AWSネットワークのL4以下の話 / aws-network-small-talks

"84ωοτϫʔΫͷ-ҎԼͷ࿩ େ୍ོଠ

Ϩϙʔτ ͱ͍͏໊ͷϦϯΫू ॻ͖·ͨ͠  http://dev.classmethod.jp/event/devio2017-awsnetwork-small-talks/

ࣗݾ঺հ /BNFେ୍ོଠ!UBLJQPOF +PCϓϦηʔϧε!Ϋϥεϝιου *OUFSFTUωοτϫʔΫσϓϩΠपΓ 'BWPSJUF"843PVUFͱ"$.͕޷͖

ࣗݾ঺հ ࠷ۙॻ͍ͨ%FW*0ͷهࣄ

ʲ࣭໰ʳ Which are you familiar with   Πϯϑϥ or
ΞϓϦ ? (ϑϧελοΫͱ͔͸͍͍Ͱ͢)

ຊηογϣϯͷͶΒ͍ Πϯϑϥͷํʹ͸;Ή;Ήɺ ΞϓϦͷํʹ͸͜ΜͳΜ͋ΔΜ͔

ຊηογϣϯͷͶΒ͍ "84ωοτϫʔΫɺͨͩ͠-ҎԼͷ  গ͠ϚχΞοΫͳ࿩  ͪΐͬͱະདྷͷ࿩୊  Λ͝঺հ͠·͢

✦ தͷਓͷͬͦ͜Γ࿩తͳ಺༰͸͋Γ·ͤΜ ✦ ͕࣌ؒݶΒΕΔͷͰɺ֓ཁͱࢀߟϦϯΫ঺հ͕ओ ✦ ؾʹͳΔͱ͜Ζɺৄ͍͠ͱ͜Ζ͸ηογϣϯޙPS ࠙਌ձͰ੠͔͚͍ͯͩ͘͞ʂ ͓͜ͱΘΓ

✦ "84σʔληϯλʔͱϋʔυ΢ΣΞ -෼ ✦ 71$Ծ૝ωοτϫʔΫͷ੍໿ -෼ ✦ 71$*1ΞυϨεઃܭ-ͱ*1W
-෼ ✦ .15$1 -෼ ✦ όοϑΝ෼ ΞδΣϯμ

ʲલఏʳ  AWSͷσʔληϯλʔͳͲ෺ཧ૚ͷ৘ใ͸  ηΩϡϦςΟ্ͷཧ༝Ͱඇެ։

✦ +BNFT)BNJMUPO ✦ 71BOE%JTUJOHVJTIFE&OHJOFFS BU"NB[PO8FC4FSWJDFT ✦ ൿີओٛͷ"84Πϯϑϥʹ͍ͭͯ "84SF*OWFOU ถࠃ։࠵ͷ೥࣍Πϕ
ϯτ Ͱ͔ͳΓৄ͘͠஻ͬͪΌ͏ਓ ✦ ͳͥʮϋϛϧτϯઌੜʯͱݺ͹ΕΔ ͷ͔͸஌Βͳ͍ ڭ͍͑ͯͩ͘͞

೔ຊޠղઆهࣄ΋๛෋ͳͷͰɺ͋ͱͰݟͯͶ ✦ SF*OWFOU ✦ 4105 "84*OOPWBUJPOBU4DBMFͷεϥΠυ͕εΰ͍ ZPTIJEBTIJOHP ✦ "NB[POσʔληϯλʔʹ͍ͭͯɺ+BNFT)BNJMUPO͕ޠΔc"HJMF
$BUJOUIFDMPVE ✦ SF*OWFOU ✦ "4$**KQɿւఈέʔϒϧ͔ΒΧελϜαʔόʔ·Ͱϋϛϧτϯઌੜ͕ޠ Δ෺ཧͳ"84 ʛΫϥ΢υͷྗΛݟ͚ͤͭͨ"84SF*OWFOU

)BNJMUPOઌੜͷSF*OWFOUͷηογϣϯ

͜͏͍͏ͷ

)BNJMUPOઌੜͷSF*OWFOUલ໷ࡇ

ࣗࣾௐୡ·͙ͬ͠Β

্ه:PVUVCFΑΓ

্ه:PVUVCFΑΓ ʹ"NB[PO͕ങऩͨ͠ "OOBQVSOB-BCT͕։ൃ &/" &MBTUJD/FUXPSL "EBQUFS ͷ͜ͱ

✦ .JDSPTPGUɺ(PPHMF΋΍Δؾຬʑ ✦ Ṗͷ൒ಋମϕϯμʔ΍*OUFMͳͲͱͷຶ݄ؔ܎͸ҡ࣋ ✦ "4*$ɺ'1("ɺ(1(16Λ૯ಈһͯ͠ͷ։ൃ߹ઓ ͸͠͹Β͘ଓ͖ͦ͏ ࣗࣾௐୡ͕ڝ૪ྗͷݯઘ

ωοτϫʔΫʹ࿩Λ໭ͯ͠ɺ ֎෦ͱͷ઀ଓ

֎෦ͱͷ઀ଓΠϯλʔωοτ઀ଓ ✦ Ϋϥ΢υք۾ͷΠϯλʔωοτपΓͷτϨϯυ ✦ ΞΫηεճઢ͔ΒΫϥ΢υ·ͰɺΠϯλʔωοτΛ  ܦ༝͢Δڑ཭Λ͍͔ʹ୹͘͢Δ͔ ✦ 8FCίϯςϯπ഑৴͚ͩͰͳ͘ɺ8FC"1*༻్΋

"NB[PO45SBOTGFS"DDFMFSBUJPO ೔ຊͷ  *41 "84Τοδ  ϩέʔγϣϯ "84๺ถ Ϧʔδϣϯ ΫϥΠΞϯτ "84͕؅ཧ͢Δ࠷దԽ 
͞ΕͨωοτϫʔΫ ༷ʑͳࣄۀऀͷճઢΛܦ༝ ͢ΔͷͰ௿଎ɺෆ҆ఆ

$ traceroute s3.amazonaws.com traceroute to s3-1.amazonaws.com (52.216.19.19), 64 hops
max, 52 byte packets 1 192.168.0.1 (192.168.0.1) 1.481 ms 1.161 ms 1.073 ms 2 * * * 3 10.202.106.132 (10.202.106.132) 137.229 ms 18.641 ms 14.711 ms 4 10.1.8.149 (10.1.8.149) 15.385 ms 18.950 ms 19.707 ms 5 203-165-19-161.rev.home.ne.jp (203.165.19.161) 23.791 ms 24.388 ms 203-165-19-169.rev.home.ne.jp (203.165.19.169) 25.050 ms 6 c2-be1.ot-dc.zaq.ad.jp (203.165.19.170) 19.202 ms c2-be2.ot-dc.zaq.ad.jp (203.165.19.162) 20.200 ms c2-be1.ot-dc.zaq.ad.jp (203.165.19.170) 17.320 ms 7 gw5-be2.ot-dc.zaq.ad.jp (203.165.0.10) 17.471 ms 19.493 ms 16.062 8 124.211.14.13 (124.211.14.13) 20.460 ms 18.600 ms 30.769 ms ISP(JCOM/ZAQ) ্Ґ(KDDI)

9 27.85.137.197 (27.85.137.197) 31.363 ms 27.85.137.221 (27.85.137.221) 22.929 ms
27.85.137.201 (27.85.137.201) 15.692 ms 10 tm4bbac01.bb.kddi.ne.jp (27.90.191.222) 25.392 ms tm4bbac02.bb.kddi.ne.jp (118.152.213.70) 22.993 ms 23.875 ms 11 otejbb205.int-gw.kddi.ne.jp (118.152.254.249) 21.882 ms otejbb206.int-gw.kddi.ne.jp (111.87.242.149) 22.873 ms 25.187 ms 12 pajbb002.int-gw.kddi.ne.jp (106.187.8.18) 149.087 ms pajbb001.int-gw.kddi.ne.jp (203.181.100.138) 130.144 ms pajbb002.int-gw.kddi.ne.jp (106.187.8.18) 138.444 ms 13 ix-pa9.int-gw.kddi.ne.jp (111.87.3.10) 115.556 ms ix-pa9.int-gw.kddi.ne.jp (111.87.3.34) 132.808 ms 144.030 ms 14 72.21.221.125 (72.21.221.125) 117.959 ms 122.599 ms 126.890 ms 15 * * * 16 * * * ্Ґ(KDDI೔ຊ) ্Ґ(KDDIࠃࡍճઢ) AWS

17 * * 205.251.229.104 (205.251.229.104) 191.384 ms 18 *
52.95.3.156 (52.95.3.156) 176.304 ms * 19 54.239.111.65 (54.239.111.65) 186.128 ms 54.239.110.25 (54.239.110.25) 187.097 ms 54.239.109.111 (54.239.109.111) 207.114 ms 20 205.251.244.191 (205.251.244.191) 203.306 ms 205.251.244.193 (205.251.244.193) 180.110 ms 205.251.244.219 (205.251.244.219) 178.358 ms 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 52.216.19.19 (52.216.19.19) 195.928 ms 175.533 ms 184.908 ms

$ traceroute takipone-public.s3-accelerate.amazonaws.com traceroute to takipone-public.s3-accelerate.amazonaws.com (54.239.194.24 max, 52
byte packets 1 192.168.0.1 (192.168.0.1) 2.333 ms 0.955 ms 0.784 ms 2 * * * 3 10.202.106.131 (10.202.106.131) 17.485 ms 27.664 ms 17.233 ms 4 10.1.8.153 (10.1.8.153) 16.582 ms 19.236 ms 14.757 ms 5 203-165-19-165.rev.home.ne.jp (203.165.19.165) 22.597 ms 15.612 ms 6 c1-be1.ot-dc.zaq.ad.jp (203.165.19.174) 17.330 ms c1-be2.ot-dc.zaq.ad.jp (203.165.19.166) 16.406 ms c1-be1.ot-dc.zaq.ad.jp (203.165.19.174) 17.791 ms 7 gw6-be1.ot-dc.zaq.ad.jp (203.165.0.46) 16.671 ms 14.980 ms 17.234 8 52.95.218.152 (52.95.218.152) 19.146 ms 27.820 ms 52.95.218.154 (52.95.218.154) 28.837 ms AWS ISP(JCOM/ZAQ)

9 52.95.30.199 (52.95.30.199) 21.646 ms 52.95.30.157 (52.95.30.157) 23.672 ms
52.95.30.163 (52.95.30.163) 18.503 ms 10 52.95.30.10 (52.95.30.10) 14.181 ms 52.95.30.36 (52.95.30.36) 20.127 ms 52.95.30.66 (52.95.30.66) 14.806 ms 11 27.0.0.118 (27.0.0.118) 32.002 ms 27.0.0.116 (27.0.0.116) 25.163 ms 27.0.0.115 (27.0.0.115) 16.204 ms 12 * * * ҎԼུ

ৄ͘͠͸ϒϩάͰ

֎෦ͱͷ઀ଓΠϯλʔωοτ઀ଓ ✦ "NB[PO45SBOTGFS"DDFMFSBUJPO ✦ (PPHMF&EHF/FUXPSL ✦ /FUqJY0QFO$POOFDUc0QFO$POOFDU

֎෦ͱͷ઀ଓϓϥΠϕʔτ઀ଓ ✦ "84%JSFDU$POOFDU &RVJOJY 5:04

֎෦ͱͷ઀ଓϓϥΠϕʔτ઀ଓ ✦ ࠃ಺ओཁΩϟϦΞͷاۀ޲͚*171/αʔϏεͰͷ  αϙʔτ͕Ұ८ ༗ঈΦϓγϣϯ ɻ࢖͏ͷ͕౰ͨΓલʹ ͳͬͨ ✦ "SDTUBS6OJWFSTBM0OF
✦ 874 ✦ 4NBSU71/ ✦ ΩϟϦΞʹΑͬͯಠࣗ৭΋ ઎༗ʹ஫ྗ΍྿ՁಛԽͳͲ

֎෦ͱͷ઀ଓϓϥΠϕʔτ઀ଓ ✦ ࠷ۙɺ-"$1-"(Λαϙʔτ ✦ ·࣮ͩҊ݅Ͱग़ձͬͨ͜ͱ͸ͳ͍ ✦ *OUFS3FHJPO%JSFDU$POOFDU %9
✦ େࡕϩʔΧϧϦʔδϣϯ։ઃͷڿʹ͸  ถࠃʹ͋Δ*OUFS3FHJPO%9͕೔ຊʹ΍͖ͬͯͯཉ͍͠

"NB[PO71$ͷ- ✦ ಠ࣮ࣗ૷ͷ$POTUSBJOFE-PWFS- ✦ ֎෦ͱͷ-֦ு͸ແ͍ ֎෦ͱ͸-Ͱ௨৴ ✦ ."$ΞυϨεِ͕૷Ͱ͖ͳ͍
✦ ϚϧνΩϟετϒϩʔυΩϟετ͕௨Βͳ͍ ✦ ΞαΠϯ͞Εͨ*1ΞυϨεҎ֎ͷ௨৴͸ઃఆ͕ඞཁ  ˠ4PVSDF%FTU*1$IFDLͷແޮԽ

Φεεϝ8FCهࣄ "84ωοτϫʔΫͷ࿦ཧ తͳଆ໘ʙ"84ͷόοΫ ϘʔϯωοτϫʔΫʹؔ͢ Δ%FFQͳ࿩ʢʣ ɿ $PEF;JOFʢίʔυδϯʣ IUUQDPEF[JOFKQ
BSUJDMFEFUBJM

ݩωλ

"NB[PO71$ͷ- ✦ "EWBODFE/FUXPSLJOHͱ͍͏ͱɺ-τϯωϦϯ άͷख๏ׂ͕ͱΧδϡΞϧʹग़ͯ͘Δ͆ ✦ "844PMVUJPOT"SDIJUFDUϒϩά"84Ͱ΋໾ʹཱͭτϯ ωϦϯάٕज़ೖ໳ ✦ "NB[PO71$Ͱ*1WΛͬ͘͞ͱςετ͢ΔͨΊʹ*4"5"1
τϯωϧΛ۷Δʛ%FWFMPQFST*0

71$ͷ֓೦ਤ

71$ͷ- ✦ ޷͖ͳ*1ϨϯδΛ71$ʹΞαΠϯ ࠷େ ✦ ϧʔλʔͳͲ༧໿*1ΞυϨεҎ֎͸ࣗ༝ʹ࢖͑Δ ✦ ଞͷϢʔβʔ΍ଞͷ71$ͱϨϯδ͕ॏෳͯ͠΋
0, ϐΞ઀ଓͳͲͰͷ૬ޓ઀ଓ͸/( ✦ "84Ϧʔδϣϯ͝ͱʹผʑ

71$ͷ- ✦ ($1͸άϩʔόϧͷ*1Ϩϯδ͔ΒϦʔδϣϯ͝ͱͷ *1Ϩϯδʹ੾ΓସΘͬͨ ✦ ΫϩεϦʔδϣϯ͚ͩͲϦʔδϣϯΛҙࣝͨ͠  Ϩϯδઃܭ͕ݱ࣮ղ ✦ ($1ͷαϒωοτ͸Ϋϩεκʔϯ
✦ -ͷ࣮૷͕ҟͳΔͷͰ୯७ൺֱ͸Ͱ͖ͳ͍

*1W ✦ ࠷ۙ71$͕*1WΛαϙʔτ ✦ ϥϯμϜʹͷϨϯδׂ͕Γ౰ͯΒΕΔ ✦ 1VCMJD1SJWBUFͷ۠ผ͕ແ͍ˠ&MBTUJD*1͕ແ͍

*1W ✦ &-#ɺ$MPVEGSPOU΋"-*"4ϨίʔυؚΊରԠࡁΈ ✦ ϑϧ*1WԽͷଞʹ&-#΍$MPVE'SPOUΛ༻͍ͨ  Ϙʔμʔ*1WԽ΋༗ྗͳબ୒ࢶ  8FCαʔόʔͳΒ͍ͭͰʹৗ࣌44-)551  ରԠ΋ʂ

Ϙʔμʔ*1WԽ CloudFront EC2 IPv6  Πϯλʔωοτ ͬͪ͜͸W ELB

ΞϓϦϓϩτίϧͷྺ࢙͸5$1ͱ6%1ͷӈԟࠨԟ TCP UDP

%/4 TCP UDP ✦ &%/4 &YUFOTJPO.FDIBOJTNTGPS%/4WFSTJPO ✦ 6%1ͷ%/4ͰૹΕΔόΠτΛӽ͑ΔͨΊʹ5$1
ϑΥʔϧόοΫػೳΛඋ͑Δ ✦ 3PVUF͸֓Ͷαϙʔτ͍ͯ͠Δ໛༷

)551 TCP UDP ✦ 26*$ ✦ (PPHMF͕ఏএ͢Δߴ଎ͳ)551 ✦ ରԠ͢Δ"84αʔϏε͸·ͩແ͍

.VMUJQBUI5$1 .15$1

.VMUJQBUI5$1ͷݕূ 172.31.5.60 172.31.12.74 172.31.3.145 nginx:80

$ sudo tcpdump -nn port 80 tcpdump: verbose output
suppressed, use -v or -vv for full protocol decode listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes 15:41:33.557044 IP 172.31.5.60.52262 > 172.31.12.74.80: Flags [S], seq 2400131088, win 26883, options [mss 8961,sackOK,TS val 1110938 ecr 0,nop,wscale 7,mptcp capable csum {0xc67c4184f77fdb3}], length 0 15:41:33.557104 IP 172.31.12.74.80 > 172.31.5.60.52262: Flags [S.], seq 3704871592, ack 2400131089, win 26787, options [mss 8961,sackOK,TS val 1303431 ecr 1110938,nop,wscale 7,mptcp capable csum {0x8a5c5b6fcd7bf231}], length 0 : 15:41:33.557278 IP 172.31.5.60.52262 > 172.31.12.74.80: Flags [.], ack 1, win 211, options [nop,nop,TS val 1110939 ecr 1303431,mptcp add-addr id 3 172.31.3.145,mptcp dss ack 2505716611], length 0

15:41:33.557287 IP 172.31.5.60.52262 > 172.31.12.74.80: Flags [P.], seq 1:77,
ack 1, win 211, options [nop,nop,TS val 1110939 ecr 1303431,mptcp dss ack 2505716611 seq 2100110096 subseq 1 len 76 csum 0x9a94], length 76: HTTP: GET / HTTP/1.1 : : 15:41:33.557411 IP 172.31.3.145.46490 > 172.31.12.74.80: Flags [S], seq 3818148095, win 26883, options [mss 8961,sackOK,TS val 1110939 ecr 0,nop,wscale 7,mptcp join id 3 token 0xc719e5b2 nonce 0xe19a24b4], length 0 : : 15:41:33.557584 IP 172.31.12.74.80 > 172.31.3.145.46490: Flags [P.], seq 1:860, ack 1, win 419, options [nop,nop,TS val 1303431 ecr 1110939,mptcp dss ack 2100110172 seq 2505716611 subseq 1 len 859 csum 0x7e75], length 859: HTTP: HTTP/1.1 200 OK

ৄ͘͠͸ ҎԼུ

·ͱΊ ✦ -͓΋͠Ζ͍ʢͻͱ͝ͱ ✦ -Α͘Ͱ͖ͯΔ ✦ -͛Μ͖ͭͯ͡ ✦ -ͦΖͦΖΈΒ͍͕Έ͍ͨ

·ͱΊ ✦ -"84͸Ϋϥ΢υઓ૪ͷ࠶ઌ୺ΛݗҾ ✦ -71$ͷ੍໿ΛΑ͘ཧղͯ͠ར༻͠·͠ΐ͏ ✦ -71$͸ݱ࣮తͳ*1ΞυϨεઃܭΛ ✦ -.15$1ָͦ͠͏͚ͩͲϋϚΓͦ͏

AWSネットワークのL4以下の話 / aws-network-small-talks

AWSネットワークのL4以下の話 / aws-network-small-talks

More Decks by takipone

Other Decks in Technology

Featured

Transcript