Slide 1
Slide 1 text
ωοτϫʔΫͷ͜ͱΛΔͨΊ
ιϑτΣΞϧʔλΛ
ࣗ࡞ͨ͠
PHPerKaigi 2019
2019/3/30ʢʣ
খݪਸ
Slide 2
Slide 2 text
ࣗݾհ
• ໊લ : খݪ ਸʢ͜Δ ͔ͨͻΖʣ
• ॴଐ : גࣜձࣾFusic
• ࣄ : PHPɺGolangɺAWS
• झຯ : ElixirɺErlangɺΠϯϑϥ͍Ζ͍Ζ
• Twitter : kobatako_
Slide 3
Slide 3 text
͡ΊʹͰ͕͢ɾɾɾ
Slide 4
Slide 4 text
ωοτϫʔΫҙࣝͯ͠
·͔͢ʁ
Slide 5
Slide 5 text
ωοτϫʔΫ͖Ͱ͔͢ʁ
Slide 6
Slide 6 text
ωοτϫʔΫେ͖
Ͱ͢ΑͶʁ
Slide 7
Slide 7 text
ͦΜͳΈΜͳେ͖
ωοτϫʔΫʹؔ͢Δ
Λ͠·͢
Slide 8
Slide 8 text
ΞδΣϯμ
• ωοτϫʔΫͱϧʔλͷؔ
• ϧʔλͷ࣮ʢErlangʣ
• Ϟδϡʔϧͷ࣮ʢElixirʣ
• ·ͱΊ
Slide 9
Slide 9 text
ωοτϫʔΫͱϧʔλͷ
ؔ
Slide 10
Slide 10 text
Λཧղ͢ΔͨΊʹϧʔλ͕ԿΛ
͍ͬͯΔͷ͔
Slide 11
Slide 11 text
σʔλʢύέοτʣΛ̎ͭҎ্ͷҟͳΔ
ωοτϫʔΫؒΛதܧɺ
ͦͷͨΊͷૹ৴ઌΛஅͯ͘͠ΕΔ
Slide 12
Slide 12 text
σʔλʢύέοτʣΛ̎ͭҎ্ͷҟͳΔ
ωοτϫʔΫؒΛதܧɺ
ͦͷͨΊͷૹ৴ઌΛஅͯ͘͠ΕΔ
Slide 13
Slide 13 text
ϧʔλωοτϫʔΫؒΛͭͳ͙
Slide 14
Slide 14 text
ૹ৴ઌΛஅ = ϧʔςΟϯά
Slide 15
Slide 15 text
ϧʔςΟϯάΛཧղ͢Ε
ϧʔλͷ͜ͱ͕Θ͔Γ
ωοτϫʔΫͷ͜ͱ
͔ͬͯ͘ΔͷͰɾɾɾ
Slide 16
Slide 16 text
ϧʔςΟϯάͱ
Slide 17
Slide 17 text
ϧʔςΟϯά
• ύέοτΛૹ৴ઌͱͳΔϗετʹసૹ͢ΔͨΊ
࠷దͳܦ࿏Λબ͢Δ
• IPΞυϨεΛར༻
Slide 18
Slide 18 text
ϧʔςΟϯάʹؔ͢Δͷ
• ϧʔςΟϯάςʔϒϧ
• ϧʔτใ͕อଘ͞Ε͍ͯΔςʔϒϧ
• ελςΟοΫϧʔςΟϯά
• ཧऀ͕ઃఆͨ͠ϧʔτใ
• μΠφϛοΫϧʔςΟϯά
• ϧʔςΟϯάϓϩτίϧ͔Βऔಘͨ͠ϧʔτใ
Slide 19
Slide 19 text
ϧʔςΟϯάʹؔ͢Δͷ
• ϧʔςΟϯάςʔϒϧͷྫ
ใݯ Ѽઌϧʔτ αϒωοτϚεΫ AD ϝτϦοΫ ωΫετϗοϓ ग़ྗIF
C 192.168.0.0 255.255.255.0 0 0 - Eth0
C 192.168.10.0 255.255.255.0 0 0 - Eth1
S 192.168.30.0 255.255.255.0 1 0 192.168.10.1 Eth1
R 192.168.40.0 255.255.255.0 120 1 192.168.0.1 Eth0
R 192.168.40.0 255.255.255.0 120 4 192.168.10.1 Eth1
Slide 20
Slide 20 text
ϧʔλͷ࣮
ʢErlangʣ
Slide 21
Slide 21 text
࣮ͨ͠༰ʹ͍ͭͯ
Slide 22
Slide 22 text
ॲཧϑϩʔ
ύέοτͷड৴ -͕*1͔֬ೝ νΣοΫαϜͷ֬ೝ
55-Λ 55-͕͔Ͳ͏͔֬ೝ νΣοΫαϜͷ࠶ܭࢉ
ωΫετϗοϓͷ."$
ΞυϨεͷऔಘ
-ͷϔομʔΛ࡞ ύέοτΛૹ৴
-ͷॲཧ
※ϧʔςΟϯάॲཧΛఆ
ϧʔςΟϯάςʔϒϧ
͔ΒϧʔτใΛऔಘ
Slide 23
Slide 23 text
ॲཧϑϩʔ
ύέοτͷड৴ -͕*1͔֬ೝ νΣοΫαϜͷ֬ೝ
55-Λ 55-͕͔Ͳ͏͔֬ೝ νΣοΫαϜͷ࠶ܭࢉ
ωΫετϗοϓͷ."$
ΞυϨεͷऔಘ
-ͷϔομʔΛ࡞ ύέοτΛૹ৴
-ͷॲཧ
※ϧʔςΟϯάॲཧΛఆ
ϧʔςΟϯάςʔϒϧ
͔ΒϧʔτใΛऔಘ
Slide 24
Slide 24 text
ͲͷΑ͏ʹͯ͠
ϧʔςΟϯάςʔϒϧ͔Β
ϧʔτใΛऔಘ͢Δͷ͔
Slide 25
Slide 25 text
ܾΊΔͱ͖ͷ༏ઌॱ
1. ϩϯήετϚον
ૹ৴ઌIP͕ϧʔςΟϯάςʔϒϧͷѼઌϧʔτͰ࠷͘
Ϛον͢Δϧʔτใ
2. ADʢΞυϛχετϨʔςΟϒσΟελϯεʣ
ใݯͷ৴པੑ
3. ϝτϦοΫ
࠷దܦ࿏Λબ͢ΔͨΊʹ༻͞ΕΔ
Slide 26
Slide 26 text
ܾΊΔͱ͖ͷ༏ઌॱ
• ϩϯήετϚονͷྫ
• ૹ৴ઌ͕192.168.10.1ʹରͯ͠ϧʔςΟϯάςʔϒϧ͕
Լهͷ߹
• ѼઌωοτϫʔΫ : 192.168.0.0/16
• ѼઌωοτϫʔΫ : 192.168.10.0/24
-> 192.168.10.0ͷѼઌϧʔτΛ࣋ͭϧʔτใ͕
ࢀর͞ΕΔ
ใݯ Ѽઌϧʔτ αϒωοτϚεΫ AD ϝτϦοΫ ωΫετϗοϓ ग़ྗIF
S 192.168.0.0 255.255.0.0 1 0 192.168.0.1 Eth0
R 192.168.10.0 255.255.255.0 120 0 192.168.10.1 Eth1
Slide 27
Slide 27 text
ܾΊΔͱ͖ͷ༏ઌॱ
• ΞυϛχετϨʔςΟϒσΟελϯεʢADʣ
• ใݯͷ৴༻
• ADͷ͕͍ͷ͕༏ઌ͞ΕΔ
Slide 28
Slide 28 text
ܾΊΔͱ͖ͷ༏ઌॱ
• ྫɿCiscoػثʹ͓͚ΔσϑΥϧτͷAD
ߴ
ใݯ σϑΥϧτͷAD
ଓ͞Ε͍ͯΔΠϯλʔϑΣΠε 0
ελςΟοΫϧʔςΟϯά 1
αϚϦʔϧʔτ 5
֎෦BGP 20
IGRP 100
OSPF 110
RIP 120
EGP 140
෦BGP 200
ෆ໌ 255
Slide 29
Slide 29 text
ܾΊΔͱ͖ͷ༏ઌॱ
• ϝτϦοΫ
• ҰͭͷϧʔςΟϯάϓϩτίϧͰෳܦ࿏Λ࣋ͭ߹ɺͦΕͧΕͷ
ܦ࿏͝ͱͷ༏ઌ
• খ͍͞ํ͕༏ઌ͞ΕΔ
• ϧʔςΟϯάϓϩίτϧ͝ͱʹϝτϦοΫͷѻ͍ํ͕มΘͬͯ͘Δ
• RIP : ϗοϓ
• OSPF : ίετ
Slide 30
Slide 30 text
ใݯ Ѽઌϧʔτ αϒωοτϚεΫ AD ϝτϦοΫ ωΫετϗοϓ ग़ྗIF
C 192.168.0.0 255.255.255.0 0 0 - Eth0
C 192.168.10.0 255.255.255.0 0 0 - Eth1
S 192.168.30.0 255.255.255.0 1 0 192.168.10.1 Eth1
R 192.168.40.0 255.255.255.0 120 1 192.168.0.1 Eth0
R 192.168.40.0 255.255.255.0 120 4 192.168.10.1 Eth1
ܾΊΔͱ͖ͷ༏ઌॱ
1. ϩϯήετϚον
Slide 31
Slide 31 text
ใݯ Ѽઌϧʔτ αϒωοτϚεΫ AD ϝτϦοΫ ωΫετϗοϓ ग़ྗIF
C 192.168.0.0 255.255.255.0 0 0 - Eth0
C 192.168.10.0 255.255.255.0 0 0 - Eth1
S 192.168.30.0 255.255.255.0 1 0 192.168.10.1 Eth1
R 192.168.40.0 255.255.255.0 120 1 192.168.0.1 Eth0
R 192.168.40.0 255.255.255.0 120 4 192.168.10.1 Eth1
ܾΊΔͱ͖ͷ༏ઌॱ
2. ADΛൺֱ
Slide 32
Slide 32 text
ใݯ Ѽઌϧʔτ αϒωοτϚεΫ AD ϝτϦοΫ ωΫετϗοϓ ग़ྗIF
C 192.168.0.0 255.255.255.0 0 0 - Eth0
C 192.168.10.0 255.255.255.0 0 0 - Eth1
S 192.168.30.0 255.255.255.0 1 0 192.168.10.1 Eth1
R 192.168.40.0 255.255.255.0 120 1 192.168.0.1 Eth0
R 192.168.40.0 255.255.255.0 120 4 192.168.10.1 Eth1
ܾΊΔͱ͖ͷ༏ઌॱ
3. ϝτϦοΫͷൺֱ
Slide 33
Slide 33 text
ErlangͰͷ࣮
Slide 34
Slide 34 text
ϧʔςΟϯάॲཧ
2. 1Ͱऔಘͨ͠ϧʔτใ͔ΒҰ൪༏ઌͷߴ͍
ϧʔτใΛऔಘ
1. ૹ৴ઌIP͕ϧʔςΟϯάςʔϒϧͷѼઌϧʔτʹ
Ϛον͢ΔϦετΛऔಘ
3. 2Ͱऔಘͨ͠ϧʔτใͷωΫετϗοϓ
ʹૹ৴͢Δ
Slide 35
Slide 35 text
ϧʔςΟϯάॲཧ
2. 1Ͱऔಘͨ͠ϧʔτใ͔ΒҰ൪༏ઌͷߴ͍
ϧʔτใΛऔಘ
1. ૹ৴ઌIP͕ϧʔςΟϯάςʔϒϧͷѼઌϧʔτʹ
Ϛον͢ΔϦετΛऔಘ
3. 2Ͱऔಘͨ͠ϧʔτใͷωΫετϗοϓ
ʹૹ৴͢Δ
Slide 36
Slide 36 text
ϧʔςΟϯάॲཧ
• ྫɿύέοτͷૹ৴ઌ͕192.168.10.1ͷ߹ʹ
ɹɹͯ·Δϧʔτใ
Ѽઌϧʔτ αϒωοτϚεΫ ݁Ռ
192.168.0.0 255.255.0.0 ͯ·Δ
192.168.10.0 255.255.255.0 ͯ·Δ
192.168.20.0 255.255.255.0 ͯ·Βͳ͍
Slide 37
Slide 37 text
ϧʔςΟϯάॲཧ
ૹ৴ઌIP͕ϧʔςΟϯάςʔϒϧͷѼઌϧʔτʹ
ͯ·ͬͯΔͷͷϦετΛऔಘ
% ୈҰҾ : ϧʔςΟϯάςʔϒϧͷશϦετʢarrayʣ
% ୈೋҾ : ѼઌͷIPʢintegerʣ
% ୈࡾҾ : ૹ৴ઌީิʢѼઌͱஅ͞Εͨʣͷϧʔτใʢarrayʣ
match_dest_ip([], _, List) ->
List;
match_dest_ip([{_, _, _, Ip, _, Subnetmask, Ad, Metric, Nexthop, _, If}| Tail], DestIp,
List) when is_integer(DestIp) ->
case DestIp band Subnetmask of
Ip ->
match_dest_ip(Tail, DestIp, [{If, Nexthop, Subnetmask, Ad, Metric}|List]);
_ ->
match_dest_ip(Tail, DestIp, List)
end.
Slide 38
Slide 38 text
ϧʔςΟϯάॲཧ
% ୈҰҾ : ϧʔςΟϯάςʔϒϧͷશϦετʢarrayʣ
% ୈೋҾ : ѼઌͷIPʢintegerʣ
% ୈࡾҾ : ૹ৴ઌީิʢѼઌͱஅ͞Εͨʣͷϧʔτใʢarrayʣ
match_dest_ip([], _, List) ->
List;
match_dest_ip([{_, _, _, Ip, _, Subnetmask, Ad, Metric, Nexthop, _, If}| Tail], DestIp,
List) when is_integer(DestIp) ->
case DestIp band Subnetmask of
Ip ->
match_dest_ip(Tail, DestIp, [{If, Nexthop, Subnetmask, Ad, Metric}|List]);
_ ->
match_dest_ip(Tail, DestIp, List)
end.
1. ѼઌIPͱαϒωοτϚεΫͷandॲཧ
ૹ৴ઌIP͕ϧʔςΟϯάςʔϒϧͷѼઌϧʔτʹ
ͯ·ͬͯΔͷͷϦετΛऔಘ
Slide 39
Slide 39 text
ϧʔςΟϯάॲཧ
% ୈҰҾ : ϧʔςΟϯάςʔϒϧͷશϦετʢarrayʣ
% ୈೋҾ : ѼઌͷIPʢintegerʣ
% ୈࡾҾ : ૹ৴ઌީิʢѼઌͱஅ͞Εͨʣͷϧʔτใʢarrayʣ
match_dest_ip([], _, List) ->
List;
match_dest_ip([{_, _, _, Ip, _, Subnetmask, Ad, Metric, Nexthop, _, If}| Tail], DestIp,
List) when is_integer(DestIp) ->
case DestIp band Subnetmask of
Ip ->
match_dest_ip(Tail, DestIp, [{If, Nexthop, Subnetmask, Ad, Metric}|List]);
_ ->
match_dest_ip(Tail, DestIp, List)
end.
2. 1ͷ݁ՌͱIp͕͍͔͠Ͳ͏͔
ૹ৴ઌIP͕ϧʔςΟϯάςʔϒϧͷѼઌϧʔτʹ
ͯ·ͬͯΔͷͷϦετΛऔಘ
Slide 40
Slide 40 text
ϧʔςΟϯάॲཧ
2. 1Ͱऔಘͨ͠ϧʔτใ͔ΒҰ൪༏ઌͷߴ͍
ϧʔτใΛऔಘ
1. ૹ৴ઌIP͕ϧʔςΟϯάςʔϒϧͷѼઌϧʔτʹ
Ϛον͢ΔϦετΛऔಘ
3. 2Ͱऔಘͨ͠ϧʔτใͷωΫετϗοϓ
ʹૹ৴͢Δ
Slide 41
Slide 41 text
ϧʔςΟϯάॲཧ
• ѼઌͱͳΔϧʔτใΛ࠶ؼॲཧʹͯऔಘɺͦͷ࣌ͷ༏ઌ
1. ૹ৴ઌIP͕ܨ͕͍ͬͯΔωοτϫʔΫʹؚ·Ε͍ͯΔͷ
2. αϒωοτϚεΫʢϓϨϑΟοΫεʣ͕Ұ൪͍ͷ
3. αϒωοτϚεΫ͕͘͠ AD͕খ͍͞ͷ
4. αϒωοτϚεΫɺAD͕͘͠ɺϝτϦοΫ͕খ͍͞ͷ
Slide 42
Slide 42 text
ϧʔςΟϯάॲཧ
ѼઌIP͕ܨ͕͍ͬͯΔωοτϫʔΫʹؚ·Ε͍ͯΔͷ
ϧʔτใͷѼઌ͕ʮNEXTHOP_DIRECTʯͷ߹ܨ͕͍ͬͯΔωοτϫʔΫʹ
ଐ͍ͯ͠Δʢใݯ͕ʮCʯͷͷʣ
AD͕0ͷ߹ܨ͕͍ͬͯΔωοτϫʔΫʹଐ͍ͯ͠Δʢใݯ͕ʮCʯͷͷʣ
%% fetch to destination route
% ୈҰҾ : ϧʔτใʢarrayʣ
% ୈೋҾ : ݱࡏͷҰ൪༏ઌ͕ߴ͍ϧʔτใ
fetch_dest_route([{_, ?NEXTHOP_DIRECT, _, _, _}=Route| _], _) ->
Route;
% ad 0
fetch_dest_route([{_, _, _, 0, _}=Route| _], _) ->
Route;
ܨ͕͍ͬͯΔωοτϫʔΫ
Slide 43
Slide 43 text
ϧʔςΟϯάॲཧ
ݱࡏͷϧʔτใΑΓαϒωοτϚεΫ͕͍ϧʔτใ͕
͋Δ߹ɺҰ൪༏ઌ͕ߴ͍ͷͱ͢Δ
%% fetch to destination route
% ୈҰҾ : ϧʔτใʢarrayʣ
% ୈೋҾ : ݱࡏͷҰ൪༏ઌ͕ߴ͍ϧʔτใ
fetch_dest_route([{_, _, Subnet, _, _}=Route| Tail],{_, _, NowSubnet, _, _})
when Subnet > NowSubnet ->
fetch_dest_route(Tail, Route);
αϒωοτϚεΫͷൺֱ
Slide 44
Slide 44 text
ϧʔςΟϯάॲཧ
ݱࡏͷϧʔτใͱൺֱ͠αϒωοτϚεΫ͕͘͠
AD͕খ͍͞߹Ұ൪༏ઌ͕ߴ͍ͷͱ͢Δ
%% fetch to destination route
% ୈҰҾ : ϧʔτใʢarrayʣ
% ୈೋҾ : ݱࡏͷҰ൪༏ઌ͕ߴ͍ϧʔτใ
fetch_dest_route([{_, _, Subnet, Ad, _}=Route| Tail], {_, _, Subnet, NowAd,
_}) when Ad < NowAd ->
fetch_dest_route(Tail, Route);
ADΛൺֱ
Slide 45
Slide 45 text
ϧʔςΟϯάॲཧ
ݱࡏͷϧʔτใͱൺֱ͠αϒωοτϚεΫͱAD͕͘͠
ϝτϦοΫ͕খ͍͞߹Ұ൪༏ઌ͕ߴ͍ͷͱ͢Δ
%% fetch to destination route
% ୈҰҾ : ϧʔτใʢarrayʣ
% ୈೋҾ : ݱࡏͷҰ൪༏ઌ͕ߴ͍ϧʔτใ
fetch_dest_route([{_, _, Subnet, Ad, Metric}=Route| Tail],{_, _, Subnet, Ad,
NowMetric}) when Metric < NowMetric ->
fetch_dest_route(Tail, Route);
ϝτϦοΫΛൺֱ
Slide 46
Slide 46 text
ϧʔςΟϯάॲཧ
2. 1Ͱऔಘͨ͠ϧʔτใ͔ΒҰ൪༏ઌͷߴ͍
ϧʔτใΛऔಘ
1. ૹ৴ઌIP͕ϧʔςΟϯάςʔϒϧͷѼઌϧʔτʹ
Ϛον͢ΔϦετΛऔಘ
3. 2Ͱऔಘͨ͠ϧʔτใͷωΫετϗοϓ
ʹૹ৴͢Δ
Slide 47
Slide 47 text
ϧʔςΟϯάॲཧ
ARPςʔϒϧ͔ΒωΫετϗοϓͷIPʹඥͮ͘ɺMACΞυϨεΛ
औಘ͢Δ
get_mac_addr({_, Nexthop}) ->
% ARPςʔϒϧ͔ΒωΫετϗοϓʹඥͮ͘MACΞυϨεΛऔಘ
case brook_arp_table:fetch_dest_mac_addr(Nexthop, false) of
% ଘࡏͯ͠ͳ͍߹ɺʮundefinedʯΛฦ͢
[] ->
undefined;
% ଘࡏͯ͠Δ߹ɺMACΞυϨεΛฦ͢
[{arp_table, _, _, DestMac, _}| _] ->
DestMac
end.
Slide 48
Slide 48 text
ϧʔςΟϯάॲཧ
L2ϔομʔͷૹ৴ઌMACΞυϨεΛωΫετϗοϓɺ
ૹ৴ݩMACΞυϨεΛࣗࣗʢΠϯλʔϑΣΠεʣͱ
ॻ͖͑Δ
ip_request(FD, #{source_mac := SourceMac, dest_mac := DestMac}=Opt, Data) ->
Ethernet = ethernet_to_binary(#ethernet_header{
source_mac_addr=tuple_to_list(SourceMac),
dest_mac_addr=DestMac,
type=?TYPE_IP}
),
request(FD, <>, Opt)
L2ͷύέοτϔομʔΛ࡞
Slide 49
Slide 49 text
Ϟδϡʔϧ࣮
ʢElixirʣ
Slide 50
Slide 50 text
ϧʔλʹ֦ுੑΛ࣋ͨͤΔͨΊɺ
ErlangͰPipelineॲཧͷ
࣮Λ͠·ͨ͠
Slide 51
Slide 51 text
Pipelineॲཧͷॴ
ύέοτͷड৴ -͕*1͔֬ೝ νΣοΫαϜͷ֬ೝ
55-Λ 55-͕͔Ͳ͏͔֬ೝ νΣοΫαϜͷ࠶ܭࢉ
ωΫετϗοϓͷ."$
ΞυϨεͷऔಘ
-ͷϔομʔΛ࡞ ύέοτΛૹ৴
-ͷॲཧ
ϧʔςΟϯάςʔϒϧ
͔ΒϧʔτใΛऔಘ
Slide 52
Slide 52 text
Pipelineॲཧͷॴ
1. IPύέοτͷॲཧલ
2. L4ϨΠϠʔͷॲཧલ
3. L4ϨΠϠʔͷॲཧޙ
4. IPύέοτͷॲཧޙ
5. ύέοτͷૹ৴ޙ
Slide 53
Slide 53 text
Ϟδϡʔϧͱ࣮ͯͨ͠͠ͷ
• FirewallʢPipelineΛར༻ʣ
• ύέοτϩεʢPipelineΛར༻ʣ
• ϦϓϥΠʢPipelineΛར༻ʣ
• Ԇૹ৴ʢPipelineΛར༻ʣ
• ελςΟοΫϧʔςΟϯάͷΠϯλʔϑΣΠε
Slide 54
Slide 54 text
FirewallϞδϡʔϧͷ
࣮ྫ
Slide 55
Slide 55 text
FirewallϞδϡʔϧ
ύέοτͷड৴ -͕*1͔֬ೝ νΣοΫαϜͷ֬ೝ
55-Λ 55-͕͔Ͳ͏͔֬ೝ νΣοΫαϜͷ࠶ܭࢉ
ωΫετϗοϓͷ."$
ΞυϨεͷऔಘ
-ͷϔομʔΛ࡞ ύέοτΛૹ৴
-ͷॲཧ
ϧʔςΟϯάςʔϒϧ
͔ΒϧʔτใΛऔಘ
͜͜ʹFirewallͷॲཧΛPipelineͱͯ͠Ճ͢Δ
Slide 56
Slide 56 text
FirewallϞδϡʔϧ
• ४උɿErlangଆͰPipelineॲཧΛ࣮ߦͰ͖ΔΑ͏ʹ͢Δ
save_before_ip_pipeline(Func) when is_function(Func, 2) ->
mnesia:transaction(fun() ->
mnesia:write(pipeline, #pipeline{type=?BEFORE_IP, module=undefined, func=Func}, write)
end)
before_ip_pipeline(Data, Opt) ->
Filter = mnesia:dirty_match_object(pipeline,
{'_', ?BEFORE_IP, '$1', '$2'}
),
pipeline(Filter, Data, Opt)
pipeline([#pipeline{module=undefined, func=Func}| Tail], Data0, Opt0) ->
case apply(Func, [Data0, Opt0]) of
{error, Msg} ->
{error, Msg};
{ok, Data, Opt} ->
pipeline(Tail, Data, Opt)
end;
Slide 57
Slide 57 text
FirewallϞδϡʔϧ
• ४උɿErlangଆͰPipelineॲཧΛ࣮ߦͰ͖ΔΑ͏ʹ͢Δ
save_before_ip_pipeline(Func) when is_function(Func, 2) ->
mnesia:transaction(fun() ->
mnesia:write(pipeline, #pipeline{type=?BEFORE_IP, module=undefined, func=Func}, write)
end)
before_ip_pipeline(Data, Opt) ->
Filter = mnesia:dirty_match_object(pipeline,
{'_', ?BEFORE_IP, '$1', '$2'}
),
pipeline(Filter, Data, Opt)
pipeline([#pipeline{module=undefined, func=Func}| Tail], Data0, Opt0) ->
case apply(Func, [Data0, Opt0]) of
{error, Msg} ->
{error, Msg};
{ok, Data, Opt} ->
pipeline(Tail, Data, Opt)
end;
PipelineʹॲཧΛొ
Slide 58
Slide 58 text
FirewallϞδϡʔϧ
• ४උɿErlangଆͰPipelineॲཧΛ࣮ߦͰ͖ΔΑ͏ʹ͢Δ
save_before_ip_pipeline(Func) when is_function(Func, 2) ->
mnesia:transaction(fun() ->
mnesia:write(pipeline, #pipeline{type=?BEFORE_IP, module=undefined, func=Func}, write)
end)
before_ip_pipeline(Data, Opt) ->
Filter = mnesia:dirty_match_object(pipeline,
{'_', ?BEFORE_IP, '$1', '$2'}
),
pipeline(Filter, Data, Opt)
pipeline([#pipeline{module=undefined, func=Func}| Tail], Data0, Opt0) ->
case apply(Func, [Data0, Opt0]) of
{error, Msg} ->
{error, Msg};
{ok, Data, Opt} ->
pipeline(Tail, Data, Opt)
end;
Pipelineͷ࣮ߦ
Slide 59
Slide 59 text
FirewallϞδϡʔϧ
• ४උɿErlangଆͰPipelineॲཧΛ࣮ߦͰ͖ΔΑ͏ʹ͢Δ
save_before_ip_pipeline(Func) when is_function(Func, 2) ->
mnesia:transaction(fun() ->
mnesia:write(pipeline, #pipeline{type=?BEFORE_IP, module=undefined, func=Func}, write)
end)
before_ip_pipeline(Data, Opt) ->
Filter = mnesia:dirty_match_object(pipeline,
{'_', ?BEFORE_IP, '$1', '$2'}
),
pipeline(Filter, Data, Opt)
pipeline([#pipeline{module=undefined, func=Func}| Tail], Data0, Opt0) ->
case apply(Func, [Data0, Opt0]) of
{error, Msg} ->
{error, Msg};
{ok, Data, Opt} ->
pipeline(Tail, Data, Opt)
end;
Pipelineʹొͨ͠ॲཧΛ࣮ߦ͍ͯ͘͠
Slide 60
Slide 60 text
FirewallϞδϡʔϧ
• ४උɿErlangଆͰPipelineॲཧΛ࣮ߦͰ͖ΔΑ͏ʹ͢Δ
save_before_ip_pipeline(Func) when is_function(Func, 2) ->
mnesia:transaction(fun() ->
mnesia:write(pipeline, #pipeline{type=?BEFORE_IP, module=undefined, func=Func}, write)
end)
before_ip_pipeline(Data, Opt) ->
Filter = mnesia:dirty_match_object(pipeline,
{'_', ?BEFORE_IP, '$1', '$2'}
),
pipeline(Filter, Data, Opt)
pipeline([#pipeline{module=undefined, func=Func}| Tail], Data0, Opt0) ->
case apply(Func, [Data0, Opt0]) of
{error, Msg} ->
{error, Msg};
{ok, Data, Opt} ->
pipeline(Tail, Data, Opt)
end;
FuncʢϝιουʣΛ
[Data0, Opt0] ͷҾͰ࣮ߦ͢Δ
Slide 61
Slide 61 text
FirewallϞδϡʔϧ
• ४උɿErlangଆͰPipelineॲཧΛ࣮ߦͰ͖ΔΑ͏ʹ͢Δ
save_before_ip_pipeline(Func) when is_function(Func, 2) ->
mnesia:transaction(fun() ->
mnesia:write(pipeline, #pipeline{type=?BEFORE_IP, module=undefined, func=Func}, write)
end)
before_ip_pipeline(Data, Opt) ->
Filter = mnesia:dirty_match_object(pipeline,
{'_', ?BEFORE_IP, '$1', '$2'}
),
pipeline(Filter, Data, Opt)
pipeline([#pipeline{module=undefined, func=Func}| Tail], Data0, Opt0) ->
case apply(Func, [Data0, Opt0]) of
{error, Msg} ->
{error, Msg};
{ok, Data, Opt} ->
pipeline(Tail, Data, Opt)
end;
Τϥʔͷ߹ΤϥʔͱͳΓɺύέοτͷ
ϧʔςΟϯάΛߦΘͳ͍
ਖ਼ৗͷ߹ɺ࣍ͷPipelineॲཧΛ࣮ߦ
Slide 62
Slide 62 text
Elixirଆͷ࣮
Slide 63
Slide 63 text
FirewallϞδϡʔϧ
• Firewallͷ݅ΛϝλϓϩάϥϜͰ࣮
firewall :default do
allow(
source_ip: {192, 168, 20, 0},
source_netmask: {255, 255, 255, 0},
protocol: :ip
)
allow(
source_ip: {192, 168, 40, 0},
source_netmask: {255, 255, 255, 0},
protocol: :tcp
)
deny()
end
Slide 64
Slide 64 text
FirewallϞδϡʔϧ
• Firewallͷ݅ΛϝλϓϩάϥϜͰ࣮
firewall :default do
allow(
source_ip: {192, 168, 20, 0},
source_netmask: {255, 255, 255, 0},
protocol: :ip
)
allow(
source_ip: {192, 168, 40, 0},
source_netmask: {255, 255, 255, 0},
protocol: :tcp
)
deny()
end
ڐՄ͢Δύέοτใ
ʢૹ৴ݩIPͱ͔ϓϩτίϧͱ͔ʣ
Slide 65
Slide 65 text
FirewallϞδϡʔϧ
• Firewallͷ݅ΛϝλϓϩάϥϜͰ࣮
firewall :default do
allow(
source_ip: {192, 168, 20, 0},
source_netmask: {255, 255, 255, 0},
protocol: :ip
)
allow(
source_ip: {192, 168, 40, 0},
source_netmask: {255, 255, 255, 0},
protocol: :tcp
)
deny()
end
શͯͷύέοτΛڋ൱͢Δ
Slide 66
Slide 66 text
FirewallϞδϡʔϧ
• Firewallॲཧͷొ
defmacro firewall_through(identifier) do
quote do
identifier = unquote(identifier)
:brook_pipeline.save_before_ip_pipeline(Eshe.Firewall.firewall_filter(identifier))
end
end
def firewall_filter(identifier) do
filter = fetch_filter(Eshe.Supervisor.route_firewall(), identifier)
fn data, option ->
case is_allow_filter(filter, data) do
:ok ->
{:ok, data, option}
error ->
{:error, error}
end
end
end
Slide 67
Slide 67 text
FirewallϞδϡʔϧ
• Firewallॲཧͷొ
defmacro firewall_through(identifier) do
quote do
identifier = unquote(identifier)
:brook_pipeline.save_before_ip_pipeline(Eshe.Firewall.firewall_filter(identifier))
end
end
def firewall_filter(identifier) do
filter = fetch_filter(Eshe.Supervisor.route_firewall(), identifier)
fn data, option ->
case is_allow_filter(filter, data) do
:ok ->
{:ok, data, option}
error ->
{:error, error}
end
end
end
firewall_filterΛొ͢Δ
Slide 68
Slide 68 text
FirewallϞδϡʔϧ
• Firewallॲཧͷొ
defmacro firewall_through(identifier) do
quote do
identifier = unquote(identifier)
:brook_pipeline.save_before_ip_pipeline(Eshe.Firewall.firewall_filter(identifier))
end
end
def firewall_filter(identifier) do
filter = fetch_filter(Eshe.Supervisor.route_firewall(), identifier)
fn data, option ->
case is_allow_filter(filter, data) do
:ok ->
{:ok, data, option}
error ->
{:error, error}
end
end
end
ErlangଆॲཧΛฦ͠ɺΤϥʔͷ߹
ύέοτͷॲཧΛऴྃͤ͞Δ
Slide 69
Slide 69 text
FirewallϞδϡʔϧ
• Firewallͷఆॲཧ
def match(
%{protocol: protocol} = record,
<>
)
when protocol in [:tcp, :udp] do
{source_port, dest_port} = fetch_port(len, other)
with res <- match_ip([], record[:dest_ip], record[:dest_netmask], dest_ip),
res <- match_ip(res, record[:source_ip], record[:source_netmask], source_ip),
res <- match_port(res, record[:source_port], source_port),
res <- match_port(res, record[:dest_port], dest_port),
res <- Enum.filter(res, &(&1 != nil)),
{:ok, _value} <- Enum.fetch(res, 0) do
Enum.all?(res, fn r -> r == true end)
else
_ ->
false
end
end
Slide 70
Slide 70 text
FirewallϞδϡʔϧ
• Firewallͷఆॲཧ
def match(
%{protocol: protocol} = record,
<>
)
when protocol in [:tcp, :udp] do
{source_port, dest_port} = fetch_port(len, other)
with res <- match_ip([], record[:dest_ip], record[:dest_netmask], dest_ip),
res <- match_ip(res, record[:source_ip], record[:source_netmask], source_ip),
res <- match_port(res, record[:source_port], source_port),
res <- match_port(res, record[:dest_port], dest_port),
res <- Enum.filter(res, &(&1 != nil)),
{:ok, _value} <- Enum.fetch(res, 0) do
Enum.all?(res, fn r -> r == true end)
else
_ ->
false
end
end
ૹ৴ݩͱૹ৴ઌͷIP
ૹ৴ݩͱૹ৴ઌͷϙʔτ
Slide 71
Slide 71 text
FirewallϞδϡʔϧ
• Firewallͷఆॲཧ
def match(
%{protocol: protocol} = record,
<>
)
when protocol in [:tcp, :udp] do
{source_port, dest_port} = fetch_port(len, other)
with res <- match_ip([], record[:dest_ip], record[:dest_netmask], dest_ip),
res <- match_ip(res, record[:source_ip], record[:source_netmask], source_ip),
res <- match_port(res, record[:source_port], source_port),
res <- match_port(res, record[:dest_port], dest_port),
res <- Enum.filter(res, &(&1 != nil)),
{:ok, _value} <- Enum.fetch(res, 0) do
Enum.all?(res, fn r -> r == true end)
else
_ ->
false
end
end
શͯͷൺֱ݁Ռ͕͍͠߹ͷΈtrueʹ
Slide 72
Slide 72 text
·ͱΊ
Slide 73
Slide 73 text
ϧʔςΟϯάΛཧղ͢Ε
ϧʔλͷ͜ͱ͕Θ͔Γ
ωοτϫʔΫͷ͜ͱ
͔ͬͯ͘ΔͷͰɾɾɾ
Slide 74
Slide 74 text
Θ͔Βͳ͍͜ͱ͕
·ͩ·ͩଟ͍ʂʂʂʂ
Slide 75
Slide 75 text
Εͯͳ͍͜ͱ
Slide 76
Slide 76 text
Εͯͳ͍͜ͱ
• ϧʔςΟϯάϓϩτίϧͷ࣮ʢRIPͱ͔BGPͱ͔OSPFͱ͔ʣ
Slide 77
Slide 77 text
Εͯͳ͍͜ͱ
• ϧʔςΟϯάϓϩτίϧͷ࣮ʢRIPͱ͔BGPͱ͔OSPFͱ͔ʣ
• ϩϯήετϚονΞϧΰϦζϜͷ࣮
Slide 78
Slide 78 text
Εͯͳ͍͜ͱ
• ϧʔςΟϯάϓϩτίϧͷ࣮ʢRIPͱ͔BGPͱ͔OSPFͱ͔ʣ
• ϩϯήετϚονΞϧΰϦζϜͷ࣮
• VRRPͷ࣮
Slide 79
Slide 79 text
Εͯͳ͍͜ͱ
• ϧʔςΟϯάϓϩτίϧͷ࣮ʢRIPͱ͔BGPͱ͔OSPFͱ͔ʣ
• ϩϯήετϚονΞϧΰϦζϜͷ࣮
• VRRPͷ࣮
• ARPΛ·ͩҰ෦͔࣮ͯ͠͠ͳ͍ɺɺɺ
Slide 80
Slide 80 text
Εͯͳ͍͜ͱ
• ϧʔςΟϯάϓϩτίϧͷ࣮ʢRIPͱ͔BGPͱ͔OSPFͱ͔ʣ
• ϩϯήετϚονΞϧΰϦζϜͷ࣮
• VRRPͷ࣮
• ARPΛ·ͩҰ෦͔࣮ͯ͠͠ͳ͍ɺɺɺ
• IPSec࣮͓͖͍ͯͨ͠ʂʂ
Slide 81
Slide 81 text
·ͩ·ͩΔ͜ͱ͕
͍ͬͺ͍ɾɾɾ
Slide 82
Slide 82 text
ͨͩগ͠ϧʔλͷ͜ͱɺ
ωοτϫʔΫͷ͜ͱ͕
Θ͔ͬͨؾ͕͢Δɾɾɾʂ
Slide 83
Slide 83 text
PHPer͔Βͷ
ωοτϫʔΫʢϧʔλʣ
ͷͰͨ͠
Slide 84
Slide 84 text
͝੩ௌ͋Γ͕ͱ͏
͍͟͝·ͨ͠