ϩʔυόϥϯαʔ͕
 Θ͔Βͳ͍ ϋτωίΤ @nekonenene 2017೥07݄31೔

• ϩʔυόϥϯαʔ͸ɺௐ΂Ε͹ௐ΂Δ΄Ͳ
 NAT΍SSL௨৴ͳͲલఏͱͳΔωοτϫʔΫ ஌͕ࣝ੝Γ୔ࢁͳ͜ͱ͕Θ͔ͬͯɺ
 શ෦͸৮ΕΒΕͳ͍ͷͰɺؾʹͳͬͯͨ
 ࣍ϖʔδͷ͜ͱͷΈѻ͍·͢ • L4ʢτϥϯεϙʔτ૚ɿTCP/UDPʣ • L7ʢΞϓϦέʔγϣϯ૚ʣ ϩʔυόϥϯαʔΘ͔Βͳ͍

• ϩʔυͬͯͳʹʁ ಓʁ • ͲΜͳ࢓૊Έͳͷʁ • σʔλΛͲ͏΍ͬͯΫϥΠΞϯτʹ౉͢ͷʁ • ઐ༻ͷػցΛങΘͳͯ͘΋࣮ݱͰ͖Δʁ • ෳ਺ͷϩʔυόϥϯαΛཱͯͨͱ͖ɺ
 ͦΕ΁ͷ઀ଓ؅ཧ͸Ͳ͕͓͜͜ͳ͏ͷʁ ͕͜͜Θ͔Βͳ͍

• load ͱ͍͏ͱʮσʔλΛಡΈࠐΉʢಈࢺʣʯ ͷΠϝʔδ͕ڧ͍͚Ͳɺʮॏՙʢ໊ࢺʣʯͷ ҙຯ͕ݩʑɻͭ·Γʮෛՙʯ • ʮՙ෺ΛੵΉɾ٧ΊࠐΉʯˠʮ૷ర͢Δʯ ˠʮσʔλΛॻ͖ࠐΉɾಡΈࠐΉʯ
 ͱ͍͏ྲྀΕͰίϯϐϡʔλ༻ޠͱͯ͠΋࢖Θ ΕΔΑ͏ʹͳͬͨͬΆ͍ 1. ϩʔυͬͯͳʹʁ

• load balancing ͸ʮෛՙ෼ࢄʯͱ͍͏ҙຯͰ
 ϩʔυόϥϯα͸ͦΕΛ΍ͬͯ͘ΕΔ΋ͷ • ͳͷͰɺҙຯ߹͍ͱͯ͠͸޿͍͚Ͳɺ
 جຊతʹϩʔυόϥϯγϯά༻ʹ࡞ΒΕͨ΋ ͷΛϩʔυόϥϯαͱͯ͠ޠ͍͖ͬͯ·͢ ϩʔυόϥϯα

• ϩʔυόϥϯα͕ͲͷαʔόʔΛબ୒͢Δ͔ ͷख๏͸͍͘Β͔͋Δɻ͓΋ͳྫˣ • ϥ΢ϯυϩϏϯํࣜɿ୯७ʹॱ൪ʹબ୒ • ॏΈ͚ͮɿൺ཰Λఆٛ • ࠷খ઀ଓɿݱࡏͷίωΫγϣϯ਺͕࠷΋খ͞ ͍αʔόʹసૹ 2. ͲΜͳ࢓૊Έͳͷʁ ࢀߟ : http://www.infraexpert.com/study/loadbalancer4.html

• DNSͷAϨίʔυͰɺಉυϝΠϯʹ
 ෳ਺ͷIPΞυϨεΛׂΓ౰ͯΔ͜ͱͰ
 ϥ΢ϯυϩϏϯํࣜΛ࣮ݱ͢Δ΋ͷ
 ʢϩʔυόϥϯα͍Βͣʂ खܰʂʣ • RFC3484ʹͯʮෳ਺ׂΓ౰͕ͯ͋Δ৔߹͸ ΋ͬͱ΋͍ۙαʔόΛબ୒ʯͱͳͬͨͷͰݱ ࡏ͸ϥ΢ϯυϩϏϯʹ͸ͳΒͳ͍͜ͱ΋ DNSϥ΢ϯυϩϏϯ

• ϥ΢ϯυϩϏϯͰ͸ͳ͍Ͱ͕͢ɺ
 AWS Route53Ͱ͸Weightͷࢦఆ͕͓͜ͳ ͑ɺDNSʹΑΔʮॏΈ͚ͮʯͷෛՙ෼ࢄ͕Մ ೳͰ͢ DNSʹΑΔෛՙ෼ࢄ ࢀߟ : http://qiita.com/nagizero/items/385ed12c60f229a4df9c

• AWSͷυΩϡϝϯτతʹ͸ɺELB͸
 CLBʢClassic Load Balancerʣ
 ALBʢApplication Load Balancerʣ
 ʹ෼͔Ε·͕͢ɺELBʹCLBͱ͠·͢ • ͳ͓ɺALB͸EC2Πϯελϯε಺ͷ
 Ͳͷίϯςφʹͭͳ͙͔·ͰΛ੍ޚ͢Δ෺ɻ
 ϥ΢ϯυϩϏϯϧʔςΟϯάΞϧΰϦζϜisԿ ELB͸Ͳͷํࣜʁ

• ʰσϑΥϧτͰ͸ɺϩʔυόϥϯαʔ͸ɺ ϩʔυόϥϯαʔʹରͯ͠༗ޮʹ͢ΔΞϕΠ ϥϏϦςΟʔκʔϯؒͰۉ౳ʹτϥϑΟοΫ Λ෼ࢄ͠·͢ʱ
 ( http://docs.aws.amazon.com/ja_jp/elasticloadbalancing/latest/classic/ introduction.html ) • ॏΈ͚ͮ 1:1:1:1:1:1:ʢུ
 ͷ෼ࢄํࣜΛऔ͍ͬͯΔΑ͏Ͱ͢Ͷ CLB͸Ͳͷํࣜʁ

• αʔόʔ͔ΒͷϨεϙϯε͕ϩʔυόϥϯ αʔΛܦ༝͍ͯͯ͠͸ɺϩʔυόϥϯαʔͷ ෛՙେ͖͍ΑͶʁ
 ͱࢥ͍ͬͯͨͷͰɺ௚઀ΫϥΠΞϯτ΁ૹΔ ͷͩͱࢲ͸ࢥ͍ͬͯͨɻ • ্هํࣜΛDSRʢDirect Server Returnʣߏ ੒ͱݴ͏ 3. ΫϥΠΞϯτ΁͸Ͳ͏΍ͬͯʁ

• αʔόʔ಺͔Βฦ͢৘ใ͕ϩʔυόϥϯαʔ Λ௨Βͳ͍ͷͰɺΞϓϦέʔγϣϯ૚ͷ৘ใ ͸ಘΒΕͳ͍ • ΞϓϦέʔγϣϯతͳ৘ใʹΑΔෛՙ෼ࢄ͕ ͓͜ͳ͑ͳ͍ʢ͖ͬ͞ͷ࠷খ઀ଓͳͲʣ • CookieΛ༻͍ͨεςΟοΩʔηογϣϯ ʢύʔγεςϯεʣ͸͓͜ͳ͑ͳ͍ DSRͷσϝϦοτ ࢀߟ : http://knowledge.sakura.ad.jp/tech/527

• HTTPS௨৴Λ͓͜ͳ͏৔߹ɺ҉߸Խɾ෮߸ʹ ͸ͦΕͳΓͷෛՙ • ϩʔυόϥϯαʔʹ͍ͬͨΜฦ͢͜ͱͰ
 SSLΞΫηϥϨʔλʢ҉߸Խɾ෮߸͢Δ΋ ͷʣ෇͖ϩʔυόϥϯαʔͰ͋Ε͹ɺ
 ͦ͜ʹෛՙΛҰ೚Ͱ͖Δ͠ɺSSLূ໌ॻ͸ͦ ͜ʹ͚ͩஔ͍ͯɺαʔόͱ͸HTTP௨৴Մೳ DSRΛ࢖Θͳ͍ϝϦοτ

• ಈըετϦʔϛϯά࠶ੜͷΑ͏ʹɺ
 େྔͷϨεϙϯεΛαʔόʔ͕ฦ͢γεςϜ ͷ৔߹ɺϩʔυόϥϯαʔͷεϧʔϓοτ ʢσʔλసૹʣੑೳ͕௥͍͔ͭͳ͍͔Β
 DSRΛ࢖͏΄͏͕͍͍ɺͱ͍͏৔߹΋͋Δ • ͨͩɺௐ΂ͯΈͨײ͡͸DSRΛקΊͳ͍࿦ௐ ͕ଟ͘ײͨ͡ DSRΛ࢖͏΄͏͕͍͍৔߹ ࢀߟ : http://www.infraexpert.com/study/loadbalancer12.html

• ϩʔυόϥϯαʔΛௐ΂Δͱ
 F5 Networks.Inc ͷʰBIG-IPʱͷ࿩͕ଟ͍… • Ͱ͸ɺࣗ୐αʔόͰ͸ݐͯΒΕͳ͍͔ʁ • ʰLinux Virtual Server (LVS)ʱͱ ʰKeepalivedʱΛ༻͍Δ͜ͱͰɺ
 αʔόʔΛϩʔυόϥϯαʔԽͰ͖Δ 4. ઐ༻ͷػց͕ඞཁʁ

• LVS͸ॏΈ͚ͮʹΑΔ෼ࢄΛ͓͜ͳ͑·͢
 ʢઃఆํ๏ : http://dsas.blog.klab.org/archives/50664843.html ʣ • Keepalived͸֤αʔόʔͷࢮ׆ঢ়گΛɺ
 TCPίωΫγϣϯ͕ுΕΔ͔(TCP_CHECK)
 HTTPΞΫηεͰ͖Δ͔(HTTP_GET)
 ͱ͍ͬͨํ๏Ͱ؂ࢹ͠·͢
 ʢઃఆํ๏ : http://blog.idcf.jp/entry/cloud/keepalived ʣ LVS + Keepalived

• AWSͷElastic Load Balancingʹ͓͚Δ
 ϩʔυόϥϯαʔ͸উखʹ૿ݮ͢ΔΒ͍͠ɻ • ͡Ό͋ͲͷϩʔυόϥϯαʔʹৼΔ͔͸
 Ͳ͏͍͏࢓૊Έʁ • ͜ͷࢿྉ7ϖʔδʹ͋ͬͨDNSϥ΢ϯυϩϏϯ ͱಉ༷ͷํ๏Ͱղܾ͍ͯ͠Δ 5. ϩʔυόϥϯαʔͷόϥϯαʔʁ

ΫϥΠΞϯτ͕ϦΫΤετΛϩʔυόϥϯαʔʹૹ৴͢ΔલʹɺυϝΠϯωʔϜγεςϜ (DNS) αʔόʔΛ࢖༻ͯ͠ϩʔυόϥϯαʔͷυϝΠϯ໊Λղܾ͠·͢ɻ Πϯελϯε͸ amazonaws.com υϝΠϯʹ͋ΔͨΊɺDNS ΤϯτϦ͸ Amazon ʹ Α੍ͬͯޚ͞Ε·͢ɻAmazon DNS αʔόʔ͸ɺ1 ͭҎ্ͷ IP ΞυϨε (ϩʔυόϥϯ αʔ༻ͷϩʔυόϥϯαʔϊʔυͷ IP ΞυϨε) ΛΫϥΠΞϯτʹฦ͠·͢ɻ ΞϓϦέʔγϣϯ΁ͷτϥϑΟοΫ͕࣌ؒͷܦաͱͱ΋ʹมԽ͢ΔͱɺElastic Load Balancing ͸ϩʔυόϥϯαʔΛεέʔϦϯάͯ͠ DNS ΤϯτϦΛߋ৽͠·͢ɻDNS Τ ϯτϦͰ͸ɺ༗ޮظݶ (TTL) ΋ 60 ඵʹࢦఆ͞Ε͍ͯΔͨΊɺτϥϑΟοΫͷมԽʹԠ͡ ͯ IP ΞυϨε͕ਝ଎ʹ࠶Ϛοϓ͞ΕΔ఺ʹ஫ҙ͍ͯͩ͘͠͞ɻ AWSυΩϡϝϯτΑΓ Ҿ༻ݩ : http://docs.aws.amazon.com/ja_jp/elasticloadbalancing/latest/ userguide/how-elastic-load-balancing-works.html#request-routing

εοΩϦʂ

ΑΓਂ͘஌Γͨ͘ͳͬͨํ͸
 ͜ͷεϥΠυ͕ྑ͛͞Ͱ͢ ʰϩʔυόϥϯα࠶ೖ໳ʱ
 https://www.slideshare.net/ ryuichitakashima3/ ss-72343772