DDoS攻撃との終わりなき戦い/endless_battle_with_ddos_attack

Transcript

1. ٱถ୓അ / GMO Pepabo, Inc. 2018.06.16 PHPΧϯϑΝϨϯε෱Ԭ %%P4߈ܸͱͷऴΘΓͳ͖ઓ͍

2. (.0ϖύϘ
   ΠϯϑϥΤϯδχΞ ٱถ୓അ
   
   @takumakume phpinfo() ޷͖ͳ1)1ͷؔ਺

3. %%P4߈ܸͱ͸ʁ

4. ΢ΣϒαʔϏε͕Քಇ͍ͯ͠Δαʔό΍ωοτϫʔΫ΁
   େྔͷϦΫΤετ΍ڊେͳσʔλΛૹΓ͚ͭΔͳͲͯ͠ αʔϏεΛར༻ෆೳʹ͢Δ wikipedia
    %P4߈ܸ

5. %P4߈ܸΛେྔͷϚγϯ͔ΒͭͷαʔϏεʹ࢓ֻ͚Δ wikipedia
    %%P4߈ܸ

6. %P4߈ܸΛେྔͷϚγϯ͔ΒͭͷαʔϏεʹ࢓ֻ͚Δ wikipedia
    %%P4߈ܸ ߈ܸن໛͕େ͖͍
   ෳ਺ͷ*1ΞυϨε͔ΒདྷΔͨΊ੍ޚͮ͠Β͍

7. wϫϯίΠϯ͔Β%%P4߈ܸ͕Ͱ͖ΔαʔϏε͕ଘࡏ
   wߴߍੜ͕%%P4߈ܸʹΑΓݕڍ
   w࠷ۙఠൃ͞Εͨ
   webstresser
   ͱ͍͏αʔϏε
   wར༻ऀɹɿສઍਓ
   w߈ܸճ਺ɿສճ
   wར༻ྉۚɿԁ͘Β͍͔Β ࡢࠓͷ%%P4߈ܸࣄ৘ ୭Ͱ΋खܰʹ%%P4߈ܸ͕Ͱ͖Δ࣌୅
   

8. Πϯλʔωοτ্Ͱ
   αʔϏεΛఏڙ͍ͯ͠ΔํͳΒ
   Ұ౓͘Β͍%%P4߈ܸͷܦݧ
   ͋Γ·͢ΑͶʁ

9. 
    ຊ೔͸ɺ%%P4߈ܸʹର͢Δ
   ͰͷऔΓ૊ΈΛ঺հ͠·͢ʂ

10. wલఏɿγεςϜߏ੒ͱ%%P4߈ܸͷӨڹ
    w՝୊ɿ%%P4߈ܸ΁ͷݱঢ়ͷରԠͱ՝୊
    w࣮૷ɿࣗಈԽʹΑΔ%%P4߈ܸͷରԠ
    w·ͱΊ ໨࣍
    

11. લఏ ՝୊ ࣮૷ γεςϜߏ੒ͱ
    %%P4߈ܸͷӨڹ

12. None

13. ֹ݄
    ԁ
    ͔Βར༻Ͱ͖Δʂ

14. ֹ݄
    ԁ
    ͔Βར༻Ͱ͖Δʂ ඵؒ
    ໿ສઍ
    ϦΫΤετΛॲཧʂ

15. ֹ݄
    ԁ
    ͔Βར༻Ͱ͖Δʂ ສ
    αΠτҎ্ӡ༻தʂ ඵؒ
    ໿ສઍ
    ϦΫΤετΛॲཧʂ

16. γεςϜߏ੒
    

17. σʔληϯλʔ ฐࣾςφϯτ ήʔτ΢ΣΠεΠον ήʔτ΢ΣΠεΠον ϩʔυόϥϯα ϦόʔεϓϩΩγ Πϯλʔωοτ 8&#αʔό 8&#αʔό 8&#αʔό

      ϦόʔεϓϩΩγ

18. σʔληϯλʔ ฐࣾςφϯτ ήʔτ΢ΣΠεΠον ήʔτ΢ΣΠεΠον ϩʔυόϥϯα ϦόʔεϓϩΩγ Πϯλʔωοτ 8&#αʔό 8&#αʔό 8&#αʔό

      ϦόʔεϓϩΩγ σʔληϯλʔΛआΓͯ
    ΦϯϓϨϛεͰ
    ߏங͍ͯ͠Δ

19. σʔληϯλʔ ฐࣾςφϯτ ήʔτ΢ΣΠεΠον ήʔτ΢ΣΠεΠον ϦόʔεϓϩΩγ Πϯλʔωοτ 8&#αʔό 8&#αʔό 8&#αʔό 

     ϦόʔεϓϩΩγ ϩʔυόϥϯα άϩʔόϧωοτϫʔΫ

20. σʔληϯλʔ ฐࣾςφϯτ ήʔτ΢ΣΠεΠον ήʔτ΢ΣΠεΠον ϦόʔεϓϩΩγ Πϯλʔωοτ 8&#αʔό 8&#αʔό 8&#αʔό 

     ϦόʔεϓϩΩγ *1 *1 *1 *1 ϩʔυόϥϯα άϩʔόϧ*1ΞυϨε͕
    ݸ΄Ͳ -74 -JOVY
    7JSUVBM
    4FSWFS
    ͷػೳͰ͋Δ*174Λ࢖ͬͨ-#

21. σʔληϯλʔ ฐࣾςφϯτ ήʔτ΢ΣΠεΠον ήʔτ΢ΣΠεΠον ϩʔυόϥϯα ϦόʔεϓϩΩγ Πϯλʔωοτ 8&#αʔό 8&#αʔό 8&#αʔό

      ϦόʔεϓϩΩγ αΠτ αΠτ αΠτ αΠτ αΠτ αΠτ αΠτ αΠτ αΠτ ୆͋ͨΓ਺ઍαΠτ ͓٬༷ͷίϯςϯπΛॲཧ͢Δ

22. σʔληϯλʔ ฐࣾςφϯτ ήʔτ΢ΣΠεΠον ήʔτ΢ΣΠεΠον ϩʔυόϥϯα ϦόʔεϓϩΩγ Πϯλʔωοτ 8&#αʔό 8&#αʔό 8&#αʔό

      ϦόʔεϓϩΩγ αΠτ αΠτ αΠτ *1 άϩʔόϧ*1͋ͨΓ
    ୆ͷ8&#αʔό άϩʔόϧ*1͋ͨΓ
    ਺ઍαΠτ

23. 
     %%P4߈ܸͷӨڹ

24. σʔληϯλʔ ฐࣾςφϯτ ήʔτ΢ΣΠεΠον ήʔτ΢ΣΠεΠον ϩʔυόϥϯα ϦόʔεϓϩΩγ Πϯλʔωοτ 8&#αʔό 8&#αʔό 8&#αʔό

      ϦόʔεϓϩΩγ *1 %%P4߈ܸ ߈ܸର৅

25. σʔληϯλʔ ฐࣾςφϯτ ήʔτ΢ΣΠεΠον ήʔτ΢ΣΠεΠον ϩʔυόϥϯα ϦόʔεϓϩΩγ Πϯλʔωοτ 8&#αʔό 8&#αʔό 8&#αʔό

      ϦόʔεϓϩΩγ *1 %%P4߈ܸ ߈ܸର৅ େྔͷτϥϑΟοΫʹΑΓ෺ཧతͳ
    ωοτϫʔΫଳҬ͕ຒ·ͬͯ͠·͍
    ௨ৗͷΞΫηε͕େ͖͘஗Ԇ͢Δ ⾨
    ͜͜ͱ͔ ⾨
    ͜͜

26. 
     Ϩϯλϧαʔόʹ͓͚Δ
    %%P4߈ܸ

27. Ϩϯλϧαʔόʹ͓͚Δ%%P4߈ܸ 8&#αʔό 8&#αʔό 8&#αʔό  αΠτ αΠτ αΠτ αΠτ αΠτ

    αΠτ αΠτ αΠτ αΠτ ଟछଟ༷ͳɺສҎ্ͷαΠτ ߈ܸͷඪతʹͳΔϦεΫ͕ߴ͍
    

28. Ϩϯλϧαʔόʹ͓͚Δ%%P4߈ܸ ͲͷαΠτʹର͢Δ߈ܸͳͷ͔෼͔Γʹ͍͘
    ͷͰରԠ͠ʹ͍͘ ϩʔυόϥϯα 8&#αʔό 8&#αʔό 8&#αʔό  αΠτ αΠτ

    αΠτ *1 *1ΞυϨε͋ͨΓ਺ઍαΠτ

29. Ϩϯλϧαʔόʹ͓͚Δ%%P4߈ܸ ߈ܸͷେ൒͸)551ϓϩτίϧͰ͸ͳ͍ͷͰ
    υϝΠϯ໊ͷ৘ใ͸ಘΒΕͳ͍ ϩʔυόϥϯα 8&#αʔό 8&#αʔό 8&#αʔό  αΠτ αΠτ

    αΠτ *1 *1ΞυϨε͋ͨΓ਺ઍαΠτ

30. ՝୊ લఏ ࣮૷ %%P4߈ܸ΁ͷ
    ݱঢ়ͷରԠͱ՝୊

31. 
     %%P4߈ܸΛͭʹ෼ྨ

32. தن໛%%P4߈ܸ
     w αʔϏεͷܧଓʹӨڹΛ༩͑Δɻ
    w %$಺ͷଞςφϯτͷαʔϏεʹӨڹͳ͠ɻ σʔληϯλʔ ฐࣾςφϯτ ήʔτ΢ΣΠεΠον

    ήʔτ΢ΣΠεΠον ϩʔυόϥϯα Πϯλʔωοτ %%P4߈ܸ ଞςφϯτ ଳҬ͕ຒ·ͬͨ

33. େن໛%%P4߈ܸ
     σʔληϯλʔ ฐࣾςφϯτ ήʔτ΢ΣΠεΠον ήʔτ΢ΣΠεΠον ϩʔυόϥϯα Πϯλʔωοτ %%P4߈ܸ

    ଞςφϯτ ଳҬ͕ຒ·ͬͨ w αʔϏεͷܧଓʹӨڹΛ༩͑Δɻ
    w %$಺ͷଞςφϯτͷαʔϏεʹӨڹ͋Γɻ

34. 
     ͦΕͧΕͷରԠํ๏

35. தن໛%%P4߈ܸ
     σʔληϯλʔ ฐࣾςφϯτ ήʔτ΢ΣΠεΠον ήʔτ΢ΣΠεΠον ϩʔυόϥϯα Πϯλʔωοτ %%P4߈ܸ

    ଞςφϯτ ଳҬ͕ຒ·ͬͨ

36. தن໛%%P4߈ܸ
     σʔληϯλʔ ฐࣾςφϯτ ήʔτ΢ΣΠεΠον ήʔτ΢ΣΠεΠον ϩʔυόϥϯα Πϯλʔωοτ %%P4߈ܸ

    ଞςφϯτ ଳҬΛ֬อʂ %%P4ରࡦػث ःஅ w %%P4ରࡦػثΛಋೖ
    w ߈ܸͷύλʔϯʹ߹கͨ͠৔߹ʹ௨৴Λ ःஅ
    w αʔϏε༻ͷωοτϫʔΫଳҬΛ֬อ

37. େن໛%%P4߈ܸ
     σʔληϯλʔ ฐࣾςφϯτ ήʔτ΢ΣΠεΠον ήʔτ΢ΣΠεΠον ϩʔυόϥϯα Πϯλʔωοτ %%P4߈ܸ

    ଞςφϯτ ଳҬ͕ຒ·ͬͨ

38. େن໛%%P4߈ܸ
     σʔληϯλʔ ฐࣾςφϯτ ήʔτ΢ΣΠεΠον ήʔτ΢ΣΠεΠον ϩʔυόϥϯα Πϯλʔωοτ %%P4߈ܸ

    ଞςφϯτ ଳҬ͕ຒ·ͬͨ %%P4ରࡦػث w %%P4ରࡦػث͕͋ͬͯ΋σʔληϯλʔ಺ ͷωοτϫʔΫଳҬ͕ຒ·Δͱҙຯ͕ͳ͍

39. େن໛%%P4߈ܸ
     σʔληϯλʔ ฐࣾςφϯτ ήʔτ΢ΣΠεΠον ήʔτ΢ΣΠεΠον ϩʔυόϥϯα Πϯλʔωοτ %%P4߈ܸ

    ଞςφϯτ ଳҬΛ֬อ w %$ࣄۀऀ͸߈ܸର৅*1ΞυϨεΛϒ ϥοΫϗʔϧϧʔςΟϯά͢Δ
    w ߈ܸର৅ͷ*1ΞυϨεͷ௨৴ܦ࿏Λ ۂ͛ͯτϥϑΟοΫΛࣺͯΔ
    w %$಺ͷଳҬΛ֬อ

40. େن໛%%P4߈ܸ
     σʔληϯλʔ ฐࣾςφϯτ ήʔτ΢ΣΠεΠον ήʔτ΢ΣΠεΠον ϩʔυόϥϯα Πϯλʔωοτ %%P4߈ܸ

    ଞςφϯτ ଳҬΛ֬อ w %$ࣄۀऀ͸߈ܸର৅*1ΞυϨεΛϒϩοΫ ϗʔϧϧʔςΟϯά͢Δ
    w *1ΞυϨεͷ௨৴ܦ࿏Λۂ͛ͯτϥϑΟοΫ ΛࣺͯΔ
    w %$಺ͷଳҬΛ֬อ ͜ͷରԠ͕൵ܶΛੜΉ

41. σʔληϯλʔ ฐࣾςφϯτ ήʔτ΢ΣΠεΠον ήʔτ΢ΣΠεΠον ϩʔυόϥϯα Πϯλʔωοτ 8&#αʔό 8&#αʔό 8&#αʔό 

    αΠτ αΠτ αΠτ *1 େن໛%%P4߈ܸ ߈ܸର৅ ʙ 8&#αʔό αΠτ αΠτ αΠτ *1 ϩʔυόϥϯα άϩʔόϧ*1͋ͨΓ
    ୆ͷ8&#αʔό άϩʔόϧ*1͋ͨΓ
    ਺ઍαΠτ

42. σʔληϯλʔ ฐࣾςφϯτ ήʔτ΢ΣΠεΠον ήʔτ΢ΣΠεΠον ϩʔυόϥϯα Πϯλʔωοτ 8&#αʔό 8&#αʔό 8&#αʔό 

    αΠτ αΠτ αΠτ *1 େن໛%%P4߈ܸ ߈ܸର৅ ʙ 8&#αʔό αΠτ αΠτ αΠτ *1 ϒϥοΫϗʔϧϧʔςΟϯά͞Εͨ*1ΞυϨεʹ
    ඥͮ͘αΠτ͕Πϯλʔωοτ͔Β࢟Λফ͢ ϩʔυόϥϯα

43. σʔληϯλʔ ฐࣾςφϯτ ήʔτ΢ΣΠεΠον ήʔτ΢ΣΠεΠον Πϯλʔωοτ 8&#αʔό 8&#αʔό 8&#αʔό  αΠτ

    αΠτ αΠτ *1 େن໛%%P4߈ܸ *1 ʙ ༨৒ͷผ*1ΞυϨεʹ෇͚ସ͑Δ ϩʔυόϥϯα

44. *1ΞυϨεͷ෇͚ସ͑ͷྲྀΕ ϒϥοΫϗʔϧϧʔςΟϯά࣌ʹ%$͔ΒΦϯίʔϧΛड͚Δ γεςϜͷ%#ͱϩʔυόϥϯαʔΛൺֱۭ͖͠*1ΞυϨεΛ୳͢ γεςϜͷ%#ʹ࢖͍ͬͯΔ*1ΞυϨε͕͋Γɺϩʔυόϥϯαʔʹۭ͖ΛؚΉ
    ͢΂ͯͷ*1ΞυϨε͕*174Ͱ෇༩͞Ε͍ͯΔɻ γεςϜͷ%#ΛΞοϓσʔτ͢Δ ϒϥοΫϗʔϧϧʔςΟϯά͞Εͨ*1ΞυϨεΛ৽͍͠*1ΞυϨεʹ6QEBUFɻ

45. σʔληϯλʔ ฐࣾςφϯτ ήʔτ΢ΣΠεΠον ήʔτ΢ΣΠεΠον Πϯλʔωοτ 8&#αʔό 8&#αʔό 8&#αʔό  αΠτ

    αΠτ αΠτ *1 *1 ʙ ϩʔυόϥϯα ΞΫηε

46. *1ΞυϨεͷ෇͚ସ͑ͷ՝୊
     Φϯίʔϧ΍ॏཁίϯϙʔωϯτͷૢ࡞͸࡞ۀऀ΁ͷετϨε खಈͰ͸ΦϖϨʔγϣϯϛε͕ൃੜ͢ΔϦεΫ͕͋Δ Φϯίʔϧ͔ΒରԠ׬ྃ·Ͱ਺ઍͷαΠτ͕ఀࢭ͢Δ

47. *1ΞυϨεͷ෇͚ସ͑ͷ՝୊
     Φϯίʔϧ΍ॏཁίϯϙʔωϯτͷૢ࡞͸࡞ۀऀ΁ͷετϨε खಈͰ͸ΦϖϨʔγϣϯϛε͕ൃੜ͢ΔϦεΫ͕͋Δ ࣗಈԽ΁ Φϯίʔϧ͔ΒରԠ׬ྃ·Ͱ਺ઍͷαΠτ͕ఀࢭ͢Δ

48. ࣮૷ લఏ ՝୊ ࣗಈԽʹΑΔ
    %%P4߈ܸͷରԠ

49. 
     ϒϥοΫϗʔϧϧʔςΟϯά࣌ʹ%$͔ΒΦϯίʔϧΛड͚Δ γεςϜͷ%#ͱϩʔυόϥϯαʔΛൺֱۭ͖͠*1ΞυϨεΛ୳͢ γεςϜͷ%#ΛΞοϓσʔτ͢Δ

50. 
     ϒϥοΫϗʔϧϧʔςΟϯά࣌ʹ%$͔ΒΦϯίʔϧΛड͚Δ γεςϜͷ%#ͱϩʔυόϥϯαʔΛൺֱۭ͖͠*1ΞυϨεΛ୳͢ γεςϜͷ%#ΛΞοϓσʔτ͢Δ Πϯλʔωοτ͔Β*1ΞυϨεͷૄ௨ੑ͕ࣦΘΕΔ͜ͱΛνΣοΫ͢Δ

51. ࣮૷ʹ͓͚Δ஫ҙ఺ σʔληϯλʔ ήʔτ΢ΣΠεΠον ήʔτ΢ΣΠεΠον ϩʔυόϥϯα Πϯλʔωοτ αʔό *1 Πϯλʔωοτ͔Βͷ
    ೖΓޱΛ੍ޚ͢Δ

    %$಺͔ΒͰ͸ϒϥοΫϗʔϧϧʔςΟϯάʹؾ͚ͮͳ͍

52. %$಺͔ΒͰ͸ϒϥοΫϗʔϧϧʔςΟϯάʹؾ͚ͮͳ͍ σʔληϯλʔ ήʔτ΢ΣΠεΠον ήʔτ΢ΣΠεΠον ϩʔυόϥϯα Πϯλʔωοτ αʔό *1 σʔληϯλʔ֎͔Β
    νΣοΫ͢Δඞཁ͕͋Δ

53. νΣοΧʔ ࣗಈԽ
    ΞϓϦέʔγϣϯ σʔληϯλʔ಺ ผσʔληϯλʔ ϩʔυόϥϯα *1 ᶄ ᶃ ᶅ

    1JOHΛ࣮ߦ ݁ՌΛฦ٫ νΣοΫΛґཔ

54. νΣοΧʔ ࣗಈԽ
    ΞϓϦέʔγϣϯ σʔληϯλʔ಺ ผσʔληϯλʔ ϩʔυόϥϯα *1 ᶄ ᶃ ᶅ

    1JOHΛ࣮ߦ ݁ՌΛฦ٫ νΣοΫΛґཔ ൚༻ੑͷߴ͍ΠϯλʔϑΣΠε
    ʹͯ͠ɺผͷ༻్Ͱ΋࢖͑Δ
    Α͏ʹ͍ͨ͠ɻ

55. νΣοΧʔ ࣗಈԽ
    ΞϓϦέʔγϣϯ σʔληϯλʔ಺ ผσʔληϯλʔ ϩʔυόϥϯα *1 ᶄ ᶃ ᶅ

    νΣοΫΛґཔ 1JOHΛ࣮ߦ ݁ՌΛฦ٫ /icmp?ipaddr=X.X.X.X&timeout=3&max_tries=5 { "status" : true, "error" : "" } 8FC
    "1*

56. νΣοΧʔ nginx ngx_mruby mruby script HttpRequest JSON mruby-fast-remote-check /icmp?ipaddr=X.X.X.X {

    "status" : true, "error" : "" } ϩʔυόϥϯα *1ΞυϨε Ping

57. • ngx_mruby wฐࣾͷ!NBUTVNPUPSZ͕։ൃ͍ͯ͠Δ
    wOHJOYʹ૊ΈࠐΉ͜ͱͰɺϓϩηεͷىಈ΍ϦΫΤετ ͷλΠϛϯάΛܖػʹNSVCZͷεΫϦϓτΛ࣮ߦͰ͖Δ
    wNSVCZ
    ૊ΈࠐΈ޲͚ͷܰྔ3VCZ
    • mruby-fast-remote-check wߴ଎ʹϙʔτͷ-JTUFOΛνΣοΫͨ͠Γɺ*$.1ͷνΣο Ϋ͕Ͱ͖ΔNSCHFN
    

    3VCZͰݴ͏HFN νΣοΧʔΛߏ੒͢Δओཁίϯϙʔωϯτ
    

58. location /icmp { mruby_content_handler_code ' # uri = Nginx::Request.new.unparsed_uri #

    Nginx.rputs RemoteChecker::ICMP.new(uri).execute '; } ࣮ࡍͷίʔυ ϦΫΤετͷURIΛऔಘ ICMPͷνΣοΫΛߦ͍ɺ݁ՌͷJSONΛϨεϙϯε͢Δ
    

59. location /icmp { mruby_content_handler_code ' # uri = Nginx::Request.new.unparsed_uri #

    Nginx.rputs RemoteChecker::ICMP.new(uri).execute '; } ࣮ࡍͷίʔυ ϦΫΤετͷURIΛऔಘ ICMPͷνΣοΫΛߦ͍ɺ݁ՌͷJSONΛϨεϙϯε͢Δ RemoteChecker::ICMP.new(uri).execute mruby-fast-remote-checkΛWebAPIͱͯ͠࢖͏ͨΊͷϥούʔΫϥε https://github.com/takumakume/mruby-remote-checker-api

60. RemoteChecker::ICMP.new(uri).execute NSVCZSFNPUFDIFDLFSBQJ
     ICMPͷνΣοΫ PortͷListenνΣοΫ RemoteChecker::Port.new(uri).execute

61. location /icmp { mruby_content_handler_code ' uri = Nginx::Request.new.unparsed_uri Nginx.rputs RemoteChecker::ICMP.new(uri).execute';

    } NSVCZSFNPUFDIFDLFSBQJ location /port { mruby_content_handler_code ' uri = Nginx::Request.new.unparsed_uri Nginx.rputs RemoteChecker::Port.new(uri).execute'; } /icmp?ipaddr=X.X.X.X /port?ipaddr=X.X.X.X&port=80

62. ߈ܸ͕ൃੜ͍ͯ͠ͳ͍ͷʹ
    ͪΒ΄Βμ΢ϯΛݕ஌͢Δ

63. ࣗಈԽ
    ΞϓϦέʔγϣϯ νΣοΧʔ ϩʔυόϥϯα 1JOHΛ࣮ߦ νΣοΫΛґཔ *1 *1 *1 *1

    *1 ෳ਺ͷ*1ΞυϨεʹରͯ͠ಉ࣌ʹॲཧΛґཔ͢ΔͱҰ෦ࣦഊ͢Δ

64. ࣗಈԽ
    ΞϓϦέʔγϣϯ νΣοΧʔ ϩʔυόϥϯα 1JOHΛ࣮ߦ νΣοΫΛґཔ *1 *1 *1 *1

    *1 ෳ਺ͷ*1ΞυϨεʹରͯ͠ಉ࣌ʹॲཧΛґཔ͢ΔͱҰ෦ࣦഊ͢Δ ϩʔυόϥϯα *1 νΣοΧʔ

65. ϓϩηε X.X.X.X ʹ Ping X.X.X.X NIC

66. ϓϩηε X.X.X.X ʹ Ping X.X.X.X NIC Request ICMP Echo Request

67. ϓϩηε X.X.X.X ʹ Ping X.X.X.X socket socket(AF_INET, SOCK_RAW, IPPROTO_ICMP) NIC

    Request ICMP Echo Request

68. ϓϩηε X.X.X.X ʹ Ping X.X.X.X socket sendto NIC Request

69. ϓϩηε X.X.X.X ʹ Ping X.X.X.X socket recv NIC Request ICMPύέοτΛ଴ͭ

    recv

70. ϓϩηε X.X.X.X ʹ Ping X.X.X.X socket NIC Reply Reply recv

    ICMP Echo Reply

71. ϓϩηε X.X.X.X ʹ Ping X.X.X.X socket NIC Reply Reply ICMPύέοτͷ

    ૹ৴ઌͱૹ৴ݩIPΞυϨε Λൺֱ (ݫີʹ͸ଞʹ΋৚݅͋Γ) ↓ ಉ͡ͳΒtrue ICMP Echo Reply

72. ࣗಈԽ
    ΞϓϦέʔγϣϯ νΣοΧʔ ϩʔυόϥϯα 1JOHΛ࣮ߦ νΣοΫΛґཔ *1 *1 *1 *1

    *1 ෳ਺ͷ*1ΞυϨεʹରͯ͠ಉ࣌ʹॲཧΛґཔ͢ΔͱҰ෦ࣦഊ͢Δ ϩʔυόϥϯα *1 νΣοΧʔ *1

73. ϓϩηε ϓϩηε X.X.X.X ʹ Ping Y.Y.Y.Y ʹ Ping X.X.X.X Y.Y.Y.Y

    NIC

74. ϓϩηε ϓϩηε X.X.X.X ʹ Ping Y.Y.Y.Y ʹ Ping X.X.X.X Y.Y.Y.Y

    socket sendto NIC socket Request Request socket

75. ϓϩηε ϓϩηε X.X.X.X ʹ Ping Y.Y.Y.Y ʹ Ping X.X.X.X Y.Y.Y.Y

    socket NIC socket Request Request recv recv recv

76. ϓϩηε ϓϩηε X.X.X.X ʹ Ping Y.Y.Y.Y ʹ Ping X.X.X.X Y.Y.Y.Y

    socket NIC socket Reply recv recv

77. ϓϩηε ϓϩηε X.X.X.X ʹ Ping Y.Y.Y.Y ʹ Ping X.X.X.X Y.Y.Y.Y

    socket NIC socket recv recv Reply Reply

78. 
     raw socket ͸ɺ Linux ͷ͢΂ͯͷ IP ϓϩτίϧΛ ड৴͢Δ͜ͱ͕Ͱ͖Δɻ

    raw socket ͕ෳ਺͋Ε͹ͦΕͧΕʹ౉͞ΕΔɻ man raw(7)

79. ϓϩηε ϓϩηε X.X.X.X ʹ Ping Y.Y.Y.Y ʹ Ping X.X.X.X Y.Y.Y.Y

    socket NIC socket recv recv Reply Reply X.X.X.X ͔ΒͷReply

80. ϓϩηε ϓϩηε X.X.X.X ʹ Ping Y.Y.Y.Y ʹ Ping X.X.X.X Y.Y.Y.Y

    NIC socket recv recvΛϦτϥΠ

81. ϓϩηε ϓϩηε X.X.X.X ʹ Ping Y.Y.Y.Y ʹ Ping X.X.X.X Y.Y.Y.Y

    NIC socket recv recvΛϦτϥΠ Reply

82. ϓϩηε ϓϩηε X.X.X.X ʹ Ping Y.Y.Y.Y ʹ Ping X.X.X.X Y.Y.Y.Y

    NIC socket recv Reply Reply

83. ϓϩηε ϓϩηε X.X.X.X ʹ Ping Y.Y.Y.Y ʹ Ping X.X.X.X Y.Y.Y.Y

    NIC socket recv Reply Reply

84. 
     ϒϥοΫϗʔϧϧʔςΟϯά࣌ʹ%$͔ΒΦϯίʔϧΛड͚Δ γεςϜͷ%#ͱϩʔυόϥϯαʔΛൺֱۭ͖͠*1ΞυϨεΛ୳͢ γεςϜͷ%#ΛΞοϓσʔτ͢Δ Πϯλʔωοτ͔Β*1ΞυϨεͷૄ௨ੑ͕ࣦΘΕΔ͜ͱΛνΣοΫ͢Δ

85. 
     ϒϥοΫϗʔϧϧʔςΟϯά࣌ʹ%$͔ΒΦϯίʔϧΛड͚Δ γεςϜͷ%#ͱϩʔυόϥϯαʔΛൺֱۭ͖͠*1ΞυϨεΛ୳͢ γεςϜͷ%#ΛΞοϓσʔτ͢Δ Πϯλʔωοτ͔Β*1ΞυϨεͷૄ௨ੑ͕ࣦΘΕΔ͜ͱΛνΣοΫ͢Δ SQL ???

86. # ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot

    LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 203.0.113.1:443 rr -> 192.168.1.100:443 Route 1 1 0 -> 192.168.1.101:443 Route 1 1 0 -> 192.168.1.102:443 Route 1 1 0 TCP 203.0.113.2:443 rr -> 192.168.1.100:443 Route 1 1 0 -> 192.168.1.101:443 Route 1 1 0 -> 192.168.1.102:443 Route 1 1 0 : : ϩʔυόϥϯαʔͷ*1ΞυϨεऔಘ IPVSͷ؅ཧπʔϧ ipvsadm ίϚϯυͷ࣮ߦ݁Ռ

87. # ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot

    LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 203.0.113.1:443 rr -> 192.168.1.100:443 Route 1 1 0 -> 192.168.1.101:443 Route 1 1 0 -> 192.168.1.102:443 Route 1 1 0 TCP 203.0.113.2:443 rr -> 192.168.1.100:443 Route 1 1 0 -> 192.168.1.101:443 Route 1 1 0 -> 192.168.1.102:443 Route 1 1 0 : : ϩʔυόϥϯαʔͷ*1ΞυϨεऔಘ IPVSͷ؅ཧπʔϧ ipvsadm ίϚϯυͷ࣮ߦ݁Ռ ͜ͷ*1ΛΞυϨε΁ͷΞΫηεΛ ͜ͷ*1ΞυϨε΁సૹ͢Δ

88. # ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot

    LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 203.0.113.1:443 rr -> 192.168.1.100:443 Route 1 1 0 -> 192.168.1.101:443 Route 1 1 0 -> 192.168.1.102:443 Route 1 1 0 TCP 203.0.113.2:443 rr -> 192.168.1.100:443 Route 1 1 0 -> 192.168.1.101:443 Route 1 1 0 -> 192.168.1.102:443 Route 1 1 0 : : ϩʔυόϥϯαʔͷ*1ΞυϨεऔಘ IPVSͷ؅ཧπʔϧ ipvsadm ίϚϯυͷ࣮ߦ݁Ռ 203.0.113.1 203.0.113.2 443 443 ͜ͷϙʔτͷ άϩʔόϧ*1ΞυϨεͷҰཡ͕ཉ͍͠ 8FCҎ֎ͷαʔϏε΋ڞଘ͍ͯ͠ΔͷͰ

89. # ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot

    LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 203.0.113.1:443 rr -> 192.168.1.100:443 Route 1 1 0 -> 192.168.1.101:443 Route 1 1 0 -> 192.168.1.102:443 Route 1 1 0 TCP 203.0.113.2:443 rr -> 192.168.1.100:443 Route 1 1 0 -> 192.168.1.101:443 Route 1 1 0 -> 192.168.1.102:443 Route 1 1 0 : : ϩʔυόϥϯαʔͷ*1ΞυϨεऔಘ IPVSͷ؅ཧπʔϧ ipvsadm ίϚϯυͷ࣮ߦ݁Ռ 203.0.113.1 203.0.113.2 443 443 ͜ͷϙʔτͷ άϩʔόϧ*1ΞυϨεͷҰཡ͕ཉ͍͠ ϩʔυόϥϯαΛ΋ͬͱ
    ϓϩάϥϚϒϧʹѻ͍͍ͨ

90. ࣗಈԽ
    ΞϓϦέʔγϣϯ ϩʔυόϥϯα ᶃ ᶄ /services [ { "proto": "TCP",

    "addr": "203.0.113.1", "port": 443, "sched_name": "rr", "dests": ["192.168.1.100", ..] }, : ] 8FC
    "1*

91. ϩʔυόϥϯαʔ libipvs nginx ngx_mruby mruby-ipvs mruby script HttpRequest JSON /services

    [ { "proto": "TCP", "addr": "203.0.113.1", "port": 443, "sched_name": "rr", "dests": ["192.168.1.100", ..] }, : ]

92. • ngx_mruby • mruby-ipvs w!SSSFFFZZZ
    ࢯ͕։ൃ͍ͯ͠ΔNSCHFN
    w*174Λ؅ཧ͢Δ͜ͱ͕Ͱ͖ΔNSVCZͷΠϯλʔϑΣΠε νΣοΧʔΛߏ੒͢Δओཁίϯϙʔωϯτ
    

93. location /services { mruby_content_handler_code ' # Nginx.rputs JSON.generate(IPVS.services.map(&:to_h)) '; }

    ίʔυ͸͜Ε͚ͩ IPVSͷαʔϏεҰཡΛऔಘͯ͠JSONʹ͠ɺNginxͰϨεϙϯε͢Δɻ

94. 
     ϒϥοΫϗʔϧϧʔςΟϯά࣌ʹ%$͔ΒΦϯίʔϧΛड͚Δ γεςϜͷ%#ͱϩʔυόϥϯαʔΛൺֱۭ͖͠*1ΞυϨεΛ୳͢ γεςϜͷ%#ΛΞοϓσʔτ͢Δ Πϯλʔωοτ͔Β*1ΞυϨεͷૄ௨ੑ͕ࣦΘΕΔ͜ͱΛνΣοΫ͢Δ

95. ࣗಈԽ
    ΞϓϦέʔγϣϯ νΣοΧʔ ϩʔυόϥϯα γεςϜ%# ᶃ ࢖༻த*1ΞυϨε
    ҰཡΛऔಘ

96. ࣗಈԽ
    ΞϓϦέʔγϣϯ νΣοΧʔ ϩʔυόϥϯα γεςϜ%# ᶃ ᶄ ࢖༻த*1ΞυϨε
    ҰཡΛऔಘ *1ΞυϨεͷ
    

    νΣοΫΛґཔ ᶄ 1*/( *1

97. ࣗಈԽ
    ΞϓϦέʔγϣϯ νΣοΧʔ ϩʔυόϥϯα γεςϜ%# ᶃ ᶄ ᶅ ࢖༻த*1ΞυϨε
    ҰཡΛऔಘ

    *1ΞυϨεͷ
    νΣοΫΛґཔ *1ΞυϨεͷ
    νΣοΫ݁ՌΛฦ٫ ᶄ 1*/( *1

98. ࣗಈԽ
    ΞϓϦέʔγϣϯ νΣοΧʔ ϩʔυόϥϯα γεςϜ%# ᶃ ᶄ ᶅ ᶆ ࢖༻த*1ΞυϨε
    

    ҰཡΛऔಘ *1ΞυϨεͷ
    νΣοΫΛґཔ *1ΞυϨεͷ
    νΣοΫ݁ՌΛฦ٫ ૄ௨͠ͳ͍*1ΞυϨε͕͋Ε͹ᶇ΁

99. ࣗಈԽ
    ΞϓϦέʔγϣϯ νΣοΧʔ ϩʔυόϥϯα γεςϜ%# ᶃ ᶄ ᶅ ᶆ ᶇ

    ࢖༻த*1ΞυϨε
    ҰཡΛऔಘ *1ΞυϨεͷ
    νΣοΫΛґཔ *1ΞυϨεͷ
    νΣοΫ݁ՌΛฦ٫ ૄ௨͠ͳ͍*1ΞυϨε͕͋Ε͹ᶇ΁ ͢΂ͯͷ*1ΞυϨεҰཡΛऔಘ

100. ࣗಈԽ
     ΞϓϦέʔγϣϯ νΣοΧʔ ϩʔυόϥϯα γεςϜ%# ᶃ ᶄ ᶅ ᶆ ᶇ

     ᶈ ࢖༻த*1ΞυϨε
     ҰཡΛऔಘ *1ΞυϨεͷ
     νΣοΫΛґཔ *1ΞυϨεͷ
     νΣοΫ݁ՌΛฦ٫ ૄ௨͠ͳ͍*1ΞυϨε͕͋Ε͹ᶇ΁ ͢΂ͯͷ*1ΞυϨεҰཡΛऔಘ
     
     
     ͢΂ͯͷ*1
     
     ࢖༻தͷ*1
     
     ۭ͖*1ΞυϨε

101. ࣗಈԽ
     ΞϓϦέʔγϣϯ νΣοΧʔ ϩʔυόϥϯα γεςϜ%# ᶃ ᶄ ᶅ ᶆ ᶇ

     ᶈ ᶉ ࢖༻த*1ΞυϨε
     ҰཡΛऔಘ *1ΞυϨεͷ
     νΣοΫΛґཔ *1ΞυϨεͷ
     νΣοΫ݁ՌΛฦ٫ ૄ௨͠ͳ͍*1ΞυϨε͕͋Ε͹ᶇ΁ ͢΂ͯͷ*1ΞυϨεҰཡΛऔಘ
     
     
     ͢΂ͯͷ*1
     
     ࢖༻தͷ*1
     
     ۭ͖*1ΞυϨε %#ͷΞοϓσʔτ

102. ·ͱΊ

103. લఏɿγεςϜߏ੒ͱ%%P4߈ܸͷӨڹ w खܰʹ%%P4߈ܸ͕Ͱ͖ΔΑ͏ʹͳͬͨࡢࠓɺϨϯαόۀքͰ΋ྫ֎ͳ ͘߈ܸ͕དྷ͍ͯͯαʔϏεʹӨڹΛٴ΅͍ͯ͠Δɻ
     w αʔϏε͕େن໛ʹͳΔ΄ͲαΠτ਺͕૿͑ͯඪతʹͳΔϦεΫ͕ߴ͍ɻ

104. લఏɿγεςϜߏ੒ͱ%%P4߈ܸͷӨڹ ՝୊ɿ%%P4߈ܸ΁ͷݱঢ়ͷରԠͱ՝୊ w %$ͷΩϟύγςΟΛ௒͑ΔϨϕϧͷେن໛ͳ߈ܸ͕ൃੜͨ͠৔߹ʹɺ ฐࣾͷ৔߹͸ϒϥοΫϗʔϧϧʔςΟϯά͞ΕΔͨΊखಈରԠ͕ඞཁɻ
     w खಈରԠͰ͸෮چ͕஗͍͠ɺετϨε౓͕ߴ͍ɻΦϖϛε΋͋ΓಘΔɻ w खܰʹ%%P4߈ܸ͕Ͱ͖ΔΑ͏ʹͳͬͨࡢࠓɺϨϯαόۀքͰ΋ྫ֎ͳ ͘߈ܸ͕དྷ͍ͯͯαʔϏεʹӨڹΛٴ΅͍ͯ͠Δɻ
     

     w αʔϏε͕େن໛ʹͳΔ΄ͲαΠτ਺͕૿͑ͯඪతʹͳΔϦεΫ͕ߴ͍ɻ

105. લఏɿγεςϜߏ੒ͱ%%P4߈ܸͷӨڹ ՝୊ɿ%%P4߈ܸ΁ͷݱঢ়ͷରԠͱ՝୊ ࣮૷ɿࣗಈԽʹΑΔ%%P4߈ܸͷରԠ w %$ͷΩϟύγςΟΛ௒͑ΔϨϕϧͷେن໛ͳ߈ܸ͕ൃੜͨ͠৔߹ʹɺ ฐࣾͷ৔߹͸ϒϥοΫϗʔϧϧʔςΟϯά͞ΕΔͨΊखಈରԠ͕ඞཁɻ
     w खಈରԠͰ͸෮چ͕஗͍͠ɺετϨε౓͕ߴ͍ɻΦϖϛε΋͋ΓಘΔɻ w ϏδωεϩδοΫΛҰՕॴʹूதͤ͞ɺࣗಈԽΛࢧ͑Δίϯϙʔωϯτ

     ͸Ͱ͖Δ͚ͩ൚༻ੑΛߴ͘͢Δ͜ͱͰศརͰ؅ཧ͠΍͍͢Α͏ʹͨ͠ɻ
     w ൚༻ੑͷߴ͍ΠϯλʔϑΣΠεͱͯ͠+40/ϕʔεͷ8FC"1*Λ࣮૷͠ ͨɻOHY@NSVCZΛ࢖ͬͯ؆୯ʹ࡞Δ͜ͱ͕Ͱ͖ΔࣄྫΛ঺հͨ͠ɻ w खܰʹ%%P4߈ܸ͕Ͱ͖ΔΑ͏ʹͳͬͨࡢࠓɺϨϯαόۀքͰ΋ྫ֎ͳ ͘߈ܸ͕དྷ͍ͯͯαʔϏεʹӨڹΛٴ΅͍ͯ͠Δɻ
     w αʔϏε͕େن໛ʹͳΔ΄ͲαΠτ਺͕૿͑ͯඪతʹͳΔϦεΫ͕ߴ͍ɻ

106. ͍͞͝ʹ

107. %%P4߈ܸ
     ͷݕ஌͔Β෮چ·Ͱ͕
     ଎͘ɺָʹͳ͚ͬͨͩ

108. Πϯλʔωοτ্Ͱ
     αʔϏεΛఏڙ͠ଓ͚ΔݶΓ
     ߈ܸ͸ઈ͑ͣଓ͖·͢

109. 1)1ͷίϯςϯπΛ कΔͨΊʹ
     ʮ%%P4߈ܸͱͷऴΘΓͳ͖ઓ͍ʯ
     Λଓ͚͍͖͍ͯͨͱࢥ͍·͢ʂ

110. Ұॹʹઓ͏஥ؒΛืूதͰ͢ʂ ࠷৽ͷ࠾༻৘ใΛνΣοΫˠ !QC@SFDSVJU

111. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ GMO Pepabo, inc. @takumakume