I-intanethi ibonakala iyisakhiwo esiqinile, esizimele futhi esingabhubhi. Ngokombono, inethiwekhi iqine ngokwanele ukuba isinde ekuqhumeni kwenuzi. Eqinisweni, i-inthanethi ingawisa irutha eyodwa encane. Konke ngoba i-inthanethi iyinqwaba yezingxabano, ubungozi, amaphutha namavidiyo mayelana namakati. Umgogodla we-inthanethi, i-BGP, ugcwele izinkinga. Kuyamangaza ukuthi usaphefumula. Ngaphezu kwamaphutha aku-inthanethi ngokwayo, iphinde iphulwe yibo bonke futhi ihluke: abahlinzeki be-inthanethi abakhulu, izinkampani, izifunda kanye nokuhlaselwa kwe-DDoS. Okufanele ukwenze ngakho nokuthi ungaphila kanjani nakho?
Uyayazi impendulo Alexey Uchakin () ungumholi weqembu lonjiniyela benethiwekhi ku-IQ Option. Umsebenzi wayo oyinhloko ukufinyeleleka kwenkundla yabasebenzisi. Embhalweni wombiko ka-Alexey on Ake sikhulume nge-BGP, ukuhlaselwa kwe-DDOS, ukushintshwa kwe-inthanethi, amaphutha abahlinzeki, ukuhlukaniswa kwezindawo kanye namacala lapho umzila omncane uthumela i-inthanethi ukuthi ilale. Ekugcineni - amathiphu ambalwa okuthi ungasinda kanjani kukho konke lokhu.
Usuku I-inthanethi Yaphuka Ngalolo
Ngizobala izehlakalo ezimbalwa lapho uxhumo lwe-inthanethi lwaphuka khona. Lokhu kuzokwanela isithombe esiphelele.
"AS7007 Isigameko". Isikhathi sokuqala i-intanethi yaphuka ngo-April 1997. Kwakukhona iphutha kusofthiwe ye-router eyodwa kusuka kusistimu yokuzimela engu-7007. Ngesinye isikhathi, i-router yamemezela ithebula layo langaphakathi lomzila kumakhelwane bayo futhi yathumela ingxenye yenethiwekhi emgodini omnyama.
"Pakistan ngokumelene ne-YouTube". Ngo-2008, abafana abanesibindi basePakistan banquma ukuvimba i-YouTube. Bakwenza kahle kangangokuthi ingxenye yomhlaba yasala ingenamakati.
"Ukuthunjwa kweziqalo ze-VISA, MasterCard kanye ne-Symantec yi-Rostelecom". Ngo-2017, i-Rostelecom yaqala ngephutha ukumemezela iziqalo ze-VISA, MasterCard kanye ne-Symantec. Ngenxa yalokho, ithrafikhi yezezimali yahanjiswa ngamashaneli alawulwa umhlinzeki. Ukuputshuka akuzange kuhlale isikhathi eside, kodwa bekungemnandi ezinkampanini zezimali.
I-Google vs Japan. Ngo-Agasti 2017, i-Google yaqala ukumemezela iziqalo zabahlinzeki abakhulu baseJapane i-NTT kanye ne-KDDI kwezinye zezixhumanisi zayo eziphezulu. Ithrafikhi ithunyelwe ku-Google njengezokuthutha, cishe ngephutha. Njengoba i-Google ingeyena umhlinzeki futhi ingakuvumeli ithrafikhi yezokuthutha, ingxenye ebalulekile ye-Japan ishiywe ngaphandle kwe-inthanethi.
"I-DV LINK ithwebule iziqalo ze-Google, Apple, Facebook, Microsoft". Futhi ngo-2017, umhlinzeki waseRussia u-DV LINK ngesizathu esithile waqala ukumemezela amanethiwekhi e-Google, Apple, Facebook, Microsoft kanye nabanye abadlali abakhulu.
“I-eNet yase-USA ithwebule iziqalo ze-AWS Route53 kanye ne-MyEtherwallet”. Ngo-2018, umhlinzeki wase-Ohio noma elinye lamakhasimende akhe umemezele amanethiwekhi we-wallet e-Amazon Route53 kanye ne-MyEtherwallet crypto. Ukuhlasela kube yimpumelelo: ngisho naphezu kwesitifiketi esizisayinele, isexwayiso esivele kumsebenzisi lapho engena kuwebhusayithi ye-MyEtherwallet, izikhwama eziningi zantshontshwa futhi ingxenye ye-cryptocurrency yebiwa.
Zingaphezu kuka-2017 14 izigameko ezinjalo ngo-000 kuphela! Inethiwekhi isahlukaniswa, ngakho-ke akuyona yonke into futhi akuwona wonke umuntu ophukayo. Kodwa kunezinkulungwane zezigameko, zonke ezihlobene nephrothokholi ye-BGP enika amandla i-inthanethi.
BGP nezinkinga zayo
Isivumelwano I-BGP - Iphrothokholi Yesango Lomngcele, yachazwa okokuqala ngo-1989 ngonjiniyela ababili abavela ku-IBM kanye ne-Cisco Systems "kuma-napkins" amathathu - amashidi e-A4. Lezi usahlala endlunkulu yeCisco Systems eSan Francisco njengensalela yomhlaba wokuxhumana.
Iphrothokholi isuselwe ekusebenzisaneni kwezinhlelo ezizimele - I-Autonomous Systems noma i-AS ngamafuphi. Uhlelo oluzimele lumane luyi-ID lapho amanethiwekhi e-IP anikezwa khona kurejista yomphakathi. Irutha enale ID ingamemezela lawa manethiwekhi emhlabeni jikelele. Ngakho-ke, noma iyiphi indlela eku-inthanethi ingamelwa njenge-vector, ebizwa ngokuthi Indlela ye-AS. Ivekhtha iqukethe izinombolo zezinhlelo ezizimele okufanele zidluliswe ukuze zifinyelele kunethiwekhi yendawo.
Isibonelo, kunenethiwekhi yezinhlelo eziningi ezizimele. Udinga ukusuka kusistimu ye-AS65001 uye ohlelweni lwe-AS65003. Indlela esuka kusistimu eyodwa imelwe yi-AS Path emdwebeni. Iqukethe amasistimu amabili azimele: 65002 kanye ne-65003. Ekhelini ngalinye lendawo kukhona i-AS Path vector, ehlanganisa izinombolo zezinhlelo ezizimele okudingeka sidlule kuzo.
Ngakho yiziphi izinkinga nge-BGP?
I-BGP iphrothokholi yokwethenjwa
Iphrothokholi ye-BGP isekelwe ekuthembekeni. Lokhu kusho ukuthi sithemba umakhelwane wethu ngokuzenzakalelayo. Lesi isici samaphrothokholi amaningi asungulwa ekuqaleni kwe-inthanethi. Ake sithole ukuthi kusho ukuthini "ukuthembela".
Abukho ubuqiniso bukamakhelwane. Ngokusemthethweni, kukhona i-MD5, kodwa i-MD5 ngo-2019 yilokho nje ...
Akukho ukuhlunga. I-BGP inezihlungi futhi zichazwe, kodwa azisetshenziswa noma zisetshenziswa ngokungalungile. Ngizochaza ukuthi kungani kamuva.
Kulula kakhulu ukusetha indawo. Ukusetha indawo kuphrothokholi ye-BGP cishe kunoma iyiphi irutha imigqa embalwa yokucushwa.
Awekho amalungelo okuphatha we-BGP adingekayo. Awudingi ukubhala izivivinyo ukuze ufakazele iziqu zakho. Akekho ozothatha amalungelo akho okumisa i-BGP ngenkathi udakiwe.
Izinkinga ezimbili eziyinhloko
Ukudunwa kwesiqalo. Ukudunwa kwesiqalo ukukhangisa inethiwekhi okungeyona eyakho, njengoba kwenzeka nge-MyEtherwallet. Sithathe iziqalo ezithile, savumelana nomhlinzeki noma sagqekeza, futhi ngakho simemezela lawa manethiwekhi.
Ukuvuza komzila. Ukuvuza kuyinkimbinkimbi kancane. Ukuvuza kuwushintsho ku-AS Path. Okungcono kakhulu, ushintsho luzoholela ekubambezelekeni okukhulu ngoba udinga ukuhamba umzila omude noma ngesixhumanisi esinamandla amancane. Okubi kakhulu, icala le-Google ne-Japan lizophindwa.
I-Google ngokwayo ayiyona i-opharetha noma isistimu yezokuthutha ezizimele. Kodwa lapho ememezela amanethiwekhi o-opharetha baseJapane kumhlinzeki wakhe, ithrafikhi nge-Google nge-AS Path yabonwa njengento ebaluleke kakhulu. Ithrafikhi iye lapho futhi yehla ngenxa nje yokuthi izilungiselelo zomzila ngaphakathi kwe-Google ziyinkimbinkimbi kunezihlungi emngceleni.
Kungani izihlungi zingasebenzi?
Akekho onendaba. Lesi isizathu esiyinhloko - akekho onendaba. Umlawuli womhlinzeki omncane noma inkampani exhumeke kumhlinzeki nge-BGP uthathe i-MikroTik, yamisa i-BGP kuyo futhi akazi nokuthi izihlungi zingalungiselelwa lapho.
Amaphutha okumisa. Bamoshe okuthile, benza iphutha kumaskhi, bafaka i-mesh engalungile - manje sekukhona iphutha futhi.
Akukho okungenzeka kwezobuchwepheshe. Isibonelo, abahlinzeki be-telecom banamakhasimende amaningi. Ngendlela ehlakaniphile, kufanele ubuyekeze ngokuzenzakalelayo izihlungi zeklayenti ngalinye - qiniseka ukuthi linenethiwekhi entsha, ukuthi liqashele othile inethiwekhi yalo. Kunzima ukulandela lokhu, futhi kunzima nakakhulu ngezandla zakho. Ngakho-ke, bavele bafake izihlungi ezikhululekile noma abazifaki nhlobo izihlungi.
Ukungafani. Kukhona okuhlukile kumakhasimende athandwayo namakhulu. Ikakhulukazi esimweni se-inter-operator interfaces. Isibonelo, iTransTeleCom neRostelecom zinenqwaba yamanethiwekhi futhi kukhona ukuxhumana phakathi kwawo. Uma okuhlangene kuwa, ngeke kube kuhle kunoma ubani, ngakho izihlungi zikhululekile noma zisuswe ngokuphelele.
Ulwazi oluphelelwe yisikhathi noma olungabalulekile ku-IRR. Izihlungi zakhiwe ngokusekelwe kulwazi olurekhodwe kulo I-IRR - Isibhalisi Somzila We-inthanethi. Lawa amarejista ababhalisi be-inthanethi besifunda. Ngokuvamile, ukubhaliswa kuqukethe ulwazi oluphelelwe yisikhathi noma olungabalulekile, noma kokubili.
Obani laba ababhalisi?
Wonke amakheli e-inthanethi ngawenhlangano I-IANA - Igunya Lezinombolo Ezinikezwe I-inthanethi. Uma uthenga inethiwekhi ye-IP komunye umuntu, awuthengi amakheli, kodwa unelungelo lokuwasebenzisa. Amakheli awumthombo ongaphatheki futhi ngesivumelwano esisodwa wonke angaphansi kwe-IANA.
Isistimu isebenza kanje. I-IANA ithumela ukuphathwa kwamakheli e-IP kanye nezinombolo zesistimu ezizimele kubabhalisi bezifunda ezinhlanu. Bakhipha izinhlelo ezizimele I-LIR - ababhalisi be-inthanethi bendawo. Ama-LIR abe esenikeza amakheli e-IP kubasebenzisi bokugcina.
Ububi balolu hlelo ukuthi ababhalisi besifunda ngamunye bagcina amarejista abo ngendlela yabo. Wonke umuntu unemibono yakhe ngokuthi yiluphi ulwazi okufanele luqukethwe kumarejista, nokuthi ubani okufanele aluhlole noma okungafanele aluhlole. Umphumela uba ukubhebhetheka esinakho manje.
Ungalwa kanjani futhi nalezi zinkinga?
I-IRR - ikhwalithi emaphakathi. Kuyacaca nge-IRR - yonke into imbi lapho.
BGP-imiphakathi. Lesi esinye isibaluli esichazwe kuphrothokholi. Singanamathisela, isibonelo, umphakathi okhethekile esimemezelweni sethu ukuze umakhelwane angathumeli amanethiwekhi ethu komakhelwane bakhe. Uma sinesixhumanisi se-P2P, sishintsha amanethiwekhi ethu kuphela. Ukuze uvimbele umzila ukuthi uye kwamanye amanethiwekhi ngephutha, sengeza umphakathi.
Imiphakathi ayishintshile. Kuhlale kuyinkontileka yababili, futhi lokhu kuwumshoshaphansi wabo. Asikwazi ukwabela noma yimuphi umphakathi, ngaphandle komunye, owamukelwe ngokuzenzakalela yiwo wonke umuntu. Ngeke sibe nesiqiniseko sokuthi wonke umuntu uzowamukela lo mphakathi futhi awuhumushe ngendlela efanele. Ngakho-ke, esimweni esihle kakhulu, uma uvumelana ne-uplink yakho, uzoqonda ukuthi yini oyifunayo kuye ngokomphakathi. Kodwa umakhelwane wakho angase angaqondi, noma opharetha uzovele asethe kabusha ithegi yakho, futhi ngeke uzuze lokho obukufuna.
I-RPKI + ROA ixazulula ingxenye encane yezinkinga. I-RPKI i Insiza Ingqalasizinda Ebalulekile Yomphakathi — uhlaka olukhethekile lokusayina imininingwane yomzila. Kungumqondo omuhle ukuphoqa ama-LIR namakhasimende awo ukuthi agcine imininingwane esesikhathini samanje yesikhala samakheli. Kodwa kunenkinga eyodwa ngakho.
I-RPKI iphinde ibe wuhlelo lokhiye womphakathi olulandelanayo. I-IANA inokhiye lapho okhiye be-RIR benziwa khona, futhi okhiye be-LIR benziwa kusukela kuphi? abasayina ngayo indawo yamakheli besebenzisa ama-ROA - Ukugunyazwa Kwemvelaphi Yomzila:
- Ngiyakuqinisekisa ukuthi lesi siqalo sizomenyezelwa egameni lalesi sifunda esizimele.
Ngokungeziwe ku-ROA, kunezinye izinto, kodwa okuningi ngazo kamuva. Kubonakala njengento enhle futhi ewusizo. Kodwa akusivikeli ekuvuzeni okuvela egameni elithi “nakancane” futhi akuzixazululi zonke izinkinga ngokudunwa kwesiqalo. Ngakho-ke, abadlali abajahile ukukusebenzisa. Nakuba sekuvele kuneziqinisekiso ezivela kubadlali abakhulu abafana ne-AT&T nezinkampani ezinkulu ze-IX ezineziqalo ezinerekhodi elingavumelekile le-ROA zizokwehliswa.
Mhlawumbe bazokwenza lokhu, kodwa okwamanje sinenani elikhulu leziqalo ezingasayiniwe nganoma iyiphi indlela. Ngakolunye uhlangothi, akucaci ukuthi zimenyezelwe ngokusemthethweni yini. Ngakolunye uhlangothi, asikwazi ukuwayeka ngokuzenzakalelayo, ngoba asinaso isiqiniseko sokuthi lokhu kulungile noma cha.
Yini enye ekhona?
BGPSec. Lena into emnandi izifundiswa eza nayo ngenethiwekhi yamaponi aphinki. Bathi:
- Sine-RPKI + ROA - indlela yokuqinisekisa amasiginesha esikhala sekheli. Masidale isibaluli esihlukile se-BGP futhi siyibize nge-BGPSec Path. Irutha ngayinye izosayina ngesiginesha yayo izimemezelo ezimemezelayo komakhelwane bayo. Ngale ndlela sizothola indlela ethembekile ochungechungeni lwezimemezelo ezisayiniwe futhi sizokwazi ukuyihlola.
Kuhle ngombono, kodwa ekusebenzeni kunezinkinga eziningi. I-BGPSec iphula imishini eminingi ekhona ye-BGP yokukhetha ama-hops alandelayo kanye nokuphatha ithrafikhi engenayo/ephumayo ngokuqondile kumzila. I-BGPSec ayisebenzi kuze kube yilapho u-95% wayo yonke imakethe usuyisebenzisile, yona ngokwayo eyi-utopia.
I-BGPSec inezinkinga ezinkulu zokusebenza. Ku-hardware yamanje, ijubane lokuhlola izimemezelo licishe libe yiziqalo ezingu-50 ngomzuzwana. Ukuze uqhathanise: ithebula le-inthanethi lamanje leziqalo ezingu-700 lizolayishwa emahoreni angu-000, lapho lizoshintsha izikhathi ezingu-5 ngaphezulu.
Inqubomgomo Evulekile ye-BGP (I-BGP Esekelwe Endimeni). Isiphakamiso esisha esisekelwe kumodeli I-Gao-Rexford. Laba ngososayensi ababili abenza ucwaningo lwe-BGP.
Imodeli yeGao-Rexford imi kanje. Ukwenza lula, nge-BGP kunenombolo encane yezinhlobo zokusebenzisana:
- Ikhasimende Lomhlinzeki;
- I-P2P;
- ukuxhumana kwangaphakathi, kusho iBGP.
Ngokusekelwe endimeni yomzila, sekungenzeka vele ukunikeza izinqubomgomo ezithile zokungenisa/ukuthekelisa ngokuzenzakalelayo. Umlawuli akadingi ukulungisa uhlu lwesiqalo. Ngokusekelwe endimeni amarutha avumelana ngayo phakathi kwawo futhi angasethwa, sesivele sithola ezinye izihlungi ezizenzakalelayo. Lokhu okwamanje kusalungiswa okuxoxwa ngakho ku-IETF. Ngithemba ukuthi maduze sizobona lokhu ngendlela ye-RFC kanye nokuqaliswa kwehadiwe.
Abahlinzeki be-inthanethi abakhulu
Ake sibheke isibonelo somhlinzeki I-CenturyLink. Ingumhlinzeki wesithathu ngobukhulu wase-US, ehlinzeka izifundazwe ezingama-37 futhi inezikhungo zedatha eziyi-15.
NgoDisemba 2018, i-CenturyLink yayisemakethe yaseMelika amahora angama-50. Ngesikhathi sesigameko, kube nezinkinga ngokusebenza kwama-ATM ezifundazweni ezimbili, kanti inombolo engu-911 ibingasebenzi amahora ambalwa ezifundazweni ezinhlanu. Ilotho e-Idaho yonakale ngokuphelele. Lesi sigameko okwamanje sisaphenywa yiKhomishini Yezokuxhumana YaseMelika.
Isizathu senhlekelele kwakuyikhadi elilodwa lenethiwekhi endaweni eyodwa yedatha. Ikhadi alisebenzi kahle, lathumela amaphakethe angalungile, futhi zonke izikhungo zedatha zabahlinzeki ezingu-15 zehlile.
Umbono awuzange usebenze kulo mhlinzeki "mkhulu kakhulu ukuthi ungawa". Lo mbono awusebenzi nhlobo. Ungathatha noma yimuphi umdlali omkhulu futhi ubeke izinto ezincane phezulu. I-US isaqhuba kahle ngoxhumano. Amakhasimende akwa-CenturyLink abenendawo yokubhuka angena kuwo ngobuningi. Khona-ke abanye o-opharetha bakhala ngokuthi amalinki abo alayishwa ngokweqile.
Uma i-Kazakhtelecom enemibandela iwe, izwe lonke lizosala ngaphandle kwe-inthanethi.
Izinkampani
Mhlawumbe i-Google, i-Amazon, i-FaceBook nezinye izinkampani zisekela i-inthanethi? Cha, bayawuphula futhi.
Ngo-2017 eSt. Petersburg engqungqutheleni ye-ENOG13 UJeff Houston kusuka ku I-APNIC kwethulwa . Ithi sijwayele ukusebenzisana, ukuhamba kwemali kanye nokuhamba kwe-inthanethi okuqondile. Sinabahlinzeki abancane abakhokhela ukuxhuma kwabakhudlwana, futhi asebevele bakhokhela ukuxhumeka kwezokuthutha zomhlaba.
Manje sinesakhiwo esibheke phezulu esinjalo. Konke kuzolunga, kodwa umhlaba uyashintsha - abadlali abakhulu bakha izintambo zabo ze-transoceanic ukuze bakhe imigogodla yabo.
Izindaba mayelana nekhebula le-CDN.
Ngo-2018, i-TeleGeography yakhipha ucwaningo lokuthi ngaphezu kwengxenye yethrafikhi ku-inthanethi ayisekho i-Intanethi, kodwa i-backbones CDN yabadlali abakhulu. Lena ithrafikhi ehlobene ne-inthanethi, kodwa akuseyona inethiwekhi ebesikhuluma ngayo.
I-inthanethi ihlukana ibe isethi enkulu yamanethiwekhi axhumeke ngokuxekethile.
I-Microsoft inenethiwekhi yayo, i-Google ineyayo, futhi banokunqwabelana okuncane komunye nomunye. Ithrafikhi eqale ndawana thize e-USA idlula eziteshini ze-Microsoft inqamule ulwandle iye e-Europe ndawana thize nge-CDN, bese nge-CDN noma i-IX ixhuma nomhlinzeki wakho bese ifika kumzila wakho.
Ukwahlukaniswa kwabantu kuyanyamalala.
Lawa mandla e-inthanethi, azoyisiza ekuqhumeni kwezikhali zenuzi, ayalahleka. Izindawo zokugxila kwabasebenzisi kanye nethrafikhi ziyavela. Uma i-Google Cloud enemibandela iwa, kuzoba nezisulu eziningi ngesikhathi esisodwa. Sikuzwe lokhu ngokwengxenye lapho iRoskomnadzor ivimba i-AWS. Futhi isibonelo se-CenturyLink sibonisa ukuthi ngisho nezinto ezincane zanele kulokhu.
Ngaphambilini, akuzona zonke izinto futhi akuwona wonke umuntu owaphuka. Esikhathini esizayo, singase sifinyelele esiphethweni sokuthi ngokuthonya umdlali oyedwa omkhulu, singaphula izinto eziningi, ezindaweni eziningi nakubantu abaningi.
Amazwe
Amazwe alandelayo kulayini, futhi yilokhu ngokuvamile okwenzeka kuwo.
Lapha iRoskomnadzor yethu ayilona ngisho iphayona nhlobo. Umkhuba ofanayo wokuvalwa kwe-inthanethi ukhona e-Iran, e-India, nasePakistan. ENgilandi kunomthethosivivinywa wokuthi kungenzeka yini ukuvala i-inthanethi.
Noma isiphi isimo esikhulu sifuna ukuthola iswishi ukuze uvale i-inthanethi, ngokuphelele noma izingxenye: Twitter, Telegram, Facebook. Akukhona ukuthi abaqondi ukuthi abasoze baphumelela, kodwa bafuna ngempela. Ukushintsha kusetshenziselwa, njengomthetho, ngezinhloso zezombangazwe - ukuqeda izimbangi zezombangazwe, noma ukhetho lusondela, noma abaduni baseRussia baphule okuthile futhi.
Ukuhlaselwa kwe-DDoS
Ngeke ngisuse isinkwa kubalingani bami bakwaQrator Labs, bakwenza kangcono kakhulu kunami. Banayo ekuzinzeni kwe-inthanethi. Futhi yilokhu abakubhala embikweni ka-2018.
Isikhathi esimaphakathi sokuhlaselwa kwe-DDoS sehla siye emahoreni angu-2.5. Abahlaseli nabo baqala ukubala imali, futhi uma insiza ingatholakali ngokushesha, khona-ke bayayishiya ngokushesha.
Amandla okuhlasela ayakhula. Ngo-2018, sibone i-1.7 Tb/s kunethiwekhi ye-Akamai, futhi lokhu akuwona umkhawulo.
Ama-vector amasha okuhlasela ayavela kanti amadala ayaqina. Kuvela amaphrothokholi amasha okungenzeka ukuthi akhuliswe kalula, futhi kuvela ukuhlaselwa okusha kumaphrothokholi akhona, ikakhulukazi i-TLS nokunye okunjalo.
Iningi lethrafikhi livela kumadivayisi eselula. Ngesikhathi esifanayo, ithrafikhi ye-inthanethi ishintshela kumakhasimende eselula. Kokubili labo abahlaselayo nalabo abavikelayo kudingeka bakwazi ukusebenzisana nalokhu.
Akunangozi - cha. Lona umqondo oyinhloko - akukho ukuvikeleka kwendawo yonke okuzovikela nakanjani kunoma iyiphi i-DDoS.
Isistimu ayikwazi ukufakwa ngaphandle uma ixhunywe ku-inthanethi.
Ngethemba ukuthi sengikwesabise ngokwanele. Manje ake sicabange ukuthi senzeni ngakho.
Okufanele ngikwenze?!
Uma unesikhathi samahhala, isifiso kanye nolwazi lwesiNgisi, bamba iqhaza emaqenjini asebenzayo: IETF, RIPE WG. Lezi izinhlu zemeyili evulekile, bhalisela uhlu lwamakheli, hlanganyela ezingxoxweni, woza ezingqungqutheleni. Uma unesimo se-LIR, ungavota, isibonelo, ku-RIPE ngezinhlelo ezahlukahlukene.
Kubantu abafayo nje lokhu ukuqapha. Ukuze wazi ukuthi yini ephukile.
Ukuqapha: yini okufanele uyihlole?
I-Ping evamile, futhi hhayi kuphela ukuhlola kanambambili - kuyasebenza noma cha. Rekhoda i-RTT emlandweni ukuze ukwazi ukubheka okudidayo kamuva.
Traceroute. Lolu uhlelo olusetshenziswayo lokunquma imizila yedatha kumanethiwekhi e-TCP/IP. Isiza ukukhomba okudidayo nokuvinjwa.
I-HTTP ihlola ama-URL wangokwezifiso nezitifiketi ze-TLS kuzosiza ukuthola ukuvinjwa noma i-DNS spoofing yokuhlasela, okucishe kube yinto efanayo. Ukuvinjwa kuvame ukwenziwa yi-DNS spoofing futhi ngokuguqulela ithrafikhi ekhasini le-stub.
Uma kungenzeka, hlola ukuzimisela kwamakhasimende akho ngemvelaphi yakho ezindaweni ezahlukene uma unesicelo. Lokhu kuzokusiza ukuthi uthole okudidayo kokudunwa kwe-DNS, into eyenziwa abahlinzeki ngezinye izikhathi.
Ukuqapha: ungabheka kuphi?
Ayikho impendulo yendawo yonke. Hlola ukuthi umsebenzisi uvelaphi. Uma abasebenzisi baseRussia, hlola kusuka eRussia, kodwa ungazikhawuli kukho. Uma abasebenzisi bakho behlala ezifundeni ezihlukene, hlola kulezi zifunda. Kodwa kangcono emhlabeni wonke.
Ukuqapha: yini okufanele uyihlole?
Ngiqhamuke nezindlela ezintathu. Uma wazi okwengeziwe, bhala kumazwana.
- I-RIPE Atlas.
- Ukuqapha kwezohwebo.
- Inethiwekhi yakho yemishini ebonakalayo.
Ake sixoxe ngomunye wabo.
I-RIPE Atlas - ibhokisi elincane kangaka. Kulabo abazi "Umhloli" wasekhaya - leli yibhokisi elifanayo, kodwa ngesitikha esihlukile.
I-RIPE Atlas wuhlelo lwamahhala. Uyabhalisa, uthole irutha ngeposi bese uyixhume kunethiwekhi. Ngeqiniso lokuthi omunye umuntu usebenzisa isampula yakho, uthola amakhredithi athile. Ngalezi mali mboleko ungenza ucwaningo ngokwakho. Ungahlola ngezindlela ezahlukene: i-ping, i-traceroute, hlola izitifiketi. Ukufakwa kukhulu impela, kunama-node amaningi. Kodwa kukhona ama-nuances.
Uhlelo lwekhredithi aluvumeli izixazululo zokukhiqiza zokwakha. Ngeke kube namakhredithi anele ocwaningo oluqhubekayo noma ukuqapha kwezohwebo. Amakhredithi anele isifundo esifushane noma isheke lesikhathi esisodwa. Isimiso sansuku zonke sesampula esisodwa sidliwa amasheke angu-1-2.
Ukufakwa akulingani. Njengoba lolu hlelo lumahhala kuzo zombili izinkomba, ukumbozwa kuhle eYurophu, engxenyeni yaseYurophu yaseRussia nakwezinye izifunda. Kodwa uma udinga i-Indonesia noma i-New Zealand, khona-ke konke kubi kakhulu - ungase ungabi namasampula angama-50 ezweni ngalinye.
Awukwazi ukuhlola i-http kusuka kusampula. Lokhu kungenxa yama-nuances obuchwepheshe. Bathembisa ukuyilungisa enguqulweni entsha, kodwa okwamanje i-http ayikwazi ukubhekwa. Isitifiketi kuphela esingaqinisekiswa. Olunye uhlobo lokuhlola kwe-http lungenziwa kuphela kudivayisi ekhethekile ye-RIPE Atlas ebizwa ngokuthi i-Anchor.
Indlela yesibili iwukuqapha kwezentengiselwano. Konke kuhamba kahle kuye, ukhokha imali, akunjalo? Bakuthembisa ishumi nambili noma amakhulukhulu ezindawo zokuqapha emhlabeni jikelele futhi badwebe amadeshibhodi amahle ngaphandle kwebhokisi. Kodwa, futhi, kunezinkinga.
Ikhokhwa, kwezinye izindawo ibiza kakhulu. Ukuqapha i-ping, ukuhlola umhlaba wonke, kanye nokuhlola okuningi kwe-http kungabiza izinkulungwane ezimbalwa zamadola ngonyaka. Uma ezezimali zikuvumela futhi uthanda lesi sixazululo, qhubeka.
Ukufakwa kungase kunganele endaweni onentshisekelo kuyo. Nge-ping efanayo, ingxenye enkulu yomhlaba engabonakali icacisiwe - i-Asia, iYurophu, iNyakatho Melika. Izinhlelo zokuqapha ezingavamile zingangena ezweni noma isifunda esithile.
Ukusekelwa okubuthakathaka kokuhlolwa kwangokwezifiso. Uma udinga okuthile ngokwezifiso, hhayi nje "i-curly" ku-url, khona-ke kunezinkinga nalokho.
Indlela yesithathu ukuqapha kwakho. Lena yakudala: "Masibhale okwethu!"
Ukuqapha kwakho kuphenduka ukuthuthukiswa komkhiqizo wesofthiwe, kanye nokusabalalisa. Ufuna umhlinzeki wengqalasizinda, bheka ukuthi ungayisebenzisa kanjani futhi uyiqaphe - ukuqapha kudinga ukugadwa, akunjalo? Kudinga nokusekelwa. Cabanga izikhathi eziyishumi ngaphambi kokuba uthathe lokhu. Kungase kube lula ukukhokhela othile ukuze akwenzele kona.
Ukuqapha okudidayo kwe-BGP nokuhlasela kwe-DDoS
Lapha, ngokusekelwe ezinsizeni ezitholakalayo, yonke into ilula nakakhulu. Okudidayo kwe-BGP kutholwa kusetshenziswa izinsiza ezikhethekile ezifana ne-QRadar, i-BGPmon. Bamukela ithebula lokubuka eligcwele elivela kuma-opharetha amaningi. Ngokusekelwe kulokho abakubona ku-opharetha abahlukene, bangakwazi ukubona okungaqondakali, babheke ama-amplifiers, njalonjalo. Ukubhalisa ngokuvamile kumahhala - ufaka inombolo yakho yocingo, ubhalisele izaziso ze-imeyili, futhi isevisi izokwazisa ngezinkinga zakho.
Ukuqapha ukuhlaselwa kwe-DDoS nakho kulula. Ngokuvamile lokhu kunjalo Isekelwe ku-NetFlow kanye namalogi. Kukhona amasistimu akhethekile afana FastNetMon, amamojula we I-splunk. Njengendlela yokugcina, kukhona umhlinzeki wakho wokuvikela we-DDoS. Ingavuza futhi i-NetFlow futhi, ngokususelwe kuyo, izokwazisa ngokuhlaselwa ngakuwe.
okutholakele
Ungakhohlisi - i-inthanethi izophuka nakanjani. Akuyona yonke into futhi akuwona wonke umuntu ozophuka, kodwa izigameko eziyizinkulungwane ezingu-14 ngo-2017 zikhomba ukuthi kuzoba nezigameko.
Umsebenzi wakho ukuqaphela izinkinga ngokushesha ngangokunokwenzeka. Okungenani, kungakapheli umsebenzisi wakho. Akukhona nje ukuthi kubalulekile ukuqaphela, hlala ugcine u-“Plan B” ugodlile. Uhlelo luyisu lokuthi uzokwenzani uma konke kubhidlika.: ama-opharetha abekiwe, i-DC, i-CDN. Uhlelo luwuhlu oluhlukile ohlola ngalo umsebenzi wakho konke. Uhlelo kufanele lusebenze ngaphandle kokubandakanyeka konjiniyela benethiwekhi, ngoba ngokuvamile bambalwa futhi bafuna ukulala.
Yilokho kuphela. Ngikufisela ukutholakala okuphezulu nokuqapha okuluhlaza.
Ngesonto elizayo e-Novosibirsk ukukhanya kwelanga, ukulayisha okuphezulu kanye nokugxila okuphezulu konjiniyela kulindeleke . E-Siberia, imibiko engaphambili yokuqapha, ukufinyeleleka nokuhlolwa, ukuphepha nokuphatha kuyabikezelwa. Imvula ilindeleke ngendlela yamanothi abhalwe phansi, inethiwekhi, izithombe nokuthunyelwe ezinkundleni zokuxhumana. Sincoma ukuhlehlisa yonke imisebenzi ngoJuni 24 no-25 futhi . Silinde wena eSiberia!
Source: www.habr.com