Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

インフラエンジニアのための次世代プロトコル入門 - 
July TechFesta 2014

インフラエンジニアのための次世代プロトコル入門 - 
July TechFesta 2014

Hirotaka Nakajima

June 22, 2014
Tweet

More Decks by Hirotaka Nakajima

Other Decks in Technology

Transcript

  1. 5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZJTMJDFOTFECZJUTDPQZSJHIUIPMEFS ࣗݾ঺հ ଓ͖ 3 w ඪ४Խ׆ಈ w *&5'ύϦ͔ΒࢀՃ͍ͯ͠·͢
 IUUQCJTUTWXHWPQTQFSQBTTͳͲʜ

    w 8$೥݄͔Β5FBN4UBGGͱͯ͠ࢀՃ w 4PGUXBSF&OHJOFFS!8$4ZTUFNT5FBN w αʔό ϧʔςΟϯά͔ΒࣗಈԽ ϑϩϯτΤϯυ·Ͱ w ΞϓϥΠΞϯεങΘͳ͍ओٛˠ͢΂ͯΦʔϓϯιʔε w ໨ͷલͷ࢓ࣄʹ௥ΘΕͯ৽͍ٕ͠ज़Λ௥͑ͳ͍
  2. 5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZJTMJDFOTFECZJUTDPQZSJHIUIPMEFS ஗Ԇऩӹ 12 • Strong negative impacts • Roughly

    linear changes with increasing delay • Time to Click changed by roughly double the delay Distinct Queries/User Query Refinement Revenue/User Any Clicks Satisfaction Time to Click (increase in ms) 50ms - - - - - - 200ms - - - -0.3% -0.4% 500 500ms - -0.6% -1.2% -1.0% -0.9% 1200 1000ms -0.7% -0.9% -2.8% -1.9% -1.6% 1900 2000ms -1.8% -2.1% -4.3% -4.4% -3.8% 3100 - Means no statistically significant change IUUQBTTFUTFOPSFJMMZDPNFWFOU5IF6TFSBOE#VTJOFTT*NQBDUPG4FSWFS%FMBZT "EEJUJPOBM#ZUFT BOE)551$IVOLJOHJO8FC4FBSDI1SFTFOUBUJPOQQUY
  3. 5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZJTMJDFOTFECZJUTDPQZSJHIUIPMEFS 8FCΛΊ͙Δࠇຐज़ 20 • Domain Sharding
 Hack max concurrent

    connection limit
 Cause congestion and unnecessary retransmissions • Concatenate files
 Reduce # of files and latency overhead
 Slower executions • Sprite Images
 Reduce # of files and latency overhead
 Painful for preparing concatenate images and css hack • Inline Resource
 Eliminate unnecessary request for small-size resource
 Base64 overhead (~30%)

  4. 5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZJTMJDFOTFECZJUTDPQZSJHIUIPMEFS )551ϔομʔѹॖ 24 w )551ʹ͓͚Δѹॖ w సૹ͞ΕΔίϯςϯπΛH[JQ΍[MJCͳͲΛ༻͍ͯѹॖ͠సૹ͢Δ͜ͱ͕Մೳ w খ͞ͳίϯςϯπసૹʹ͓͍ͯෆར


    ϔομʔͦͷ΋ͷ͸ѹॖ͞Ε͍ͯͳ͍ͨΊɺখ͞ͳσʔλΛసૹ͢Δ৔߹ɺϔομʔ͕ඇѹॖ Ͱ͋Δ͜ͱͰσʔλྔ͕૿͑ɺసૹ଎౓͕஗͘ͳΔ͜ͱ͕ࢄݟ w 41%:ʹ͓͚Δѹॖ w [MJCʹΑΔϔομʔશମͷѹॖ
 41%:Ͱ͸[MJCΛ༻͍ͯϔομʔͦͷ΋ͷΛѹॖ͢Δ͜ͱͰσʔλྔΛ࡟ݮ w $3*.&߈ܸ
 41%:͸5-4ʹΑΓ҉߸Խ͞Ε͍ͯΔ΋ͷͷɺ[MJCͳͲͰѹॖΛߦΘΕ͍ͯΔ৔߹ɺಉ͡σʔλ Λ࠶ૹ͢Δ͜ͱͰ҉߸ڧ౓͕Լ͕Γɺ࣮ࡍʹ5-4Ͱ҉߸Խ͞Εͨ41%:ϔομʔͷղಡ͕ՄೳͰ ͋Δ͜ͱ͕ূ໌͞Εͨɻ͜ͷ͜ͱʹΑΓɺϔομʔΛ୯७ѹॖ͢Δ͜ͱͰ͸σʔλྔͷ࡟ݮʹ ܨ͕Δ΋ͷͷɺ੬ऑͰ͋Δ͜ͱ͕ূ໌͞ΕΔ
  5. 5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZJTMJDFOTFECZJUTDPQZSJHIUIPMEFS )551ϔομʔѹॖ 25 w $3*.&߈ܸΛड͚ɺ)1"$,ͱݺ͹ΕΔछྨͷख๏Λ૊Έ߹ΘͤΔ͜ͱͰ҆શʹϔο μʔΛѹॖ͢Δ w ϋϑϚϯූ߸ʹΑΔจࣈྻදݱ
 ϋϑϚϯූ߸ʹΑΓՄٯతͳจࣈྻͷѹॖΛߦ͏

    w TUBUJDUBCMFͱEZOBNJDUBCMFΛ༻͍ͨදݱ
 ͋Β͔͡Ί6TFS"HFOUͳͲҰൠతʹ࢖ΘΕΔϔομʔཁૉΛαʔόΫϥΠΞϯτͰ ఆٛ͠ɺϔομʔ൪߸Λ༻͍ͯදݱ͢Δ͜ͱͰσʔλྔΛ࡟ݮ͢Δ w ࠩ෼ͷΈΛૹ৴͢Δ
 $3*.&߈ܸͰ͸ॏෳͨ͠σʔλΛૹ৴͢Δ͜ͱͰ҉߸ڧ౓͕Լ͕Γɺσʔλ͕ղੳ ՄೳͰ͋ͬͨɻͦͷͨΊɺ)1"$,Ͱ͸લʹૹ৴ͨ͠ϦΫΤετ͔Βͷࠩ෼ͷΈΛ௨ ৴͢Δ͜ͱͰॏෳͨ͠σʔλͷૹ৴Λආ͚ɺ$3*.&߈ܸΛ͚͞Δ͜ͱ͕ՄೳͱͳΔ
  6. 5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZJTMJDFOTFECZJUTDPQZSJHIUIPMEFS ༏ઌ౓෇͖શೋॏ௨৴ 26 w )551
 )5511JQFMJOJOH΍,FFQ"MJWF͕Մೳʹͳ͕ͬͨɺ൒ೋॏ௨৴Ͱ͋ͬͨͨΊɺ355 ʹΑΔӨڹΛड͚ͨ w ༏ઌ౓෇͖௨৴


    )551Ͱ͸ܧଓͨ͠ηογϣϯʹ͓͍ͯɺసૹ͢ΔϦιʔεʹ༏ઌ౓Λ෇༩͢Δ͜ ͱͰɺ)5.-΍$44 +BWB4DSJQUͳͲϖʔδͷඳըʹඞཁͳϦιʔεΛઌʹసૹ͠ɺ ը૾ͳͲͷσʔλΛޙʹసૹ͢Δ͜ͱͰɺϖʔδͷϩʔυฒͼʹମײ଎౓Λ଎ΊΔ͜ ͱ͕Մೳͱͳͬͨ w શೋॏ௨৴
 )551͸શೋॏ௨৴Λ༻͍Δ͜ͱͰɺෳ਺ͷϦΫΤετɾϨεϙϯεΛଟॏԽ͢Δ ͜ͱ͕ՄೳͱͳΓɺ5$1௨৴Ͱ͋ΔͨΊ355ͷӨڹ͸ड͚Δ΋ͷɺ)551ʹൺ΂ গͳ͍ӨڹͰసૹΛߦ͏͜ͱ͕Մೳͱͳͬͨ
  7. 5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZJTMJDFOTFECZJUTDPQZSJHIUIPMEFS 'BDU 32 1 10 100 1000 10000 100000

    All Middleboxes L3 Routers L2 Switches IP Firewalls App. Firewalls Wan Opt. Proxies App. Gateways VPNs Load Balancers IDS/IPS Very Large Large Medium Small Figure 1: Box plot of middlebox deployments for small (fewer than 1k hosts), medium (1k-10k hosts), large (10k-100k hosts), and very large (more than 100k hosts) enterprise networks. Y-axis is in log scale. 2.2 Complexity in Management Figure 1 also shows that middleboxes deployments are diverse. Of the eight middlebox categories we present in Figure 1, the me- dian very large network deployed seven categories of middleboxes, and the median small network deployed middleboxes from four. Our categories are coarse-grained (e.g. Application Gateways in- clude smartphone proxies and VoIP gateways), so these figures rep- resent a lower bound on the number of distinct device types in the network. Managing many heterogeneous devices requires broad expertise and consequently a large management team. Figure 3 correlates the number of middleboxes against the number of networking person- nel. Even small networks with only tens of middleboxes typically required a management team of 6-25 personnel. Thus, middlebox deployments incur substantial operational expenses in addition to hardware costs. Understanding the administrative tasks involved further illumi- nates why large administrative staffs are needed. We break down the management tasks related to middleboxes below. Upgrades and Vendor Interaction. Deploying new features in the network entails deploying new hardware infrastructure. From our Misconfig. Overload Physical/Electric Firewalls 67.3% 16.3% 16.3% Proxies 63.2% 15.7% 21.1% IDS 54.5% 11.4% 34% Table 1: Fraction of network administrators who estimated misconfiguration, overload, or physical/electrical failure as the most common cause of middlebox failure. icy goals (e.g. a HTTP application filter may block social network sites). Cloud-based deployments obviate the need for enterprise administrators to focus on the low-level mechanisms for appliance configuration and focus only on policy configuration. Training. New appliances require new training for administrators to manage them. One administrator even stated that existing train- ing and expertise was a key question in purchasing decisions: Do we have the expertise necessary to use the product, or would we have to invest significant resources to use it? Another administrator reports that a lack of training limits the ben- efits from use of middleboxes: The average very large network in our data set hosts 2850 L3 routers, and 1946 total middleboxes; the average small network in our data set hosts 7.3 L3 routers and 10.2 total middleboxes.
 • Almost same # of middle box as routers • # of MiddleBox > # of Router in Small Network 4IFSSZ +VTUJOF FUBM.BLJOHNJEEMFCPYFTTPNFPOFFMTFTQSPCMFNOFUXPSLQSPDFTTJOH BTBDMPVETFSWJDF1SPDFFEJOHTPGUIF"$.4*($0..DPOGFSFODF"$. 
  8. 5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZJTMJDFOTFECZJUTDPQZSJHIUIPMEFS 5IF*OUFSOFU 33 Switch Router Application Transport Network Datalink

    Physical Datalink Physical Network Datalink Physical Application Transport Network Datalink Physical TCP HTTP Middlebox Application Transport Network Datalink Physical • Sometimes “unknown” TCP option packet is dropped by middle box
  9. 5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZJTMJDFOTFECZJUTDPQZSJHIUIPMEFS 26*$ 36 “The expectation is that we will

    flesh out a design for a tunneling protocol, running atop UDP, which can multiplex a large number of streams between two endpoints… The eventual protocol may likely strongly resemble SCTP, using encryption strongly resembling DTLS, running atop UDP.” “Why can’t you just evolve and improve TCP under SPDY?
 - That is our goal. TCP support is built into the kernel of operating systems. Considering how slowly users around the world upgrade their OS, it is unlikely to see significant adoption of client-side TCP changes in less than 5-15 years. QUIC allows us to test and experiment with new ideas, and to get results sooner. We are hopeful that QUIC features will migrate into TCP and TLS if they prove effective.”
  10. 5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF Multipath 44 Mobile ISP WiFi Mobile Network Internet

    Destination R1 R2 Cellular Line WiFi Fixed Line Wireless Nodes rmnet0 192.0.2.23 wlan0 203.0.133.24 Home ISP • Every QUIC session has a Connection-ID. • Clients can resume connection using Connection-ID • No need to re-establish connection
  11. 5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF WebRTC Data Channel 46 • Data channel is

    also defined for P2P data connection • SCTP over DTLS over UDP with ICE NAT support • Low latency, P2P connections for browser • Configurable in-order or out-order delivery • 4 RTT for handshake 'JHVSFTBSFGSPN)JHI1FSGPSNBODF#SPXTFS/FUXPSLJOH7FMPDJUZ*MZB(SJHPSJL
  12. 5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZBOE8$MPHPBSFMJDFOTFECZJUTDPQZSJHIUIPMEFST8$-PHPJTBWBJMBCMFVOEFS8$5SBEFNBSLBOE4FSWJDFNBSL-JDFOTF Changing TCP 47 • Difficult to make modification

    to current TCP • Protocols/hacks are proposed to speed up without breaking current internet or trying to reflect feedback from “TCP alternative” protocols. • Multipath TCP • TCP Fast Open • TLS Snap Start • FEC in TCP • TCP Crypto

  13. 5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZJTMJDFOTFECZJUTDPQZSJHIUIPMEFS 5-4 48 w τϥϯεϙʔτ૚Ͱൿಗ௨৴Λ࣮ݱ͢Δٕज़ w IPHFIPHFPWFS5-4 44- Ͱར༻

    w 6%1Ͱ࢖͏৔߹͸%5-4Λ༻͍Δ w ݱࡏ5-4ͷࡦఆத w ϋϯυγΣΠΫखॱͷ؆ུԽ<5-4'BMTF4UBSU><> w ݤަ׵ΞϧΰϦζϜͷมߋ <>/FX)BOETIBLF'MPXTGPS5-4<IUUQTEBUBUSBDLFSJFUGPSHEPDESBGUSFTDPSMBUMTOFXqPXT>
  14. 5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZJTMJDFOTFECZJUTDPQZSJHIUIPMEFS )FBSUCMFFE$$4*OKFDUJPO 50 w )FBSUCMFFE
 ͪΌΜͱূ໌ॻஔ͖׵͑·͔ͨ͠ 
 ஔ͖׵͑ͨূ໌ॻ͸͖ͪΜͱSFWPLFͤ͞·͔ͨ͠ 

    w $$4*OKFDUJPO
 $ISPNJVN͕0QFO44-ͱ͔ʹͳΔΒ͍͠Ͱ͢Α<> w 3$ͷةຆԽ<> w 1'4ͷॏཁੑ <>ετϦʔϜ҉߸3$ͷ҆શੑධՁ<IUUQXXXDSZQUSFDHPKQFTUJNBUJPOUFDISFQ@JEQEG>
 <>$ISPNF'SPN/44UP0QFO44-<IUUQTEPDTHPPHMFDPNEPDVNFOUE .-;ZZ.QO"SDM*"X8S9%Q2H/3%QQ.:XU9W&TFEJU>
  15. 5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZJTMJDFOTFECZJUTDPQZSJHIUIPMEFS ͢Ͱʹ*1WʹରԠ͞Εͯ·͔͢ 52 w ೔ຊࠃ಺ͷ*1WରԠঢ়گ w $POOFDUJWJUZ ถࠃ<> w

    8FCαΠτ<> w ·ͩରԠͤ͞ͳͯ͘΋ɾɾɾ <>IUUQTXXXHPPHMFDPNJOUMFOJQWTUBUJTUJDTIUNMUBCQFSDPVOUSZJQWBEPQUJPO
 <>IUUQTXXXWZODLFPSHJQWTUBUVTEFUBJMFEQIQ DPVOUSZKQ
  16. 5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZJTMJDFOTFECZJUTDPQZSJHIUIPMEFS ഭΓདྷΔރׇʜ 53 w ೥݄*"/"Ͱ*1Wࡏݿ͕ރׇ w ೥݄ʹ"1/*$ +1/*$Ͱ΋*1Wࡏݿ͕ރׇ w

    ͔͠͠*41΍Ϋϥ΢υࣄۀऀʹ͸·ͩࡏݿ͕͋Δʜ w .JDSPTPGU"[VSF
 64SFHJPOʹ͓͍ͯ64*1WΞυϨε͕ރׇ<> w *1WΞυϨεͷചങ+1/*$಺Ͱطʹ݅<> <>IUUQB[VSFNJDSPTPGUDPNCMPHXJOEPXTB[VSFTVTFPGOPOVTJQW BEESFTTTQBDFJOVTSFHJPOT
 <>IUUQTXXXOJDBEKQKBJQJQWUSBOTGFSMPHIUNM
  17. 5IFTFTMJEFTBSFDPQZSJHIU˜)JSPUBLB/BLBKJNB3FEJTUSJCVUFBOEEJTDMPTVSFPGUIFTFTMJEFTBSFOPUQFSNJUUFEXJUIPVUQFSNJTTJPOT ,FJP6OJWFSTJUZJTMJDFOTFECZJUTDPQZSJHIUIPMEFS *1W*1WҠߦڞଘٕज़ 55 w $(/
 Ұͭͷάϩʔόϧ*1WΞυϨεΛෳ਺ͷՃೖऀͰڞ༗͢Δٕज़ w /"5
 %/4Λ༻͍ͯ"ϨίʔυΛϧʔϧʹج͖ͮ""""Ϩίʔυʹม׵

    ͠ɺτϥϯεϨʔλͰม׵͢Δ w 9-"5
 ΫϥΠΞϯτ $-"5 ͱτϥϯεϨʔλ 1-"5 Ͱߏ੒
 %/4ʹؔ܎ͳ͘*1Wˠ*1W͕ม׵͞ΕΔ
 "OESPJEͰඪ४࣮૷ɻถ5.PCJMFͰ࣮ӡ༻<> <>IUUQTBOESPJEHPPHMFTPVSDFDPNEFWJDFTBNQMF CE
 ৄ͘͠͸*1W*1WҠߦɾڞଘٕज़ͷಈ޲<IUUQXXXTMJEFTIBSFOFUZVZBSJOJQWJQWDPFYJTUBODF>