èšäºã§ã¯ã10幎è¿ãåã®åºæ¥äºã«ã€ããŠã話ããããšããçç±ã ãã§ãåœæã¯é«åºŠãªãã¯ãããžãŒã§ããããå€ãã®ããšã¯ããç¥ãããŠããŸãã åãçç±ã§ãäžè¬ã«äœããé¢é£æ§ã倱ããŸãããããµãŒããŒããŸã çããŠããã1000å°ã®ãã·ã³ã®ã°ãªããã«ãµãŒãã¹ãæäŸããŠããããããã¹ãŠã§ã¯ãããŸããã
ãããã¯ãŒã¯
ãããã¯ãŒã¯èªäœã¯1997幎以æ¥ååšããŠããŸããããã¯ããã¹ãŠã®ãã¹ãã«ãåäžã®ãããã¯ãŒã¯ã«çµ±åãããã€ã³ã¿ãŒãããã«ã¢ã¯ã»ã¹ããæ¥ä»ã§ãã 2004幎ãŸã§ããã£ã³ãã¹ãããã¯ãŒã¯ã¯å®å šã«é ç·ã§æ§ç¯ããã寮éã§ã¯ãªã³ã¯ãP270ã±ãŒãã«ã§è»¢éãããŸããïŒå¯®éã®è·é¢ã¯350mãè¶ ããã3c905ã«ãŒãã䜿çšããå Žåã®ãªã³ã¯ã¯ã100åãå¢å ããŸããïŒã å建ç©ã«ã¯ç¬èªã®ãµãŒããŒãããã3ã€ã®ãããã¯ãŒã¯ã«ãŒãããããŸããã ãããã®ãã¡ã®2ã€ã¯ãè¿é£ã®ãµãŒããŒã3çªç®ã«æ¥ç¶ããããã¹ãã«ã®ããã«ã«ã«ãããèŠãŸãããã åèšã§ã6ã€ãã¹ãŠïŒããã³ç§ãã¡ã®å€§åŠã«ã¯éåžžã«å€ãã®ãã¹ãã«ããããŸããïŒããªã³ã°ã§éãããããããã®éã®ã«ãŒãã¯OSPFãããã³ã«ã䜿çšããŠæ§ç¯ãããŸãããããã«ãããåç·ãåæããããšãã«ããããããããªã³ã¯ããã€ãã¹ãããã©ãã£ãã¯ãéå§ã§ããŸããã ãããŠãã¯ãªããã³ã°ãé »ç¹ã«çºçããŸããããã®åŸãé·éšãçºçãããªã³ã¯ãåæãããé»æ°æåž«ãããŒãããŸãã ãµãŒããŒèªäœã®ãµãŒãã¹ã¯ãç¹ã«ãã¹ãŠããŸã ãã§ãããããããŸã䟿å©ã§ã¯ãããŸããã§ããïŒç°ãªã幎ã®486DX4ããïŒã¯ãã2.0.36ã³ã¢ãš3comã«ãŒãã®8MBã®RAMã§ã2ã€ã®100Mbitãªã³ã¯ãåŒã£åŒµããŸããããè² è·ã¯å€©äºã«ãããŸããïŒ ipfwadmã䜿çšããªããã¢ã«ãŒãã£ã³ã°ã§ïŒAMD K6-2ãããã«ã¯P4 2.8GhzãŸã§ã
ãã®ãããªçµç¹ã®æ¬ ç¹ïŒä»æ¥ã®æšæºã§ã¯éåžžã«ä¿¡é Œæ§ã®äœããªã³ã¯ã«å ããŠïŒã¯æããã§ãããŠãŒã¶ãŒããŒã¹ã管çããã®ã¯éåžžã«äžäŸ¿ã§ãã ã¢ãã¬ã¹ã¯çœã§ããã®æ°ã¯å¶éãããŠããŸãã å¥çŽã¯ãç涯ããã€ãŸãåŠçã®åŠç¿æéå šäœã«ããã£ãŠIPã«çµã³ä»ããããŸããã ãããã¯ãŒã¯ã¯ãå寮ã®åŠçæ°ãèæ ®ããŠå ã äœæããããµã€ãºã«åå²ãããŠããŸãã ãããããã®åŸãåŠçã¯ãã¹ãã«ãããã¹ãã«ã«ç§»åãããªãŒãã¡ãŒã·ã§ã³åŠéšã¯ãå²åŠè ãããã¯ããã«å€ãã®ã¢ãã¬ã¹ãå¿ èŠãšããŸãã-äžè¬ã«ãææã
ãããã¯ãŒã¯ã®ãæ§æ³ãã®æç¹ã§ãããã°ã©ããŒïŒãŸãã¯ã¯ãã ããŠïŒãªãã§ãããã¯ãŒã¯ã«ãŒãã®MACã¢ãã¬ã¹ãå€æŽããããšã¯ãäžå¯èœã§ã¯ãªãã«ããŠãéåžžã«åé¡ããããããã¢ã¯ã»ã¹å¶éã¯MAC-IPã®ãã¢ã«ãããŸããã ãããã£ãŠã/ etc / ethersãã¡ã€ã«ãææ°ã®ç¶æ ã«ä¿ã¡ã99ïŒ ã®æ¯åæ奜家ããä¿åããã ãã§ååã§ããã åœæã®ãããŒãžãã¹ã€ããã¯å€¢èŠãŠããã ãã§ãå å ¥è æ©åšãšããŠèšçœ®ããäœè£ã¯ãããŸããã§ããïŒãããã¯ãŒã¯ã¯åŠçèªèº«ã®ãéã§100ïŒ éçºããŠãããããåŠçã¯ãåç¥ã®éããè£çŠã§ã¯ãããŸããïŒ
æå°
2004幎ã«ãè¯ãæ©äŒãèŠã€ãããŸãããéœåžãããã€ããŒã®1ã€ãããããã¯ãŒã¯ãšãã£ã³ãã¹ãããã¯ãŒã¯éã®ãã¢ãªã³ã°ãšåŒãæãã«ããã¹ãŠã®å»ºç©ãç¡æã§å åŠçã«æ¥ç¶ããããšãææ¡ããŸããã æ¥ç¶æ¹æ³-åŠçã®ã€ãã·ã¢ããã°ã«ãŒããå åŠã®èšçœ®ã«çŽæ¥é¢äžããŠããŸãããããããã€ããŒã®æè¡è ã¯ãããæ¶åããã ãã§ããã ãã®çµæããã®å åŠç³»ã䜿çšããŠããªã³ã°ã§ã¯ãªãæãäœãããšãã§ããŸããïŒ
ãããŠãããã§ã¢ã€ãã¢ãçãŸããŸãã-ããã€ãã®ã®ã¬ããããããã¯ãŒã¯ã«ãŒããåãã1ã€ã®è¯ããµãŒããŒãé 眮ãããã¹ãŠã®ãªã³ã¯ã1ã€ã®ããªããžã«æ¥ç¶ãã1ã€ã®ãã©ãããããã¯ãŒã¯ãäœæããŸãå Žæã
PCIãã¹ã¯ãã®ãããªãã©ãã£ãã¯ãéãåºãããšãã§ããããã¶ãŒããŒãã«éåžžã«å€ãã®PCIã³ãã¯ã¿ããªãããã«å¿ èŠãª6-8ã®ã¬ãããããŒããååŸã§ããªãã£ããããPCI-X 133Mhzãã¹ã«2x Intel QuadããŒããµãŒããŒã¢ããã¿ãŒã䜿çšããããšã決å®ãããŸããã 3ã€ã®PCI-X 133ãååšããããããããã®ãããã¯ãŒã¯ã«Supermicro X6DHE-XG2ãã¶ãŒããŒããæã¡èŸŒãå¿ èŠããããŸããã
ãããŠãRHELAS 2.1ããµãŒããŒã«ã€ã³ã¹ããŒã«ãããããªããžãéå§ããããããã¯ãŒã¯ã1ã€ã®å€§ããª/ 22ã«æ¥çãããŸãã ãããŠã次ã®ãããªã«ãŒã«ã䜿çšããŠãæ°çŸã®ã¢ãã¬ã¹ãžã®ã¢ã¯ã»ã¹ãå¶éãããšã
iptables -A FORWARD -s abcd -j REJECT
ãµãŒããŒã®è² è·ã¯äžé©åãªå€ã«è·³ãè¿ããŸãã ãµãŒããŒã察å¿ããŠããŸãããïŒ
æé©å1
ã€ã³ã¿ãŒãããã§ã®æ€çŽ¢ã§ã¯ããã®åŸã«åºçŸãããããžã§ã¯ãã®ã¿ã瀺åãããŸã-ipset ã ã¯ããããããŸãã«ããªããå¿ èŠãšãããã®ã§ããããšãå€æããŸããã iptablesã®åãã¿ã€ãã®ãšã³ããªãå€æ°åé€ããããšãå¯èœã§ãããšããäºå®ã«å ããŠãmacipmapã䜿çšããŠIP-MACããã€ã³ãããããšãå¯èœã«ãªããŸããã
ããªããžã®æ©èœã®1ã€ã¯ãå Žåã«ãã£ãŠã¯ããªããžãééãããã±ãããFORWARDãã§ãŒã³ã«èœã¡ãããããã§ã¯ãªãã£ããšããããšã§ãã ã€ã³ã¿ãŒãã§ãŒã¹éã®ãã«ãŒãã£ã³ã°ãããããã±ããã¯FORWARDã«å ¥ãããããªããžãããããã±ããïŒã€ãŸããbr0ã«å ¥ã£ãŠããã«br0ãåºããã±ããïŒã¯å ¥ããªãããšãå€æããŸããã
解決çã¯ããã£ã«ã¿ãŒã®ä»£ããã«ãã³ã°ã«ããŒãã«ã䜿çšããããšã§ããã
ãŸããç¹å®ã®ã¢ãã¬ã¹ãMACã ãã§ãªãããããã¯ãŒã¯ãŠãŒã¶ãŒãäœãã§ãããã¹ãã«ã«ããã€ã³ãããŸããã iptables physdevã¢ãžã¥ãŒã«ã䜿çšããŠè¡ããã次ã®ããã«ãªããŸããã
iptables -t mangle -A PREROUTING -m physdev --physdev-in eth1 -m set --set IPMAC_H1 src -j ACCEPT iptables -t mangle -A PREROUTING -m physdev --physdev-in eth2 -m set --set IPMAC_H2 src -j ACCEPT ... iptables -t mangle -A PREROUTING -i br0 -j DROP
å ãã¹ã¿ãŒãã¯ãªããã³ã³ããŒã¿ãŒã䜿çšããŠæ§ç¯ããããããç¬èªã®ãããã¯ãŒã¯ã«ãŒãã¯åãã«ã§ãèŠãããŸããã ãããŠãæåã®ãã¹ãã«ã®ãŠãŒã¶ãŒã®MAC-IPãã¢ã®ã¿ãIPMAC_H1ã»ããã«è¿œå ãã2çªç®ã®ãã¹ãã«ã®IPMAC_H2ã»ããã«è¿œå ãããªã©ã®å¿ èŠããããŸããã
iptableså ã§ã«ãŒã«èªäœã®é åºãå€ããŠããŠãŒã¶ãŒãããã¢ã¯ãã£ããªãã¹ãã«ãèšè¿°ããã«ãŒã«ãé«ããªãããã±ããããã§ãŒã³ãããéãééã§ããããã«ããŸããã
æé©å2
ãã®çµæããã¹ãŠã®çžäºã³ãã¥ããã£ããã³å€éšãã©ãã£ãã¯ãæçµçã«ãµãŒããŒãééãå§ããããããµãã¹ã¯ã©ã€ããŒãåæãããå ŽåããŸãã¯IP-MACãã¢ãäžèŽããªãå Žåãã¢ã€ãã¢ãæãä»ããŸãããå®éã«ããããã¯ãŒã¯ã¯æ©èœããŸããã é£ããããšã§ã¯ãªãããã§ããã ããŒã80ã«åããDROPãã±ããã®ä»£ããã«ãMARKãã±ãããäœæããŠãããDNATã䜿çšããŠããŒã¯ããããã±ãããããŒã«ã«WebãµãŒããŒã«ãªãã€ã¬ã¯ãããå¿ èŠããããŸããã
æåã®åé¡ã¯ãããã±ãŒãžãåçŽã«WebãµãŒããŒã«ãªãã€ã¬ã¯ããããšã99ïŒ ã®WebãµãŒããŒãããŒãžãèŠã€ãããªãã£ããšå¿çããããšã§ããã ãªããªãããŠãŒã¶ãŒãark.intel.com/products/27100ã«ã¢ã¯ã»ã¹ããŠWebãµãŒããŒãæå¹ã«ããå Žåãproducts / 27100ããŒãžãååšããå¯èœæ§ã¯äœãããããã404ãšã©ãŒã衚瀺ãããã ãã ããã§ãããªã¯ãšã¹ããçºè¡ããCã®ããŒã¢ã³
Location: myserverru
ãã®åŸããã®æŸèæã¯mod_rewriteã䜿çšããããçŸãããœãªã¥ãŒã·ã§ã³ã«çœ®ãæããããŸããã
2çªç®ã®ããããŠæãéèŠãªåé¡ã¯ãnatã¢ãžã¥ãŒã«ãã«ãŒãã«ã«ããŒãããããšããã«ãããŒããåã³ãžã£ã³ãããããšã§ããã ãã¡ãããconntrackããŒãã«ã®ããã§ãããéåžžã«å€ãã®æ¥ç¶ãšppsããããããæ¢åã®éã¯ããŒã¯æã«åãåºããŸããã§ããã
ãµãŒããŒã察å¿ããŠããŸãããïŒ
èãå§ããã ç®æšã¯éåžžã«èå³æ·±ããã®ã§ãããæ¢åã®ããŒããŠã§ã¢ã§ã¯æ©èœããŸããã
-t raw -j NOTRACK
ã䜿çšãããš
-t raw -j NOTRACK
ãŸããããããã»ã©ã§ã¯ãããŸããã 解決çã¯æ¬¡ã®ãšããã§ããNATãã±ããã¯äžå€®ã«ãŒã¿ãŒã§ã¯ãªããp2pãµãŒããŒãã²ãŒã ãµãŒããŒããžã£ããŒãµãŒããŒããŸãã¯åã«ã¢ã€ãã«ç¶æ ã®ãµãŒãã¹ãªã©ãããŸããŸãªãµãŒãã¹ã«ãŸã 䜿çšãããŠããå€ããã·ã³ã®1ã€ã«ãããŸãã ãã®ãµãŒããŒã®è² è·ãæ¥å¢ããå Žåãææªã®å Žåããµãã¹ã¯ã©ã€ããŒã¯ãã©ãŠã¶ãŒãŠã£ã³ããŠã§åæããããšããã¡ãã»ãŒãžãåä¿¡ããŸããïŒãŸãã¯ãIPãç»é²ãããMACãšäžèŽããªãïŒãããã¯ä»ã®ãããã¯ãŒã¯ãŠãŒã¶ãŒã®äœæ¥ã«åœ±é¿ããŸããã ãŸããNATã䜿çšããŠãã®ãµãŒããŒã«ãŠãŒã¶ãŒãã©ãã£ãã¯ãé ä¿¡ããããã«ã次ã®ã³ãã³ãã䜿çšãããŸããã
iptables -t mangle -A POSTROUTING -p tcp --dport 80 -j ROUTE --gw abcd
ã²ãŒããŠã§ã€ã¢ãã¬ã¹ãåã«çœ®ãæãããã±ãããããã«éä¿¡ããæ®ãã®ãã§ãŒã³ããã€ãã¹ããŸããã
äžè¬ã«ããã£ã«ã¿ã¿ã€ãã®æ®ãã®ãã§ãŒã³ãééããããšãå¿é ããã«ããã®æ¹æ³ã§ãäžå¿«ãªãããã±ãŒãžããµãŒãããŒãã£ã®ãµãŒããŒã«éä¿¡ããããšã¯éåžžã«äŸ¿å©ã§ããããã«ãŒãã«ã¢ãŒããã¯ãã£ã®å€æŽã«ãããpatch-o-maticããã®ãã®ãããã¯ãµããŒããããªããªããŸããã
解決çïŒå¿ èŠãªãã±ããã0x1ã§ããŒã¯ããŠãããipã«ãŒã«fwã䜿çšããŠãããã®ä»ãã®ã«ãŒãã£ã³ã°ããŒãã«ã«ãã±ãããéä¿¡ããŸããããã§ãå¯äžã®ã«ãŒãã¯NATãåãããµãŒããŒã§ã
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 0x1 ip route flush table 100 ip route add via abcd table 100 ip rule add fwmark 0x1 lookup 100
ãã®çµæããè¯ãããã©ãã£ãã¯ã¯ã¹ãããããããæªãããŠãŒã¶ãŒã«ã¯ãããã¯ã«é¢ããæ å ±ãå«ãããŒãžã衚瀺ãããŸããã ãŸããIP-MACãäžèŽããªãå ŽåããŠãŒã¶ãŒã¯ãã°ã€ã³/ãã¹ã¯ãŒããå ¥åããŠçŸåšã®MACã«åãã€ã³ãã§ããŸãã
æé©å3
ãã®ã¢ã¯ã·ã§ã³ã¯ãã¡ã¬ãã€ãã®ãã©ãã£ãã¯äžã«ãã¹ãã«ã§è¡ãããŸãã ã€ãŸãããã£ãã·ã¥ããªãŒããªã³ã©ã€ã³ã¢ã¯ãã£ããITå é²ã®ãŠãŒã¶ãŒç°å¢ã§ãã ããã¯ãåçŽãªIP-MACãã€ã³ãã£ã³ã°ã§ã¯ãã¯ãååã§ã¯ãªããã€ã³ã¿ãŒããããã©ãã£ãã¯ã®çé£ã®äºäŸãåºãŸã£ãŠããããšãæå³ããŸãã
å¯äžã®æ£æ°ãªãªãã·ã§ã³ã¯vpnã§ãã ãããããã®æç¹ãŸã§ã«ãã£ã³ãã¹ãããã¯ãŒã¯ã¯6ããŒã¹ã®éœåžãªãã¬ãŒã¿ãŒãšç¡æã®ãã¢ãªã³ã°ãè¡ã£ãŠãããããVPNãµãŒããŒãä»ããŠãã¢ããŒãã¢ãã©ãã£ãã¯ãé§åããããšã¯ã§ããªãã£ããããç°¡åã«åé€ã§ããŸããã§ããã ãã¡ãããã€ã³ã¿ãŒãããäžã§-VPNçµç±ã§ããã¢ãªã³ã°ããã³LANã§-ã«ãŒããå«ãããããã¡ã€ã«ãšããŠãåºãæ®åããæ¹æ³ãå¯èœã«ãªããŸããã ããããããããã¡ã€ã«ã¯éåžžã«ã決å®ã§ããã ç§ãã¡ã¯ãåœæã»ãšãã©ã®ãªãã¬ãŒãã£ã³ã°ã·ã¹ãã ã«ãçµã¿èŸŒãŸããŠãããRIPv2ã®ãªãã·ã§ã³ãæ€èšããŸããããã¢ããŠã³ã¹ã®ä¿¡é Œæ§ã«é¢ããæªè§£æ±ºã®åé¡ãæ®ã£ãŠããŸããã è¿œå ã®èšå®ããªããã°ã誰ã§ãã«ãŒããéä¿¡ã§ããåœæ人æ°ã®ãã£ãWindowXPãšãã®ãRIPãªã¹ããŒãã«ã¯èšå®ããŸã£ãããããŸããã§ããã
ãã®åŸããé察称VPNãããçºæãããŸãããã ã€ã³ã¿ãŒãããã«ã¢ã¯ã»ã¹ããããã«ãã¯ã©ã€ã¢ã³ãã¯ãŠãŒã¶ãŒå/ãã¹ã¯ãŒãã䜿çšããŠãµãŒããŒãžã®éåžžã®vpn-pptpæ¥ç¶ã確ç«ããèšå®ã®[ãªã¢ãŒããããã¯ãŒã¯ã§ã²ãŒããŠã§ã€ã䜿çšãã]ãã§ãã¯ããã¯ã¹ããªãã«ããŸãã ã¢ãã¬ã¹192.0.2.2ã¯ãã³ãã«ã®ã¯ã©ã€ã¢ã³ããšã³ãã«çºè¡ããããã¹ãŠã®ã¯ã©ã€ã¢ã³ãã¯åãã¢ãã¬ã¹ãæã¡ãåŸã§ç€ºãããã«ãããã¯ãŸã£ããæå³ããããŸããã§ããã
VPNãµãŒããŒåŽã§ã/ etc / ppp / ip-upã¹ã¯ãªãããå€æŽãããŸãããããã¯ãèªèšŒããã³ã€ã³ã¿ãŒãã§ãŒã¹ã®èµ·ååŸã«å®è¡ãããŸã
PATH=/sbin:/usr/sbin:/bin:/usr/bin export PATH LOGDEVICE=$6 REALDEVICE=$1 [ -f /etc/sysconfig/network-scripts/ifcfg-${LOGDEVICE} ] && /etc/sysconfig/network-scripts/ifup-post ifcfg-${LOGDEVICE} [ -x /etc/ppp/ip-up.local ] && /etc/ppp/ip-up.local "$@" PEERIP=`/usr/local/bin/getip.pl $PEERNAME` if [ $LOGDEVICE == $PEERIP ] ; then ip ro del $PEERIP table vpn > /dev/null 2>/dev/null& ip ro add $PEERIP dev $IFNAME table 101 else ifconfig $IFNAME down kill $PPPD_PID fi exit 0
ã€ãŸããPEERNAMEïŒæ¥ç¶ãããã°ã€ã³ïŒãæã€ãŠãŒã¶ãŒãããŒã¿ããŒã¹ããPEERIPå€æ°ã«ããŒã¿ããŒã¹ãããã«ããIPã¢ãã¬ã¹ããã®ã¢ãã¬ã¹ãVPNãµãŒããŒãžã®æ¥ç¶ïŒLOGDEVICEïŒã確ç«ãããIPãšäžèŽããå Žåããã®IPãžã®ãã¹ãŠã®ãã©ãã£ãã¯ã¯ãããŒãã«101ãä»ããŠIFNAMEã€ã³ã¿ãŒãã§ã€ã¹ã«ã«ãŒãã£ã³ã°ãããŸãããŸããããŒãã«101ã§ã¯ãããã©ã«ãã²ãŒããŠã§ã€ã¯127.0.0.1ã§ãã
ãã¹ãŠã®ã«ãŒãã£ã³ã°ããããã©ãã£ãã¯ã¯ãã«ãŒã«ã«ãã£ãŠããŒãã«101ã«ã©ãããããŸã
ip ru add iif eth0 lookup 101
ãã®çµæãvpnãµãŒããŒã«å°éãããã©ãã£ãã¯ãšãvpnãµãŒããŒã«å°éããªã次ã®ãã©ãã£ãã¯ïŒããã©ã«ãã§ã¯ããŒã«ã«ããŒãã«ã«éä¿¡ãããŸãïŒãããŒãã«101ã«éä¿¡ãããŸããããã§ãpppãã³ãã«ã«æ²¿ã£ãŠãæ¡æ£ãããŸãã ãããŠã圌ãæ£ãããã®ãèŠã€ããããªãå Žåã圌ã¯åã«ããããããŸãã
ãã¬ãŒã101ã®çµæã®äŸïŒip r sh ta 101ïŒ
[root@vpn ~]# ip route show table 101 abcd dev ppp2 scope link abce dev ppp6 scope link abcf dev ppp1 scope link default via 127.0.0.1 dev lo
ããã§æ®ã£ãŠããã®ã¯ããã€ã³ã¿ãŒããããã€ã³ã¿ãŒãã§ãŒã¹ããäžå€®ã«ãŒã¿ãŒã®vpnã²ãŒããŠã§ã€ãžã®ãã¹ãŠã®ãã©ãã£ãã¯ãã©ããããããšã§ãããŠãŒã¶ãŒã¯VPNã«æ¥ç¶ããªããšã€ã³ã¿ãŒãããã«ã¢ã¯ã»ã¹ã§ããŸããã ããã«ãæ®ãã®ãã©ãã£ãã¯ïŒãã¢ããŒãã¢ïŒã¯IPoEãå®è¡ãïŒã€ãŸãããéåžžã®ãæ¹æ³ã§ïŒãVPNãµãŒããŒãããŒãããŸããã è¿œå ã®ãã¢ããŒãã¢ãããã¯ãŒã¯ã衚瀺ãããå ŽåããŠãŒã¶ãŒã¯batãã¡ã€ã«ãç·šéããå¿ èŠã¯ãããŸããã ç¹°ãè¿ããŸãããå°ãªããšãIPãå°ãªããšãããŒããªã©ã®äžéšã®å éšãªãœãŒã¹ãžã®ã¢ã¯ã»ã¹ã¯ãVPNãä»ããŠå®è¡ã§ããŸãããã±ãããVPNãµãŒããŒã«ã©ããããã ãã§ãã
ãã®ææ³ã䜿çšãããšãæ»æè ã¯IP-MACã眮ãæããããšã§ç¢ºå®ã«ãã©ãã£ãã¯ãã€ã³ã¿ãŒãããã«éä¿¡ã§ããŸãããvpnãã³ãã«ãçºçããŠããªããããäœãæ»ãããšãã§ããŸããã 眮æã®æå³ãã»ãŒå®å šã«ç¡å¹ã«ããŠãããã®-ä»äººã®IPãããã€ã³ã¿ãŒãããããµãŒãã£ã³ãããããšã¯ã§ããŸããã
ã¯ã©ã€ã¢ã³ãã³ã³ãã¥ãŒã¿ãŒãVPNãã³ãã«ãä»ããŠãã±ãããåä¿¡ã§ããããã«ããã«ã¯ãWindowsã®ã¬ãžã¹ããªã§IPEnableRouter = 1ããŒããLinuxã§rp_filter = 0ãèšå®ããå¿ èŠããããŸããã ããã§ãªãå ŽåãOSã¯ãèŠæ±ãéä¿¡ãããã€ã³ã¿ãŒãã§ãŒã¹ããã§ã¯ãªããå¿çãåãå ¥ããŸããã§ããã
vpn havatloãµãŒããŒã¬ãã«celeron 2Ghzãžã®æ倧700ã®åææ¥ç¶ã§ã¯ãã¡ã¬ãã€ãæéã®æç¹ã§pppå ã®ã€ã³ã¿ãŒããããã©ãã£ãã¯ãããã»ã©å€§ãããªãã£ããããå®è£ ã³ã¹ãã¯ã»ãŒãŒãã§ãã åæã«ããã¢ããŒãã¢ãã©ãã£ãã¯ã¯åèšã§æ倧6ã®ã¬ããã/ç§ã®é床ã§å®è¡ãããŸããïŒS604ã®Xeonçµç±ïŒ
äœå
2006幎ãRHELAS 2.1ã¯æ°ãããªãªãŒã¹ãããCentOS 4ã«çœ®ãæããããŸããã建ç©ã®äžå€®ã¹ã€ããã¯DES-3028ã«å€æŽãããDES-1024ã¯å å ¥è åŽã®ãŸãŸã§ããã DES-3028ã®ã¢ã¯ã»ã¹å¶åŸ¡ãæ£ããæ©èœããŸããã§ããã ACLã䜿çšããŠip-macãããŒãã«ãã€ã³ãããããã«ãäžéšã®ãã¹ãã«ã«ã¯300ãè¶ ããã³ã³ãã¥ãŒã¿ãŒããã£ãããã256ãšã³ããªãæ¬ èœããŠããŸããã 倧åŠããããã¯ãŒã¯ããåæ³åããããããæ©åšã®å€æŽãåé¡ã«ãªããŸãããçŸåšã倧åŠã®ãã£ãã·ã¥ãã¹ã¯ã§æ¯æãå¿ èŠããã£ããããæ©åšã«æ»ããéã¯å²ãåœãŠãããŸããã§ãããå²ãåœãŠãããå Žåã1幎åŸãšç«¶äºïŒè³Œå ¥ããªãå ŽåïŒå¿ èŠãªãã®ãå®ããã®ããŸãã¯ããŒã«ããã¯ãå€ãå ŽæïŒã
ãµãŒããŒãå£ããŠããŸã
ãããŠããµãŒããŒãæ éããŸããã ãããããã¶ãŒããŒãã¯çãå°œããŸããïŒã¯ãŒã¯ã·ã§ããã®çµè«ã«ãããšãããŒã¹ããªããžãæ»ã«ãŸããïŒã 亀æãããã®ãéããå¿ èŠããããŸããããéã¯ãããŸããã ã€ãŸããç¡æã§ãããšæããŸãã ãããŠãPCI-Xãããã¯ãŒã¯ãæ¿å ¥ã§ããããã«ããŸãã 幞ããªããšã«ãç§ã®å人ã¯ãµãŒããŒãéè¡ãã貞ãåºããŠãããŸããããPCI-X 133ã¹ãããã2ã€ãããããŸããã§ãããããã¶ãŒããŒãã¯ã·ã³ã°ã«ããã»ããµã§ãXeonã¯ãªããSocket 478 Pentium 4 3Ghzã§ãã
ããžããããã¯ãŒã¯ã«ãŒããæããŸãã éå§-åäœããŠããããã§ãã
ããããsoftirqã¯2ã€ã®çäŒŒæ žã®åèšã®90ïŒ ããé£ã¹ãïŒããã»ããµã«1ã€ã®ã³ã¢ãããããã€ããŒãã¬ãããæå¹ã«ãªã£ãŠããïŒãpingã3000ã«ãžã£ã³ãããã³ã³ãœãŒã«ãäžå¯èœã«ãæ»ã¬ãã

ããã«ããããã«èŠããŸããããµãŒããŒã¯å€ããªã£ãŠãããäŒæ©ããæéã§ãã
æé©å4
oprofileã§æŠè£ ããç§ã¯ããéå°ãªå³ããå§ããŸããã äžè¬ã«ããã®ãµãŒããŒãšã®ãéä¿¡ãã®éçšã§oprofileã¯éåžžã«é »ç¹ã«äœ¿çšããã1å以äžåœ¹ç«ã¡ãŸããã ããšãã°ãipprofileã䜿çšããå Žåã§ããiphashã§ã¯ãªãipmapã䜿çšããããšããŸãïŒå¯èœãªå ŽåïŒãoprofileã䜿çšãããšãããã©ãŒãã³ã¹ã®éããã©ãã ããããã確èªã§ããŸãã ç§ã®ããŒã¿ã«ãããšã2æ¡ãã€ãŸã200ãã400åèªè¡ããŸããã ãŸããç°ãªãæéã«ãã©ãã£ãã¯ãèšç®ãããšãã«ããããã¡ã€ãªã³ã°ã«çŠç¹ãåœãŠãŠãipcad-ulogããipcad-pcapã«åãæ¿ããŠãããnflowã«åãæ¿ããŸããã ç§ã¯ããipt_NETFLOWã䜿çšããŠããªãã£ãããããç¡å¶éã®ã€ã³ã¿ãŒããããã®æ代ã«çªå ¥ããŸãããSORMã®Netflowãããã¬ãã«ãããã€ããŒã¯ããã«åé¡ããããã©ãããæžããŸããã å®éã«ãoprofileã䜿çšãããšãnatããªã³ã«ãªã£ããšãã«ip_conntrackãã¡ã€ã³ã®ãªãœãŒã¹ã€ãŒã¿ãŒã§ããããšãæããã«ãªããŸããã
äžè¬ã«ãä»åã®oprofileã¯ãããã»ããµãµã€ã¯ã«ã®60ïŒ ãe1000ã«ãŒãã«ã¢ãžã¥ãŒã«ïŒãããã¯ãŒã¯ã«ãŒãïŒã«ãã£ãŠå æãããŠããããšã瀺ããŠããŸãã ãŸãããã§äœãããïŒ e1000.txtã§æšå¥š
options e1000 RxDescriptors=4096,4096,4096,4096,4096,4096,4096,4096,4096,4096 TxDescriptors=4096,4096,4096,4096,4096,4096,4096,4096,4096,4096 InterruptThrottleRate=3000,3000,3000,3000,3000,3000,3000,3000,3000,3000
2005幎ã«å»ãŸããŸããã
git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.gitã§e1000ã®éèŠãªå€æŽããã°ãã確èªããŠããçµæã¯åŸãããŸããã§ããïŒã€ãŸããå€æŽã¯ãããŸããããã°ä¿®æ£ãŸãã¯ã³ãŒãïŒã 念ã®ãããã«ãŒãã«ã¯åŒãç¶ãæŽæ°ãããŸããããçµæã¯çæãããŸããã§ããã
ã«ãŒãã«ã«ã¯
CONFIG_HZ_100=y
ããããå€ã倧ãããªããšãçµæã¯ããã«æªåããŸãã
Oprofileã¯ãŸããããªããžã¢ãžã¥ãŒã«ããµã€ã¯ã«ã®ããªãã®éšåãå ãããšè¿°ã¹ãŠããŸãã ãããŠãIPã¢ãã¬ã¹ã¯ããã€ãã®å»ºç©ã«æ£ãã°ã£ãŠæ£ãã°ã£ãŠãããã»ã°ã¡ã³ãã«åå²ããããšã¯ãã¯ãäžå¯èœãªã®ã§ããããªãã§ã¯ã©ãã«ãèŠããŸããïŒãµãŒããŒãªãã§ãã¹ãŠã1ã€ã®ã»ã°ã¡ã³ãã«çµåãããªãã·ã§ã³ã¯èæ ®ãããŸãããå¶åŸ¡ã倱ãããããïŒ
æ©ãå£ããŠproxy_arpã䜿çšããããšãèããŠããŸãã ç¹ã«ãflood_fdbã䜿çšããŠDES-3028ã®ãã°ãæ€åºããåŸãé·æéãããå®è¡ãããã£ãããã§ãã ååãšããŠã次ã®åœ¢åŒã§ãã¹ãŠã®ã¢ãã¬ã¹ãã«ãŒãã£ã³ã°ããŒãã«ã«ããŒãã§ããŸãã
ip route add abc1.d1 dev eth1 src 1.2.3.4 ip route add abc1.d2 dev eth1 src 1.2.3.4 ... ip route add abc2.d1 dev eth2 src 1.2.3.4 ip route add abc2.d2 dev eth2 src 1.2.3.4 ...
ãªããªããã©ã®ãµãã¹ã¯ã©ã€ããŒãã©ãã«ããã¹ãããããã£ãŠããããã§ãïŒããŒã¿ããŒã¹ã«æ ŒçŽãããŠããŸãïŒ
ãã ãã建ç©ã ãã§ãªãã建ç©ã®ããŒãã¹ã€ããããŒãã«ãIP-MACãã€ã³ãã£ã³ã°ãå®è£ ãããã£ãïŒç¹°ãè¿ããŸãããDES-1024ã¿ã€ãã®é管çããã€ã¹ã¯ãµãã¹ã¯ã©ã€ããŒã«ãããŸãïŒ
ãããŠãæã¯dhcp-relayãšdhcp-snoopingã«å¯ŸåŠããããã«æãå·®ã䌞ã¹ãŸãã
å«ãŸããŠããã¹ã€ããïŒ
enable dhcp_relay config dhcp_relay option_82 state enable config dhcp_relay option_82 check enable config dhcp_relay option_82 policy replace config dhcp_relay option_82 remote_id default config dhcp_relay add ipif System 10.160.8.1 enable address_binding dhcp_snoop enable address_binding trap_log config address_binding ip_mac ports 1-28 mode acl stop_learning_threshold 500 config address_binding ip_mac ports 1-24 state enable strict allow_zeroip enable forward_dhcppkt enable config address_binding dhcp_snoop max_entry ports 1-24 limit no_limit config filter dhcp_server ports 1-24 state enable config filter dhcp_server ports 25-28 state disable config filter dhcp_server trap_log enable config filter dhcp_server illegal_server_log_suppress_duration 1min
ãµãŒããŒã§ãããªããžããã€ã³ã¿ãŒãã§ã€ã¹ãåé€ãããããã®IPã¢ãã¬ã¹ïŒIPã®ãªãã€ã³ã¿ãŒãã§ã€ã¹ïŒãåé€ããarp_proxyãæå¹ã«ããŸãã
isc-dhcpã®æ§æ
log-facility local6; ddns-update-style none; authoritative; use-host-decl-names on; default-lease-time 300; max-lease-time 600; get-lease-hostnames on; option domain-name "myserver.ru"; option ntp-servers myntp.ru; option domain-name-servers mydnsp-ip; local-address 10.160.8.1; include "/etc/dhcp-hosts"; # MAC-IP "host hostname {hardware ethernet AA:BB:CC:55:92:A4; fixed-address wxyz;}" on release { set ClientIP = binary-to-ascii(10, 8, ".", leased-address); log(info, concat("***** release IP " , ClientIP)); execute("/etc/dhcp/dhcp-release", ClientIP); } on expiry { set ClientIP = binary-to-ascii(10, 8, ".", leased-address); log(info, concat("***** expiry IP " , ClientIP)); execute("/etc/dhcp/dhcp-release", ClientIP); } on commit { if exists agent.remote-id { set ClientIP = binary-to-ascii(10, 8, ".", leased-address); set ClientMac = binary-to-ascii(16, 8, ":", substring(hardware, 1, 6)); set ClientPort = binary-to-ascii(10,8,"",suffix(option agent.circuit-id,1)); set ClientSwitch = binary-to-ascii(16,8,":",substring(option agent.remote-id,2,6)); log(info, concat("***** IP: " , ClientIP, " Mac: ", ClientMac, " Port: ",ClientPort, " Switch: ",ClientSwitch)); execute("/etc/dhcp/dhcp-event", ClientIP, ClientMac, ClientPort, ClientSwitch); } } option space microsoft; # - option microsoft.disable-netbios-over-tcpip code 1 = unsigned integer 32; if substring(option vendor-class-identifier, 0, 4) = "MSFT" { vendor-option-space microsoft; } shared-network HOSTEL { subnet 10.160.0.0 netmask 255.255.248.0 { range 10.160.0.1 10.160.0.100; # option routers 10.160.1.1; option microsoft.disable-netbios-over-tcpip 2; } subnet abc0 netmask 255.255.252.0 { option routers abcd; option microsoft.disable-netbios-over-tcpip 2; } subnet 10.160.8.0 netmask 255.255.255.0 { # dhcp-relay } }
dhcp-eventãã¡ã€ã«ã§ã¯ãagent.circuit-idãagent.remote-idãIPãããã³MACã®æå¹æ§ããã§ãã¯ããããã¹ãŠãæ£åžžã§ããå Žåãã«ãŒãã¯ç®çã®ã€ã³ã¿ãŒãã§ãŒã¹ãä»ããŠãã®ã¢ãã¬ã¹ã«è¿œå ãããŸã
ããªããã£ãdhcp-eventã®äŸïŒ
#hostel 1 if ($ARGV[3] eq '0:21:91:92:d7:55') { system "/sbin/ip ro add $ARGV[0] dev eth1 src abcd"; } #hostel 2 if ($ARGV[3] eq '0:21:91:92:d4:92') { system "/sbin/ip ro add $ARGV[0] dev eth2 src abcd"; }
ããã§ã¯$ ARGV [3]ã®ã¿ããã§ãã¯ãããŸãïŒã€ãŸããagent.remote-idããŸãã¯DHCPèŠæ±ãåä¿¡ããã¹ã€ããã®MACïŒããã ããããŒã¿ããŒã¹ãªã©ããæå¹ãªå€ãåä¿¡ããããšã§ãä»ã®ãã¹ãŠã®ãã£ãŒã«ãããã§ãã¯ããããšãã§ããŸã
ãã®çµæã以äžãåŸãããŸãã
1ïŒDHCPãä»ããŠã¢ãã¬ã¹ãèŠæ±ããªãã£ãã¯ã©ã€ã¢ã³ã-管çãããŠããªãã¹ã€ãããè¶ ããªããããIP-MAC-PORT-BINDINGã¯ãããééãããŸããã
2ïŒMACãããã£ãŠããïŒããŒã¿ããŒã¹å ã«ããïŒã¯ã©ã€ã¢ã³ããããŒããŸãã¯ã¹ã€ãããšäžèŽããªã-ãã®MACã«æ¥ç¶ãããIPãåä¿¡ãããããã®MACãžã®ã«ãŒãã¯è¿œå ãããªããããproxy_arpã¯ã¢ãã¬ã¹ãæ¢ã«ååŸãããŠããããšããçãããã¢ãã¬ã¹ããã«ãªãªãŒã¹ãããŸãã
3ïŒMACãäžæãªã¯ã©ã€ã¢ã³ãã¯ãäžæããŒã«ããã¢ãã¬ã¹ãåãåããŸãã ãããã®ã¢ãã¬ã¹ãããæ å ±ãå«ãããŒãžãžã®ãªãã€ã¬ã¯ãããããŸããããã§ã¯ããã°ã€ã³/ãã¹ã¯ãŒãã䜿çšããŠMACãåç»é²ããããšãã§ããŸãã
4ïŒãããŠæåŸã«ãMACãæ¢ç¥ã§ãããã¹ã€ããããã³ããŒããžã®æ¥ç¶ãšäžèŽããã¯ã©ã€ã¢ã³ãããã®ã¢ãã¬ã¹ãåä¿¡ããŸãã Dhcpã¹ããŒãã³ã°ã¯ãã¹ã€ããäžã®impbããŒãã«ã«åçãã€ã³ãã£ã³ã°ãè¿œå ãããµãŒããŒã¯ã以åã®ããªããžã®ç®çã®ã€ã³ã¿ãŒãã§ãŒã¹ãä»ããŠãã®ã¢ãã¬ã¹ãžã®ã«ãŒããè¿œå ããŸãã
ãªãŒã¹ãçµäºããããã¢ãã¬ã¹ã解æŸããããšãã¹ã¯ãªãã/ etc / dhcp / dhcp-releaseãåŒã³åºãããŸãããã®å 容ã¯éåžžã«åå§çã§ãïŒ
system "/sbin/ip ro del $ARGV[0]";
ç¹ã«ç¬¬2é ã«ãå°ããªã»ãã¥ãªãã£äžã®æ¬ é¥ããããŸãã dhcpãµãŒããŒããæäŸãããã¢ãã¬ã¹ãããžãŒã§ãããã©ããããã§ãã¯ããªãéæšæºã®dhcp-clientã䜿çšããå Žåãã¢ãã¬ã¹ã¯è§£æŸãããŸããã ãã¡ããããµãŒããŒã¯ç®çã®ã€ã³ã¿ãŒãã§ã€ã¹ãä»ããŠãã®ã¢ãã¬ã¹ãžã®ã«ãŒããè¿œå ããªãããããŠãŒã¶ãŒã¯ã«ãŒã¿ãŒãè¶ããŠå€éšãããã¯ãŒã¯ã«ã¢ã¯ã»ã¹ã§ããŸããããã¹ã€ããã¯ãã®ããŒãã§ãã®MAC-IPãã¢ã®ããã¯ã解é€ããŸãã
dhcpd.confã®ã¯ã©ã¹ã䜿çšããŠãã®åé¡ãåé¿ã§ããŸãããããã«ããæ§æãã¡ã€ã«ãå€§å¹ ã«è€éã«ãªããããã«å¿ããŠå€ããµãŒããŒã®è² è·ãå¢å€§ããŸãã åãµãã¹ã¯ã©ã€ããŒã«å¯ŸããŠãååŸããã®ãããé£ããæ¡ä»¶ã§ç¬èªã®ã¯ã©ã¹ãäœæããããããç¬èªã®ããŒã«ãäœæããå¿ èŠãããããã§ãã å®éã«ã©ãã ãè² è·ãå¢ããããè©ŠããŠã¿ãèšç»ããããŸããã
ãããã£ãŠãIP-MACãã¢ã®å¯Ÿå¿ã¯ãã¢ãã¬ã¹ãçºè¡ãããšãã«DHCPã«ãã£ãŠãç£èŠãããããç¡å¹ãªãMAC-IPããã®ã¢ã¯ã»ã¹ã¯ã¹ã€ããã«ãã£ãŠå¶éãããããšãå€æããŸããã ããã§ãããªããžã ãã§ãªãmacipmapããµãŒããŒããåé€ãã6ã€ã®ã»ããïŒãæé©å1ãããïŒããã¹ãŠã®ãããªãã¯IPã¢ãã¬ã¹ãå«ã1ã€ã®ipmapã«çœ®ãæããããšãã§ããŸããããŸãã-m physdevãåé€ããããšã«ãã£ãŠãã
ãµãŒããŒã€ã³ã¿ãŒãã§ã€ã¹ãç¡å·®å¥ã¢ãŒãããéåžžã¢ãŒãã«åãæ¿ãããè² è·ããããã«æžå°ããŸããã
ã€ãŸããããªããžãå解ãããã®å šäœã®æé ã«ããããµãŒããŒã®å šäœçãªè² è·ãã»ãŒ2åã«åæžãããŸãããSoftirqã¯çŸåš50ã100ïŒ ã§ã¯ãªãã25ã50ïŒ ã§ããåæã«ããããã¯ãŒã¯ãžã®ã¢ã¯ã»ã¹å¶åŸ¡ãæ¹åãããã ãã§ãã
æé©å5
æåŸã®æé©åã®åŸãè² è·ã¯èããäœäžããŸããããå¥åŠãªããšã«æ°ã¥ããŸããïŒiowaitãå¢å ããŸãããããã»ã©å€ããªãã0-0.3ïŒ ãã5-7ïŒ ãããã¯ããã®ãµãŒããŒã§å®éã«ãã£ã¹ã¯æäœãè¡ãããªããšããäºå®ãèæ ®ã«å ¥ããŠããŸãããã±ãããã¹ããŒããã ãã§ãã

ïŒéããŠãŒã¶ãŒæé-ã«ãŒãã«ã®ã³ã³ãã€ã«ïŒ
iostatã¯ã800-820 Blk_wrtn / sã§ãã£ã¹ã¯ã«äžå®ã®è² è·ã
ããããšã瀺ããŸãããæžã蟌ã¿å¯èœãªããã»ã¹ã®æ€çŽ¢ãéå§ããŸããããã«ãã£ã«ã¡ã³ã
echo 1 > /proc/sys/vm/block_dump
å¥åŠãªçµæããããããïŒç¯äººã¯
kjournald(483): WRITE block 76480 on md0 md0_raid1(481): WRITE block 154207744 on sdb2 md0_raid1(481): WRITE block 154207744 on sda3
Ext3ã¯ã¢ãŒã
data=writeback, noatime
ã§ããããã°ãé€ããŠããã£ã¹ã¯ã«ã¯äœãæžã蟌ãŸããŸãããããããæšæ¥æžã蟌ãŸãããã°ã¯ä»æ¥æžã蟌ãŸãããã®ããªã¥ãŒã ã¯å¢å ããŠããŸãããã€ãŸããiowaitãå¢å ããå¿ èŠã¯ãããŸããã§ããã
ç§ã¯èªåã®é ã®äžã®ã¹ããããç§ããã£ãŠããããšãiowaitã«åœ±é¿ãäžããå¯èœæ§ã®ãããã®ãã¹ã¯ããŒã«ãå§ããŸããããã®çµæãsyslogãåæ¢ããiowaitãæ¥æ¿ã«ã0ïŒ ã«äœäžãã
ãããdhcpãã¡ãã»ãŒãžã§ã¡ãã»ãŒãžãä¹±éã«ããªãããã«ãlog-facility local6ã«éä¿¡ããsyslog.confã«æžã蟌ã¿ãŸããã
*.info;mail.none;authpriv.none;cron.none;local6.none /var/log/messages local6.info /var/log/dhcpd.log
syslogãä»ããŠæžã蟌ãå Žåãåè¡ã§åæãè¡ãããããšãå€æããŸãããdhcpãµãŒããŒãžã®èŠæ±ã¯éåžžã«å€ãããã°ãååŸããå€ãã®ã€ãã³ããçæãããå€ãã®åæãåŒã³åºãããŸãã
ä¿®æ£ãã
local6.info -/var/log/dhcpd.log
ç§ã®å Žåãiowaitã¯10ã100åæžå°ãã5ã7ïŒ ã§ã¯ãªãã0ã0.3ïŒ ã«ãªããŸããã
æé©åã®çµæïŒ

ãªããã®èšäºã
ãŸããå€å誰ããããããèªåèªèº«ã®ããã®æçšãªè§£æ±ºçãåŒãåºãã§ããããããã§èª¬æããåºæ¥äºã®ã»ãšãã©ã¯ã°ãã³ä»¥åã®æ代ã®ãã®ã§ããããã°ãŒã°ã«ã¬ã·ããã¯ããŸã圹ã«ç«ã¡ãŸããã§ããããç§ã¯ããã§ã¢ã¡ãªã«ãçºèŠããŸããã§ããã
第äºã«ãéçºè ã¯ã³ãŒããæé©åãã代ããã«èšç®èœåã®åäžã«åãçµãã§ãããšããäºå®ã«åžžã«å¯ŸåŠããå¿ èŠããããŸãããã®èšäºã¯ãå¿ èŠã«å¿ããŠãäœåºŠããã¹ããããã³ãŒãã§ãšã©ãŒãèŠã€ããŠç®¡çã§ãããšããäºå®ã®äŸã«ãªããŸãããµã€ãéçºè ã®90ïŒ ã¯ãèªåã®ãã·ã³ã§ãµã€ãã®äœæ¥ã確èªãããããéçšç°å¢ã«å ¥ããŸãããã®åŸãè² è·ãããããšå šäœãé ããªããŸãã管çãµãŒããŒããããããŸãããã®å ŽåããµãŒããŒãæé©åããããšã«ãããã³ãŒããæåã«æé©ã«æžãããŠããªããšãã»ãšãã©éæã§ããŸããããããŠãæ°ãããµãŒããŒããŸãã¯å¥ã®ãµãŒããŒãšãã©ã³ãµãŒãè³Œå ¥ããŸãããã®åŸããã©ã³ãµãŒã®ãã©ã³ãµãŒãªã©ããŸããå éšã®ã³ãŒãã¯æé©ã§ã¯ãªããæ°žé ã«æ®ããŸãããã¡ãããçŸåšã®çŸå®ã§ã¯ãã³ãŒãã®æé©åã¯å€§èŠæš¡ãªãã£ãã·ãã£ãã«ãã£ã³ã°ãããé«äŸ¡ã§ãããããããèšå€§ãªæ°ã®ãèªå®¶è£œãã®ITå°é家ã®åºçŸã«ããããäžæ£ãªã³ãŒããã®éã¯æ·±å»ã«ãªããŸãã
ãã¹ã¿ã«ãžãã¯ããïŒç§ã¯æ£ã«å€ãã©ããããããP3-866 2001ïŒèª°ããããã«äœãèšããªããããœããã¯CF-T1ïŒãæã£ãŠããŸãããä»ã§ã¯ãã®ãµã€ããèŠãããšããã§ããŸããã4ã³ã¢/ 4ã®ã°ãå¿ èŠãšããä»æ¥ã®ã¢ã³ã¹ã¿ãŒã«å£ããªãã²ãŒã ãã¬ã€ã®èŠ³ç¹ãããZX-Spectrumã®é¢çœãããã¡ããæãèŠããŠããŸã