AWSネットワークのL4以下の話 / aws-network-small-talks

Ecd0c945f6911dbf75358a8addee15f7?s=47 takipone
July 01, 2017
Technology
3
2.7k

AWSネットワークのL4以下の話 / aws-network-small-talks

Developers.IO 2017 2017/07/01 大瀧隆太

Ecd0c945f6911dbf75358a8addee15f7?s=128

takipone

July 01, 2017
Tweet

Want more?

Ecd0c945f6911dbf75358a8addee15f7?s=48 takipone
0
1.3k
Ecd0c945f6911dbf75358a8addee15f7?s=48 takipone
7
2k
Ecd0c945f6911dbf75358a8addee15f7?s=48 takipone
0
1.6k
7cbd3f5f922d798cc312eaf596de7ae6?s=48 iamctodd
2
530
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
14
880
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
6
480
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
0
300
61857dafbd287b3027c4dcea9008ad3c?s=48 carmenhchung
8
620
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
9
330
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
3
360
C35e01544a0dd94a2cf1619ee8a42ebb?s=48 clairelew
5
910
6bb82b13cda86d3b821fa44100335ddf?s=48 thoeni
1
230

Transcript

  1. 1.

    "84ωοτϫʔΫͷ-ҎԼͷ࿩ େ୍ོଠ

  2. 2.

    Ϩϙʔτ ͱ͍͏໊ͷϦϯΫू ॻ͖·ͨ͠
 http://dev.classmethod.jp/event/devio2017-awsnetwork-small-talks/

  3. 3.

    ࣗݾ঺հ  /BNFେ୍ོଠ!UBLJQPOF +PCϓϦηʔϧε!Ϋϥεϝιου *OUFSFTUωοτϫʔΫσϓϩΠपΓ 'BWPSJUF"843PVUFͱ"$.͕޷͖

  4. 4.

    ࣗݾ঺հ ࠷ۙॻ͍ͨ%FW*0ͷهࣄ 

  5. 5.

     ʲ࣭໰ʳ Which are you familiar with 
 Πϯϑϥ or

    ΞϓϦ ? (ϑϧελοΫͱ͔͸͍͍Ͱ͢)
  6. 6.

    ຊηογϣϯͷͶΒ͍  Πϯϑϥͷํʹ͸;Ή;Ήɺ ΞϓϦͷํʹ͸͜ΜͳΜ͋ΔΜ͔

  7. 7.

    ຊηογϣϯͷͶΒ͍  "84ωοτϫʔΫɺͨͩ͠-ҎԼͷ
 গ͠ϚχΞοΫͳ࿩
 ͪΐͬͱະདྷͷ࿩୊
 Λ͝঺հ͠·͢

  8. 8.

    ✦ தͷਓͷͬͦ͜Γ࿩తͳ಺༰͸͋Γ·ͤΜ ✦ ͕࣌ؒݶΒΕΔͷͰɺ֓ཁͱࢀߟϦϯΫ঺հ͕ओ ✦ ؾʹͳΔͱ͜Ζɺৄ͍͠ͱ͜Ζ͸ηογϣϯޙPS ࠙਌ձͰ੠͔͚͍ͯͩ͘͞ʂ ͓͜ͱΘΓ 

  9. 9.

    ✦ "84σʔληϯλʔͱϋʔυ΢ΣΞ -෼  ✦ 71$Ծ૝ωοτϫʔΫͷ੍໿ -෼  ✦ 71$*1ΞυϨεઃܭ-ͱ*1W

    -෼  ✦ .15$1 -෼  ✦ όοϑΝ෼ ΞδΣϯμ 
  10. 10.

     -

  11. 11.

     ʲલఏʳ
 AWSͷσʔληϯλʔͳͲ෺ཧ૚ͷ৘ใ͸
 ηΩϡϦςΟ্ͷཧ༝Ͱඇެ։

  12. 12.

     ✦ +BNFT)BNJMUPO ✦ 71BOE%JTUJOHVJTIFE&OHJOFFS BU"NB[PO8FC4FSWJDFT ✦ ൿີओٛͷ"84Πϯϑϥʹ͍ͭͯ "84SF*OWFOU ถࠃ։࠵ͷ೥࣍Πϕ

    ϯτ Ͱ͔ͳΓৄ͘͠஻ͬͪΌ͏ਓ ✦ ͳͥʮϋϛϧτϯઌੜʯͱݺ͹ΕΔ ͷ͔͸஌Βͳ͍ ڭ͍͑ͯͩ͘͞
  13. 13.

    ೔ຊޠղઆهࣄ΋๛෋ͳͷͰɺ͋ͱͰݟͯͶ  ✦ SF*OWFOU ✦ 4105 "84*OOPWBUJPOBU4DBMFͷεϥΠυ͕εΰ͍ ZPTIJEBTIJOHP ✦ "NB[POσʔληϯλʔʹ͍ͭͯɺ+BNFT)BNJMUPO͕ޠΔc"HJMF

    $BUJOUIFDMPVE ✦ SF*OWFOU ✦ "4$**KQɿւఈέʔϒϧ͔ΒΧελϜαʔόʔ·Ͱϋϛϧτϯઌੜ͕ޠ Δ෺ཧͳ"84  ʛΫϥ΢υͷྗΛݟ͚ͤͭͨ"84SF*OWFOU
  14. 14.

    )BNJMUPOઌੜͷSF*OWFOUͷηογϣϯ 

  15. 15.

    ͜͏͍͏ͷ 

  16. 16.

    )BNJMUPOઌੜͷSF*OWFOUલ໷ࡇ 

  17. 17.

     ࣗࣾௐୡ·͙ͬ͠Β

  18. 18.

     ্ه:PVUVCFΑΓ

  19. 19.

     ্ه:PVUVCFΑΓ ʹ"NB[PO͕ങऩͨ͠ "OOBQVSOB-BCT͕։ൃ &/" &MBTUJD/FUXPSL "EBQUFS ͷ͜ͱ

  20. 20.

    ✦ .JDSPTPGUɺ(PPHMF΋΍Δؾຬʑ ✦ Ṗͷ൒ಋମϕϯμʔ΍*OUFMͳͲͱͷຶ݄ؔ܎͸ҡ࣋ ✦ "4*$ɺ'1("ɺ(1(16Λ૯ಈһͯ͠ͷ։ൃ߹ઓ ͸͠͹Β͘ଓ͖ͦ͏ ࣗࣾௐୡ͕ڝ૪ྗͷݯઘ 

  21. 21.

     ωοτϫʔΫʹ࿩Λ໭ͯ͠ɺ ֎෦ͱͷ઀ଓ

  22. 22.

    ֎෦ͱͷ઀ଓΠϯλʔωοτ઀ଓ  ✦ Ϋϥ΢υք۾ͷΠϯλʔωοτपΓͷτϨϯυ ✦ ΞΫηεճઢ͔ΒΫϥ΢υ·ͰɺΠϯλʔωοτΛ
 ܦ༝͢Δڑ཭Λ͍͔ʹ୹͘͢Δ͔ ✦ 8FCίϯςϯπ഑৴͚ͩͰͳ͘ɺ8FC"1*༻్΋

  23. 23.

    "NB[PO45SBOTGFS"DDFMFSBUJPO  ೔ຊͷ
 *41 "84Τοδ
 ϩέʔγϣϯ "84๺ถ Ϧʔδϣϯ ΫϥΠΞϯτ "84͕؅ཧ͢Δ࠷దԽ


    ͞ΕͨωοτϫʔΫ ༷ʑͳࣄۀऀͷճઢΛܦ༝ ͢ΔͷͰ௿଎ɺෆ҆ఆ
  24. 24.

     $ traceroute s3.amazonaws.com traceroute to s3-1.amazonaws.com (52.216.19.19), 64 hops

    max, 52 byte packets 1 192.168.0.1 (192.168.0.1) 1.481 ms 1.161 ms 1.073 ms 2 * * * 3 10.202.106.132 (10.202.106.132) 137.229 ms 18.641 ms 14.711 ms 4 10.1.8.149 (10.1.8.149) 15.385 ms 18.950 ms 19.707 ms 5 203-165-19-161.rev.home.ne.jp (203.165.19.161) 23.791 ms 24.388 ms 203-165-19-169.rev.home.ne.jp (203.165.19.169) 25.050 ms 6 c2-be1.ot-dc.zaq.ad.jp (203.165.19.170) 19.202 ms c2-be2.ot-dc.zaq.ad.jp (203.165.19.162) 20.200 ms c2-be1.ot-dc.zaq.ad.jp (203.165.19.170) 17.320 ms 7 gw5-be2.ot-dc.zaq.ad.jp (203.165.0.10) 17.471 ms 19.493 ms 16.062 8 124.211.14.13 (124.211.14.13) 20.460 ms 18.600 ms 30.769 ms ISP(JCOM/ZAQ) ্Ґ(KDDI)
  25. 25.

     9 27.85.137.197 (27.85.137.197) 31.363 ms 27.85.137.221 (27.85.137.221) 22.929 ms

    27.85.137.201 (27.85.137.201) 15.692 ms 10 tm4bbac01.bb.kddi.ne.jp (27.90.191.222) 25.392 ms tm4bbac02.bb.kddi.ne.jp (118.152.213.70) 22.993 ms 23.875 ms 11 otejbb205.int-gw.kddi.ne.jp (118.152.254.249) 21.882 ms otejbb206.int-gw.kddi.ne.jp (111.87.242.149) 22.873 ms 25.187 ms 12 pajbb002.int-gw.kddi.ne.jp (106.187.8.18) 149.087 ms pajbb001.int-gw.kddi.ne.jp (203.181.100.138) 130.144 ms pajbb002.int-gw.kddi.ne.jp (106.187.8.18) 138.444 ms 13 ix-pa9.int-gw.kddi.ne.jp (111.87.3.10) 115.556 ms ix-pa9.int-gw.kddi.ne.jp (111.87.3.34) 132.808 ms 144.030 ms 14 72.21.221.125 (72.21.221.125) 117.959 ms 122.599 ms 126.890 ms 15 * * * 16 * * * ্Ґ(KDDI೔ຊ) ্Ґ(KDDIࠃࡍճઢ) AWS
  26. 26.

     17 * * 205.251.229.104 (205.251.229.104) 191.384 ms 18 *

    52.95.3.156 (52.95.3.156) 176.304 ms * 19 54.239.111.65 (54.239.111.65) 186.128 ms 54.239.110.25 (54.239.110.25) 187.097 ms 54.239.109.111 (54.239.109.111) 207.114 ms 20 205.251.244.191 (205.251.244.191) 203.306 ms 205.251.244.193 (205.251.244.193) 180.110 ms 205.251.244.219 (205.251.244.219) 178.358 ms 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 52.216.19.19 (52.216.19.19) 195.928 ms 175.533 ms 184.908 ms
  27. 27.

     $ traceroute takipone-public.s3-accelerate.amazonaws.com traceroute to takipone-public.s3-accelerate.amazonaws.com (54.239.194.24 max, 52

    byte packets 1 192.168.0.1 (192.168.0.1) 2.333 ms 0.955 ms 0.784 ms 2 * * * 3 10.202.106.131 (10.202.106.131) 17.485 ms 27.664 ms 17.233 ms 4 10.1.8.153 (10.1.8.153) 16.582 ms 19.236 ms 14.757 ms 5 203-165-19-165.rev.home.ne.jp (203.165.19.165) 22.597 ms 15.612 ms 6 c1-be1.ot-dc.zaq.ad.jp (203.165.19.174) 17.330 ms c1-be2.ot-dc.zaq.ad.jp (203.165.19.166) 16.406 ms c1-be1.ot-dc.zaq.ad.jp (203.165.19.174) 17.791 ms 7 gw6-be1.ot-dc.zaq.ad.jp (203.165.0.46) 16.671 ms 14.980 ms 17.234 8 52.95.218.152 (52.95.218.152) 19.146 ms 27.820 ms 52.95.218.154 (52.95.218.154) 28.837 ms AWS ISP(JCOM/ZAQ)
  28. 28.

     9 52.95.30.199 (52.95.30.199) 21.646 ms 52.95.30.157 (52.95.30.157) 23.672 ms

    52.95.30.163 (52.95.30.163) 18.503 ms 10 52.95.30.10 (52.95.30.10) 14.181 ms 52.95.30.36 (52.95.30.36) 20.127 ms 52.95.30.66 (52.95.30.66) 14.806 ms 11 27.0.0.118 (27.0.0.118) 32.002 ms 27.0.0.116 (27.0.0.116) 25.163 ms 27.0.0.115 (27.0.0.115) 16.204 ms 12 * * * ҎԼུ
  29. 29.

    ৄ͘͠͸ϒϩάͰ 

  30. 30.

    ֎෦ͱͷ઀ଓΠϯλʔωοτ઀ଓ  ✦ "NB[PO45SBOTGFS"DDFMFSBUJPO ✦ (PPHMF&EHF/FUXPSL ✦ /FUqJY0QFO$POOFDUc0QFO$POOFDU

  31. 31.

    ֎෦ͱͷ઀ଓϓϥΠϕʔτ઀ଓ  ✦ "84%JSFDU$POOFDU &RVJOJY 5:04

  32. 32.

    ֎෦ͱͷ઀ଓϓϥΠϕʔτ઀ଓ  ✦ ࠃ಺ओཁΩϟϦΞͷاۀ޲͚*171/αʔϏεͰͷ
 αϙʔτ͕Ұ८ ༗ঈΦϓγϣϯ ɻ࢖͏ͷ͕౰ͨΓલʹ ͳͬͨ ✦ "SDTUBS6OJWFSTBM0OF

    ✦ 874 ✦ 4NBSU71/ ✦ ΩϟϦΞʹΑͬͯಠࣗ৭΋ ઎༗ʹ஫ྗ΍྿ՁಛԽͳͲ
  33. 33.

    ֎෦ͱͷ઀ଓϓϥΠϕʔτ઀ଓ  ✦ ࠷ۙɺ-"$1-"(Λαϙʔτ ✦ ·࣮ͩҊ݅Ͱग़ձͬͨ͜ͱ͸ͳ͍ ✦ *OUFS3FHJPO%JSFDU$POOFDU %9 

    ✦ େࡕϩʔΧϧϦʔδϣϯ։ઃͷڿʹ͸
 ถࠃʹ͋Δ*OUFS3FHJPO%9͕೔ຊʹ΍͖ͬͯͯཉ͍͠
  34. 34.

     -

  35. 35.

    "NB[PO71$ͷ-  ✦ ಠ࣮ࣗ૷ͷ$POTUSBJOFE-PWFS- ✦ ֎෦ͱͷ-֦ு͸ແ͍ ֎෦ͱ͸-Ͱ௨৴  ✦ ."$ΞυϨεِ͕૷Ͱ͖ͳ͍

    ✦ ϚϧνΩϟετϒϩʔυΩϟετ͕௨Βͳ͍ ✦ ΞαΠϯ͞Εͨ*1ΞυϨεҎ֎ͷ௨৴͸ઃఆ͕ඞཁ
 ˠ4PVSDF%FTU*1$IFDLͷແޮԽ
  36. 36.

    Φεεϝ8FCهࣄ  "84ωοτϫʔΫͷ࿦ཧ తͳଆ໘ʙ"84ͷόοΫ ϘʔϯωοτϫʔΫʹؔ͢ Δ%FFQͳ࿩ʢʣ  ɿ $PEF;JOFʢίʔυδϯʣ IUUQDPEF[JOFKQ

    BSUJDMFEFUBJM
  37. 37.

    ݩωλ 

  38. 38.

    "NB[PO71$ͷ-  ✦ "EWBODFE/FUXPSLJOHͱ͍͏ͱɺ-τϯωϦϯ άͷख๏ׂ͕ͱΧδϡΞϧʹग़ͯ͘Δ͆ ✦ "844PMVUJPOT"SDIJUFDUϒϩά"84Ͱ΋໾ʹཱͭτϯ ωϦϯάٕज़ೖ໳ ✦ "NB[PO71$Ͱ*1WΛͬ͘͞ͱςετ͢ΔͨΊʹ*4"5"1

    τϯωϧΛ۷Δʛ%FWFMPQFST*0
  39. 39.

     -

  40. 40.

    71$ͷ֓೦ਤ 

  41. 41.

    71$ͷ-  ✦ ޷͖ͳ*1ϨϯδΛ71$ʹΞαΠϯ ࠷େ  ✦ ϧʔλʔͳͲ༧໿*1ΞυϨεҎ֎͸ࣗ༝ʹ࢖͑Δ ✦ ଞͷϢʔβʔ΍ଞͷ71$ͱϨϯδ͕ॏෳͯ͠΋

    0, ϐΞ઀ଓͳͲͰͷ૬ޓ઀ଓ͸/(  ✦ "84Ϧʔδϣϯ͝ͱʹผʑ
  42. 42.

    71$ͷ-  ✦ ($1͸άϩʔόϧͷ*1Ϩϯδ͔ΒϦʔδϣϯ͝ͱͷ *1Ϩϯδʹ੾ΓସΘͬͨ ✦ ΫϩεϦʔδϣϯ͚ͩͲϦʔδϣϯΛҙࣝͨ͠
 Ϩϯδઃܭ͕ݱ࣮ղ ✦ ($1ͷαϒωοτ͸Ϋϩεκʔϯ

    ✦ -ͷ࣮૷͕ҟͳΔͷͰ୯७ൺֱ͸Ͱ͖ͳ͍
  43. 43.

     *1W

  44. 44.

    *1W  ✦ ࠷ۙ71$͕*1WΛαϙʔτ ✦ ϥϯμϜʹͷϨϯδׂ͕Γ౰ͯΒΕΔ ✦ 1VCMJD1SJWBUFͷ۠ผ͕ແ͍ˠ&MBTUJD*1͕ແ͍

  45. 45.

    *1W  ✦ &-#ɺ$MPVEGSPOU΋"-*"4ϨίʔυؚΊରԠࡁΈ ✦ ϑϧ*1WԽͷଞʹ&-#΍$MPVE'SPOUΛ༻͍ͨ
 Ϙʔμʔ*1WԽ΋༗ྗͳબ୒ࢶ
 8FCαʔόʔͳΒ͍ͭͰʹৗ࣌44-)551
 ରԠ΋ʂ

  46. 46.

    Ϙʔμʔ*1WԽ  CloudFront EC2 IPv6
 Πϯλʔωοτ ͬͪ͜͸W ELB

  47. 47.

     -

  48. 48.

    ΞϓϦϓϩτίϧͷྺ࢙͸5$1ͱ6%1ͷӈԟࠨԟ  TCP UDP

  49. 49.

    %/4  TCP UDP ✦ &%/4 &YUFOTJPO.FDIBOJTNTGPS%/4WFSTJPO  ✦ 6%1ͷ%/4ͰૹΕΔόΠτΛӽ͑ΔͨΊʹ5$1

    ϑΥʔϧόοΫػೳΛඋ͑Δ ✦ 3PVUF͸֓Ͷαϙʔτ͍ͯ͠Δ໛༷
  50. 50.

    )551  TCP UDP ✦ 26*$ ✦ (PPHMF͕ఏএ͢Δߴ଎ͳ)551 ✦ ରԠ͢Δ"84αʔϏε͸·ͩແ͍

  51. 51.

     .VMUJQBUI5$1 .15$1

  52. 52.

    .VMUJQBUI5$1 .15$1 

  53. 53.

    .VMUJQBUI5$1ͷݕূ  172.31.5.60 172.31.12.74 172.31.3.145 nginx:80

  54. 54.

     $ sudo tcpdump -nn port 80 tcpdump: verbose output

    suppressed, use -v or -vv for full protocol decode listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes 15:41:33.557044 IP 172.31.5.60.52262 > 172.31.12.74.80: Flags [S], seq 2400131088, win 26883, options [mss 8961,sackOK,TS val 1110938 ecr 0,nop,wscale 7,mptcp capable csum {0xc67c4184f77fdb3}], length 0 15:41:33.557104 IP 172.31.12.74.80 > 172.31.5.60.52262: Flags [S.], seq 3704871592, ack 2400131089, win 26787, options [mss 8961,sackOK,TS val 1303431 ecr 1110938,nop,wscale 7,mptcp capable csum {0x8a5c5b6fcd7bf231}], length 0 : 15:41:33.557278 IP 172.31.5.60.52262 > 172.31.12.74.80: Flags [.], ack 1, win 211, options [nop,nop,TS val 1110939 ecr 1303431,mptcp add-addr id 3 172.31.3.145,mptcp dss ack 2505716611], length 0
  55. 55.

     15:41:33.557287 IP 172.31.5.60.52262 > 172.31.12.74.80: Flags [P.], seq 1:77,

    ack 1, win 211, options [nop,nop,TS val 1110939 ecr 1303431,mptcp dss ack 2505716611 seq 2100110096 subseq 1 len 76 csum 0x9a94], length 76: HTTP: GET / HTTP/1.1 : : 15:41:33.557411 IP 172.31.3.145.46490 > 172.31.12.74.80: Flags [S], seq 3818148095, win 26883, options [mss 8961,sackOK,TS val 1110939 ecr 0,nop,wscale 7,mptcp join id 3 token 0xc719e5b2 nonce 0xe19a24b4], length 0 : : 15:41:33.557584 IP 172.31.12.74.80 > 172.31.3.145.46490: Flags [P.], seq 1:860, ack 1, win 419, options [nop,nop,TS val 1303431 ecr 1110939,mptcp dss ack 2100110172 seq 2505716611 subseq 1 len 859 csum 0x7e75], length 859: HTTP: HTTP/1.1 200 OK
  56. 56.

    ৄ͘͠͸ ҎԼུ 

  57. 57.

    ·ͱΊ  ✦ -͓΋͠Ζ͍ʢͻͱ͝ͱ ✦ -Α͘Ͱ͖ͯΔ ✦ -͛Μ͖ͭͯ͡ ✦ -ͦΖͦΖΈΒ͍͕Έ͍ͨ

  58. 58.

    ·ͱΊ  ✦ -"84͸Ϋϥ΢υઓ૪ͷ࠶ઌ୺ΛݗҾ ✦ -71$ͷ੍໿ΛΑ͘ཧղͯ͠ར༻͠·͠ΐ͏ ✦ -71$͸ݱ࣮తͳ*1ΞυϨεઃܭΛ ✦ -.15$1ָͦ͠͏͚ͩͲϋϚΓͦ͏