Инфраструктура – это часть вашего приложения,...
DESCRIPTION
Доклад Александра Азимова на HighLoad++ 2014.TRANSCRIPT
Инфраструктура –
это часть вашего
приложения Александр Азимов
Zoom 0
Back-end Front-end
UI Layer UI Layer
Business Logic
PHP
DB
File System
Zoom 1
Hosting Front-end
UI Layer
Zoom 2
Autonomous System № 1
Autonomous System № 2
BGP
BGP BGP
Zoom 3
AS1
AS2
Your Infrastructure
Back-end
Hosting
Autonomous system
Internet
Autonomous system
Home network
Front-end
Your Infrastructure
Back-end
Hosting
Autonomous system
Internet
Problem here?
It is your problem!
Autonomous system
Home network
Front-end
Life cycle
Shared Hosting
Dedicated Hosting
Direct channel
Autonomous system
LIR
Reducing the number of unknowns variables
Autonomous System
PI Address Space
AS1
AS2
AS3
Internet
BGP
BGP
Autonomous System
PI Address Space
AS1
AS2
AS3
Benefits:
1. Independent address space
2. Primary control of uplinks
Internet
BGP
BGP
BGP Anycast
Benefits:
1. Independent address space
2. Primary control of uplinks
3. Fault tolerance
PI Address Space
AS1
AS2
AS3
Internet
BGP
BGP
BGP Anycast: examples
• DNS Root
• CDN
• Qrator filtering network
Where is the difference?
• PRICE
$$$/$
Where is the difference?
• PRICE
$$$/$
• Autonomous System/Hosting
Well connected/Poorly connected
AS: Connectivity
Do we need global connectivity? No
Russian home networks: TOP10 AS № AS Name
8359 MTS
39832 Opera
16345 Vimpelcom
8402 Vimpelcom/Corbina
25159 MegaFon
8997 Rostelecom
13238 Yandex
39811 MTS
3216 Vimpelcom
Distribution of Russian traffic
0
0,1
0,2
0,3
0,4
0,5
0,6
0,7
0,8
0,9
Top 10 Top 50 Top 100 Top 200 Top 300 Top 400 Top 500
Pe
rce
nta
ge
Complexity reduction
48864 AS
>4000 in Russia
500 significant sources of end-users
Calculating “Connectivity”
AS3
AS3 AS3
Less intermediate AS:
1. Less delays
2. Less likelihood of routing incidents
How to determine AS path?
PI Address Space
AS1
AS2
AS3
Internet
BGP
BGP
AS4
?
How to determine AS path?
PI Address Space
AS1
AS2
AS3
Internet
BGP
BGP
AS4
?
Asymmetric paths!
How to determine AS path?
Lots of models:
• AS Relations Model
• Priority Model
• Prepend Model
Russian DC Connectivity Rate AS № AS Name Distance
XXX Ideal 1
16083 Stack 2.6
49505 Selectel 2.4
49063 Dataline 2.1
200161 Datapro 3.2
33903 Croc 2.8
35415 Webzilla 2.9
Where is the difference?
• PRICE
$$$/$
• Autonomous System/Hosting
Well connected/Poor connected
Managed/Unmanaged
AS: Security
Inner security
1. Static route loops
2. Bots
3. DDoS Amplifiers
4. Packet drop
External Security
1. BGP Route Leaks
2. BGP Route Loops
3. Packet drop
Russian DC security rate AS № AS Name Security
XXX Ideal 0
16083 Stack 46 amp; 2 bots
49505 Selectel 101 amp; 14 bots
49063 Dataline 30 amp; 3 bots
200161 Datapro Route Leak!
33903 Croc 1 amp;
35415 Webzilla 187 amp; 8 bots
Russian DC aggregated rate AS № AS Name Distance Security
XXX Ideal 1 0
16083 Stack 2.6 46 amp; 2 bots
49505 Selectel 2.4 101 amp; 14 bots
49063 Dataline 2.1 30 amp; 3 bots
200161 Datapro 3.2 Route Leak!
33903 Croc 2.8 1 amp;
35415 Webzilla 2.9 187 amp; 8 bots
Radar by Qrator: General data
Radar by Qrator: Security issues
Where is the difference?
• PRICE
$$$/$
• Autonomous System/Hosting
Well connected/Poor connected
Managed/Unmanaged
Questions?
visit: radar.qrator.net