{"id":93353,"date":"2022-03-11T15:58:21","date_gmt":"2022-03-11T14:58:21","guid":{"rendered":"https:\/\/blog.wedos.cz\/?p=93353"},"modified":"2022-03-11T15:58:22","modified_gmt":"2022-03-11T14:58:22","slug":"budovani-wedos-global-prvni-domluvena-mista-pro-infrastrukturu","status":"publish","type":"post","link":"https:\/\/blog.wedos.com\/cs\/budovani-wedos-global-prvni-domluvena-mista-pro-infrastrukturu","title":{"rendered":"Budov\u00e1n\u00ed WEDOS Global – Prvn\u00ed domluven\u00e1 m\u00edsta pro infrastrukturu"},"content":{"rendered":"\n

Kdy\u017e na n\u00e1s v dubnu 2021 \u0161ly nejsiln\u011bj\u0161\u00ed \u00fatoky v d\u011bjin\u00e1ch \u010desk\u00e9ho internetu<\/a>, kter\u00e9 dok\u00e1zaly ucpat na kr\u00e1tkou chv\u00edli v\u0161echny 3 na\u0161e 100 Gbps trasy, pochopili jsme, \u017ee se m\u011bn\u00ed pravidla. I p\u0159es upgrade hardware na\u0161ich ochran, pos\u00edlen\u00ed infrastruktury a zaveden\u00ed nov\u00fdch proces\u016f, byla jen ot\u00e1zka \u010dasu, ne\u017e se z kr\u00e1tk\u00fdch \u00fatok\u016f o t\u00e9to s\u00edle stanou \u00fatoky del\u0161\u00ed anebo dokonce permanentn\u00ed.<\/p>\n\n\n\n\n\n\n\n

Takto siln\u00e9 \u00fatoky p\u0159et\u011b\u017euj\u00ed nejen konektivitu na\u0161ich dodavatel\u016f, ale i \u0159ady ISP p\u0159es kter\u00e9 jdou. N\u011bkte\u0159\u00ed nemaj\u00ed ani zdaleka konektivitu jako my. P\u0159esto od nich odch\u00e1z\u00ed \u00fatoky z napaden\u00fdch za\u0159\u00edzen\u00ed. Dnes dok\u00e1\u017ee siln\u00fd \u00fatok vytvo\u0159it nejen napaden\u00fd server, po\u010d\u00edta\u010d, ale i chytr\u00e1 televize anebo ledni\u010dka. Schv\u00e1ln\u011b si srovnejte, jak\u00e9 m\u00e1te p\u0159ipojen\u00ed doma dnes a jak\u00e9 jste m\u011bli p\u0159ed 5 anebo 10 lety. Kolik nov\u00fdch za\u0159\u00edzen\u00ed m\u00e1 k p\u0159\u00edstup k s\u00edti a jak\u00e9 procesory pou\u017e\u00edvaj\u00ed. Za 5 – 10 let se v\u0161echno posunulo stra\u0161n\u011b kup\u0159edu. <\/p>\n\n\n\n

M\u016f\u017eeme navy\u0161ovat konektivitu, posilovat infrastrukturu, ale tady v \u010cR utlu\u010dou n\u00e1s anebo na\u0161e poskytovatele. Proto jedinou cestou je vyrazit do sv\u011bta. P\u0159esunout boj na lok\u00e1ln\u00ed boji\u0161t\u011b po cel\u00e9m sv\u011bt\u011b p\u0159\u00edmo tam, kde vznikaj\u00ed. A p\u0159esn\u011b to bude m\u00edt za \u00fakol decentralizovan\u00e1 celosv\u011btov\u00e1 s\u00ed\u0165 WEDOS Global. <\/p>\n\n\n\n

Co je WEDOS Global<\/h2>\n\n\n\n

WEDOS Global vyu\u017e\u00edv\u00e1 technologii BGP anycast, kter\u00e1 umo\u017e\u0148uje aby na dotaz n\u00e1v\u0161t\u011bvn\u00edka odpov\u011bd\u011bl v\u017edy jemu nejbli\u017e\u0161\u00ed server. Na rozd\u00edl od b\u011b\u017en\u00e9ho \u0159e\u0161en\u00ed, kdy odpov\u011b\u010f zn\u00e1 jen 1 server na cel\u00e9m internetu. Tato technologie se vyu\u017e\u00edv\u00e1 nap\u0159\u00edklad pro anycastDNS anebo CDN. Oboj\u00ed m\u00e1me v pl\u00e1nu \ud83d\ude42<\/p>\n\n\n\n

Podstatou WEDOS Global je tedy rozm\u00edst\u011bn\u00ed server\u016f po cel\u00e9m sv\u011bt\u011b tak, aby zachyt\u00e1valy provoz v dan\u00e9 lokalit\u011b.<\/p>\n\n\n\n

V na\u0161em p\u0159\u00edpad\u011b se bude jednat o serverov\u00e9 sk\u0159\u00edn\u011b HPE Moonshot 1500, kter\u00e9 obsahuj\u00ed 45 fyzick\u00fdch server\u016f a 2 switche. D\u00edky dv\u011bma integrovan\u00fdm s\u00ed\u0165ov\u00fdm switch\u016fm (4 x 40GE a 8 x 10 GE porty) s full duplex p\u0159ipojen\u00edm (obousm\u011brn\u00e9) m\u016f\u017ee b\u00fdt jeden HPE Moonshot p\u0159ipojen a\u017e 320 Gbps konektivitou,. Po\u010d\u00edt\u00e1me, \u017ee vyu\u017eijeme jen polovinu a zbytek bude na redundanci. Nov\u00fd pln\u011b osazen\u00fd HPE Moonshot 1500 stoj\u00ed zhruba jako rodinn\u00fd d\u016fm.<\/p>\n\n\n\n

\"\"
HPE Mooshot 1500 – vyta\u017een\u00e9 2 servery a 1 switch<\/figcaption><\/figure>\n\n\n\n

P\u016fvodn\u011b jsme m\u011bli v pl\u00e1nu v prvn\u00ed f\u00e1zi rozm\u00edstit HPE Moonshoty do 5 lokac\u00ed. V\u0161e otestovat, doladit a p\u0159idat dal\u0161\u00ed. Bohu\u017eel situace za\u010d\u00edn\u00e1 b\u00fdt v\u00e1\u017en\u00e1. V kyberprostoru zu\u0159\u00ed v\u00e1lka a \u010desk\u00fd nam\u011b\u0159en\u00fd rekord DDoS \u00fatok\u016f 164,3 Gbps z roku 2021<\/a> byl minul\u00fd t\u00fdden p\u0159ekon\u00e1n. \u010cl\u00e1nek p\u0159ipravujeme. \u00datok byl nav\u00edc celkem dlouh\u00fd a \u0159ada ISP to odnesla. Pokud v\u00edme, tak se v posledn\u00edch dnech \u00fato\u010d\u00ed siln\u011b i na jin\u00e9 hostingy.<\/p>\n\n\n\n

Mus\u00edme tak v\u0161e urychlit a po\u0159\u00e1dn\u011b \u0161k\u00e1lovat. P\u0159ipraveni na to u\u017e t\u00e9m\u011b\u0159 jsme. Na fotce z na\u0161eho druh\u00e9ho datacentra WEDOS DC2 vid\u00edte 3 palety s 20 pln\u011b osazen\u00fdmi HPE Moonshoty. K tomu 1 se p\u0159ipravuje ve vedlej\u0161\u00ed m\u00edstnosti, 2 jsou p\u0159ipraven\u00e9 na expedici a 2 u\u017e zapojen\u00e9 v provozu.<\/p>\n\n\n\n

\"\"
Celkem 20 pln\u011b osazen\u00fdch HPE Moonshot ve WEDOS DC2<\/figcaption><\/figure>\n\n\n\n

T\u00edm to ale nekon\u010d\u00ed. Aktivn\u011b jedn\u00e1me o n\u00e1kupu dal\u0161\u00edch 25 kus\u016f pro dal\u0161\u00ed f\u00e1ze na\u0161\u00ed expanze WEDOS Global.<\/p>\n\n\n\n

Aktu\u00e1ln\u00ed stav WEDOS Global<\/h2>\n\n\n\n

Poda\u0159ilo se n\u00e1m dokon\u010dit v\u00fdvoj decentralizovan\u00e9 s\u00edt\u011b, te\u010f se lad\u00ed detaily, sb\u00edraj\u00ed data atd. Testovac\u00ed provoz jde u\u017e p\u0159es prvn\u00ed body. <\/p>\n\n\n\n

Aktu\u00e1ln\u011b m\u00e1me dva body. Jeden v Hlubok\u00e9 nad Vltavou a druh\u00fd v Praze. Jsou v pl\u00e1nu \u00fapravy a pos\u00edlen\u00ed konektivity. Chceme vyzkou\u0161et 100 Gbps propoj do Peering.cz, otestovat si jak to p\u016fjde, jak zvl\u00e1dnout velk\u00e9 \u00fatoky. Tento propoj bude p\u0159es DC Sitel, kde bychom r\u00e1di nav\u00fd\u0161ili celkovou konektivitu na 410 Gbps (Telia, Cogent). D\u00e1le m\u00e1me p\u0159ipojen\u00ed 100 Gbps p\u0159es DC \u010cDT U2 , kde m\u00e1me a budeme m\u00edt 110 Gbps (\u010cDT + Kaora). <\/p>\n\n\n\n

V Praze si odfiltrujeme co pot\u0159ebujeme a pak vedeme \u010dist\u00fd provoz p\u0159es 3×100 Gbps k n\u00e1m na Hlubokou nad Vltavou. <\/p>\n\n\n\n

Jde hlavn\u011b o to l\u00e9pe pokr\u00fdt provoz z \u010cR a pos\u00edlit zahrani\u010d\u00ed.<\/p>\n\n\n\n

Prvn\u00ed Moonshot um\u00edst\u00edme do V\u00eddn\u011b (Telia). Pokud v\u0161e klapne, tak u\u017e p\u0159\u00ed\u0161t\u00ed t\u00fdden. Vypad\u00e1 to, \u017ee si ho tam prost\u011b odvezeme sami. S Telia domlouv\u00e1me je\u0161t\u011b Mnichov. <\/p>\n\n\n\n

D\u00e1le m\u00e1me podepsan\u00e9 smlouvy na n\u011bkolik let s dal\u0161\u00edmi dodavateli a to nyn\u00ed v 7 lokalit\u00e1ch:<\/p>\n\n\n\n