Isithombe:
Namuhla, ingxenye ebalulekile yakho konke okuqukethwe ku-inthanethi isatshalaliswa kusetshenziswa amanethiwekhi e-CDN. Ngesikhathi esifanayo, cwaninga ukuthi ama-censor ahlukahlukene anweba kanjani ithonya lawo kumanethiwekhi anjalo. Ososayensi abavela eNyuvesi yaseMassachusetts izindlela ezingenzeka zokuvimbela okuqukethwe kwe-CDN usebenzisa isibonelo semikhuba yeziphathimandla zaseShayina, futhi waphinde wenza ithuluzi lokudlula ukuvinjelwa okunjalo.
Silungiselele into yokubuyekeza eneziphetho nemiphumela yalokhu kuhlolwa.
Isingeniso
Ukucwaninga kuwusongo lomhlaba wonke enkululekweni yokukhuluma ku-inthanethi kanye nokufinyelela kwamahhala olwazini. Lokhu kungenzeka kakhulu ngenxa yokuthi i-intanethi yaboleka imodeli "yokuxhumana ekupheleni kokuphela" kumanethiwekhi ocingo we-70s wekhulu leminyaka elidlule. Lokhu kukuvumela ukuthi uvimbele ukufinyelela kokuqukethwe noma ukuxhumana komsebenzisi ngaphandle komzamo omkhulu noma izindleko ezisekelwe ekhelini le-IP. Kunezindlela ezimbalwa lapha, kusukela ekuvimbeni ikheli ngokwalo ngokuqukethwe okungavunyelwe ukuya ekuvimbeni ikhono labasebenzisi lokulibona besebenzisa ukukhohlisa kwe-DNS.
Kodwa-ke, ukuthuthukiswa kwe-Intanethi kuye kwaholela ekuveleni kwezindlela ezintsha zokusabalalisa ulwazi. Enye yazo ukusetshenziswa kokuqukethwe okugcinwe kunqolobane ukuthuthukisa ukusebenza nokusheshisa ukuxhumana. Namuhla, abahlinzeki be-CDN bacubungula inani elibalulekile layo yonke ithrafikhi emhlabeni - u-Akamai, umholi kule ngxenye, eyedwa wenza kufika ku-30% wethrafikhi yewebhu emile emhlabeni wonke.
Inethiwekhi ye-CDN isistimu esabalalisiwe yokuletha okuqukethwe kwe-inthanethi ngesivinini esikhulu. Inethiwekhi evamile ye-CDN iqukethe amaseva ezindaweni ezihlukene agcina okuqukethwe ukuze akunikeze abasebenzisi abaseduze kwaleyo seva. Lokhu kukuvumela ukuthi ukhuphule kakhulu isivinini sokuxhumana kwe-inthanethi.
Ngaphezu kokuthuthukisa ulwazi lwabasebenzisi bokugcina, ukusingathwa kwe-CDN kusiza abadali bokuqukethwe balinganisele amaphrojekthi abo ngokunciphisa umthwalo engqalasizinda yabo.
Ivala okuqukethwe kwe-CDN
Naphezu kweqiniso lokuthi ithrafikhi ye-CDN isivele yenza ingxenye ebalulekile yalo lonke ulwazi olusakazwa nge-inthanethi, cishe alukho ucwaningo lokuthi ama-censors emhlabeni wangempela afinyelela kanjani ekulawuleni.
Ababhali bocwaningo baqale ngokuhlola amasu okuhlola angasetshenziswa kuma-CDN. Base befunda izindlela zangempela ezisetshenziswa iziphathimandla zaseShayina.
Okokuqala, ake sikhulume ngezindlela ezingase zibe khona zokuhlola kanye nethuba lokuzisebenzisa ukulawula i-CDN.
Ukuhlunga kwe-IP
Lena indlela elula futhi engabizi kakhulu yokuhlola i-inthanethi. Ngokusebenzisa le ndlela, i-censor ihlonza futhi ivimbe amakheli e-IP wezinsiza ezisingatha okuqukethwe okungavunyelwe. Bese abahlinzeki be-inthanethi abalawulwayo bayayeka ukuletha amaphakethe athunyelwe kulawo makheli.
Ukuvinjwa okusekelwe ku-IP kungenye yezindlela ezivame kakhulu zokuvala i-inthanethi. Amadivayisi amaningi wenethiwekhi yezohwebo afakwe imisebenzi yokusebenzisa ukuvimba okunjalo ngaphandle komzamo omkhulu wokubala.
Kodwa-ke, le ndlela ayifaneleki kakhulu ukuvimba ithrafikhi ye-CDN ngenxa yezakhiwo ezithile zobuchwepheshe ngokwazo:
- Ukulondoloza isikhashana okusabalalisiwe - ukuze kuqinisekiswe ukutholakala okungcono kakhulu kokuqukethwe nokwandisa ukusebenza kahle, amanethiwekhi e-CDN agcina inqolobane yokuqukethwe komsebenzisi enanini elikhulu lamaseva asemaphethelweni atholakala ezindaweni ezisatshalaliswe ngokwezindawo. Ukuze uhlunge okuqukethwe okunjalo ngokusekelwe ku-IP, i-censor izodinga ukuthola amakheli azo zonke iziphakeli zonqenqema futhi iwavimbe. Lokhu kuzolulaza izakhiwo eziyinhloko zendlela, ngoba inzuzo yayo eyinhloko ukuthi ohlelweni olujwayelekile, ukuvimbela iseva eyodwa kukuvumela ukuthi "unqamule" ukufinyelela kokuqukethwe okungavunyelwe kwenani elikhulu labantu ngesikhathi esisodwa.
- Ama-IP abiwe - abahlinzeki be-CDN bezentengiselwano babelana ngengqalasizinda yabo (okungukuthi amaseva asemaphethelweni, isistimu yokwenza imephu, njll.) phakathi kwamaklayenti amaningi. Ngenxa yalokho, okuqukethwe kwe-CDN okuvinjelwe kulayishwa kusukela kumakheli e-IP afanayo njengokuqukethwe okungavinjelwe. Njengomphumela, noma imuphi umzamo wokuhlunga i-IP uzoholela enanini elikhulu lamasayithi nokuqukethwe okungenantshisekelo yokubala ukuthi kuvinjwe.
- Ukunikezwa kwe-IP enamandla kakhulu - ukuthuthukisa ukulinganisa komthwalo kanye nokwenza ngcono ikhwalithi yesevisi, ukwenza imephu yamaseva asemaphethelweni kanye nabasebenzisi bokugcina kwenziwa ngokushesha okukhulu nangokuguqukayo. Isibonelo, izibuyekezo ze-Akamai zibuyise amakheli e-IP njalo ngeminithi. Lokhu kuzokwenza kucishe kungenzeki ukuthi amakheli ahlotshaniswe nokuqukethwe okungavunyelwe.
Ukuphazanyiswa kwe-DNS
Ngaphandle kokuhlunga kwe-IP, enye indlela edumile yokuhlola ukuphazanyiswa kwe-DNS. Le ndlela yokwenza ihlanganisa izenzo zezibalo ezihloselwe ukuvimbela abasebenzisi ekuboneni amakheli e-IP wezisetshenziswa ezinokuqukethwe okungavunyelwe. Okusho ukuthi, ukungenelela kwenzeka ezingeni lokuxazulula igama lesizinda. Kunezindlela ezimbalwa zokwenza lokhu, okuhlanganisa ukuduna ukuxhumana kwe-DNS, ukusebenzisa amasu oshevu we-DNS, nokuvimbela izicelo ze-DNS kumasayithi angavunyelwe.
Lena indlela yokuvimbela ephumelela kakhulu, kodwa ingadlulwa uma usebenzisa izindlela zokuxazulula i-DNS ezingajwayelekile, isibonelo, iziteshi ezingaphandle kwebhendi. Ngakho-ke, ama-censors ngokuvamile ahlanganisa ukuvinjwa kwe-DNS nokuhlunga kwe-IP. Kodwa, njengoba kushiwo ngenhla, ukuhlunga kwe-IP akuphumelelanga ekuhloleni okuqukethwe kwe-CDN.
Hlunga nge-URL/Amagama angukhiye usebenzisa i-DPI
Imishini yesimanje yokuqapha umsebenzi wenethiwekhi ingasetshenziswa ukuhlaziya ama-URL athile namagama angukhiye kumaphakethe wedatha adlulisiwe. Lobu buchwepheshe bubizwa nge-DPI (ukuhlola iphakethe elijulile). Amasistimu anjalo athola okukhulunywe ngawo ngamagama nezinsiza ezingavunyelwe, emva kwalokho aphazamise ukuxhumana kwe-inthanethi. Ngenxa yalokho, amaphakethe avele awiswe.
Le ndlela iyasebenza, kodwa inkimbinkimbi futhi idinga kakhulu izinsiza ngoba idinga ukuhlukaniswa kwawo wonke amaphakethe wedatha athunyelwe ngaphakathi kwemifudlana ethile.
Okuqukethwe kwe-CDN kungavikelwa ekuhlungeni okunjalo ngendlela efanayo nokuqukethwe "okuvamile" - ββkuzo zombili izimo ukusetshenziswa kokubethela (okungukuthi i-HTTPS) kuyasiza.
Ngokungeziwe ekusebenziseni i-DPI ukuze uthole amagama angukhiye noma ama-URL ezinsiza ezivinjelwe, lawa mathuluzi angasetshenziselwa ukuhlaziya okuthuthuke kakhulu. Lezi zindlela zihlanganisa ukuhlaziywa kwezibalo zethrafikhi eku-inthanethi/okungaxhunyiwe ku-inthanethi kanye nokuhlaziywa kwezinqubo zokuhlonza. Lezi zindlela zidinga kakhulu izinsiza futhi okwamanje abukho ubufakazi bokuthi zisetshenziswa ama-censors ngokwezinga elibucayi ngokwanele.
Ukuzihlola ngokwakho abahlinzeki be-CDN
Uma ngabe isihloli siwumbuso, sinalo lonke ithuba lokuvimbela labo bahlinzeki be-CDN ukuthi basebenze ezweni abangathobeli imithetho yendawo elawula ukufinyelela kokuqukethwe. Ukuzihlola akukwazi ukuphikiswa nganoma iyiphi indlela - ngakho-ke, uma inkampani yomhlinzeki we-CDN inesithakazelo ekusebenzeni ezweni elithile, izophoqeleka ukuthi ihambisane nemithetho yendawo, ngisho noma ikhawulela inkululeko yokukhuluma.
I-China ikubheka kanjani okuqukethwe kwe-CDN
I-Great Firewall yase-China ibhekwa ngokufanelekile njengohlelo olusebenza kahle kakhulu noluthuthuke kakhulu lokuqinisekisa ukucwaninga kwe-inthanethi.
Indlela yocwaningo
Ososayensi benze izivivinyo besebenzisa i-Linux node etholakala ngaphakathi kweChina. Baphinde bakwazi ukufinyelela kumakhompyutha amaningana ngaphandle kwezwe. Okokuqala, abacwaningi bahlole ukuthi i-node yayingaphansi kokuhlolwa okufanayo naleyo esetshenziswa kwabanye abasebenzisi baseShayina - ukwenza lokhu, bazama ukuvula amasayithi ahlukahlukene angavunyelwe kulo mshini. Ngakho-ke ukuba khona kwezinga elifanayo lokucwaninga kwaqinisekiswa.
Uhlu lwamawebhusayithi avinjwe e-China asebenzisa ama-CDN luthathwe ku-GreatFire.org. Indlela yokuvimba esimweni ngasinye yabe isihlaziywa.
Ngokusho kwedatha yomphakathi, okuwukuphela komdlali omkhulu emakethe ye-CDN enengqalasizinda yayo e-China ngu-Akamai. Abanye abahlinzeki ababambe iqhaza ocwaningweni: CloudFlare, Amazon CloudFront, EdgeCast, Fastly kanye neSoftLayer.
Ngesikhathi sokuhlolwa, abacwaningi bathola amakheli amaseva e-Akamai onqenqemeni ngaphakathi kwezwe, base bezama ukufaka kunqolobane okuqukethwe okuvunyelwe ngawo. Akukwazanga ukufinyelela okuqukethwe okunqatshelwe (Iphutha le-HTTP 403 Elinqatshelwe libuyisiwe) - ngokusobala inkampani iyazihlola ukuze igcine ikhono lokusebenza ezweni. Ngesikhathi esifanayo, ukufinyelela kulezi zinsiza kwahlala kuvulekile ngaphandle kwezwe.
Ama-ISP angenayo ingqalasizinda e-China awazihloli abasebenzisi bendawo.
Endabeni yabanye abahlinzeki, indlela yokuvimbela evame ukusetshenziswa kwakuwukuhlunga kwe-DNS - izicelo kumasayithi avinjiwe zixazululwa kumakheli e-IP angalungile. Ngesikhathi esifanayo, i-firewall ayivimbi amaseva onqenqema we-CDN ngokwawo, ngoba agcina ulwazi olunqatshelwe noluvunyelwe.
Futhi uma esimweni sethrafikhi engabhaliwe iziphathimandla zinamandla okuvimba amakhasi ngamanye wamasayithi asebenzisa i-DPI, khona-ke lapho usebenzisa i-HTTPS bangaphika kuphela ukufinyelela kuso sonke isizinda sisonke. Lokhu kuholela nasekuvinjweni kokuqukethwe okuvunyelwe.
Ngaphezu kwalokho, i-China inabahlinzeki bayo be-CDN, okuhlanganisa amanethiwekhi afana ne-ChinaCache, i-ChinaNetCenter kanye ne-CDNetworks. Zonke lezi zinkampani zihambisana ngokugcwele nemithetho yezwe futhi zivimba okuqukethwe okungavunyelwe.
I-CacheBrowser: Ithuluzi lokudlula le-CDN
Njengoba ukuhlaziya kubonisile, kunzima kakhulu ukuthi ama-censors avimbe okuqukethwe kwe-CDN. Ngakho-ke, abacwaningi banqume ukuqhubekela phambili futhi bathuthukise ithuluzi le-block bypass online elingasebenzisi ubuchwepheshe be-proxy.
Umqondo oyisisekelo wethuluzi ukuthi ama-censors kufanele aphazamise i-DNS ukuze uvimbele ama-CDN, kodwa empeleni akudingeki ukuthi usebenzise ukulungiswa kwegama lesizinda ukuze ulayishe okuqukethwe kwe-CDN. Ngakho, umsebenzisi angathola okuqukethwe akudingayo ngokuxhumana ngokuqondile neseva esemaphethelweni, lapho isivele igcinwe khona.
Umdwebo ongezansi ubonisa ukwakheka kwesistimu.
Isofthiwe yeklayenti ifakwe kukhompuyutha yomsebenzisi, futhi isiphequluli esivamile sisetshenziselwa ukufinyelela okuqukethwe.
Uma i-URL noma ucezu lokuqukethwe seluceliwe, isiphequluli senza isicelo ohlelweni lwendawo lwe-DNS (LocalDNS) ukuze sithole ikheli le-IP lokusingatha. I-DNS evamile ibuzwa kuphela ezizindeni ezingekho kusizindalwazi se-LocalDNS. I-module ye-Scraper iqhubeka nokuhamba ngama-URL aceliwe futhi isesha uhlu lwamagama wesizinda okungenzeka avinjwe. I-Scraper bese ibiza i-Resolver module ukuze ixazulule izizinda ezisanda kutholwa ezivinjiwe, le moduli yenza umsebenzi futhi yengeza ukungena ku-LocalDNS. Inqolobane ye-DNS yesiphequluli ibe isisulwa ukuze kukhishwe amarekhodi akhona e-DNS esizinda esivinjiwe.
Uma imojuli yesixazululi ingakwazi ukuthola ukuthi isizinda singesikamuphi umhlinzeki we-CDN, izocela usizo lwemojuli ye-Bootstrapper.
Isebenza kanjani ekusebenzeni
Isofthiwe yeklayenti yomkhiqizo yasetshenziswa ku-Linux, kodwa ingathuthwa kalula naku-Windows. I-Mozilla evamile isetshenziswa njengesiphequluli
IFirefox. Amamojula we-Scraper ne-Resolver abhalwe ku-Python, futhi i-Customer-to-CDN kanye ne-CDN-toIP yolwazi igcinwa kumafayela we-.txt. Isizindalwazi se-LocalDNS yifayela elivamile/etc/hosts ku-Linux.
Njengomphumela, ku-URL evinjiwe efana Umbhalo uzothola ikheli le-IP leseva eliwunqenqema ukusuka kufayela /etc/hosts futhi lithumele isicelo se-HTTP GET sokufinyelela i-BlockedURL.html ngezinkambu zesihloko esithi I-Host HTTP:
blocked.com/ and User-Agent: Mozilla/5.0 (Windows
NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1Imojuli ye-Bootstrapper isetshenziswa kusetshenziswa ithuluzi lamahhala elithi digwebinterface.com. Lesi sixazululi se-DNS asinakuvinjwa futhi siphendula imibuzo ye-DNS egameni lamaseva amaningi e-DNS asabalaliswe ngokwendawo ezindaweni ezihlukene zenethiwekhi.
Besebenzisa leli thuluzi, abacwaningi bakwazile ukuthola ukufinyelela ku-Facebook kusuka endaweni yabo yesiShayina, nakuba inethiwekhi yokuxhumana nabantu sekuyisikhathi eside ivaliwe eChina.
isiphetho
Ukuhlolwa kubonise ukuthi ukusizakala ngezinkinga ezitholwa abahloli lapho bezama ukuvimba okuqukethwe kwe-CDN kungasetshenziswa ukudala isistimu yokudlula amabhulokhi. Leli thuluzi likuvumela ukuthi udlule amabhulokhi ngisho nase-China, enolunye lwezinhlelo ezinamandla kakhulu zokuhlolwa kwe-inthanethi.
Ezinye izihloko ngesihloko sokusetshenziswa okwebhizinisi:
Source: www.habr.com