Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SF-TAP: L7レベルネットワークトラフィック解析器

ytakano
March 16, 2015
Programming
0
180

SF-TAP: L7レベルネットワークトラフィック解析器

スケーラブルで柔軟性の高いL7レベルのネットワークトラフィック解析器の説明

ytakano

March 16, 2015
Tweet

More Decks by ytakano

See All by ytakano
論理構造入門
ytakano
0
190
アクターモデル
ytakano
0
470
π計算
ytakano
0
59
FARIS: Fast and Memory-efficient URL Filter by Domain Specific Machine
ytakano
0
150
リアクティブプログラミング
ytakano
0
570
MindYourPrivacy: Design and Implementation of a Visualization System for Third-Party Web Tracking - IEEE PST 2014
ytakano
0
410
SF-TAP: Scalable and Flexible Traffic Analysis Platform running on Commodity Hardware
ytakano
0
640
SF-TAP Tutorial Flow Abstractor ver.
ytakano
0
650
Survey of Transactional Memory
ytakano
0
690

Other Decks in Programming

See All in Programming
Less waste, more joy, and a lot more green: How Quarkus makes Java better
hollycummins
0
100
ECS Service Connectのこれまでのアップデートと今後のRoadmapを見てみる
tkikuc
2
250
ふかぼれ!CSSセレクターモジュール / Fukabore! CSS Selectors Module
petamoriken
0
150
Better Code Design in PHP
afilina
PRO
0
130
Amazon Bedrock Agentsを用いてアプリ開発してみた!
har1101
0
340
Why Jakarta EE Matters to Spring - and Vice Versa
ivargrimstad
0
1.1k
ActiveSupport::Notifications supporting instrumentation of Rails apps with OpenTelemetry
ymtdzzz
1
230
「今のプロジェクトいろいろ大変なんですよ、app/services とかもあって……」/After Kaigi on Rails 2024 LT Night
junk0612
5
2.2k
Amazon Qを使ってIaCを触ろう!
maruto
0
410
C++でシェーダを書く
fadis
6
4.1k
Click-free releases & the making of a CLI app
oheyadam
2
120
[Do iOS '24] Ship your app on a Friday...and enjoy your weekend!
polpielladev
0
110

Featured

See All Featured
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
6
410
Navigating Team Friction
lara
183
14k
A better future with KSS
kneath
238
17k
Six Lessons from altMBA
skipperchong
27
3.5k
Bash Introduction
62gerente
608
210k
VelocityConf: Rendering Performance Case Studies
addyosmani
325
24k
YesSQL, Process and Tooling at Scale
rocio
169
14k
What's new in Ruby 2.0
geeforr
343
31k
Producing Creativity
orderedlist
PRO
341
39k
How STYLIGHT went responsive
nonsquared
95
5.2k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
Designing the Hi-DPI Web
ddemaree
280
34k

Transcript

  1. 4'5"14DBMBCMFBOE'MFYJCMF5SB⒏D "OBMZTJT1MBUGPSN -ϨϕϧωοτϫʔΫτϥϑΟοΫղੳث ৘ใ௨৴ݚڀػߏɹߴ໺༞ًɼ҆ాਅޛɼࡾӜྑհ ๺཮ઌ୺Պֶٕज़େֶӃେֶɹҪ্๎࠸ɼ໌ੴ๜෉ 

  2. ͓͠ͳ͕͖ w ຊݚڀͷ໨త w طଘݚڀͱຊݚڀͷҐஔ͚ͮ w 4'5"1ͷಈ࡞ਤٴͼߏ੒ཁૉ w Ԡ༻ྫ w

    ઃܭɾ࣮૷ w σϞ w ύϑΥʔϚϯεܭଌ 

  3. ໨తʢ̍ʣ ߴ଎ͳ-τϥϑΟοΫͷղੳ IJHIQQT IJHICQT 

  4. ໨తʢ̎ʣ εέʔϥϒϧͳτϥϑΟοΫղੳث ໨తʢ̎ʣ εέʔϥϒϧͳτϥϑΟοΫղੳث ߴෛՙͳ-τϥϑΟοΫղੳ ୆਺ޮՌͰղফ 

  5. ໨తʢ̏ʣ ղੳثͷϓϩάϥϚϒϧͳ࡞੒ ໨తʹԠͨ͡ݴޠͰղੳثͷ࣮૷ΛՄೳʹ ͪΐͬͱͨ͠ݕূͳΒ1ZUIPO 3VCZ ػցֶशͳΒ+BWBɼ$ ߴ଎ੑΛٻΊΔͳΒ$ 

  6. ໨తʢ̐ʣ ίϞσΟςΟϕʔε ϕϯμʔϩοΫΠϯ͔Βͷ։์ ΞϓϥΠΞϯε͸ػೳ௥Ճ͕ࠔ೉ ݚڀɾ։ൃϑΣʔζʹ͸ෆ޲͖ 

  7. طଘݚڀͱຊݚڀͷҐஔ͚ͮ ("411<64&/*9"5$> 4$"1<*.$> MJCOJET TOPSU OFUNBQ 1'@3*/( %1%, CQG QDBQ

    ϑϩʔϨϕϧղੳ -ϓϩτίϧ൑ผ τϥϑΟοΫΩϟϓνϟ O%1* MpMUFS MJCQSPUPJEFOU 4'5"1 εέʔϥϏϦςΟˍϞδϡϥϦςΟ 

  8. 4'5"1ͷಈ࡞ਤ $16 $16 $16 $16 'MPX"CTUSBDUPS $16 $16 $16 $16

    'MPX"CTUSBDUPS $16 $16 $16 $16 'MPX"CTUSBDUPS $16 $16 $16 $16 'MPX"CTUSBDUPS $FMM*ODVCBUPS 5IF*OUFSOFU 4'5"1$FMM 4'5"1$FMM 4'5"1$FMM 4'5"1$FMM *OUSB/FUXPSL $PSF4DBMJOH $PSF4DBMJOH $PSF4DBMJOH $PSF4DBMJOH )PSJ[POUBM4DBMJOH "OBMZ[FS "OBMZ[FS "OBMZ[FS "OBMZ[FS "OBMZ[FS "OBMZ[FS "OBMZ[FS "OBMZ[FS "OBMZ[FS "OBMZ[FS "OBMZ[FS "OBMZ[FS "OBMZ[FS "OBMZ[FS "OBMZ[FS "OBMZ[FS (C& (C& 

  9. 4'5"1ͷߏ੒ཁૉ 'MPX"CTUSBDUPS $FMM*ODVCBUPS -ϓϩτίϧ൑ผ *1ϑϥάϝϯτˍ5$1ετϦʔϜ࠶ߏ੒ ϑϩʔந৅ԽʹΑΔඇݴޠґଘͷ*'ఏڙ ϑϩʔ୯ҐͰͷߴ଎ϩʔυόϥϯε *1ϑϥάϝϯτϋϯυϦϯά 

  10. Ԡ༻ྫʢ̍ʣ $FMM*ODVCBUPSͷར༻ $FMM*ODVCBUPS 4OPSU 4OPSU 4OPSU 4OPSU (CQT ෳ਺ϚγϯͰͷ*%4ӡ༻ 

  11. Ԡ༻ྫʢ̎ʣ 'MPX"CTUSBDUPSͷར༻ 'MPX"CTUSBDUPS )551"OBMZ[FS &MBTUJD4FBSDI ,JCBOB &MBTUJD4FBSDI ,JCBOB ʹΑΔ)551τϥϑΟοΫͷ ϦΞϧλΠϜՄࢹԽ

    

  12. 4'5"1ͷΞʔΩςΫνϟ /8*' )551*' 5-4*' 'MPX"CTUSBDUPS 'MPX $MBTTJpFS 5-4"OBMZ[FS )551"OBMZ[FS )5511SPYZ

    5$1BOE6%1 )BOEMFS pMUFSBOE DMBTTJpFS SVMF --PPQCBDL*' %# 'PSFOTJD *%4*14 FUD "QQMJDBUJPO 1SPUPDPM"OBMZ[FS FUD 5$1%FGBVMU*' 6%1%FGBVMU*' "OBMZ[FS1MBOF "CTUSBDUPS1MBOF $BQUVSFS 1MBOF 4'5"1$FMM *ODVCBUPS 'MPX *EFOUJpFS 'MPX 4FQBSBUPS 4FQBSBUPS 1MBOF TFQBSBUFEUSB⒏D 4'5"1$FMM --4OJ⒎FS 44- 1SPYZ FUD PUIFS4'5"1DFMMT *11BDLFU %FGSBHNFOUFS -#SJEHF NJSSPSJOH USB⒏D 1BDLFU'PSXBSEFS *1'SBHNFOU )BOEMFS ͭͷ1MBOFΛఆٛ "OBMZ[FS1MBOF -ղੳث 'PSFOTJD *%4*14 FUDʜ "CTUSBDUPS1MBOF ϑϩʔͷந৅Խ 4FQBSBUPS1MBOF ϑϩʔ෼ׂ $BQUVSFS1MBOF τϥϑΟοΫΩϟϓνϟ 

  13. $FMM*ODVCBUPSͷઃܭ 4'5"1$FMM *ODVCBUPS 'MPX 4FQBSBUPS TFQBSBUFEUSB⒏D PUIFS4'5"1DFMMT -#SJEHF 1BDLFU'PSXBSEFS *1'SBHNFOU

    )BOEMFS 1BDLFU'PSXBSEFS -ϒϦοδػೳ -ϑϨʔϜΩϟϓνϟػೳ *1'SBHNFOU)BOEMFS ϑϥάϝϯτԽύέοτͱ ϑϩʔͷରԠ 'MPX4FQBSBUPS ෳ਺*'΁ϑϩʔ෼ׂ 

  14. 'MPX"CTUSBDUPSͷ ઃܭʢ̍ʣ  /8*' )551*' 5-4*' 'MPX"CTUSBDUPS 'MPX $MBTTJpFS 5$1BOE6%1

    )BOEMFS pMUFSBOE DMBTTJpFS SVMF --PPQCBDL*' 5$1%FGBVMU*' 6%1%FGBVMU*' 'MPX *EFOUJpFS *11BDLFU %FGSBHNFOUFS 5$1BOE6%1)BOEMFS 'MPX*EFOUJpFS *11BDLFU%FGSBHNFOUFS 5$1ϑϩʔ࠶ߏ੒ ϑϩʔࣝผ 6%1͸ͦͷ·· *1ϑϥάϝϯτ࠶ߏ੒

  15. 'MPX"CTUSBDUPSͷ ઃܭʢ̎ʣ  /8*' )551*' 5-4*' 'MPX"CTUSBDUPS 'MPX $MBTTJpFS 5$1BOE6%1

    )BOEMFS pMUFSBOE DMBTTJpFS SVMF --PPQCBDL*' 5$1%FGBVMU*' 6%1%FGBVMU*' 'MPX *EFOUJpFS *11BDLFU %FGSBHNFOUFS 'MPX$MBTTJpFS -ϓϩτίϧࣝผ ϑϩʔந৅*'΁τϥϑΟοΫΛग़ྗ

  16. 'MPX"CTUSBDUPSͷ ઃఆϑΝΠϧʢ̍ʣ  develop ana- by this plane. developed by

    s analyzers in rator and ab- f the capturer the analyzer the following ow abstractor le of an ana- stractor illus- 1 http: 2 up = ˆ[-a-zA-Z]+ .+ HTTP/1\.(0\r?\n|1\r?\n([-a- zA-Z]+: .+\r?\n)+) 3 down = ˆHTTP/1\.[01] [1-9][0-9]{2} .+\r?\n 4 proto = TCP # TCP or UDP 5 if = http # path to UNIX domain socket 6 nice = 100 # priority 7 balance = 4 # balaced by 4 IFs 8 9 torrent_tracker: # BitTorrent Tracker 10 up = ˆGET .*(announce|scrape).*\?.*info_hash =.+&.+ HTTP/1\.(0\r?\n|1\r?\n([-a-zA-Z]+: .+\r?\n)+) 11 down = ˆHTTP/1\.[01] [1-9][0-9]{2} .+\r?\n 12 proto = TCP 13 if = torrent_tracker 14 nice = 90 # priority 15 16 dns_udp: 17 proto = UDP 18 if = dns 19 port = 53 20 nice = 200

  17. 'MPX"CTUSBDUPSͷ ઃఆϑΝΠϧʢ̎ʣ  develop ana- by this plane. developed by

    s analyzers in rator and ab- f the capturer the analyzer the following ow abstractor le of an ana- stractor illus- 1 http: 2 up = ˆ[-a-zA-Z]+ .+ HTTP/1\.(0\r?\n|1\r?\n([-a- zA-Z]+: .+\r?\n)+) 3 down = ˆHTTP/1\.[01] [1-9][0-9]{2} .+\r?\n 4 proto = TCP # TCP or UDP 5 if = http # path to UNIX domain socket 6 nice = 100 # priority 7 balance = 4 # balaced by 4 IFs 8 9 torrent_tracker: # BitTorrent Tracker 10 up = ˆGET .*(announce|scrape).*\?.*info_hash =.+&.+ HTTP/1\.(0\r?\n|1\r?\n([-a-zA-Z]+: .+\r?\n)+) 11 down = ˆHTTP/1\.[01] [1-9][0-9]{2} .+\r?\n 12 proto = TCP 13 if = torrent_tracker 14 nice = 90 # priority 15 16 dns_udp: 17 proto = UDP 18 if = dns 19 port = 53 20 nice = 200 ਖ਼نදݱʹΑΔϓϩτίϧ൑ผ

  18. 'MPX"CTUSBDUPSͷ ઃఆϑΝΠϧʢ̏ʣ  develop ana- by this plane. developed by

    s analyzers in rator and ab- f the capturer the analyzer the following ow abstractor le of an ana- stractor illus- 1 http: 2 up = ˆ[-a-zA-Z]+ .+ HTTP/1\.(0\r?\n|1\r?\n([-a- zA-Z]+: .+\r?\n)+) 3 down = ˆHTTP/1\.[01] [1-9][0-9]{2} .+\r?\n 4 proto = TCP # TCP or UDP 5 if = http # path to UNIX domain socket 6 nice = 100 # priority 7 balance = 4 # balaced by 4 IFs 8 9 torrent_tracker: # BitTorrent Tracker 10 up = ˆGET .*(announce|scrape).*\?.*info_hash =.+&.+ HTTP/1\.(0\r?\n|1\r?\n([-a-zA-Z]+: .+\r?\n)+) 11 down = ˆHTTP/1\.[01] [1-9][0-9]{2} .+\r?\n 12 proto = TCP 13 if = torrent_tracker 14 nice = 90 # priority 15 16 dns_udp: 17 proto = UDP 18 if = dns 19 port = 53 20 nice = 200 -ϓϩτίϧࢦఆ

  19. 'MPX"CTUSBDUPSͷ ઃఆϑΝΠϧʢ̐ʣ  develop ana- by this plane. developed by

    s analyzers in rator and ab- f the capturer the analyzer the following ow abstractor le of an ana- stractor illus- 1 http: 2 up = ˆ[-a-zA-Z]+ .+ HTTP/1\.(0\r?\n|1\r?\n([-a- zA-Z]+: .+\r?\n)+) 3 down = ˆHTTP/1\.[01] [1-9][0-9]{2} .+\r?\n 4 proto = TCP # TCP or UDP 5 if = http # path to UNIX domain socket 6 nice = 100 # priority 7 balance = 4 # balaced by 4 IFs 8 9 torrent_tracker: # BitTorrent Tracker 10 up = ˆGET .*(announce|scrape).*\?.*info_hash =.+&.+ HTTP/1\.(0\r?\n|1\r?\n([-a-zA-Z]+: .+\r?\n)+) 11 down = ˆHTTP/1\.[01] [1-9][0-9]{2} .+\r?\n 12 proto = TCP 13 if = torrent_tracker 14 nice = 90 # priority 15 16 dns_udp: 17 proto = UDP 18 if = dns 19 port = 53 20 nice = 200 ग़ྗΠϯλʔϑΣʔε໊ࢦఆ

  20. 'MPX"CTUSBDUPSͷ ઃఆϑΝΠϧʢ̑ʣ  develop ana- by this plane. developed by

    s analyzers in rator and ab- f the capturer the analyzer the following ow abstractor le of an ana- stractor illus- 1 http: 2 up = ˆ[-a-zA-Z]+ .+ HTTP/1\.(0\r?\n|1\r?\n([-a- zA-Z]+: .+\r?\n)+) 3 down = ˆHTTP/1\.[01] [1-9][0-9]{2} .+\r?\n 4 proto = TCP # TCP or UDP 5 if = http # path to UNIX domain socket 6 nice = 100 # priority 7 balance = 4 # balaced by 4 IFs 8 9 torrent_tracker: # BitTorrent Tracker 10 up = ˆGET .*(announce|scrape).*\?.*info_hash =.+&.+ HTTP/1\.(0\r?\n|1\r?\n([-a-zA-Z]+: .+\r?\n)+) 11 down = ˆHTTP/1\.[01] [1-9][0-9]{2} .+\r?\n 12 proto = TCP 13 if = torrent_tracker 14 nice = 90 # priority 15 16 dns_udp: 17 proto = UDP 18 if = dns 19 port = 53 20 nice = 200 ϙʔτ൪߸ࢦఆ

  21. 'MPX"CTUSBDUPSͷ ઃఆϑΝΠϧʢ̒ʣ  develop ana- by this plane. developed by

    s analyzers in rator and ab- f the capturer the analyzer the following ow abstractor le of an ana- stractor illus- 1 http: 2 up = ˆ[-a-zA-Z]+ .+ HTTP/1\.(0\r?\n|1\r?\n([-a- zA-Z]+: .+\r?\n)+) 3 down = ˆHTTP/1\.[01] [1-9][0-9]{2} .+\r?\n 4 proto = TCP # TCP or UDP 5 if = http # path to UNIX domain socket 6 nice = 100 # priority 7 balance = 4 # balaced by 4 IFs 8 9 torrent_tracker: # BitTorrent Tracker 10 up = ˆGET .*(announce|scrape).*\?.*info_hash =.+&.+ HTTP/1\.(0\r?\n|1\r?\n([-a-zA-Z]+: .+\r?\n)+) 11 down = ˆHTTP/1\.[01] [1-9][0-9]{2} .+\r?\n 12 proto = TCP 13 if = torrent_tracker 14 nice = 90 # priority 15 16 dns_udp: 17 proto = UDP 18 if = dns 19 port = 53 20 nice = 200 ϧʔϧͷ༏ઌॱҐࢦఆ

  22. 'MPX"CTUSBDUPSͷ ઃఆϑΝΠϧʢ̓ʣ  develop ana- by this plane. developed by

    s analyzers in rator and ab- f the capturer the analyzer the following ow abstractor le of an ana- stractor illus- 1 http: 2 up = ˆ[-a-zA-Z]+ .+ HTTP/1\.(0\r?\n|1\r?\n([-a- zA-Z]+: .+\r?\n)+) 3 down = ˆHTTP/1\.[01] [1-9][0-9]{2} .+\r?\n 4 proto = TCP # TCP or UDP 5 if = http # path to UNIX domain socket 6 nice = 100 # priority 7 balance = 4 # balaced by 4 IFs 8 9 torrent_tracker: # BitTorrent Tracker 10 up = ˆGET .*(announce|scrape).*\?.*info_hash =.+&.+ HTTP/1\.(0\r?\n|1\r?\n([-a-zA-Z]+: .+\r?\n)+) 11 down = ˆHTTP/1\.[01] [1-9][0-9]{2} .+\r?\n 12 proto = TCP 13 if = torrent_tracker 14 nice = 90 # priority 15 16 dns_udp: 17 proto = UDP 18 if = dns 19 port = 53 20 nice = 200 ෼ࢄॲཧɾ$16ෛՙ෼ࢄ༻ઃఆ ͜ͷ৔߹ɼͭͷ*'΁ϑϩʔ୯ҐͰ ෼ׂ͞Εग़ྗ͞ΕΔ

  23. ந৅ϑϩʔ*'ͷ σΟϨΫτϦߏ଄ 20 nice = 200 Figure 3: Configuration Example

    of Flow Abstractor 1 $ ls -R /tmp/sf-tap 2 loopback7= tcp/ udp/ 3 4 /tmp/sf-tap/tcp: 5 default= http2= ssh= 6 dns= http3= ssl= 7 ftp= http_proxy= torrent_tracker= 8 http0= irc= websocket= 9 http1= smtp= 10 11 /tmp/sf-tap/udp: 12 default= dns= torrent_dht= 

  24. MPPQCBDL ΠϯλʔϑΣʔε ೖྗ༻ΠϯλʔϑΣʔε ϓϩΫγɾτϯωϧ༻ ແݶϧʔϓΛ๷͙ͨΊ IPQΧ΢ϯτΛར༻ 

  25. EFGBVMU ΠϯλʔϑΣʔε Ͳͷϧʔϧʹ΋Ϛον͠ͳ͔ͬͨ ϑϩʔ͕ग़ྗ͞ΕΔ 

  26. λϓϧϑϩʔ*% *1ΞυϨεY ϙʔτ൪߸Y ϗοϓΧ΢ϯτ 

  27. 5$1Πϕϯτͷந৅Խ $3&"5&% %"5" %&4530:&% 

  28. ࣮૷ 'MPX"CTUSBDUPS $ $POTVNFS1SPEVDFS1BUUFSO εϨουؒͷόϧΫσʔλసૹ $FMM*ODVCBUPS $ OFUNBQ $"4Λ࢖ͬͨܰྔϩοΫ 

  29. σϞ 

  30. ෳ਺ΠϯλʔϑΣεʹΑΔ $16ෛՙܭଌ (a) HTTP Analyzer x 1 (b) HTTP Analyzer

    x 2 (c) HTTP Analyzer x 4 generate 50 clients / sec, 1000 clients maximum, 2500 requests / sec on average Figure 7: CPU Load of HTTP Analyzer and Flow Abstractor 

  31. 'MPX"CTUSBDUPSͱ ඵؒίωΫγϣϯ਺  s maximum, 2500 requests / sec on

    average TP Analyzer and Flow Abstractor

  32. $FMM*ODVCBUPSͷ ύϑΥʔϚϯε  ࠷େ.QQT ʢϑϩʔʣ ৄࡉ͸ผࢿྉʹͯɾɾɾ

  33. ·ͱΊ w ൚༻-ղੳث4'5"1ΛఏҊ w εέʔϥϒϧ w ϞδϡϥϦςΟ w ίϞσΟςΟ w

    ඇݴޠґଘͷΠϯλʔϑΣʔε w ϓϩάϥϚϒϧͳωοτϫʔΫղੳ͕Մೳʹ w ߴ଎ͳωοτϫʔΫʹରͯ͠΋ద༻Մೳʹ