DDoS攻撃との終わりなき戦い/endless_battle_with_ddos_attack

Transcript

1. ٱถ୓അ / GMO Pepabo, Inc.
   2018.06.16 PHPΧϯϑΝϨϯε෱Ԭ
   %%P4߈ܸͱͷऴΘΓͳ͖ઓ͍
   

   View Slide

2. (.0ϖύϘΠϯϑϥΤϯδχΞ
   ٱถ୓അ@takumakume
   phpinfo()
   ޷͖ͳ1)1ͷؔ਺
   

   View Slide

3. %%P4߈ܸͱ͸ʁ
   

   View Slide

4. ΢ΣϒαʔϏε͕Քಇ͍ͯ͠Δαʔό΍ωοτϫʔΫ΁
   େྔͷϦΫΤετ΍ڊେͳσʔλΛૹΓ͚ͭΔͳͲͯ͠
   αʔϏεΛར༻ෆೳʹ͢Δ
   wikipedia
   
   
   %P4߈ܸ
   

   View Slide

5. %P4߈ܸΛେྔͷϚγϯ͔ΒͭͷαʔϏεʹ࢓ֻ͚Δ
   wikipedia
   
   
   %%P4߈ܸ
   

   View Slide

6. %P4߈ܸΛେྔͷϚγϯ͔ΒͭͷαʔϏεʹ࢓ֻ͚Δ
   wikipedia
   
   
   %%P4߈ܸ
   ߈ܸن໛͕େ͖͍
   ෳ਺ͷ*1ΞυϨε͔ΒདྷΔͨΊ੍ޚͮ͠Β͍
   

   View Slide

7. wϫϯίΠϯ͔Β%%P4߈ܸ͕Ͱ͖ΔαʔϏε͕ଘࡏ
   wߴߍੜ͕%%P4߈ܸʹΑΓݕڍ
   w࠷ۙఠൃ͞Εͨwebstresserͱ͍͏αʔϏε
   wར༻ऀɹɿສઍਓ
   w߈ܸճ਺ɿສճ
   wར༻ྉۚɿԁ͘Β͍͔Β
   ࡢࠓͷ%%P4߈ܸࣄ৘
   ୭Ͱ΋खܰʹ%%P4߈ܸ͕Ͱ͖Δ࣌୅
   
   
   

   View Slide

8. Πϯλʔωοτ্Ͱ
   αʔϏεΛఏڙ͍ͯ͠ΔํͳΒ
   Ұ౓͘Β͍%%P4߈ܸͷܦݧ
   ͋Γ·͢ΑͶʁ
   

   View Slide

9. 
   
   ຊ೔͸ɺ%%P4߈ܸʹର͢Δ
   ͰͷऔΓ૊ΈΛ঺հ͠·͢ʂ
   

   View Slide

10. wલఏɿγεςϜߏ੒ͱ%%P4߈ܸͷӨڹ
    w՝୊ɿ%%P4߈ܸ΁ͷݱঢ়ͷରԠͱ՝୊
    w࣮૷ɿࣗಈԽʹΑΔ%%P4߈ܸͷରԠ
    w·ͱΊ
    ໨࣍
    
    
    

    View Slide

11. લఏ ՝୊ ࣮૷
    γεςϜߏ੒ͱ
    %%P4߈ܸͷӨڹ
    

    View Slide

12. View Slide

13. ֹ݄ԁ͔Βར༻Ͱ͖Δʂ
    

    View Slide

14. ֹ݄ԁ͔Βར༻Ͱ͖Δʂ
    ඵؒ໿ສઍϦΫΤετΛॲཧʂ
    

    View Slide

15. ֹ݄ԁ͔Βར༻Ͱ͖Δʂ
    ສαΠτҎ্ӡ༻தʂ
    ඵؒ໿ສઍϦΫΤετΛॲཧʂ
    

    View Slide

16. γεςϜߏ੒
    
    
    

    View Slide

17. σʔληϯλʔ
    ฐࣾςφϯτ
    ήʔτ΢ΣΠεΠον
    ήʔτ΢ΣΠεΠον
    ϩʔυόϥϯα
    ϦόʔεϓϩΩγ
    Πϯλʔωοτ
    8αʔό 8αʔό 8αʔό
    
    
    ϦόʔεϓϩΩγ
    

    View Slide

18. σʔληϯλʔ
    ฐࣾςφϯτ
    ήʔτ΢ΣΠεΠον
    ήʔτ΢ΣΠεΠον
    ϩʔυόϥϯα
    ϦόʔεϓϩΩγ
    Πϯλʔωοτ
    8αʔό 8αʔό 8αʔό
    
    
    ϦόʔεϓϩΩγ
    σʔληϯλʔΛआΓͯ
    ΦϯϓϨϛεͰ
    ߏங͍ͯ͠Δ
    

    View Slide

19. σʔληϯλʔ
    ฐࣾςφϯτ
    ήʔτ΢ΣΠεΠον
    ήʔτ΢ΣΠεΠον
    ϦόʔεϓϩΩγ
    Πϯλʔωοτ
    8αʔό 8αʔό 8αʔό
    
    
    ϦόʔεϓϩΩγ
    ϩʔυόϥϯα
    άϩʔόϧωοτϫʔΫ
    

    View Slide

20. σʔληϯλʔ
    ฐࣾςφϯτ
    ήʔτ΢ΣΠεΠον
    ήʔτ΢ΣΠεΠον
    ϦόʔεϓϩΩγ
    Πϯλʔωοτ
    8αʔό 8αʔό 8αʔό
    
    
    ϦόʔεϓϩΩγ
    *1 *1
    *1 *1
    ϩʔυόϥϯα
    άϩʔόϧ*1ΞυϨε͕
    ݸ΄Ͳ
    -74 -JOVY7JSUVBM4FSWFS
    
    ͷػೳͰ͋Δ*174Λ࢖ͬͨ-#
    

    View Slide

21. σʔληϯλʔ
    ฐࣾςφϯτ
    ήʔτ΢ΣΠεΠον
    ήʔτ΢ΣΠεΠον
    ϩʔυόϥϯα
    ϦόʔεϓϩΩγ
    Πϯλʔωοτ
    8αʔό 8αʔό 8αʔό
    
    
    ϦόʔεϓϩΩγ
    αΠτ αΠτ
    αΠτ αΠτ αΠτ
    αΠτ αΠτ αΠτ
    αΠτ
    ୆͋ͨΓ਺ઍαΠτ
    ͓٬༷ͷίϯςϯπΛॲཧ͢Δ
    

    View Slide

22. σʔληϯλʔ
    ฐࣾςφϯτ
    ήʔτ΢ΣΠεΠον
    ήʔτ΢ΣΠεΠον
    ϩʔυόϥϯα
    ϦόʔεϓϩΩγ
    Πϯλʔωοτ
    8αʔό 8αʔό 8αʔό
    
    
    ϦόʔεϓϩΩγ
    αΠτ αΠτ
    αΠτ
    *1
    άϩʔόϧ*1͋ͨΓ
    ୆ͷ8αʔό
    άϩʔόϧ*1͋ͨΓ
    ਺ઍαΠτ
    

    View Slide

23. 
    
    %%P4߈ܸͷӨڹ
    

    View Slide

24. σʔληϯλʔ
    ฐࣾςφϯτ
    ήʔτ΢ΣΠεΠον
    ήʔτ΢ΣΠεΠον
    ϩʔυόϥϯα
    ϦόʔεϓϩΩγ
    Πϯλʔωοτ
    8αʔό 8αʔό 8αʔό
    
    
    ϦόʔεϓϩΩγ
    *1
    %%P4߈ܸ
    ߈ܸର৅
    

    View Slide

25. σʔληϯλʔ
    ฐࣾςφϯτ
    ήʔτ΢ΣΠεΠον
    ήʔτ΢ΣΠεΠον
    ϩʔυόϥϯα
    ϦόʔεϓϩΩγ
    Πϯλʔωοτ
    8αʔό 8αʔό 8αʔό
    
    
    ϦόʔεϓϩΩγ
    *1
    %%P4߈ܸ
    ߈ܸର৅
    େྔͷτϥϑΟοΫʹΑΓ෺ཧతͳ
    ωοτϫʔΫଳҬ͕ຒ·ͬͯ͠·͍
    ௨ৗͷΞΫηε͕େ͖͘஗Ԇ͢Δ
    ⾨͜͜ͱ͔
    ⾨͜͜
    

    View Slide

26. 
    
    Ϩϯλϧαʔόʹ͓͚Δ
    %%P4߈ܸ
    

    View Slide

27. Ϩϯλϧαʔόʹ͓͚Δ%%P4߈ܸ
    8αʔό 8αʔό 8αʔό
    αΠτ αΠτ
    αΠτ αΠτ αΠτ
    αΠτ αΠτ αΠτ
    αΠτ
    ଟछଟ༷ͳɺສҎ্ͷαΠτ
    ߈ܸͷඪతʹͳΔϦεΫ͕ߴ͍
    
    
    

    View Slide

28. Ϩϯλϧαʔόʹ͓͚Δ%%P4߈ܸ
    ͲͷαΠτʹର͢Δ߈ܸͳͷ͔෼͔Γʹ͍͘
    ͷͰରԠ͠ʹ͍͘
    ϩʔυόϥϯα
    8αʔό 8αʔό 8αʔό
    αΠτ αΠτ
    αΠτ
    *1
    *1ΞυϨε͋ͨΓ਺ઍαΠτ
    

    View Slide

29. Ϩϯλϧαʔόʹ͓͚Δ%%P4߈ܸ
    ߈ܸͷେ൒͸)551ϓϩτίϧͰ͸ͳ͍ͷͰ
    υϝΠϯ໊ͷ৘ใ͸ಘΒΕͳ͍
    ϩʔυόϥϯα
    8αʔό 8αʔό 8αʔό
    αΠτ αΠτ
    αΠτ
    *1
    *1ΞυϨε͋ͨΓ਺ઍαΠτ
    

    View Slide

30. ՝୊
    લఏ ࣮૷
    %%P4߈ܸ΁ͷ
    ݱঢ়ͷରԠͱ՝୊
    

    View Slide

31. 
    
    %%P4߈ܸΛͭʹ෼ྨ
    

    View Slide

32. தن໛%%P4߈ܸ
    
    
    w αʔϏεͷܧଓʹӨڹΛ༩͑Δɻ
    w %$಺ͷଞςφϯτͷαʔϏεʹӨڹͳ͠ɻ
    σʔληϯλʔ
    ฐࣾςφϯτ
    ήʔτ΢ΣΠεΠον
    ήʔτ΢ΣΠεΠον
    ϩʔυόϥϯα
    Πϯλʔωοτ
    %%P4߈ܸ
    ଞςφϯτ
    ଳҬ͕ຒ·ͬͨ
    

    View Slide

33. େن໛%%P4߈ܸ
    
    
    σʔληϯλʔ
    ฐࣾςφϯτ
    ήʔτ΢ΣΠεΠον
    ήʔτ΢ΣΠεΠον
    ϩʔυόϥϯα
    Πϯλʔωοτ
    %%P4߈ܸ
    ଞςφϯτ ଳҬ͕ຒ·ͬͨ
    w αʔϏεͷܧଓʹӨڹΛ༩͑Δɻ
    w %$಺ͷଞςφϯτͷαʔϏεʹӨڹ͋Γɻ
    

    View Slide

34. 
    
    ͦΕͧΕͷରԠํ๏
    

    View Slide

35. தن໛%%P4߈ܸ
    
    
    σʔληϯλʔ
    ฐࣾςφϯτ
    ήʔτ΢ΣΠεΠον
    ήʔτ΢ΣΠεΠον
    ϩʔυόϥϯα
    Πϯλʔωοτ
    %%P4߈ܸ
    ଞςφϯτ
    ଳҬ͕ຒ·ͬͨ
    

    View Slide

36. தن໛%%P4߈ܸ
    
    
    σʔληϯλʔ
    ฐࣾςφϯτ
    ήʔτ΢ΣΠεΠον
    ήʔτ΢ΣΠεΠον
    ϩʔυόϥϯα
    Πϯλʔωοτ
    %%P4߈ܸ
    ଞςφϯτ
    ଳҬΛ֬อʂ
    %%P4ରࡦػث
    ःஅ
    w %%P4ରࡦػثΛಋೖ
    w ߈ܸͷύλʔϯʹ߹கͨ͠৔߹ʹ௨৴Λ
    ःஅ
    w αʔϏε༻ͷωοτϫʔΫଳҬΛ֬อ
    

    View Slide

37. େن໛%%P4߈ܸ
    
    
    σʔληϯλʔ
    ฐࣾςφϯτ
    ήʔτ΢ΣΠεΠον
    ήʔτ΢ΣΠεΠον
    ϩʔυόϥϯα
    Πϯλʔωοτ
    %%P4߈ܸ
    ଞςφϯτ ଳҬ͕ຒ·ͬͨ
    

    View Slide

38. େن໛%%P4߈ܸ
    
    
    σʔληϯλʔ
    ฐࣾςφϯτ
    ήʔτ΢ΣΠεΠον
    ήʔτ΢ΣΠεΠον
    ϩʔυόϥϯα
    Πϯλʔωοτ
    %%P4߈ܸ
    ଞςφϯτ ଳҬ͕ຒ·ͬͨ
    %%P4ରࡦػث
    w %%P4ରࡦػث͕͋ͬͯ΋σʔληϯλʔ಺
    ͷωοτϫʔΫଳҬ͕ຒ·Δͱҙຯ͕ͳ͍
    

    View Slide

39. େن໛%%P4߈ܸ
    
    
    σʔληϯλʔ
    ฐࣾςφϯτ
    ήʔτ΢ΣΠεΠον
    ήʔτ΢ΣΠεΠον
    ϩʔυόϥϯα
    Πϯλʔωοτ
    %%P4߈ܸ
    ଞςφϯτ ଳҬΛ֬อ
    w %$ࣄۀऀ͸߈ܸର৅*1ΞυϨεΛϒ
    ϥοΫϗʔϧϧʔςΟϯά͢Δ
    w ߈ܸର৅ͷ*1ΞυϨεͷ௨৴ܦ࿏Λ
    ۂ͛ͯτϥϑΟοΫΛࣺͯΔ
    w %$಺ͷଳҬΛ֬อ
    

    View Slide

40. େن໛%%P4߈ܸ
    
    
    σʔληϯλʔ
    ฐࣾςφϯτ
    ήʔτ΢ΣΠεΠον
    ήʔτ΢ΣΠεΠον
    ϩʔυόϥϯα
    Πϯλʔωοτ
    %%P4߈ܸ
    ଞςφϯτ ଳҬΛ֬อ
    w %$ࣄۀऀ͸߈ܸର৅*1ΞυϨεΛϒϩοΫ
    ϗʔϧϧʔςΟϯά͢Δ
    w *1ΞυϨεͷ௨৴ܦ࿏Λۂ͛ͯτϥϑΟοΫ
    ΛࣺͯΔ
    w %$಺ͷଳҬΛ֬อ
    ͜ͷରԠ͕൵ܶΛੜΉ
    

    View Slide

41. σʔληϯλʔ
    ฐࣾςφϯτ
    ήʔτ΢ΣΠεΠον
    ήʔτ΢ΣΠεΠον
    ϩʔυόϥϯα
    Πϯλʔωοτ
    8αʔό 8αʔό 8αʔό
    αΠτ αΠτ
    αΠτ
    *1
    େن໛%%P4߈ܸ
    ߈ܸର৅
    ʙ
    8αʔό
    αΠτ αΠτ
    αΠτ
    *1
    ϩʔυόϥϯα
    άϩʔόϧ*1͋ͨΓ
    ୆ͷ8αʔό
    άϩʔόϧ*1͋ͨΓ
    ਺ઍαΠτ
    

    View Slide

42. σʔληϯλʔ
    ฐࣾςφϯτ
    ήʔτ΢ΣΠεΠον
    ήʔτ΢ΣΠεΠον
    ϩʔυόϥϯα
    Πϯλʔωοτ
    8αʔό 8αʔό 8αʔό
    αΠτ αΠτ
    αΠτ
    *1
    େن໛%%P4߈ܸ
    ߈ܸର৅
    ʙ
    8αʔό
    αΠτ αΠτ
    αΠτ
    *1
    ϒϥοΫϗʔϧϧʔςΟϯά͞Εͨ*1ΞυϨεʹ
    ඥͮ͘αΠτ͕Πϯλʔωοτ͔Β࢟Λফ͢
    ϩʔυόϥϯα
    

    View Slide

43. σʔληϯλʔ
    ฐࣾςφϯτ
    ήʔτ΢ΣΠεΠον
    ήʔτ΢ΣΠεΠον
    Πϯλʔωοτ
    8αʔό 8αʔό 8αʔό
    αΠτ αΠτ
    αΠτ
    *1
    େن໛%%P4߈ܸ
    *1
    ʙ
    ༨৒ͷผ*1ΞυϨεʹ෇͚ସ͑Δ
    ϩʔυόϥϯα
    

    View Slide

44. *1ΞυϨεͷ෇͚ସ͑ͷྲྀΕ
    ϒϥοΫϗʔϧϧʔςΟϯά࣌ʹ%$͔ΒΦϯίʔϧΛड͚Δ
    γεςϜͷ%#ͱϩʔυόϥϯαʔΛൺֱۭ͖͠*1ΞυϨεΛ୳͢
    γεςϜͷ%#ʹ࢖͍ͬͯΔ*1ΞυϨε͕͋Γɺϩʔυόϥϯαʔʹۭ͖ΛؚΉ
    ͢΂ͯͷ*1ΞυϨε͕*174Ͱ෇༩͞Ε͍ͯΔɻ
    γεςϜͷ%#ΛΞοϓσʔτ͢Δ
    ϒϥοΫϗʔϧϧʔςΟϯά͞Εͨ*1ΞυϨεΛ৽͍͠*1ΞυϨεʹ6QEBUFɻ
    

    View Slide

45. σʔληϯλʔ
    ฐࣾςφϯτ
    ήʔτ΢ΣΠεΠον
    ήʔτ΢ΣΠεΠον
    Πϯλʔωοτ
    8αʔό 8αʔό 8αʔό
    αΠτ αΠτ
    αΠτ
    *1 *1
    ʙ
    ϩʔυόϥϯα
    ΞΫηε
    

    View Slide

46. *1ΞυϨεͷ෇͚ସ͑ͷ՝୊
    
    
    Φϯίʔϧ΍ॏཁίϯϙʔωϯτͷૢ࡞͸࡞ۀऀ΁ͷετϨε
    खಈͰ͸ΦϖϨʔγϣϯϛε͕ൃੜ͢ΔϦεΫ͕͋Δ
    Φϯίʔϧ͔ΒରԠ׬ྃ·Ͱ਺ઍͷαΠτ͕ఀࢭ͢Δ
    

    View Slide

47. *1ΞυϨεͷ෇͚ସ͑ͷ՝୊
    
    
    Φϯίʔϧ΍ॏཁίϯϙʔωϯτͷૢ࡞͸࡞ۀऀ΁ͷετϨε
    खಈͰ͸ΦϖϨʔγϣϯϛε͕ൃੜ͢ΔϦεΫ͕͋Δ
    ࣗಈԽ΁
    Φϯίʔϧ͔ΒରԠ׬ྃ·Ͱ਺ઍͷαΠτ͕ఀࢭ͢Δ
    

    View Slide

48. ࣮૷
    લఏ ՝୊
    ࣗಈԽʹΑΔ
    %%P4߈ܸͷରԠ
    

    View Slide

49. 
    
    ϒϥοΫϗʔϧϧʔςΟϯά࣌ʹ%$͔ΒΦϯίʔϧΛड͚Δ
    γεςϜͷ%#ͱϩʔυόϥϯαʔΛൺֱۭ͖͠*1ΞυϨεΛ୳͢
    γεςϜͷ%#ΛΞοϓσʔτ͢Δ
    

    View Slide

50. 
    
    ϒϥοΫϗʔϧϧʔςΟϯά࣌ʹ%$͔ΒΦϯίʔϧΛड͚Δ
    γεςϜͷ%#ͱϩʔυόϥϯαʔΛൺֱۭ͖͠*1ΞυϨεΛ୳͢
    γεςϜͷ%#ΛΞοϓσʔτ͢Δ
    Πϯλʔωοτ͔Β*1ΞυϨεͷૄ௨ੑ͕ࣦΘΕΔ͜ͱΛνΣοΫ͢Δ
    

    View Slide

51. ࣮૷ʹ͓͚Δ஫ҙ఺
    σʔληϯλʔ ήʔτ΢ΣΠεΠον
    ήʔτ΢ΣΠεΠον
    ϩʔυόϥϯα
    Πϯλʔωοτ
    αʔό
    *1
    Πϯλʔωοτ͔Βͷ
    ೖΓޱΛ੍ޚ͢Δ
    %$಺͔ΒͰ͸ϒϥοΫϗʔϧϧʔςΟϯάʹؾ͚ͮͳ͍
    

    View Slide

52. %$಺͔ΒͰ͸ϒϥοΫϗʔϧϧʔςΟϯάʹؾ͚ͮͳ͍
    σʔληϯλʔ ήʔτ΢ΣΠεΠον
    ήʔτ΢ΣΠεΠον
    ϩʔυόϥϯα
    Πϯλʔωοτ
    αʔό
    *1
    σʔληϯλʔ֎͔Β
    νΣοΫ͢Δඞཁ͕͋Δ
    

    View Slide

53. νΣοΧʔ
    ࣗಈԽ
    ΞϓϦέʔγϣϯ
    σʔληϯλʔ಺
    ผσʔληϯλʔ
    ϩʔυόϥϯα
    *1
    ᶄ
    ᶃ ᶅ
    1JOHΛ࣮ߦ
    ݁ՌΛฦ٫
    νΣοΫΛґཔ
    

    View Slide

54. νΣοΧʔ
    ࣗಈԽ
    ΞϓϦέʔγϣϯ
    σʔληϯλʔ಺
    ผσʔληϯλʔ
    ϩʔυόϥϯα
    *1
    ᶄ
    ᶃ ᶅ
    1JOHΛ࣮ߦ
    ݁ՌΛฦ٫
    νΣοΫΛґཔ
    ൚༻ੑͷߴ͍ΠϯλʔϑΣΠε
    ʹͯ͠ɺผͷ༻్Ͱ΋࢖͑Δ
    Α͏ʹ͍ͨ͠ɻ
    

    View Slide

55. νΣοΧʔ
    ࣗಈԽ
    ΞϓϦέʔγϣϯ
    σʔληϯλʔ಺
    ผσʔληϯλʔ
    ϩʔυόϥϯα
    *1
    ᶄ
    ᶃ ᶅ
    νΣοΫΛґཔ
    1JOHΛ࣮ߦ
    ݁ՌΛฦ٫
    /icmp?ipaddr=X.X.X.X&timeout=3&max_tries=5
    { "status" : true, "error" : "" }
    8FC"1*
    

    View Slide

56. νΣοΧʔ
    nginx
    ngx_mruby
    mruby script
    HttpRequest JSON
    mruby-fast-remote-check
    /icmp?ipaddr=X.X.X.X
    {
    "status" : true,
    "error" : ""
    }
    ϩʔυόϥϯα
    *1ΞυϨε
    Ping
    

    View Slide

57. • ngx_mruby
    wฐࣾͷ!NBUTVNPUPSZ͕։ൃ͍ͯ͠Δ
    wOHJOYʹ૊ΈࠐΉ͜ͱͰɺϓϩηεͷىಈ΍ϦΫΤετ
    ͷλΠϛϯάΛܖػʹNSVCZͷεΫϦϓτΛ࣮ߦͰ͖Δ
    wNSVCZ૊ΈࠐΈ޲͚ͷܰྔ3VCZ
    • mruby-fast-remote-check
    wߴ଎ʹϙʔτͷ-JTUFOΛνΣοΫͨ͠Γɺ*$.1ͷνΣο
    Ϋ͕Ͱ͖ΔNSCHFN 3VCZͰݴ͏HFN
    
    νΣοΧʔΛߏ੒͢Δओཁίϯϙʔωϯτ
    
    
    

    View Slide

58. location /icmp {
    mruby_content_handler_code '
    #
    uri = Nginx::Request.new.unparsed_uri
    #
    Nginx.rputs RemoteChecker::ICMP.new(uri).execute
    ';
    }
    ࣮ࡍͷίʔυ
    ϦΫΤετͷURIΛऔಘ
    ICMPͷνΣοΫΛߦ͍ɺ݁ՌͷJSONΛϨεϙϯε͢Δ
    
    
    

    View Slide

59. location /icmp {
    mruby_content_handler_code '
    #
    uri = Nginx::Request.new.unparsed_uri
    #
    Nginx.rputs RemoteChecker::ICMP.new(uri).execute
    ';
    }
    ࣮ࡍͷίʔυ
    ϦΫΤετͷURIΛऔಘ
    ICMPͷνΣοΫΛߦ͍ɺ݁ՌͷJSONΛϨεϙϯε͢Δ
    RemoteChecker::ICMP.new(uri).execute
    mruby-fast-remote-checkΛWebAPIͱͯ͠࢖͏ͨΊͷϥούʔΫϥε
    https://github.com/takumakume/mruby-remote-checker-api
    

    View Slide

60. RemoteChecker::ICMP.new(uri).execute
    NSVCZSFNPUFDIFDLFSBQJ
    
    
    ICMPͷνΣοΫ
    PortͷListenνΣοΫ
    RemoteChecker::Port.new(uri).execute
    

    View Slide

61. location /icmp {
    mruby_content_handler_code '
    uri = Nginx::Request.new.unparsed_uri
    Nginx.rputs RemoteChecker::ICMP.new(uri).execute';
    }
    NSVCZSFNPUFDIFDLFSBQJ
    location /port {
    mruby_content_handler_code '
    uri = Nginx::Request.new.unparsed_uri
    Nginx.rputs RemoteChecker::Port.new(uri).execute';
    }
    /icmp?ipaddr=X.X.X.X
    /port?ipaddr=X.X.X.X&port=80
    

    View Slide

62. ߈ܸ͕ൃੜ͍ͯ͠ͳ͍ͷʹ
    ͪΒ΄Βμ΢ϯΛݕ஌͢Δ
    

    View Slide

63. ࣗಈԽ
    ΞϓϦέʔγϣϯ
    νΣοΧʔ
    ϩʔυόϥϯα
    1JOHΛ࣮ߦ
    νΣοΫΛґཔ
    *1 *1 *1 *1 *1
    ෳ਺ͷ*1ΞυϨεʹରͯ͠ಉ࣌ʹॲཧΛґཔ͢ΔͱҰ෦ࣦഊ͢Δ
    

    View Slide

64. ࣗಈԽ
    ΞϓϦέʔγϣϯ
    νΣοΧʔ
    ϩʔυόϥϯα
    1JOHΛ࣮ߦ
    νΣοΫΛґཔ
    *1 *1 *1 *1 *1
    ෳ਺ͷ*1ΞυϨεʹରͯ͠ಉ࣌ʹॲཧΛґཔ͢ΔͱҰ෦ࣦഊ͢Δ
    ϩʔυόϥϯα
    *1
    νΣοΧʔ
    

    View Slide

65. ϓϩηε
    X.X.X.X ʹ Ping
    X.X.X.X
    NIC
    

    View Slide

66. ϓϩηε
    X.X.X.X ʹ Ping
    X.X.X.X
    NIC
    Request
    ICMP Echo Request
    

    View Slide

67. ϓϩηε
    X.X.X.X ʹ Ping
    X.X.X.X
    socket
    socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)
    NIC
    Request
    ICMP Echo Request
    

    View Slide

68. ϓϩηε
    X.X.X.X ʹ Ping
    X.X.X.X
    socket
    sendto
    NIC
    Request
    

    View Slide

69. ϓϩηε
    X.X.X.X ʹ Ping
    X.X.X.X
    socket
    recv
    NIC
    Request
    ICMPύέοτΛ଴ͭ
    recv
    

    View Slide

70. ϓϩηε
    X.X.X.X ʹ Ping
    X.X.X.X
    socket
    NIC
    Reply
    Reply
    recv
    ICMP Echo Reply
    

    View Slide

71. ϓϩηε
    X.X.X.X ʹ Ping
    X.X.X.X
    socket
    NIC
    Reply
    Reply
    ICMPύέοτͷ
    ૹ৴ઌͱૹ৴ݩIPΞυϨε
    Λൺֱ
    (ݫີʹ͸ଞʹ΋৚݅͋Γ)
    ↓
    ಉ͡ͳΒtrue
    ICMP Echo Reply
    

    View Slide

72. ࣗಈԽ
    ΞϓϦέʔγϣϯ
    νΣοΧʔ
    ϩʔυόϥϯα
    1JOHΛ࣮ߦ
    νΣοΫΛґཔ
    *1 *1 *1 *1 *1
    ෳ਺ͷ*1ΞυϨεʹରͯ͠ಉ࣌ʹॲཧΛґཔ͢ΔͱҰ෦ࣦഊ͢Δ
    ϩʔυόϥϯα
    *1
    νΣοΧʔ
    *1
    

    View Slide

73. ϓϩηε ϓϩηε
    X.X.X.X ʹ Ping Y.Y.Y.Y ʹ Ping
    X.X.X.X Y.Y.Y.Y
    NIC
    

    View Slide

74. ϓϩηε ϓϩηε
    X.X.X.X ʹ Ping Y.Y.Y.Y ʹ Ping
    X.X.X.X Y.Y.Y.Y
    socket
    sendto
    NIC
    socket
    Request Request
    socket
    

    View Slide

75. ϓϩηε ϓϩηε
    X.X.X.X ʹ Ping Y.Y.Y.Y ʹ Ping
    X.X.X.X Y.Y.Y.Y
    socket
    NIC
    socket
    Request Request
    recv
    recv recv
    

    View Slide

76. ϓϩηε ϓϩηε
    X.X.X.X ʹ Ping Y.Y.Y.Y ʹ Ping
    X.X.X.X Y.Y.Y.Y
    socket
    NIC
    socket
    Reply
    recv recv
    

    View Slide

77. ϓϩηε ϓϩηε
    X.X.X.X ʹ Ping Y.Y.Y.Y ʹ Ping
    X.X.X.X Y.Y.Y.Y
    socket
    NIC
    socket
    recv recv
    Reply Reply
    

    View Slide

78. 
    
    raw socket ͸ɺ Linux ͷ͢΂ͯͷ IP ϓϩτίϧΛ
    ड৴͢Δ͜ͱ͕Ͱ͖Δɻ
    raw socket ͕ෳ਺͋Ε͹ͦΕͧΕʹ౉͞ΕΔɻ
    man raw(7)
    

    View Slide

79. ϓϩηε ϓϩηε
    X.X.X.X ʹ Ping Y.Y.Y.Y ʹ Ping
    X.X.X.X Y.Y.Y.Y
    socket
    NIC
    socket
    recv recv
    Reply Reply
    X.X.X.X
    ͔ΒͷReply
    

    View Slide

80. ϓϩηε ϓϩηε
    X.X.X.X ʹ Ping Y.Y.Y.Y ʹ Ping
    X.X.X.X Y.Y.Y.Y
    NIC
    socket
    recv
    recvΛϦτϥΠ
    

    View Slide

81. ϓϩηε ϓϩηε
    X.X.X.X ʹ Ping Y.Y.Y.Y ʹ Ping
    X.X.X.X Y.Y.Y.Y
    NIC
    socket
    recv
    recvΛϦτϥΠ
    Reply
    

    View Slide

82. ϓϩηε ϓϩηε
    X.X.X.X ʹ Ping Y.Y.Y.Y ʹ Ping
    X.X.X.X Y.Y.Y.Y
    NIC
    socket
    recv
    Reply
    Reply
    

    View Slide

83. ϓϩηε ϓϩηε
    X.X.X.X ʹ Ping Y.Y.Y.Y ʹ Ping
    X.X.X.X Y.Y.Y.Y
    NIC
    socket
    recv
    Reply
    Reply
    

    View Slide

84. 
    
    ϒϥοΫϗʔϧϧʔςΟϯά࣌ʹ%$͔ΒΦϯίʔϧΛड͚Δ
    γεςϜͷ%#ͱϩʔυόϥϯαʔΛൺֱۭ͖͠*1ΞυϨεΛ୳͢
    γεςϜͷ%#ΛΞοϓσʔτ͢Δ
    Πϯλʔωοτ͔Β*1ΞυϨεͷૄ௨ੑ͕ࣦΘΕΔ͜ͱΛνΣοΫ͢Δ
    

    View Slide

85. 
    
    ϒϥοΫϗʔϧϧʔςΟϯά࣌ʹ%$͔ΒΦϯίʔϧΛड͚Δ
    γεςϜͷ%#ͱϩʔυόϥϯαʔΛൺֱۭ͖͠*1ΞυϨεΛ୳͢
    γεςϜͷ%#ΛΞοϓσʔτ͢Δ
    Πϯλʔωοτ͔Β*1ΞυϨεͷૄ௨ੑ͕ࣦΘΕΔ͜ͱΛνΣοΫ͢Δ
    SQL ???
    

    View Slide

86. # ipvsadm -Ln
    IP Virtual Server version 1.2.1 (size=4096)
    Prot LocalAddress:Port Scheduler Flags
    -> RemoteAddress:Port Forward Weight ActiveConn InActConn
    TCP 203.0.113.1:443 rr
    -> 192.168.1.100:443 Route 1 1 0
    -> 192.168.1.101:443 Route 1 1 0
    -> 192.168.1.102:443 Route 1 1 0
    TCP 203.0.113.2:443 rr
    -> 192.168.1.100:443 Route 1 1 0
    -> 192.168.1.101:443 Route 1 1 0
    -> 192.168.1.102:443 Route 1 1 0
    :
    :
    ϩʔυόϥϯαʔͷ*1ΞυϨεऔಘ
    IPVSͷ؅ཧπʔϧ ipvsadm ίϚϯυͷ࣮ߦ݁Ռ
    

    View Slide

87. # ipvsadm -Ln
    IP Virtual Server version 1.2.1 (size=4096)
    Prot LocalAddress:Port Scheduler Flags
    -> RemoteAddress:Port Forward Weight ActiveConn InActConn
    TCP 203.0.113.1:443 rr
    -> 192.168.1.100:443 Route 1 1 0
    -> 192.168.1.101:443 Route 1 1 0
    -> 192.168.1.102:443 Route 1 1 0
    TCP 203.0.113.2:443 rr
    -> 192.168.1.100:443 Route 1 1 0
    -> 192.168.1.101:443 Route 1 1 0
    -> 192.168.1.102:443 Route 1 1 0
    :
    :
    ϩʔυόϥϯαʔͷ*1ΞυϨεऔಘ
    IPVSͷ؅ཧπʔϧ ipvsadm ίϚϯυͷ࣮ߦ݁Ռ
    ͜ͷ*1ΛΞυϨε΁ͷΞΫηεΛ
    ͜ͷ*1ΞυϨε΁సૹ͢Δ
    

    View Slide

88. # ipvsadm -Ln
    IP Virtual Server version 1.2.1 (size=4096)
    Prot LocalAddress:Port Scheduler Flags
    -> RemoteAddress:Port Forward Weight ActiveConn InActConn
    TCP 203.0.113.1:443 rr
    -> 192.168.1.100:443 Route 1 1 0
    -> 192.168.1.101:443 Route 1 1 0
    -> 192.168.1.102:443 Route 1 1 0
    TCP 203.0.113.2:443 rr
    -> 192.168.1.100:443 Route 1 1 0
    -> 192.168.1.101:443 Route 1 1 0
    -> 192.168.1.102:443 Route 1 1 0
    :
    :
    ϩʔυόϥϯαʔͷ*1ΞυϨεऔಘ
    IPVSͷ؅ཧπʔϧ ipvsadm ίϚϯυͷ࣮ߦ݁Ռ
    203.0.113.1
    203.0.113.2
    443
    443
    ͜ͷϙʔτͷ
    άϩʔόϧ*1ΞυϨεͷҰཡ͕ཉ͍͠
    8FCҎ֎ͷαʔϏε΋ڞଘ͍ͯ͠ΔͷͰ
    

    View Slide

89. # ipvsadm -Ln
    IP Virtual Server version 1.2.1 (size=4096)
    Prot LocalAddress:Port Scheduler Flags
    -> RemoteAddress:Port Forward Weight ActiveConn InActConn
    TCP 203.0.113.1:443 rr
    -> 192.168.1.100:443 Route 1 1 0
    -> 192.168.1.101:443 Route 1 1 0
    -> 192.168.1.102:443 Route 1 1 0
    TCP 203.0.113.2:443 rr
    -> 192.168.1.100:443 Route 1 1 0
    -> 192.168.1.101:443 Route 1 1 0
    -> 192.168.1.102:443 Route 1 1 0
    :
    :
    ϩʔυόϥϯαʔͷ*1ΞυϨεऔಘ
    IPVSͷ؅ཧπʔϧ ipvsadm ίϚϯυͷ࣮ߦ݁Ռ
    203.0.113.1
    203.0.113.2
    443
    443
    ͜ͷϙʔτͷ
    άϩʔόϧ*1ΞυϨεͷҰཡ͕ཉ͍͠
    ϩʔυόϥϯαΛ΋ͬͱ
    ϓϩάϥϚϒϧʹѻ͍͍ͨ
    

    View Slide

90. ࣗಈԽ
    ΞϓϦέʔγϣϯ
    ϩʔυόϥϯα
    ᶃ
    ᶄ
    /services
    [
    {
    "proto": "TCP",
    "addr": "203.0.113.1",
    "port": 443,
    "sched_name": "rr",
    "dests": ["192.168.1.100", ..]
    },
    :
    ]
    8FC"1*
    

    View Slide

91. ϩʔυόϥϯαʔ
    libipvs
    nginx
    ngx_mruby
    mruby-ipvs
    mruby script
    HttpRequest JSON
    /services
    [
    {
    "proto": "TCP",
    "addr": "203.0.113.1",
    "port": 443,
    "sched_name": "rr",
    "dests": ["192.168.1.100", ..]
    },
    :
    ]
    

    View Slide

92. • ngx_mruby
    • mruby-ipvs
    w!SSSFFFZZZࢯ͕։ൃ͍ͯ͠ΔNSCHFN
    w*174Λ؅ཧ͢Δ͜ͱ͕Ͱ͖ΔNSVCZͷΠϯλʔϑΣΠε
    νΣοΧʔΛߏ੒͢Δओཁίϯϙʔωϯτ
    
    
    

    View Slide

93. location /services {
    mruby_content_handler_code '
    #
    Nginx.rputs JSON.generate(IPVS.services.map(&:to_h))
    ';
    }
    ίʔυ͸͜Ε͚ͩ
    IPVSͷαʔϏεҰཡΛऔಘͯ͠JSONʹ͠ɺNginxͰϨεϙϯε͢Δɻ
    

    View Slide

94. 
    
    ϒϥοΫϗʔϧϧʔςΟϯά࣌ʹ%$͔ΒΦϯίʔϧΛड͚Δ
    γεςϜͷ%#ͱϩʔυόϥϯαʔΛൺֱۭ͖͠*1ΞυϨεΛ୳͢
    γεςϜͷ%#ΛΞοϓσʔτ͢Δ
    Πϯλʔωοτ͔Β*1ΞυϨεͷૄ௨ੑ͕ࣦΘΕΔ͜ͱΛνΣοΫ͢Δ
    

    View Slide

95. ࣗಈԽ
    ΞϓϦέʔγϣϯ
    νΣοΧʔ
    ϩʔυόϥϯα
    γεςϜ%#
    ᶃ
    ࢖༻த*1ΞυϨε
    ҰཡΛऔಘ
    

    View Slide

96. ࣗಈԽ
    ΞϓϦέʔγϣϯ
    νΣοΧʔ
    ϩʔυόϥϯα
    γεςϜ%#
    ᶃ
    ᶄ
    ࢖༻த*1ΞυϨε
    ҰཡΛऔಘ
    *1ΞυϨεͷ
    νΣοΫΛґཔ
    ᶄ
    1*/(
    *1
    

    View Slide

97. ࣗಈԽ
    ΞϓϦέʔγϣϯ
    νΣοΧʔ
    ϩʔυόϥϯα
    γεςϜ%#
    ᶃ
    ᶄ ᶅ
    ࢖༻த*1ΞυϨε
    ҰཡΛऔಘ
    *1ΞυϨεͷ
    νΣοΫΛґཔ
    *1ΞυϨεͷ
    νΣοΫ݁ՌΛฦ٫
    ᶄ
    1*/(
    *1
    

    View Slide

98. ࣗಈԽ
    ΞϓϦέʔγϣϯ
    νΣοΧʔ
    ϩʔυόϥϯα
    γεςϜ%#
    ᶃ
    ᶄ ᶅ
    ᶆ
    ࢖༻த*1ΞυϨε
    ҰཡΛऔಘ
    *1ΞυϨεͷ
    νΣοΫΛґཔ
    *1ΞυϨεͷ
    νΣοΫ݁ՌΛฦ٫
    ૄ௨͠ͳ͍*1ΞυϨε͕͋Ε͹ᶇ΁
    

    View Slide

99. ࣗಈԽ
    ΞϓϦέʔγϣϯ
    νΣοΧʔ
    ϩʔυόϥϯα
    γεςϜ%#
    ᶃ
    ᶄ ᶅ
    ᶆ
    ᶇ
    ࢖༻த*1ΞυϨε
    ҰཡΛऔಘ
    *1ΞυϨεͷ
    νΣοΫΛґཔ
    *1ΞυϨεͷ
    νΣοΫ݁ՌΛฦ٫
    ૄ௨͠ͳ͍*1ΞυϨε͕͋Ε͹ᶇ΁
    ͢΂ͯͷ*1ΞυϨεҰཡΛऔಘ
    

    View Slide

100. ࣗಈԽ
     ΞϓϦέʔγϣϯ
     νΣοΧʔ
     ϩʔυόϥϯα
     γεςϜ%#
     ᶃ
     ᶄ ᶅ
     ᶆ
     ᶇ
     ᶈ
     ࢖༻த*1ΞυϨε
     ҰཡΛऔಘ
     *1ΞυϨεͷ
     νΣοΫΛґཔ
     *1ΞυϨεͷ
     νΣοΫ݁ՌΛฦ٫
     ૄ௨͠ͳ͍*1ΞυϨε͕͋Ε͹ᶇ΁
     ͢΂ͯͷ*1ΞυϨεҰཡΛऔಘ
     ͢΂ͯͷ*1࢖༻தͷ*1
     ۭ͖*1ΞυϨε
     

     View Slide

101. ࣗಈԽ
     ΞϓϦέʔγϣϯ
     νΣοΧʔ
     ϩʔυόϥϯα
     γεςϜ%#
     ᶃ
     ᶄ ᶅ
     ᶆ
     ᶇ
     ᶈ
     ᶉ
     ࢖༻த*1ΞυϨε
     ҰཡΛऔಘ
     *1ΞυϨεͷ
     νΣοΫΛґཔ
     *1ΞυϨεͷ
     νΣοΫ݁ՌΛฦ٫
     ૄ௨͠ͳ͍*1ΞυϨε͕͋Ε͹ᶇ΁
     ͢΂ͯͷ*1ΞυϨεҰཡΛऔಘ
     ͢΂ͯͷ*1࢖༻தͷ*1
     ۭ͖*1ΞυϨε
     %#ͷΞοϓσʔτ
     

     View Slide

102. ·ͱΊ
     

     View Slide

103. લఏɿγεςϜߏ੒ͱ%%P4߈ܸͷӨڹ
     w खܰʹ%%P4߈ܸ͕Ͱ͖ΔΑ͏ʹͳͬͨࡢࠓɺϨϯαόۀքͰ΋ྫ֎ͳ
     ͘߈ܸ͕དྷ͍ͯͯαʔϏεʹӨڹΛٴ΅͍ͯ͠Δɻ
     w αʔϏε͕େن໛ʹͳΔ΄ͲαΠτ਺͕૿͑ͯඪతʹͳΔϦεΫ͕ߴ͍ɻ
     

     View Slide

104. લఏɿγεςϜߏ੒ͱ%%P4߈ܸͷӨڹ
     ՝୊ɿ%%P4߈ܸ΁ͷݱঢ়ͷରԠͱ՝୊
     w %$ͷΩϟύγςΟΛ௒͑ΔϨϕϧͷେن໛ͳ߈ܸ͕ൃੜͨ͠৔߹ʹɺ
     ฐࣾͷ৔߹͸ϒϥοΫϗʔϧϧʔςΟϯά͞ΕΔͨΊखಈରԠ͕ඞཁɻ
     w खಈରԠͰ͸෮چ͕஗͍͠ɺετϨε౓͕ߴ͍ɻΦϖϛε΋͋ΓಘΔɻ
     w खܰʹ%%P4߈ܸ͕Ͱ͖ΔΑ͏ʹͳͬͨࡢࠓɺϨϯαόۀքͰ΋ྫ֎ͳ
     ͘߈ܸ͕དྷ͍ͯͯαʔϏεʹӨڹΛٴ΅͍ͯ͠Δɻ
     w αʔϏε͕େن໛ʹͳΔ΄ͲαΠτ਺͕૿͑ͯඪతʹͳΔϦεΫ͕ߴ͍ɻ
     

     View Slide

105. લఏɿγεςϜߏ੒ͱ%%P4߈ܸͷӨڹ
     ՝୊ɿ%%P4߈ܸ΁ͷݱঢ়ͷରԠͱ՝୊
     ࣮૷ɿࣗಈԽʹΑΔ%%P4߈ܸͷରԠ
     w %$ͷΩϟύγςΟΛ௒͑ΔϨϕϧͷେن໛ͳ߈ܸ͕ൃੜͨ͠৔߹ʹɺ
     ฐࣾͷ৔߹͸ϒϥοΫϗʔϧϧʔςΟϯά͞ΕΔͨΊखಈରԠ͕ඞཁɻ
     w खಈରԠͰ͸෮چ͕஗͍͠ɺετϨε౓͕ߴ͍ɻΦϖϛε΋͋ΓಘΔɻ
     w ϏδωεϩδοΫΛҰՕॴʹूதͤ͞ɺࣗಈԽΛࢧ͑Δίϯϙʔωϯτ
     ͸Ͱ͖Δ͚ͩ൚༻ੑΛߴ͘͢Δ͜ͱͰศརͰ؅ཧ͠΍͍͢Α͏ʹͨ͠ɻ
     w ൚༻ੑͷߴ͍ΠϯλʔϑΣΠεͱͯ͠+40/ϕʔεͷ8FC"1*Λ࣮૷͠
     ͨɻOHY@NSVCZΛ࢖ͬͯ؆୯ʹ࡞Δ͜ͱ͕Ͱ͖ΔࣄྫΛ঺հͨ͠ɻ
     w खܰʹ%%P4߈ܸ͕Ͱ͖ΔΑ͏ʹͳͬͨࡢࠓɺϨϯαόۀքͰ΋ྫ֎ͳ
     ͘߈ܸ͕དྷ͍ͯͯαʔϏεʹӨڹΛٴ΅͍ͯ͠Δɻ
     w αʔϏε͕େن໛ʹͳΔ΄ͲαΠτ਺͕૿͑ͯඪతʹͳΔϦεΫ͕ߴ͍ɻ
     

     View Slide

106. ͍͞͝ʹ
     

     View Slide

107. %%P4߈ܸ
     ͷݕ஌͔Β෮چ·Ͱ͕
     ଎͘ɺָʹͳ͚ͬͨͩ
     

     View Slide

108. Πϯλʔωοτ্Ͱ
     αʔϏεΛఏڙ͠ଓ͚ΔݶΓ
     ߈ܸ͸ઈ͑ͣଓ͖·͢
     

     View Slide

109. 1)1ͷίϯςϯπΛ
     कΔͨΊʹ
     ʮ%%P4߈ܸͱͷऴΘΓͳ͖ઓ͍ʯ
     Λଓ͚͍͖͍ͯͨͱࢥ͍·͢ʂ
     

     View Slide

110. Ұॹʹઓ͏஥ؒΛืूதͰ͢ʂ
     ࠷৽ͷ࠾༻৘ใΛνΣοΫˠ !QC@SFDSVJU
     

     View Slide

111. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠
     GMO Pepabo, inc.
     @takumakume
     

     View Slide