื˜ืขื›ื ืึธืœืึธื’ื™ืข ืื™ืŸ ื“ื™ ื™ื ืคืจืึทืกื˜ืจืึทืงื˜ืฉืขืจ ืคื•ืŸ ืขืคื ื˜ืœืขืš ื•ื•ืขื‘ืกื™ื˜ืขืก.

ื•ื•ื™ ืฆื• ื‘ืึทืฉื™ืฆืŸ ื“ื™ื™ืŸ ืขืคื ื˜ืœืขืš ื•ื•ืขื‘ื–ื™ื™ื˜ืœ ืžื™ื˜ ESNI

ื“ื™ ื ื•ืฆืŸ ืคื•ืŸ ื“ืขื ื˜ืขื›ื ืึธืœืึธื’ื™ืข ื•ื•ืขื˜ ืคืึทืจื’ืจืขืกืขืจืŸ ื“ื™ ื–ื™ื›ืขืจื”ื™ื™ื˜ ืžื“ืจื’ื” ื•ื•ืขืŸ ืืจื‘ืขื˜ืŸ ืžื™ื˜ ืึท ืขืคื ื˜ืœืขืš ื•ื•ืขื‘ื–ื™ื™ื˜ืœ ืื•ืŸ ื ืึธื›ืงื•ืžืขืŸ ืžื™ื˜ ื™ื ืขืจืœืขืš ื–ื™ื›ืขืจื”ื™ื™ื˜ ืกื˜ืึทื ื“ืึทืจื“ืก ืื ื’ืขื ื•ืžืขืŸ ื“ื•ืจืš ื“ื™ ืคึฟื™ืจืžืข.

ืขืจืฉื˜ืขืจ ืคื•ืŸ ืึทืœืข, ืื™ืš ื•ื•ืึธืœื˜ ื•ื•ื™ ืฆื• ืคื•ื ื˜ ืื•ื™ืก ืึทื– ื“ื™ ื˜ืขื›ื ืึธืœืึธื’ื™ืข ืื™ื– ื ื™ืฉื˜ ืกื˜ืึทื ื“ืขืจื“ื™ื™ื–ื“ ืื•ืŸ ืื™ื– ื ืึธืš ืื™ืŸ ื“ืขื ืคึผืœืึทืŸ, ืึธื‘ืขืจ CloudFlare ืื•ืŸ Mozilla ืฉื•ื™ืŸ ืฉื˜ื™ืฆืŸ ืขืก (ืื™ืŸ draft01). ื“ืึธืก ื”ืึธื˜ ืื•ื ื“ื– ืžืึธื•ื˜ืึทื•ื•ื™ื™ื˜ืึทื“ ืคึฟืึทืจ ืึทื–ืึท ืึทืŸ ืขืงืกืคึผืขืจื™ืžืขื ื˜.

ืขื˜ืœืขื›ืข ื˜ืขืึธืจื™ืข

ESNI ืื™ื– ืึท ืคืึทืจืœืขื ื’ืขืจื•ื ื’ ืฆื• ื“ื™ TLS 1.3 ืคึผืจืึธื˜ืึธืงืึธืœ ื•ื•ืึธืก ืึทืœืึทื•ื– SNI ืขื ืงืจื™ืคึผืฉืึทืŸ ืื™ืŸ ื“ื™ TLS ื›ืึทื ื“ืฉื™ื™ืง "ืงืœื™ืขื ื˜ ื”ืขืœื" ืึธื ื–ืึธื’. ื“ืึธ ืก ื•ื•ื™ ื“ืขืจ ืงืœื™ืขื ื˜ ื”ืขืœื ืงื•ืงื˜ ื•ื•ื™ ืžื™ื˜ ESNI ืฉื˜ื™ืฆืŸ (ืึทื ืฉื˜ืึธื˜ ืคื•ืŸ ื“ื™ ื’ืขื•ื•ื™ื™ื ื˜ืœืขืš SNI ืžื™ืจ ื–ืขืŸ ESNI):

ื•ื•ื™ ืฆื• ื‘ืึทืฉื™ืฆืŸ ื“ื™ื™ืŸ ืขืคื ื˜ืœืขืš ื•ื•ืขื‘ื–ื™ื™ื˜ืœ ืžื™ื˜ ESNI

 ืฆื• ื ื•ืฆืŸ ESNI, ืื™ืจ ื“ืึทืจืคึฟืŸ ื“ืจื™ื™ ืงืึทืžืคึผืึธื•ื ืึทื ืฅ:

  • ื“ื ืก; 
  • ืงืœื™ืขื ื˜ ืฉื˜ื™ืฆืŸ;
  • ืกืขืจื•ื•ื™ืจืขืจ ื–ื™ื™ึทื˜ ืฉื˜ื™ืฆืŸ.

ื“ื ืก

ืื™ืจ ื“ืึทืจืคึฟืŸ ืฆื• ืœื™ื™ื’ืŸ ืฆื•ื•ื™ื™ ื“ื ืก ืจืขืงืึธืจื“ืก - Aืื•ืŸ ื˜ืงืกื˜ (ื“ื™ ื˜ืงืกื˜ ืจืขืงืึธืจื“ ื›ึผื•ืœืœ ื“ื™ ืฆื™ื‘ื•ืจ ืฉืœื™ืกืœ ืžื™ื˜ ื•ื•ืึธืก ื“ืขืจ ืงืœื™ืขื ื˜ ืงืขื ืขืŸ ื™ื ืงืจื™ืคึผื˜ SNI) - ื–ืขืŸ ืื•ื ื˜ืŸ. ืื™ืŸ ื“ืขืจืฆื•, ืขืก ืžื•ื–ืŸ ื–ื™ื™ืŸ ืฉื˜ื™ืฆืŸ ื“ืึธื” (ื“ื ืก ืื™ื‘ืขืจ ื”ื˜ื˜ืคึผืก) ื•ื•ื™ื™ึทืœ ื‘ื ื™ืžืฆื ืงืœื™ื™ืึทื ืฅ (ื–ืขืŸ ื•ื•ื™ื™ื˜ืขืจ) ื˜ืึธืŸ ื ื™ื˜ ื’ืขื‘ืŸ ESNI ืฉื˜ื™ืฆืŸ ืึธืŸ ื“ืึธื”. ื“ืึธืก ืื™ื– ืœืึทื“ื–ืฉื™ืงืึทืœ, ื•ื•ื™ื™ึทืœ ESNI ื™ืžืคึผืœื™ื™ื– ืขื ืงืจื™ืคึผืฉืึทืŸ ืคื•ืŸ ื“ื™ ื ืึธืžืขืŸ ืคื•ืŸ ื“ื™ ืžื™ื˜ืœ ื•ื•ืึธืก ืžื™ืจ ืึทืงืกืขืก, ื“ืึธืก ืื™ื–, ืขืก ืื™ื– ืงื™ื™ืŸ ื–ื™ื ืขืŸ ืฆื• ืึทืงืกืขืก DNS ืื™ื‘ืขืจ UDP. ื“ืขืจืฆื•, ื“ื™ ื ื•ืฆืŸ DNSSEC ืึทืœืึทื•ื– ืื™ืจ ืฆื• ื‘ืึทืฉื™ืฆืŸ ืงืขื’ืŸ ืงืึทืฉ ืคืึทืจืกืึทืžื•ื ื’ ืื ืคืืœืŸ ืื™ืŸ ื“ืขื ืกืฆืขื ืึทืจ.

ืื™ืฆื˜ ื‘ื ื™ืžืฆื ืขื˜ืœืขื›ืข ื“ืึธื” ืคึผืจืึทื•ื•ื™ื™ื“ืขืจื–, ืฆื•ื•ื™ืฉืŸ ื–ื™ื™:

CloudFlare ื“ืขืจืงืœืขืจื˜ (ื˜ืฉืขืง ืžื™ื™ึทืŸ ื‘ืจืึทื•ื–ืขืจ โ†’ ืขื ืงืจื™ืคึผื˜ื™ื“ SNI โ†’ ืœืขืจืŸ ืžืขืจ) ืึทื– ื–ื™ื™ืขืจ ืกืขืจื•ื•ืขืจืก ืฉื•ื™ืŸ ืฉื˜ื™ืฆืŸ ESNI, ื“ืึธืก ืื™ื–, ืคึฟืึทืจ CloudFlare ืกืขืจื•ื•ืขืจืก ืื™ืŸ ื“ื™ ื“ื ืก ืžื™ืจ ื”ืึธื‘ืŸ ืœืคึผื—ื•ืช ืฆื•ื•ื™ื™ ืจืขืงืึธืจื“ืก - ื ืื•ืŸ ื˜ืงืกื˜. ืื™ืŸ ื“ืขื ื‘ื™ื™ึทืฉืคึผื™ืœ ืื•ื ื˜ืŸ ืžื™ืจ ืึธื ืคึฟืจืขื’ Google DNS (ืื™ื‘ืขืจ ื”ื˜ื˜ืคึผืก): 

ะ ืคึผืึธื–ื™ืฆื™ืข:

curl 'https://dns.google.com/resolve?name=www.cloudflare.com&type=A' 
-s -H 'accept: application/dns+json'
{
  "Status": 0,
  "TC": false,
  "RD": true,
  "RA": true,
  "AD": true,
  "CD": false,
  "Question": [
    {
      "name": "www.cloudflare.com.",
      "type": 1
    }
  ],
  "Answer": [
    {
      "name": "www.cloudflare.com.",
      "type": 1,
      "TTL": 257,
      "data": "104.17.210.9"
    },
    {
      "name": "www.cloudflare.com.",
      "type": 1,
      "TTL": 257,
      "data": "104.17.209.9"
    }
  ]
}

ื˜ืงืกื˜ ืจืขืงืึธืจื“, ื‘ืขื˜ืŸ ืื™ื– ื“ื–ืฉืขื ืขืจื™ื™ื˜ืึทื“ ืœื•ื™ื˜ ืึท ืžื•ืกื˜ืขืจ _esni.FQDN:

curl 'https://dns.google.com/resolve?name=_esni.www.cloudflare.com&type=TXT' 
-s -H 'accept: application/dns+json'
{
  "Status": 0,
  "TC": false,
  "RD": true,
  "RA": true,
  "AD": true,
  "CD": false,
  "Question": [
    {
    "name": "_esni.www.cloudflare.com.",
    "type": 16
    }
  ],
  "Answer": [
    {
    "name": "_esni.www.cloudflare.com.",
    "type": 16,
    "TTL": 1799,
    "data": ""/wEUgUKlACQAHQAg9SiAYQ9aUseUZr47HYHvF5jkt3aZ5802eAMJPhRz1QgAAhMBAQQAAAAAXtUmAAAAAABe3Q8AAAA=""
    }
  ],
  "Comment": "Response from 2400:cb00:2049:1::a29f:209."
}

ืึทื–ื•ื™, ืคึฟื•ืŸ ืึท ื“ื ืก ืคึผืขืจืกืคึผืขืงื˜ื™ื•ื•, ืžื™ืจ ื–ืึธืœ ื ื•ืฆืŸ ื“ืึธื” (ืคึผืจืขืคืขืจืึทื‘ืœื™ ืžื™ื˜ DNSSEC) ืื•ืŸ ืœื™ื™ื’ืŸ ืฆื•ื•ื™ื™ ืื™ื™ื ืกืŸ. 

ืงืืกื˜ื•ืžืขืจ ื”ื™ืœืฃ

ืื•ื™ื‘ ืžื™ืจ ื–ืขื ืขืŸ ื’ืขืจืขื“ื˜ ื•ื•ืขื’ืŸ ื‘ืจืึทื•ื–ืขืจื–, ืื™ืŸ ื“ืขื ืžืึธืžืขื ื˜ ืฉื˜ื™ืฆืŸ ืื™ื– ื™ืžืคึผืœืึทืžืขื ืึทื“ ื‘ืœื•ื™ื– ืื™ืŸ FireFox. ื“ืึธ ื“ืึธ ื–ืขื ืขืŸ ื™ื ืกื˜ืจืึทืงืฉืึทื ื– ืื•ื™ืฃ ื•ื•ื™ ืฆื• ืึทืงื˜ืึทื•ื•ื™ื™ื˜ ESNI ืื•ืŸ DoH ืฉื˜ื™ืฆืŸ ืื™ืŸ FireFox. ื ืึธืš ื“ืขื ืงืึทื ืคื™ื’ื™ืขืจื“ ื‘ืœืขื˜ืขืจืขืจ, โ€‹โ€‹ืžื™ืจ ื–ืึธืœ ื–ืขืŸ ืขืคึผืขืก ื•ื•ื™ ื“ืึธืก:

ื•ื•ื™ ืฆื• ื‘ืึทืฉื™ืฆืŸ ื“ื™ื™ืŸ ืขืคื ื˜ืœืขืš ื•ื•ืขื‘ื–ื™ื™ื˜ืœ ืžื™ื˜ ESNI

ืจื•ื ื’ ืฆื• ืงืึธื ื˜ืจืึธืœื™ืจืŸ ื“ืขื ื‘ืœืขื˜ืขืจืขืจ.

ื“ืึธืš, TLS 1.3 ืžื•ื–ืŸ ื–ื™ื™ืŸ ื’ืขื•ื•ื™ื™ื ื˜ ืฆื• ืฉื˜ื™ืฆืŸ ESNI, ื•ื•ื™ื™ึทืœ ESNI ืื™ื– ืึทืŸ ืคืึทืจืœืขื ื’ืขืจื•ื ื’ ืฆื• TLS 1.3.

ืคึฟืึทืจ ื“ืขื ืฆื•ื•ืขืง ืคื•ืŸ ื˜ืขืกื˜ื™ื ื’ ื“ื™ ื‘ืึทืงืขื ื“ ืžื™ื˜ ESNI ืฉื˜ื™ืฆืŸ, ืžื™ืจ ื™ืžืคึผืœืึทืžืขื ืึทื“ ื“ืขื ืงืœื™ืขื ื˜ ืื•ื™ืฃ go, ืื‘ืขืจ ืžืขืจ ืื•ื™ืฃ ื“ืขื ืฉืคึผืขื˜ืขืจ.

ืกืขืจื•ื•ื™ืจืขืจ ื–ื™ื™ึทื˜ ืฉื˜ื™ืฆืŸ

ื“ืขืจื•ื•ื™ื™ึทืœ, ESNI ืื™ื– ื ื™ืฉื˜ ื’ืขืฉื˜ื™ืฆื˜ ื“ื•ืจืš ื•ื•ืขื‘ ืกืขืจื•ื•ืขืจืก ื•ื•ื™ nginx / apache, ืืื–"ื• ื•, ื•ื•ื™ื™ึทืœ ื–ื™ื™ ืึทืจื‘ืขื˜ืŸ ืžื™ื˜ TLS ื“ื•ืจืš OpenSSL / BoringSSL, ื•ื•ืึธืก ื˜ืึธืŸ ื ื™ื˜ ืึทืคื™ืฉืึทืœื™ ืฉื˜ื™ืฆืŸ ESNI.

ื“ืขืจื™ื‘ืขืจ, ืžื™ืจ ื‘ืึทืฉืœืึธืกืŸ ืฆื• ืฉืึทืคึฟืŸ ืื•ื ื“ื–ืขืจ ืื™ื™ื’ืขื ืข ืคืจืึธื ื˜-ืขื ื“ ืงืึธืžืคึผืึธื ืขื ื˜ (ESNI ืคืึทืจืงืขืจื˜ ืคึผืจืึทืงืกื™), ื•ื•ืึธืก ื•ื•ืึธืœื˜ ืฉื˜ื™ืฆืŸ TLS 1.3 ื˜ืขืจืžืึทื ื™ื™ืฉืึทืŸ ืžื™ื˜ ESNI ืื•ืŸ ืคึผืจืึทืงืกื™ ื”ื˜ื˜ืคึผ (S) ืคืึทืจืงืขืจ ืฆื• ื“ื™ ืึทืคึผืกื˜ืจื™ื, ื•ื•ืึธืก ืฉื˜ื™ืฆื˜ ื ื™ืฉื˜ ESNI. ื“ืึธืก ืึทืœืึทื•ื– ื“ื™ ื˜ืขื›ื ืึธืœืึธื’ื™ืข ืฆื• ื–ื™ื™ืŸ ื’ืขื•ื•ื™ื™ื ื˜ ืื™ืŸ ืึท ืฉื•ื™ืŸ ื™ื’ื–ื™ืกื˜ื™ื ื’ ื™ื ืคืจืึทืกื˜ืจืึทืงื˜ืฉืขืจ, ืึธืŸ ื˜ืฉืึทื ื’ื™ื ื’ ื“ื™ ื”ื•ื™ืคึผื˜ ืงืึทืžืคึผืึธื•ื ืึทื ืฅ - ื“ืึธืก ืื™ื–, ื ื™ืฆืŸ ืงืจืึทื ื˜ ื•ื•ืขื‘ ืกืขืจื•ื•ืขืจืก ื•ื•ืึธืก ืฉื˜ื™ืฆืŸ ื ื™ืฉื˜ ESNI. 

ืคึฟืึทืจ ืงืœืขืจื™ื˜ื™, ื“ืึธ ืื™ื– ืึท ื“ื™ืึทื’ืจืึทืžืข:

ื•ื•ื™ ืฆื• ื‘ืึทืฉื™ืฆืŸ ื“ื™ื™ืŸ ืขืคื ื˜ืœืขืš ื•ื•ืขื‘ื–ื™ื™ื˜ืœ ืžื™ื˜ ESNI

ืื™ืš ื˜ืึธืŸ ืึทื– ื“ื™ ืคึผืจืึทืงืกื™ ืื™ื– ื“ื™ื–ื™ื™ื ื“ ืžื™ื˜ ื“ื™ ืคื™ื™ื™ืงื™ื™ื˜ ืฆื• ืคืึทืจืขื ื“ื™ืงืŸ ืึท TLS ืคึฟืึทืจื‘ื™ื ื“ื•ื ื’ ืึธืŸ ESNI, ืฆื• ืฉื˜ื™ืฆืŸ ืงืœื™ื™ืึทื ืฅ ืึธืŸ ESNI. ื“ืขืจ ืงืึธืžื•ื ื™ืงืึทืฆื™ืข ืคึผืจืึธื˜ืึธืงืึธืœ ืžื™ื˜ ืึทืคึผืกื˜ืจื™ื ืงืขื ืขืŸ ืื•ื™ืš ื–ื™ื™ืŸ HTTP ืึธื“ืขืจ HTTPS ืžื™ื˜ ืึท TLS ื•ื•ืขืจืกื™ืข ื ื™ื“ืขืจื™ืงืขืจ ื•ื•ื™ 1.3 (ืื•ื™ื‘ ืึทืคึผืกื˜ืจื™ื ืฉื˜ื™ืฆื˜ ื ื™ืฉื˜ 1.3). ื“ืขื ืกื›ืขืžืข ื’ื™ื˜ ืžืึทืงืกื™ืžื•ื ื‘ื™ื™ื’ื™ืงื™ื™ื˜.

ื™ืžืคึผืœืึทืžืขื ื˜ื™ื™ืฉืึทืŸ ืคื•ืŸ ESNI ืฉื˜ื™ืฆืŸ ืื•ื™ืฃ go ืžื™ืจ ื”ืึธื‘ืŸ ื’ืขืœื™ื™ื ื˜ ืคึฟื•ืŸ CloudFlare. ืื™ืš ื•ื•ืึธืœื˜ ื•ื•ื™ ืฆื• ื˜ืึธืŸ ื’ืœื™ื™ืš ืึทื– ื“ื™ ื™ืžืคึผืœืึทืžืขื ื˜ื™ื™ืฉืึทืŸ ื–ื™ืš ืื™ื– ื’ืึทื ืฅ ื ื™ื˜-ื ื™ื˜ื•ื•ื™ืึทืœ, ื•ื•ื™ื™ึทืœ ืขืก ื™ื ื•ื•ืึทืœื•ื•ื– ืขื ื“ืขืจื•ื ื’ืขืŸ ืื™ืŸ ื“ื™ ื ืึธืจืžืึทืœ ื‘ื™ื‘ืœื™ืึธื˜ืขืง ืงืจื™ืคึผื˜ืึธ / ื˜ืœืก ืื•ืŸ ื“ืขืจื™ื‘ืขืจ ืจื™ืงื•ื•ื™ื™ืขืจื– "ืคึผืึทื˜ื˜ืฉื™ื ื’" GOROOT ืื™ื™ื“ืขืจ ืคึฟืึทืจื–ืึทืžืœื•ื ื’.

ืฆื• ื“ื–ืฉืขื ืขืจื™ื™ื˜ ESNI ืฉืœื™ืกืœืขืŸ ืžื™ืจ ื’ืขื•ื•ื™ื™ื ื˜ esnitool (ืื•ื™ืš ื“ื™ ื‘ืจื™ื™ื ื˜ืฉื™ื™ืœื“ ืคื•ืŸ CloudFlare). ื“ื™ ืฉืœื™ืกืœืขืŸ ื–ืขื ืขืŸ ื’ืขื ื™ืฆื˜ ืคึฟืึทืจ SNI ืขื ืงืจื™ืคึผืฉืึทืŸ / ื“ืขืงืจื™ืคึผื˜ื™ืึธืŸ.
ืžื™ืจ ื”ืึธื‘ืŸ ื’ืขื˜ืขืกื˜ ื“ืขื ื‘ื™ืœื“ ื ื™ืฆื ื“ื™ืง go 1.13 ืื•ื™ืฃ Linux (Debian, ืืœืคึผื™ื™ืŸ) ืื•ืŸ ืžืึทืงืึธืก. 

ื ื‘ื™ืกืœ ื•ื•ืขืจื˜ืขืจ ื•ื•ืขื’ืŸ ืึทืคึผืขืจื™ื™ืฉืึทื ืึทืœ ืคึฟืขื™ึดืงื™ื™ื˜ืŸ

ESNI ืคืึทืจืงืขืจื˜ ืคึผืจืึทืงืกื™ ื’ื™ื˜ ืžืขื˜ืจื™ืงืก ืื™ืŸ ืคึผืจืึธืžืขื˜ื”ืขื•ืก ืคึฟืึธืจืžืึทื˜, ืึทื–ืึท ื•ื•ื™ ืจืคึผืก, ืึทืคึผืกื˜ืจื™ื ืœื™ื™ื˜ืึทื ืกื™ ืื•ืŸ ืขื ื˜ืคืขืจ ืงืึธื•ื“ื–, ื“ื•ืจื›ืคืึทืœ / ื’ืขืจืึธื˜ืŸ TLS ื›ืึทื ื“ืฉื™ื™ืงืก ืื•ืŸ TLS ื›ืึทื ื“ืฉื™ื™ืง ื’ืขื“ื•ื™ืขืจ. ืื™ืŸ ืขืจืฉื˜ืขืจ ื‘ืœื™ืง, ื“ืึธืก ืื™ื– ื’ืขื•ื•ืขืŸ ื’ืขื ื•ื’ ืฆื• ืึธืคึผืฉืึทืฆืŸ ื•ื•ื™ ื“ื™ ืคึผืจืึทืงืกื™ ื›ืึทื ื“ืึทืœื– ืคืึทืจืงืขืจ. 

ืžื™ืจ ืื•ื™ืš ื“ื•ืจื›ื’ืขืงืึธื›ื˜ ืžืึทืกืข ื˜ืขืกื˜ื™ื ื’ ืื™ื™ื“ืขืจ ื ื•ืฆืŸ. ืจืขื–ื•ืœื˜ืึทื˜ืŸ ืื•ื ื˜ืŸ:

wrk -t50 -c1000 -d360s 'https://esni-rev-proxy.npw:443' --timeout 15s
Running 6m test @ https://esni-rev-proxy.npw:443
  50 threads and 1000 connections
  Thread Stats   Avg      Stdev     Max   +/- Stdev
    Latency     1.77s     1.21s    7.20s    65.43%
    Req/Sec    13.78      8.84   140.00     83.70%
  206357 requests in 6.00m, 6.08GB read
Requests/sec:    573.07
Transfer/sec:     17.28MB 

ืžื™ืจ ื”ืึธื‘ืŸ ื“ื•ืจื›ื’ืขืงืึธื›ื˜ ืจื™ื™ืŸ ืงื•ื•ืึทืœื™ื˜ืึทื˜ื™ื•ื•ืข ืžืึทืกืข ื˜ืขืกื˜ื™ื ื’ ืฆื• ืคืึทืจื’ืœื™ื™ึทื›ืŸ ื“ื™ ืกื›ืขืžืข ืžื™ื˜ ESNI ืคืึทืจืงืขืจื˜ ืคึผืจืึทืงืกื™ ืื•ืŸ ืึธืŸ. ืžื™ืจ "ืื•ื™ืกื’ืขื’ืืกืŸ" ืคืึทืจืงืขืจ ืœืึธื•ืงืึทืœื™ ืื™ืŸ ืกื“ืจ ืฆื• ืขืœื™ืžื™ื ื™ืจืŸ "ื™ื ื˜ืขืจืคื™ืจืึทื ืก" ืื™ืŸ ื™ื ื˜ืขืจืžื™ื“ื™ื™ื˜ ืงืึทืžืคึผืึธื•ื ืึทื ืฅ.

ืึทื–ื•ื™, ืžื™ื˜ ESNI ืฉื˜ื™ืฆืŸ ืื•ืŸ ืคึผืจืึทืงืกื™ื™ื ื’ ืฆื• ืึทืคึผืกื˜ืจื™ื ืคึฟื•ืŸ ื”ื˜ื˜ืคึผ, ืžื™ืจ ื‘ืึทืงื•ืžืขืŸ ืึทืจื•ื ~ 550 ืจืคึผืก ืคึฟื•ืŸ ืื™ื™ืŸ ื‘ื™ื™ึทืฉืคึผื™ืœ, ืžื™ื˜ ื“ื™ ื“ื•ืจื›ืฉื ื™ื˜ืœืขืš ืงืคึผื• / ื‘ืึทืจืึทืŸ ืงืึทื ืกืึทืžืฉืึทืŸ ืคื•ืŸ ESNI ืคืึทืจืงืขืจื˜ ืคึผืจืึทืงืกื™:

  • 80% CPU ื‘ืึทื ื™ืฅ (4 vCPU, 4 ื’ื™ื’ืื‘ื™ื™ื˜ ืจืึทื ื”ืึธืกื˜ืก, Linux)
  • 130 MB Mem RSS

ื•ื•ื™ ืฆื• ื‘ืึทืฉื™ืฆืŸ ื“ื™ื™ืŸ ืขืคื ื˜ืœืขืš ื•ื•ืขื‘ื–ื™ื™ื˜ืœ ืžื™ื˜ ESNI

ืคึฟืึทืจ ืคืึทืจื’ืœื™ื™ึทืš, RPS ืคึฟืึทืจ ื“ืขืจ ื–ืขืœื‘ื™ืงืขืจ ื ื’ื™ื ืงืก ืึทืคึผืกื˜ืจื™ื ืึธืŸ TLS (HTTP ืคึผืจืึธื˜ืึธืงืึธืœ) ื˜ืขืจืžืึทื ื™ื™ืฉืึทืŸ ืื™ื– ~ 1100:

wrk -t50 -c1000 -d360s 'http://lb.npw:80' โ€“-timeout 15s
Running 6m test @ http://lb.npw:80
  50 threads and 1000 connections
  Thread Stats   Avg      Stdev     Max   +/- Stdev
    Latency     1.11s     2.30s   15.00s    90.94%
    Req/Sec    23.25     13.55   282.00     79.25%
  393093 requests in 6.00m, 11.35GB read
  Socket errors: connect 0, read 0, write 0, timeout 9555
  Non-2xx or 3xx responses: 8111
Requests/sec:   1091.62
Transfer/sec:     32.27MB 

ื“ื™ ืื ื•ื•ืขื–ื ื”ื™ื™ื˜ ืคื•ืŸ ื˜ื™ื™ืžืึทื•ื˜ืก ื•ื•ื™ื™ื–ื˜ ืื– ืขืก ืื™ื– ื ืžืื ื’ืœ ืื™ืŸ ืจืขืกื•ืจืกืŸ (ืžื™ืจ ื”ืื‘ืŸ ื’ืขื ื•ืฆื˜ 4 vCPU, 4 GB RAM ื”ืื•ืกื˜ืก, Linux), ืื•ืŸ ืื™ืŸ ืคืึทืงื˜ ืื™ื– ื“ื™ ืคึผืึธื˜ืขื ืฆื™ืขืœืข RPS ื”ืขื›ืขืจ (ืžื™ืจ ื”ืึธื‘ืŸ ื‘ืึทืงื•ืžืขืŸ ืฆื™ืคืขืจืŸ ื‘ื™ื– 2700 RPS ืื•ื™ืฃ ืฉื˜ืึทืจืงืขืจืข ืจืขืกื•ืจืกืŸ).

ืื™ืŸ ืžืกืงื ื, ืื™ืš ื˜ืึธืŸ ืึทื– ESNI ื˜ืขื›ื ืึธืœืึธื’ื™ืข ืงื•ืงื˜ ื’ืึทื ืฅ ืคึผืจืึทืžืึทืกื™ื ื’. ืขืก ื–ืขื ืขืŸ ื ืึธืš ืคื™ืœืข ืึธืคึฟืŸ ืคึฟืจืื’ืŸ, ืœืžืฉืœ, ื“ื™ ื™ืฉื•ื– ืคื•ืŸ ืกื˜ืึธืจื™ื ื’ ื“ื™ ืขืคื ื˜ืœืขืš ESNI ืฉืœื™ืกืœ ืื™ืŸ ื“ื™ DNS ืื•ืŸ ืจืึธื•ื˜ื™ื™ื˜ื™ื ื’ ESNI ืฉืœื™ืกืœืขืŸ - ื“ื™ ื™ืฉื•ื– ื–ืขื ืขืŸ ืึทืงื˜ื™ื•ื•ืœื™ ื“ื™ืกืงืึทืกื˜, ืื•ืŸ ื“ื™ ืœืขืฆื˜ืข ื•ื•ืขืจืกื™ืข ืคื•ืŸ โ€‹โ€‹ื“ื™ ESNI ืคึผืœืึทืŸ (ืื™ืŸ ื“ืขืจ ืฆื™ื™ื˜ ืคื•ืŸ ืฉืจื™ื™ื‘ืŸ) ืื™ื– ืฉื•ื™ืŸ 7.

ืžืงื•ืจ: www.habr.com

ืงื•ื™ืคืŸ ืคืึทืจืœืึธื–ืœืขืš ื”ืึธืกื˜ื™ื ื’ ืคึฟืึทืจ ื–ื™ื™ื˜ืœืขืš ืžื™ื˜ DDoS ืฉื•ืฅ, VPS VDS ืกืขืจื•ื•ืขืจืก ๐Ÿ”ฅ ืงื•ื™ืคื˜ ืคืึทืจืœืขืกืœืขื›ืข ื•ื•ืขื‘ื–ื™ื™ื˜ืœ ื”ืึธืกื˜ื™ื ื’ ืžื™ื˜ DDoS ืฉื•ืฅ, VPS VDS ืกืขืจื•ื•ืขืจืก | ProHoster