cdn 设计与技术实现
DESCRIPTION
Cdn 设计与技术实现. 解决高并发访问的一种途径. 需求的产生. 南北互联问题导致北方的用户访问电信网内的服务器十分缓慢和艰难 , 南方的用户访问网通网内的服务器也是如此 高并发、大流量的站点 访问加速. 常见的应用场景: 一般用于静态对象. 网站的页面加速 下载服务:类似杀毒软件有客户端自动更新机制的下载,更需要 cdn 视频:特别是在线播放类型,如 FLV. 传统的访问模式. 所以的客户端访问同一个对象 众矢之的. Cdn 的访问模式. 把用户请求分散. Cdn 定义 - 摘自 http://www.roxbeam.com/CDN/gn.htm. - PowerPoint PPT PresentationTRANSCRIPT
-
Cdn
-
,
-
cdnFLV
-
Cdn
-
Cdn-http://www.roxbeam.com/CDN/gn.htmCDNContent Delivery NetworkInternet
-
CdnDns(view)
-
Cdn (1) dns(view):bind (2):squid (1):lvs+keepalived (2):nagios,mrtg
-
Cdn2ipipDns
cdn2ipdns3VIEW
-
dnsdnsAIP.cdndnsCNAMEcdnIPdl IN CNAME sery.cn.ccdn.com.
dl.sery.cn sery.cn.ccdn.com
-
CdnDNSCdn2 DNSinternetDNScdncdnHosts
-
dnsCdn sibling parent
-
dnsCdndnsview3cdnView.ViewDNSview
-
dns
### KEYS FOR TSIG ####key telecomkey {algorithm hmac-md5;secret "LaA4Y1MHlFSTTMz1mzwarA==";};
key cnckey {algorithm hmac-md5;secret "l/rlorcG+7hhabIFKe8Kjg=="; };
key anykey {algorithm hmac-md5;secret "YMXXBAck4i5Sb4PlUg00Uw==";};
include "cnc_acl.conf";include "telecom_acl.conf";
view "view_cnc" { match-clients {key cnckey;CNC;}; recursion yes; allow-transfer { key cnckey;}; server 61.135.210.20 { keys cnckey; }; server 61.135.210.10 { keys cnckey; };
zone "." IN { type hint; file "named.ca"; };
zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; };
zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; };
zone sery.cn" IN { type master; file "cnc.sery.cn.zone"; allow-update { none;} ; };
zone "210.135.61.in-addr.arpa" IN { type master ; file "210.135.61.in-addr.arpa.zone"; allow-update { none; }; };};
### KEYS FOR TSIG ####key telecomkey {algorithm hmac-md5;secret "LaA4Y1MHlFSTTMz1mzwarA==";};
key cnckey {algorithm hmac-md5;secret "l/rlorcG+7hhabIFKe8Kjg=="; };
key anykey {algorithm hmac-md5;secret "YMXXBAck4i5Sb4PlUg00Uw==";};
include "cnc_acl.conf";include "telecom_acl.conf";
view "view_cnc" { match-clients {key cnckey;CNC;}; recursion yes; allow-transfer { key cnckey;}; server 60.28.210.20 { keys cnckey; }; server 60.28.210.10 { keys cnckey; };
zone "." IN { type hint; file "named.ca"; };
zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; };
zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; };
zone "maxthon.cn" IN { type master; file "cnc.maxthon.cn.zone"; allow-update { none;} ; };
zone "210.28.60.in-addr.arpa" IN { type master ; file "210.28.60.in-addr.arpa.zone"; allow-update { none; }; };};
-
[root@nagios /var/named]# more cnc_acl.confacl "CNC" {58.16.0.0/16;58.168.225.0/24;58.17.0.0/17;58.17.128.0/17;58.17.180.0/24;58.17.186.0/24;58.18.0.0/16;58.19.0.0/16;58.20.0.0/16;58.21.0.0/16;58.22.0.0/15;58.22.0.0/16;58.23.0.0/16;58.240.0.0/15;58.242.0.0/15;222.163.128.0/17;222.163.32.0/19;222.163.64.0/18;};
-
parent sibling ip
-
acl CNSERY dstdomain www.sery.cncache_peer www.sery.cn parent 80 3130 no-query originservercache_peer_access www.sery.cn allow CNSERY
-
cache_peer ccrshct02.html.ccdn.cn sibling 80 3130cache_peer ccrshct03.html.ccdn.cn sibling 80 3130cache_peer ccrshct04.html.ccdn.cn sibling 80 3130
-
ipipacl IP dstdom_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$http_access deny IP
-
DNSLvskeepalived
-
Keepalived #guration File for keepalivedglobal_defs { router_id LVS_sery_2}vrrp_sync_group VGM { group { VI_OUT1 }}vrrp_sync_group VGB { group { VI_INT1 }}vrrp_instance VI_OUT1 { state BACKUP interface eth2 lvs_sync_daemon_inteface eth2 virtual_router_id 51 priority 150 advert_int 5 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 61.135.210.4 61.135.220.123 }}..
-
nagiossquid cactimrtg