Hiya! Merion Metrics our call stats (CDR) application for Asterisk, it shows the most important diagrams and call graphs as well as call history in an easy and convenient format. Showing call stats this way makes them easy to understand for everyone - from CEO to an office manager About Merion Metrics Short description of Merion Metrics: Full statistics - the most important info only: date, time, source and destination of a call, as well as it’s recording; Free trial - try the whole spectrum of these features - completely for free; Easy and quick installation - we are always here to help you; Cross-platform - developed in Java. Compatible with any UNIX platform; For supervisors - Got tired of heavy and awkward CDR interface in FreePBX? Or maybe you experienced something similar with CDR Viewer? we know that feeling; Easy to export in PDF and CSV - export all your calls into PDF and send it over to your colleagues in an easy readable format; Try Merion Metrics for free: Try Merion Metrics Merion Metrics Installation Attention! You should to have a license key from our support team at this point. You can get it by follow link: https://asterisk.merionet.ru/merionmetrics Of course for your convenience we have a step by step video guide. Enjoy :) Installation video - guide Installation guide by plain text System Requirements RAM: 256 MB min CPU: Pentium 2 266 ÌÃö + ìèíèìóì Java Runtime Environment (JRE): version 8+ Browser: Internet Explorer 9+ Preparation Firstly, connect to your Asterisk via SSH using user root. Directory creation for the app Run the following commands: mkdir /home/merionstat Upload app distro MerionMonitoring-*.*.*.jar into the directory you’ve just created: /home/merionstat. You can do that using WinSCP, for example. Important: App distro will have a certain version number. Here, in the installation guide, we always put version number as MerionMonitoring-*.*.*.jar. In your case it will be something like MerionMonitoring-1.1.9.jar. SQL user creation Follow the link that will generate an uncrackable password and right it down on save it somewhere. After that, execute the following command sequence: mysql CREATE USER 'interface'@'localhost' IDENTIFIED BY 'your_password'; GRANT SELECT, CREATE, INSERT ON asteriskcdrdb.* TO 'interface'@'localhost' IDENTIFIED BY 'your_password'; Where your_password - some freshly generated password from the link above ïàðîëü. For example: mysql CREATE USER 'interface'@'localhost' IDENTIFIED BY '6nzB0sOWzz'; GRANT SELECT, CREATE, INSERT ON asteriskcdrdb.* TO 'interface'@'localhost' IDENTIFIED BY '6nzB0sOWzz'; And yet another reminder – save your password somewhere else. Call recordings directory For sake of playing call recordings through our app, you have to do the following: Generate another password via our password generator and save it;. Execute the following commands: mkdir /var/www/html/generated_password chown asterisk:asterisk /var/www/html/generated_password chmod 775 /var/www/html/generated_password For example: mkdir /var/www/html/5v9MpbtUA8 chown asterisk:asterisk /var/www/html/5v9MpbtUA8 chmod 775 /var/www/html/5v9MpbtUA8 Open file /etc/fstab and add there the following sequence: /var/spool/asterisk/monitor/ /var/www/html/generated_password/ none rbind 0 0 For example: /var/spool/asterisk/monitor/ /var/www/html/5v9MpbtUA8/ none rbind 0 0 Save all the changes in fstab file. After that, execute the following command in CLI: mount -a Start Application launch Run the following commands: cd /home/merionstat nohup java -jar MerionMonitoring-*.*.*.jar & Right after command’s execution press Enter. Application setup The first connection After launching .jar archive, please open the following address in your web-browser: http://your_IP_address:7070/#!/config (You can use any browser, we recommend using Google Chrome). Once it opened, enter your license key – you can get it from our support engineer. Click “Check the license”. If you encounter any kind of a problem during that phase, please address it to our technical support team: helpdesk@merionet.ru. After that you have to pass the initial authorization, and to do that, you need to use the following credentials: admin/IEJu1uh32 On the next step you’ll need to configure database connection. If you are using Asterisk IP - PBX, just follow the guide: Database - mysql or mariadb; DB host: If your DB installed on the same server as our application - localhost; If your DB installed on some kind of external server - IP_address_of_your_database; DB port - is being set up automatically, so please change it only if your DB is listening for requests on another port; DB connection string - leave this without changes; Table name - In case of Asterisk it’s cdr; Scheme - that should be the name of database, for Asterisk it’s asteriskcdrdb; User - You created the user some time ago in “SQL user creation” part of this guide. If you copied all the commands without any changes – that would be interface; Password - the one you’ve probably generated using our password generator; Voice recordings host - link like http://your_ip_address/generated_password/, where generated_password is a sequence you created on a previous stage Call recordings directory. So, it’s gonna be something like http://192.168.1.7/5v9MpbtUA8/; Station type - Asterisk; After you finish all the above, click “Connect”. If something went wrong, address the issue to our support team helpdesk@merionet.ru. On the next step, you have to match field name in the table with it’s actual meaning. In case of Asterisk you can leave everything as it is. At the bottom of this page click the button “Set the matches” and “Launch the Application”. Our app will redirect you to the application’s initial page. By default, administrator’s login and password are: admin/admin Known issues Application is already launched If you can’t open the app using the default link http://IP_ADDRESS:7070/#!/config, please check if it wasn’t launched before. To do so, please run the command below: ps aux | grep Merion Analyze the command output: root 4919 0.1 13.1 2120384 801784 ? Sl Dec11 19:12 java -jar MerionMonitoring-*.*.*.jar If you see something similar, you have to kill the process using it’s PID (marked with orange in output example above). So execute the following command: kill -9 4919 Check the output again: ps aux | grep Merion If the one you’ve seen before is gone, then you can try to lauch it again: cd /home/merionstat nohup java -jar MerionMonitoring-*.*.*.jar & Database on the external server If you are connecting to an external data base, you need to add some additional configuration for MySQL settings, that you’ve done in “SQL user creation”. You might need it if you install call stats app on a different server, not the one you have Asterisk installed on. In this case you need to run the following commands on the server where you have your DB (usually it’s your Asterisk server): mysql GRANT SELECT, CREATE, INSERT ON asteriskcdrdb.* TO 'interface'@'IP_àäðåñ_èíòåðôåéñà' IDENTIFIED BY ''your_password'; Where: your_password - password generated with our our tool; Call_stats_app_IP_ADDRESS - IP-address of the server where you decided to install our Call Stats Application. For example: mysql GRANT SELECT, CREATE, INSERT ON asteriskcdrdb.* TO 'interface'@'192.168.1.78' IDENTIFIED BY '6nzB0sOWzz'; Also, please check that the following ports are open: 3306 - for MySQL and MariaDB; 5432 - for PostgreSQL. Slow data loading If you are experiencing some issues with data download – it might be related to the big size of your database. We recommend to launch our app (.jar file) with some additional keys. According to the “Application launch”, run the following command: cd /home/merionstat nohup java -jar MerionMonitoring-*.*.*.jar -Xms128m -Xmx256m & Where: -Xms128m - minimal amount of RAM available for the app. In our example – it’s 128 Megabytes. -Xmx256m - maximum amount of RAM available for the app. In our example – it’s 256 Megabytes; How to send a request to our support team? If you are experiencing any technical issues with configuration of our app – we will definitely help you. We’ll need the files from /home/merionstat directory – the one where you’ve put our distro MerionMonitoring-*.*.*.jar, according to step “Directory creation for the app”. Depending on the phase where you’ve encountered any technical issues, you might have the following files there: columns_mapping.cfg configuration.properties nohup.out Please send us those files and description of your issue – we’ll try to help you. Telegram - @merion_support_bot Email - helpdesk@merionet.ru

Ñèñòåìà äîìåííûõ èìåí (DNS – Domain Name System) îáåñïå÷èâàåò ñåòåâóþ êîììóíèêàöèþ. DNS ìîæåò ïîêàçàòüñÿ êàêîé-òî íåâèäèìîé ñèëîé èëè ñóùíîñòüþ äî òåõ ïîð, ïîêà ÷òî-òî ïîéäåò íå òàê, ïîòîìó ÷òî åñëè DNS âûéäåò èç ñòðîÿ, òî íè÷åãî ðàáîòàòü íå áóäåò.  äàííîé ñòàòüå áóäóò ðàññìîòðåíû ïåðåäîâûå ìåòîäû è íàèáîëåå âàæíûå ìåðû áåçîïàñíîñòè äëÿ ïîääåðæàíèÿ ðàáîòîñïîñîáíîñòè âàøåé èíôðàñòðóêòóðû DNS. ×òîáû ñîçäàòü áåçîïàñíóþ è íàäåæíóþ DNS, îáÿçàòåëüíî èçó÷èòå ïåðå÷èñëåííûå íèæå ïóíêòû. Ïåðåäîâûå òåõíîëîãèè äëÿ îáåñïå÷åíèÿ âûñîêîé ïðîèçâîäèòåëüíîñòè DNS Îáåñïå÷åíèå èçáûòî÷íîñòè è âûñîêîé äîñòóïíîñòè DNS DNS ÿâëÿåòñÿ îñíîâîé ñåòåâûõ ïðèëîæåíèé, ïîýòîìó èíôðàñòðóêòóðà DNS äîëæíà áûòü âûñîêî äîñòóïíîé. À ÷òîáû îáåñïå÷èòü íåîáõîäèìûé óðîâåíü èçáûòî÷íîñòè, â âàøåé îðãàíèçàöèè äîëæíî áûòü, êàê ìèíèìóì, äâà DNS-ñåðâåðà, ïåðâè÷íûé è âòîðè÷íûé. ×òîáû îáåñïå÷èòü ðàáîòó êðèòè÷åñêè âàæíûõ äëÿ áèçíåñà ñèñòåì, íåîáõîäèìî èìåòü, êàê ìèíèìóì, äâà âíóòðåííèõ DNS-ñåðâåðà. Âñå ñèñòåìû àêòèâíîãî êàòàëîãà, îáìåíà äàííûìè è ýëåêòðîííîé ïî÷òû ïîëàãàþòñÿ íà êîððåêòíóþ ðàáîòó DNS. Áåç èñïðàâíî ôóíêöèîíèðóþùèõ âíóòðåííèõ DNS-ñåðâåðîâ âíóòðåííèå óñòðîéñòâà íå áóäóò èìåòü âîçìîæíîñòè îáìåíèâàòüñÿ äàííûìè. Åñëè íà îäíîì DNS-ñåðâåðå âîçíèêíåò ïðîáëåìà, òî âòîðîé ñðàçó æå çàìåíÿåò åãî. Àäìèíèñòðàòîðû íàñòðàèâàþò îáîðóäîâàíèå òàê, ÷òîáû àâòîìàòè÷åñêè èñïîëüçîâàëñÿ âòîðè÷íûé DNS, åñëè ïåðâè÷íûé íå îòâå÷àåò. IP-àäðåñ âíóòðåííåãî DNS-ñåðâåðà ìîæåò áûòü ëþáûì â äèàïàçîíå IP-àäðåñîâ ÷àñòíîé ñåòè. Îáåñïå÷èâàÿ èçáûòî÷íîñòü DNS-ñåðâåðîâ, âû ìîæåòå äîáèòüñÿ âûñîêîé äîñòóïíîñòè èíôðàñòðóêòóðû DNS. Íåïðåðûâíàÿ ðåïëèêàöèÿ ñ ïåðâè÷íûõ ñåðâåðîâ íà âòîðè÷íûå îáåñïå÷èò ñèíõðîíèçàöèþ âàøèõ DNS-çàïèñåé è çàùèòèò ñèñòåìó îò ñáîåâ. Âû ìîæåòå áûòü óâåðåíû â òîì, ÷òî êîíå÷íûé ïîëüçîâàòåëü âñåãäà áóäåò èìåòü âîçìîæíîñòü ïîëó÷èòü äîñòóï ê ñèñòåìàì. Ñîêðûòèå DNS-ñåðâåðîâ è DNS-èíôîðìàöèè Íå êàæäûé DNS-ñåðâåð è íå êàæäàÿ èíôîðìàöèÿ äîëæíà áûòü äîñòóïíà äëÿ âñåõ ïîëüçîâàòåëåé. Âî-ïåðâûõ, îòêðîéòå òîëüêî òå ñåðâåðû è äàííûå, êîòîðûå íåîáõîäèìû ëèöàì, íåïîñðåäñòâåííî èñïîëüçóþùèì ýòè ñåðâåðû. Ýòî îñîáåííî âàæíî, åñëè âàøè äîìåííûå èìåíà ÿâëÿþòñÿ îáùåäîñòóïíûìè. Âî-âòîðûõ, ñêðîéòå ñâîé îñíîâíîé DNS-ñåðâåð. Âíåøíèå ïîëüçîâàòåëè íå äîëæíû âèäåòü ïåðâè÷íûå ñåðâåðû. Çàïèñè äëÿ ýòèõ ñåðâåðîâ íå äîëæíû áûòü âèäíû íè â îäíîé îáùåäîñòóïíîé áàçå äàííûõ ñåðâåðîâ èìåí. Çàïðîñû îò ïîëüçîâàòåëåé äîëæíû îáðàáàòûâàòü òîëüêî âòîðè÷íûå DNS-ñåðâåðû. Åñëè DNS-ñåðâåð äîñòóïåí çà ïðåäåëàìè âàøåé ñåòè, òî ýòî äîëæåí áûòü àâòîðèòàòèâíûé DNS-ñåðâåð. Âíåøíèì ïîëüçîâàòåëÿì íå íóæíî îáðàùàòüñÿ ê âàøèì ðåêóðñèâíûì DNS-ñåðâåðàì. Ñèñòåìíàÿ êîíôèãóðàöèÿ áóäåò âûñîêîïðîèçâîäèòåëüíîé òîëüêî òîãäà, êîãäà ñåðâåð áóäåò îòâå÷àòü òîëüêî íà èòåðàòèâíûå çàïðîñû äëÿ ñîîòâåòñòâóþùèõ çîí, çà êîòîðûå îí îòâå÷àåò.  äîâåðøåíèå êî âñåìó, èìåòü äîñòóï ê ïåðâè÷íûì ñåðâåðàì äîëæíû òîëüêî ñèñòåìíûå àäìèíèñòðàòîðû è IT-ïåðñîíàë âàøåé îðãàíèçàöèè. Åñëè âàøè ïåðâè÷íûå DNS-ñåðâåðû áóäóò îòêðûòû äëÿ âñåõ âíóòðåííèõ ïîëüçîâàòåëåé, òî ýòî ìîæåò ñîçäàòü ñåðüåçíóþ óãðîçó äëÿ áåçîïàñíîñòè. Êàê ïîêàçûâàåò ïðàêòèêà, ëó÷øå ñêðûâàòü DNS-ñåðâåðû è íåêîòîðûå äàííûå îò ïîëüçîâàòåëåé, êîòîðûì äîñòóï ê íèì íå íóæåí. Íóæíî ëè èñïîëüçîâàòü âíåøíèé èëè âíóòðåííèé DNS-ñåðâåð? Îòâåò íà äàííûé âîïðîñ çàâèñèò îò âíóòðåííåé íàñòðîéêè. ×òîáû óñòðîéñòâà â îäíîì äîìåíå ìîãëè îáùàòüñÿ äðóã ñ äðóãîì, âàì íåîáõîäèìî óêàçàòü âíóòðåííèé DNS-ñåðâåð. Âíåøíèå DNS-ñåðâåðû íå ìîãóò ðàáîòàòü ñ èìåíàìè õîñòîâ âíóòðåííèõ óñòðîéñòâ. Íàïðèìåð, êîãäà êîìïüþòåð DESKTOP1 îòïðàâëÿåò DNS-çàïðîñ äëÿ îôèñíîãî ïðèíòåðà èëè ñåðâåðà hr-1, òîëüêî âíóòðåííÿÿ DNS ìîæåò ïðåäîñòàâèòü çàïèñü ðåñóðñà. Åñëè âû íàñòðîèòå óñòðîéñòâî íà èñïîëüçîâàíèå âíåøíåãî DNS, íàïðèìåð, 8.8.8.8 Google, òî âû íå ñìîæåòå èñïîëüçîâàòü âíóòðåííèå ðåñóðñû. Âî âíóòðåííèõ ñðåäàõ íåîáõîäèìî óñòàíîâèòü, êàê ïåðâè÷íûé, òàê è âòîðè÷íûé DNS íà âíóòðåííèé ñåðâåð èìåí. Äàæå åñëè îñíîâíîé DNS-ñåðâåð äàñò ñáîé, ïðîáëåì ñ ïîäêëþ÷åíèåì íå áóäåò. Äîïîëíèòåëüíûé DNS-ñåðâåð ñîäåðæèò âñå çàïèñè è äåéñòâóåò êàê ðåçåðâíàÿ êîïèÿ.  ñëó÷àå âîçíèêíîâåíèÿ êàêîé-ëèáî ïðîáëåìû, ýòîò ñåðâåð îòâå÷àåò íà âñå çàïðîñû äî òåõ ïîð, ïîêà íå çàðàáîòàåò îñíîâíîé ñåðâåð. Èñïîëüçîâàíèå ëîêàëüíîãî èëè áëèæàéøåãî DNS-ñåðâåðà Îôèñû êðóïíûõ îðãàíèçàöèé ÷àñòî ðàñïîëîæåíû ïî âñåìó ìèðó.  òàêîì ñëó÷àå ñëåäóåò íàñòðîèòü ëîêàëüíûé DNS-ñåðâåð â êàæäîì îôèñå, åñëè ïîçâîëÿåò èíôðàñòðóêòóðà. À âñå ïîòîìó, ÷òî ëîêàëüíûé ñåðâåð ñîêðàùàåò âðåìÿ îòâåòà íà DNS-çàïðîñû. Åñëè æå çàïðîñ ïðîõîäèò ÷åðåç ãëîáàëüíóþ ñåòü ê óäàëåííîìó ñåðâåðó èìåí, òî âðåìÿ çàãðóçêè óâåëè÷èâàåòñÿ. Ïðè áîëüøîì êîëè÷åñòâå êëèåíòîâ, åñòåñòâåííî, óâåëè÷èâàåòñÿ êîëè÷åñòâî DNS-çàïðîñîâ. Îäíà öåíòðàëèçîâàííàÿ ãðóïïà DNS-ñåðâåðîâ, êîíå÷íî, ìîæåò îáðàáàòûâàòü âñå ýòè çàïðîñû, íî ñ áîëüøîé çàäåðæêîé. Åñëè êîìïüþòåðû ïîëüçîâàòåëåé áóäóò íàïðàâëÿòüñÿ íà ëîêàëüíûé èëè áëèæàéøèé ñåðâåð èìåí, òî âðåìÿ îòêëèêà ìîæåò ñóùåñòâåííî ñîêðàòèòüñÿ.  òàêîì ñëó÷àå çàäåðæêà íå ïðåâûøàåò 50 ìñ. Áîëåå òîãî, ýòî çíà÷åíèå îáû÷íî äàæå íàìíîãî íèæå. Èñïîëüçîâàíèå áëèæàéøåãî DNS-ñåðâåðà ñîêðàùàåò âðåìÿ çàãðóçêè äëÿ âñåõ óñòðîéñòâ. Òàêèì îáðàçîì, âû òàêæå óìåíüøàåòå íàãðóçêó íà óäàëåííûé ñåðâåð â øòàá-êâàðòèðå è ïîâûøàåòå åãî ïðîèçâîäèòåëüíîñòü. Çäåñü òàêæå îñòàåòñÿ àêòóàëüíîé ðåêîìåíäàöèÿ èìåòü, êàê ìèíèìóì, äâà DNS-ñåðâåðà. Ïåðåäîâûå ìåòîäû îáåñïå÷åíèÿ áåçîïàñíîñòè DNS DNS-ñåðâåðû î÷åíü ÷àñòî ñòàíîâÿòñÿ öåëüþ êèáåðàòàê. Âàæíûì øàãîì â ïðåäîòâðàùåíèè âòîðæåíèé â âàøó îðãàíèçàöèþ ÿâëÿåòñÿ çàùèòà èíôðàñòðóêòóðû DNS. ×òîáû èçáåæàòü ñåðüåçíîãî íàðóøåíèÿ íàñòðîåê DNS, îáÿçàòåëüíî èçó÷èòå ìåðû áåçîïàñíîñòè, îïèñàííûå íèæå. Âåäåíèå æóðíàëà DNS-ñåðâåðà Âåäåíèå æóðíàëà DNS-ñåðâåðà – ýòî îäèí èç ñàìûõ ýôôåêòèâíûõ ñïîñîáîâ îòñëåæèâàíèÿ àêòèâíîñòè DNS. Æóðíàëû ñîîáùàþò âàì, åñëè êòî-òî ïûòàåòñÿ âìåøàòüñÿ â âàøè DNS-ñåðâåðû. Ïîìèìî àêòèâíîñòè ïîëüçîâàòåëåé, æóðíàëû îòëàäêè ñîîáùàþò âàì î ïðîáëåìàõ ñ DNS-çàïðîñàìè èëè îáíîâëåíèÿìè. Æóðíàëû DNS òàêæå ïîêàçûâàþò ñëåäû îòðàâëåíèÿ êýøà. Ïðè òàêîì âèäå àòàêè çëîóìûøëåííèê èçìåíÿåò õðàíÿùèåñÿ â êýøå äàííûå è ñáèâàþò ïîëüçîâàòåëåé ñ êóðñà. Íàïðèìåð, IP-àäðåñ www.youtube.com ìîæåò áûòü çàìåíåí íà IP-àäðåñ âðåäîíîñíîãî ñàéòà. Êîãäà ïîëüçîâàòåëü îòïðàâëÿåò çàïðîñ â DNS äëÿ youtube.com, ñåðâåð òåïåðü âîçâðàùàåò íåâåðíûé IP-àäðåñ.  ðåçóëüòàòå ÷åãî ïîëüçîâàòåëè ïîïàäàþò íà òîò âåá-ñàéò, êîòîðûé îíè íå õîòåëè ïîñåùàòü è ñòàíîâÿòñÿ ìèøåíüþ äëÿ õàêåðîâ. Íåñìîòðÿ íà òî, ÷òî âåäåíèå æóðíàëà îòëàäêè DNS ïîâûøàåò óðîâåíü áåçîïàñíîñòè, íåêîòîðûå ñèñòåìíûå àäìèíèñòðàòîðû ðåøàþò ýòèì ïðåíåáðå÷ü. Îñíîâíàÿ ïðè÷èíà òàêîãî ðåøåíèÿ – ïîâûøåíèå ïðîèçâîäèòåëüíîñòè. Îòñëåæèâàíèå ñåòåâîé àêòèâíîñòè ìîæåò ïîìî÷ü âàì îáíàðóæèòü íåêîòîðûå àòàêè, òàêèå êàê DDoS, íî íå îòðàâëåíèå êýøà. Ïîýòîìó ìû íàñòîÿòåëüíî ðåêîìåíäóåì èñïîëüçîâàòü âåäåíèå æóðíàëîâ îòëàäêè DNS. Áëîêèðîâêà êýøà DNS Âñÿêèé ðàç, êîãäà ïîÿâëÿåòñÿ çàïðîñ îò êëèåíòà, DNS íàõîäèò èíôîðìàöèþ è ñîõðàíÿåò åå â êýøå äëÿ áóäóùåãî èñïîëüçîâàíèÿ. Ýòîò ïðîöåññ ïîçâîëÿåò ñåðâåðó áûñòðåå îòâå÷àòü íà îäíè è òå æå çàïðîñû. Çëîóìûøëåííèêè ìîãóò âîñïîëüçîâàòüñÿ ýòîé ôóíêöèåé ïóòåì èçìåíåíèÿ ñîõðàíåííîé èíôîðìàöèè. Ñëåäóþùèé øàã ïîñëå èñïîëüçîâàíèÿ æóðíàëîâ îòëàäêè DNS – ýòî áëîêèðîâêà êýøà DNS. Ýòî ôóíêöèÿ îïðåäåëÿåò, êîãäà êýøèðîâàííûå äàííûå ìîãóò áûòü èçìåíåíû. Ñåðâåð õðàíèò èíôîðìàöèþ î ïîèñêå â òå÷åíèå âðåìåíè, îïðåäåëÿåìîãî TTL (Time To Life - âðåìÿ æèçíè). Åñëè áëîêèðîâêà êýøà íå èñïîëüçóåòñÿ, òî èíôîðìàöèÿ ìîæåò áûòü ïåðåçàïèñàíà äî èñòå÷åíèÿ TTL. Ýòî îñòàâëÿåò ìåñòî äëÿ àòàê ñ îòðàâëåíèåì êýøà.  íåêîòîðûõ îïåðàöèîííûõ ñèñòåìàõ áëîêèðîâêà êýøà ìîæåò áûòü âêëþ÷åíà ïî óìîë÷àíèþ. Ìàñøòàá áëîêèðîâêè êýøà ìîæåò äîñòèãàòü 100%. Êîãäà óñòàíîâëåíî çíà÷åíèå 70, òî ïåðåçàïèñü äàííûõ íåâîçìîæíà äî èñòå÷åíèÿ 70% TTL. Ïðè îïðåäåëåíèè áëîêèðîâêè êýøà ðàâíûì 100 èçìåíåíèå êýøèðîâàííîé èíôîðìàöèè áëîêèðóåòñÿ äî èñòå÷åíèÿ âñåãî TTL. Ôèëüòðàöèÿ DNS-çàïðîñîâ äëÿ áëîêèðîâêè âðåäîíîñíûõ äîìåíîâ Ôèëüòðàöèÿ DNS – ýòî ýôôåêòèâíûé ñïîñîá îãðàíè÷èòü äîñòóï ïîëüçîâàòåëåé ê âåá-ñàéòó èëè äîìåíó. Îñíîâíàÿ ïðè÷èíà äëÿ áëîêèðîâêè ðàçðåøåíèÿ èìåí äëÿ äîìåíà – íàëè÷èå èíôîðìàöèè î âðåäîíîñíîñòè ýòîãî äîìåíà. Êîãäà êëèåíò îòïðàâëÿåò çàïðîñ íà çàáëîêèðîâàííûé âåá-ñàéò, DNS-ñåðâåð ïðåêðàùàåò ëþáóþ ñâÿçü ìåæäó íèìè. DNS-ôèëüòðàöèÿ çíà÷èòåëüíî ñíèæàåò âåðîÿòíîñòü ïðîíèêíîâåíèÿ âèðóñîâ è âðåäîíîñíûõ ïðîãðàìì â âàøó ñåòü. Êîãäà ïîëüçîâàòåëü íå ìîæåò ïîëó÷èòü äîñòóï ê âðåäîíîñíîé ñòðàíèöå, òî è êîëè÷åñòâî óãðîç, êîòîðûå ìîãóò ïðîíèêíóòü â âàøó èíôðàñòðóêòóðó, êðàéíå ìàëî. Òàêèì îáðàçîì, âàøåìó IT-ïåðñîíàëó íå òðåáóåòñÿ êðóãëîñóòî÷íî ðàáîòàòü, ÷òîáû î÷èùàòü ñèñòåìó îò âèðóñîâ. Ïîìèìî ñîîáðàæåíèé áåçîïàñíîñòè, åñòü åùå îäíà ïðè÷èíà, ïî êîòîðîé îðãàíèçàöèè ìîãóò çàáëîêèðîâàòü äîìåí – áèçíåñ-ïîëèòèêà èëè ïî ñîîáðàæåíèÿì ïðîèçâîäèòåëüíîñòè.  ñïèñîê çàáëîêèðîâàííûõ äîìåíîâ ìîãóò âõîäèòü ñîöèàëüíûå ñåòè, àçàðòíûå èãðû, ïîðíîãðàôèÿ, ñòðàíèöû ïîòîêîâîãî âèäåî èëè ëþáûå äðóãèå âåá-ñàéòû. DNS ìîæåò ôèëüòðîâàòü çàïðîñû ïî ïîëüçîâàòåëþ, ãðóïïå èëè áëîêèðîâàòü äîñòóï äëÿ âñåõ ïîëüçîâàòåëåé. Ñîâðåìåííûå ñèñòåìû îáåñïå÷åíèÿ çàùèòû ÏÎ è áðàíäìàóýðû èìåþò DNS-ôèëüòðàöèþ â ñòàíäàðòíîé êîìïëåêòàöèè. Íåêîòîðûå èç íèõ ïðåäîñòàâëÿþò ñïèñêè ïëîõèõ äîìåíîâ, êîòîðûå ðåãóëÿðíî îáíîâëÿþòñÿ. Âû ìîæåòå èñïîëüçîâàòü ãîòîâîå ïðîãðàììíîå ðåøåíèå è òàêèì îáðàçîì àâòîìàòèçèðîâàòü ôèëüòðàöèþ DNS, à íå äîáàâëÿòü íîâûå çàïèñè âðó÷íóþ. Ïðîâåðêà öåëîñòíîñòè äàííûõ DNS ñ ïîìîùüþ DNSSEC Ìîäóëè áåçîïàñíîñòè ñëóæáû äîìåííûõ èìåí (DNSSEC – Domain Name System Security Extensions) ãàðàíòèðóþò, ÷òî ïîëüçîâàòåëè ïîëó÷àò äåéñòâèòåëüíûå îòâåòû íà ñâîè çàïðîñû. Öåëîñòíîñòü äàííûõ äîñòèãàåòñÿ çà ñ÷åò öèôðîâîé ïîäïèñè DNSSEC íà äàííûõ DNS, ïðåäîñòàâëÿåìûõ ñåðâåðàì èìåí. Êîãäà êîíå÷íûé ïîëüçîâàòåëü îòïðàâëÿåò çàïðîñ, DNS-ñåðâåð ïðåäîñòàâëÿåò öèôðîâóþ ïîäïèñü ñ îòâåòîì. Ñòàëî áûòü, ïîëüçîâàòåëè çíàþò, ÷òî îíè ïîëó÷èëè äîñòîâåðíóþ èíôîðìàöèþ â êà÷åñòâå îòâåòà íà îòïðàâëåííûé èìè çàïðîñ. Ýòîò äîïîëíèòåëüíûé óðîâåíü áåçîïàñíîñòè ïîìîãàåò áîðîòüñÿ ñ àòàêàìè íà ïðîòîêîë DNS. Àòàêè «ñïóôèíãà» DNS è îòðàâëåíèÿ êýøà óñïåøíî ïðåäîòâðàùàþòñÿ, ïîñêîëüêó DNSSEC îáåñïå÷èâàåò öåëîñòíîñòü äàííûõ è àâòîðèçàöèþ èõ èñòî÷íèêà.  äàëüíåéøåì ïîëüçîâàòåëè áóäóò óâåðåíû, ÷òî ïîñåùàþò èìåííî òå ñòðàíèöû, êîòîðûå õîòåëè ïîñåòèòü. Íàñòðîéêà ñïèñêîâ êîíòðîëÿ äîñòóïà Ñïèñêè êîíòðîëÿ äîñòóïà (ACL – Access Control Lists) – ýòî åùå îäèí ñïîñîá çàùèòû DNS-ñåðâåðîâ îò íåñàíêöèîíèðîâàííîãî äîñòóïà è àòàê «ñïóôèíãà». Ê âàøåìó îñíîâíîìó DNS-ñåðâåðó äîñòóï äîëæíû èìåòü òîëüêî ñèñòåìíûå è IT-àäìèíèñòðàòîðû. Íàñòðîéêà ACL äëÿ ðàçðåøåíèÿ âõîäÿùèõ ïîäêëþ÷åíèé ê ñåðâåðó èìåí ñ îïðåäåëåííûõ õîñòîâ ãàðàíòèðóåò òî, ÷òî òîëüêî îïðåäåëåííàÿ ÷àñòü ïåðñîíàëà ñìîæåò îáðàùàòüñÿ ê âàøèì ñåðâåðàì. Êðîìå òîãî, ACL äîëæíû îïðåäåëÿòü, êàêèå ñåðâåðû ìîãóò âûïîëíÿòü ïåðåäà÷ó çîí. Çëîóìûøëåííèêè ìîãóò ïîïûòàòüñÿ îïðåäåëèòü íàñòðîéêè âàøåé çîíû, îòïðàâèâ çàïðîñû íà ïåðåäà÷ó çîíû ÷åðåç âòîðè÷íûå DNS-ñåðâåðû. Åñëè âû çàáëîêèðóåòå âñå çàïðîñû íà ïåðåäà÷ó çîíû ÷åðåç âòîðè÷íûå ñåðâåðû, òî çëîóìûøëåííèê íå ñìîæåò ïîëó÷èòü èíôîðìàöèþ î çîíå. Ýòà êîíôèãóðàöèÿ íå ïîçâîëÿåò òðåòüèì ëèöàì ïîëó÷èòü ïðåäñòàâëåíèå î òîì, êàê îðãàíèçîâàíà âàøà âíóòðåííÿÿ ñåòü. Çàêëþ÷åíèå Âñåãäà åñòü âîçìîæíîñòè äëÿ óëó÷øåíèÿ ñèñòåìíîé àðõèòåêòóðû DNS è åå áåçîïàñíîñòè. Ïîñòîÿííûå óãðîçû ñêðûâàþòñÿ è æäóò, êîãäà ïîÿâèòñÿ óÿçâèìîñòü â âàøåé èíôîðìàöèîííîé ñèñòåìå, ÷òîáû âîñïîëüçîâàòüñÿ åé. Íî òåì íå ìåíåå, åñëè âû áóäåòå ñëåäîâàòü ðåêîìåíäàöèÿì, îïèñàííûì â äàííîì ðóêîâîäñòâå, òî âû îõâàòèòå íàèáîëåå âàæíûå àñïåêòû, êîòîðûå íåîáõîäèìû äëÿ îáåñïå÷åíèÿ áåçîïàñíîñòè è îòêàçîóñòîé÷èâîñòè âàøåé èíôðàñòðóêòóðû DNS.

Òðàíñïîðòíûé óðîâåíü OSI (óðîâåíü 4) îïðåäåëÿåò íåñêîëüêî ôóíêöèé, íàèáîëåå âàæíûìè èç êîòîðûõ ÿâëÿþòñÿ âîññòàíîâëåíèå ïîñëå îøèáîê è óïðàâëåíèå ïîòîêîì. Òî÷íî òàê æå ïðîòîêîëû òðàíñïîðòíîãî óðîâíÿ TCP / IP òàêæå ðåàëèçóþò òå æå òèïû ôóíêöèé. Îáðàòèòå âíèìàíèå, ÷òî è ìîäåëü OSI, è ìîäåëü TCP / IP íàçûâàþò ýòîò óðîâåíü òðàíñïîðòíûì. Íî, êàê îáû÷íî, êîãäà ðå÷ü èäåò î ìîäåëè TCP / IP, èìÿ è íîìåð óðîâíÿ îñíîâàíû íà OSI, ïîýòîìó ëþáûå ïðîòîêîëû òðàíñïîðòíîãî óðîâíÿ TCP / IP ñ÷èòàþòñÿ ïðîòîêîëàìè óðîâíÿ 4. Êëþ÷åâîå ðàçëè÷èå ìåæäó TCP è UDP çàêëþ÷àåòñÿ â òîì, ÷òî TCP ïðåäîñòàâëÿåò øèðîêèé ñïåêòð óñëóã ïðèëîæåíèÿì, à UDP-íåò. Íàïðèìåð, ìàðøðóòèçàòîðû îòáðàñûâàþò ïàêåòû ïî ìíîãèì ïðè÷èíàì, âêëþ÷àÿ áèòîâûå îøèáêè, ïåðåãðóçêó è ñëó÷àè, â êîòîðûõ íå èçâåñòíû ïðàâèëüíûå ìàðøðóòû. Èçâåñòíî, ÷òî áîëüøèíñòâî ïðîòîêîëîâ ïåðåäà÷è äàííûõ çàìå÷àþò îøèáêè (ïðîöåññ, íàçûâàåìûé error detection), è çàòåì îòáðàñûâàþò êàäðû, êîòîðûå èìåþò îøèáêè. TCP îáåñïå÷èâàåò ïîâòîðíóþ ïåðåäà÷ó (error recovery) è ïîìîãàåò èçáåæàòü ïåðåãðóçêè (óïðàâëåíèå ïîòîêîì), â òî âðåìÿ êàê UDP ýòîãî íå äåëàåò.  ðåçóëüòàòå ìíîãèå ïðèêëàäíûå ïðîòîêîëû ïðåäïî÷èòàþò èñïîëüçîâàòü TCP. Ðàçíèöà ìåæäó TCP è UDP â îäíîì âèäåî Îäíàêî íå äóìàéòå, ÷òî îòñóòñòâèå ñëóæá ó UDP äåëàåò UDP õóæå TCP. Ïðåäîñòàâëÿÿ ìåíüøå óñëóã, UDP òðåáóåò ìåíüøå áàéòîâ â ñâîåì çàãîëîâêå ïî ñðàâíåíèþ ñ TCP, ÷òî ïðèâîäèò ê ìåíüøåìó êîëè÷åñòâó áàéòîâ ñëóæåáíûõ äàííûõ â ñåòè. Ïðîãðàììíîå îáåñïå÷åíèå UDP íå çàìåäëÿåò ïåðåäà÷ó äàííûõ â òåõ ñëó÷àÿõ, êîãäà TCP ìîæåò çàìåäëÿòüñÿ íàìåðåííî. Êðîìå òîãî, íåêîòîðûì ïðèëîæåíèÿì, îñîáåííî ñåãîäíÿ, ê ïåðåäà÷å ãîëîñà ïî IP (VoIP) è âèäåî ïî IP, íå òðåáóåòñÿ âîññòàíîâëåíèå ïîñëå îøèáîê, ïîýòîìó îíè èñïîëüçóþò UDP. Èòàê, ñåãîäíÿ UDP òàêæå çàíèìàåò âàæíîå ìåñòî â ñåòÿõ TCP / IP.  òàáëèöå 1 ïåðå÷èñëåíû îñíîâíûå ôóíêöèè, ïîääåðæèâàåìûå TCP/UDP. Îáðàòèòå âíèìàíèå, ÷òî òîëüêî ïåðâûé ýëåìåíò, óêàçàííûé â òàáëèöå, ïîääåðæèâàåòñÿ UDP, òîãäà êàê TCP ïîääåðæèâàþòñÿ âñå ýëåìåíòû â òàáëèöå. Òàáëèöà ¹ 1 Ôóíêöèè òðàíñïîðòíîãî óðîâíÿ TCP/IP Ôóíêöèè Îïèñàíèå Ìóëüòèïëåêñèðîâàíèå ñ èñïîëüçîâàíèåì ïîðòîâ Ôóíêöèÿ, êîòîðàÿ ïîçâîëÿåò ïðèíèìàþùèì õîñòàì âûáèðàòü ïðàâèëüíîå ïðèëîæåíèå, äëÿ êîòîðîãî ïðåäíàçíà÷åíû äàííûå, íà îñíîâå íîìåðà ïîðòà. Âîññòàíîâëåíèå ïîñëå îøèáîê (íàäåæíîñòü) Ïðîöåññ íóìåðàöèè è ïîäòâåðæäåíèÿ äàííûõ ñ ïîìîùüþ ïîëåé çàãîëîâêà Sequence è Acknowledgment Óïðàâëåíèå ïîòîêîì ñ èñïîëüçîâàíèåì îêîí Ïðîöåññ, èñïîëüçóþùèé ðàçìåðû îêíà äëÿ çàùèòû áóôåðíîãî ïðîñòðàíñòâà è óñòðîéñòâ ìàðøðóòèçàöèè îò ïåðåãðóçêè òðàôèêîì. Óñòàíîâëåíèå è çàâåðøåíèå ñîåäèíåíèÿ Ïðîöåññ, èñïîëüçóåìûé äëÿ èíèöèàëèçàöèè íîìåðîâ ïîðòîâ, à òàêæå ïîëåé Sequence è Acknowledgment. Óïîðÿäî÷åííàÿ ïåðåäà÷à äàííûõ è ñåãìåíòàöèÿ äàííûõ Íåïðåðûâíûé ïîòîê áàéòîâ îò ïðîöåññà âåðõíåãî óðîâíÿ, êîòîðûé "ñåãìåíòèðóåòñÿ" äëÿ ïåðåäà÷è è äîñòàâëÿåòñÿ ïðîöåññàì âåðõíåãî óðîâíÿ íà ïðèíèìàþùåì óñòðîéñòâå ñ áàéòàìè â òîì æå ïîðÿäêå Äàëåå îïèñûâàþòñÿ âîçìîæíîñòè TCP, à çàòåì ïðèâîäèòñÿ êðàòêîå ñðàâíåíèå ñ UDP. Transmission Control Protocol Êàæäîå ïðèëîæåíèå TCP / IP îáû÷íî âûáèðàåò èñïîëüçîâàíèå TCP èëè UDP â çàâèñèìîñòè îò òðåáîâàíèé ïðèëîæåíèÿ. Íàïðèìåð, TCP îáåñïå÷èâàåò âîññòàíîâëåíèå ïîñëå îøèáîê, íî äëÿ ýòîãî îí ïîòðåáëÿåò áîëüøå ïîëîñû ïðîïóñêàíèÿ è èñïîëüçóåò áîëüøå öèêëîâ îáðàáîòêè. UDP íå âûïîëíÿåò èñïðàâëåíèå îøèáîê, íî òðåáóåò ìåíüøåé ïðîïóñêíîé ñïîñîáíîñòè è ìåíüøåãî êîëè÷åñòâà öèêëîâ îáðàáîòêè. Íåçàâèñèìî îò òîãî, êàêîé èç ýòèõ äâóõ ïðîòîêîëîâ òðàíñïîðòíîãî óðîâíÿ TCP / IP ïðèëîæåíèå âûáåðåò äëÿ èñïîëüçîâàíèÿ, âû äîëæíû ïîíèìàòü îñíîâû ðàáîòû êàæäîãî èç ýòèõ ïðîòîêîëîâ òðàíñïîðòíîãî óðîâíÿ. TCP, êàê îïðåäåëåíî â Request For Comments (RFC) 793, âûïîëíÿåò ôóíêöèè, ïåðå÷èñëåííûå â òàáëèöå 1, ÷åðåç ìåõàíèçìû íà êîíå÷íûõ êîìïüþòåðàõ. TCP ïîëàãàåòñÿ íà IP äëÿ ñêâîçíîé äîñòàâêè äàííûõ, âêëþ÷àÿ âîïðîñû ìàðøðóòèçàöèè. Äðóãèìè ñëîâàìè, TCP âûïîëíÿåò òîëüêî ÷àñòü ôóíêöèé, íåîáõîäèìûõ äëÿ äîñòàâêè äàííûõ ìåæäó ïðèëîæåíèÿìè. Êðîìå òîãî, ðîëü, êîòîðóþ îí èãðàåò, íàïðàâëåíà íà ïðåäîñòàâëåíèå óñëóã äëÿ ïðèëîæåíèé, óñòàíîâëåííûõ íà êîíå÷íûõ êîìïüþòåðàõ. Íåçàâèñèìî îò òîãî, íàõîäÿòñÿ ëè äâà êîìïüþòåðà â îäíîì Ethernet èëè ðàçäåëåíû âñåì Èíòåðíåòîì, TCP âûïîëíÿåò ñâîè ôóíêöèè îäèíàêîâî. Íà ðèñóíêå 1 ïîêàçàíû ïîëÿ çàãîëîâêà TCP. Õîòÿ âàì íå íóæíî çàïîìèíàòü íàçâàíèÿ ïîëåé èëè èõ ðàñïîëîæåíèå, îñòàâøàÿñÿ ÷àñòü ýòîé ëåêöèè îòíîñèòñÿ ê íåñêîëüêèì ïîëÿì, ïîýòîìó âåñü çàãîëîâîê âêëþ÷åí ñþäà äëÿ ñïðàâêè. Ñîîáùåíèå, ñîçäàííîå TCP, êîòîðîå íà÷èíàåòñÿ ñ çàãîëîâêà TCP, çà êîòîðûì ñëåäóþò äàííûå ïðèëîæåíèÿ, íàçûâàåòñÿ ñåãìåíòîì TCP.  êà÷åñòâå àëüòåðíàòèâû òàêæå ìîæåò èñïîëüçîâàòüñÿ áîëåå îáùèé òåðìèí PDU óðîâíÿ 4 èëè L4PDU. Ìóëüòèïëåêñèðîâàíèå ñ èñïîëüçîâàíèåì íîìåðîâ ïîðòîâ TCP È TCP, è UDP èñïîëüçóþò êîíöåïöèþ, íàçûâàåìóþ ìóëüòèïëåêñèðîâàíèåì. Ïîýòîìó ýòîò ïîäðàçäåë íà÷èíàåòñÿ ñ îáúÿñíåíèÿ ìóëüòèïëåêñèðîâàíèÿ ñ TCP è UDP. Ïîñëå ýòîãî èññëåäóþòñÿ óíèêàëüíûå âîçìîæíîñòè TCP. Ìóëüòèïëåêñèðîâàíèå ïî TCP è UDP âêëþ÷àåò â ñåáÿ ïðîöåññ òîãî, êàê êîìïüþòåð äóìàåò ïðè ïîëó÷åíèè äàííûõ. Íà êîìïüþòåðå ìîæåò áûòü çàïóùåíî ìíîæåñòâî ïðèëîæåíèé, òàêèõ êàê âåá-áðàóçåð, ýëåêòðîííàÿ ïî÷òà èëè ïðèëîæåíèå Internet VoIP (íàïðèìåð, Skype). Ìóëüòèïëåêñèðîâàíèå TCP è UDP ñîîáùàåò ïðèíèìàþùåìó êîìïüþòåðó, êàêîìó ïðèëîæåíèþ ïåðåäàòü ïîëó÷åííûå äàííûå. Îïðåäåëåííûå ïðèìåðû ïîìîãóò ñäåëàòü î÷åâèäíîé íåîáõîäèìîñòü ìóëüòèïëåêñèðîâàíèÿ. Ñåòü èç ïðèìåðà ñîñòîèò èç äâóõ êîìïüþòåðîâ, ïîìå÷åííûõ êàê Àííà è Ãðèøà. Àííà èñïîëüçóåò íàïèñàííîå åþ ïðèëîæåíèå äëÿ ðàññûëêè ðåêëàìíûõ îáúÿâëåíèé, êîòîðûå ïîÿâëÿþòñÿ íà ýêðàíå Ãðèãîðèÿ. Ïðèëîæåíèå îòïðàâëÿåò Ãðèãîðèþ íîâîå îáúÿâëåíèå êàæäûå 10 ñåêóíä. Àííà èñïîëüçóåò âòîðîå ïðèëîæåíèå, ÷òîáû îòïðàâèòü Ãðèøå äåíüãè. Íàêîíåö, Àííà èñïîëüçóåò âåá-áðàóçåð äëÿ äîñòóïà ê âåá-ñåðâåðó, êîòîðûé ðàáîòàåò íà êîìïüþòåðå Ãðèãîðèÿ. Ðåêëàìíîå ïðèëîæåíèå è ïðèëîæåíèå äëÿ ýëåêòðîííîãî ïåðåâîäà ÿâëÿþòñÿ âîîáðàæàåìûìè, òîëüêî äëÿ ýòîãî ïðèìåðà. Âåá-ïðèëîæåíèå ðàáîòàåò òàê æå, êàê è â ðåàëüíîé æèçíè. Íà ðèñóíêå 2 ïîêàçàí ïðèìåð ñåòè, â êîòîðîé Ãðèøà çàïóñêàåò òðè ïðèëîæåíèÿ: Ðåêëàìíîå ïðèëîæåíèå íà îñíîâå UDP Ïðèëîæåíèå äëÿ áàíêîâñêèõ ïåðåâîäîâ íà îñíîâå TCP Ïðèëîæåíèå âåá-ñåðâåðà TCP Ãðèøå íåîáõîäèìî çíàòü, â êàêîå ïðèëîæåíèå ïåðåäàâàòü äàííûå, íî âñå òðè ïàêåòà ïîñòóïàþò èç îäíîãî è òîãî æå Ethernet è IP-àäðåñà. Âû ìîãëè ïîäóìàòü, ÷òî Ãðèãîðèé ìîæåò ïîñìîòðåòü, ñîäåðæèò ëè ïàêåò çàãîëîâîê UDP èëè TCP, íî, êàê âû âèäèòå íà ðèñóíêå, äâà ïðèëîæåíèÿ (wire transfer è web) èñïîëüçóþò TCP. TCP è UDP ðåøàþò ýòó ïðîáëåìó, èñïîëüçóÿ ïîëå íîìåðà ïîðòà â çàãîëîâêå TCP èëè UDP ñîîòâåòñòâåííî. Êàæäûé èç ñåãìåíòîâ TCP è UDP Àííû èñïîëüçóåò ñâîé íîìåð ïîðòà íàçíà÷åíèÿ, ÷òîáû Ãðèãîðèé çíàë, êàêîìó ïðèëîæåíèþ ïåðåäàòü äàííûå. Íà ðèñóíêå 3 ïîêàçàí ïðèìåð. Ìóëüòèïëåêñèðîâàíèå îñíîâûâàåòñÿ íà êîíöåïöèè, íàçûâàåìîé ñîêåòîì. Ñîêåò ñîñòîèò èç òðåõ ÷àñòåé: IP-àäðåñ Òðàíñïîðòíûé ïðîòîêîë Íîìåð ïîðòà Èòàê, äëÿ ïðèëîæåíèÿ âåá-ñåðâåðà Ãðèãîðèÿ, ñîêåò áóäåò (10.1.1.2, TCP, ïîðò 80), ïîòîìó ÷òî ïî óìîë÷àíèþ âåá-ñåðâåðû èñïîëüçóþò õîðîøî èçâåñòíûé ïîðò 80. Êîãäà âåá-áðàóçåð Àííû ïîäêëþ÷àåòñÿ ê âåá-ñåðâåðó, Àííà òàêæå èñïîëüçóåò ñîêåò - âîçìîæíî, òàêîé: (10.1.1.1, TCP, 49160). Ïî÷åìó 49160? ×òî æ, Àííå ïðîñòî íóæåí íîìåð ïîðòà, óíèêàëüíûé äëÿ Àííû, ïîýòîìó Àííà âèäèò ýòîò ïîðò 49160. Internet Assigned Numbers Authority (IANA), îðãàíèçàöèÿ, êîòîðàÿ óïðàâëÿåò ðàñïðåäåëåíèåì IP-àäðåñîâ âî âñåì ìèðå, è ïîäðàçäåëÿåò äèàïàçîíû íîìåðîâ ïîðòîâ íà òðè îñíîâíûõ äèàïàçîíà. Ïåðâûå äâà äèàïàçîíà ðåçåðâèðóþò íîìåðà, êîòîðûå IANA çàòåì ìîæåò íàçíà÷èòü êîíêðåòíûì ïðîòîêîëàì ïðèëîæåíèé ÷åðåç ïðîöåññ ïðèëîæåíèÿ è ïðîâåðêè, à òðåòüÿ êàòåãîðèÿ ðåçåðâèðóåò ïîðòû, êîòîðûå áóäóò äèíàìè÷åñêè âûäåëÿòüñÿ äëÿ êëèåíòîâ, êàê â ïðèìåðå ñ ïîðòîì 49160 â ïðåäûäóùåì àáçàöå. Èìåíà è äèàïàçîíû íîìåðîâ ïîðòîâ (áîëåå ïîäðîáíî îïèñàíî â RFC 6335): Õîðîøî èçâåñòíûå (ñèñòåìíûå) ïîðòû: íîìåðà îò 0 äî 1023, ïðèñâîåííûå IANA, ñ áîëåå ñòðîãèì ïðîöåññîì ïðîâåðêè äëÿ íàçíà÷åíèÿ íîâûõ ïîðòîâ, ÷åì ïîëüçîâàòåëüñêèå ïîðòû. Ïîëüçîâàòåëüñêèå (çàðåãèñòðèðîâàííûå) ïîðòû: íîìåðà îò 1024 äî 49151, ïðèñâîåííûå IANA ñ ìåíåå ñòðîãèì ïðîöåññîì íàçíà÷åíèÿ íîâûõ ïîðòîâ ïî ñðàâíåíèþ ñ õîðîøî èçâåñòíûìè ïîðòàìè. Ýôåìåðíûå (äèíàìè÷åñêèå, ÷àñòíûå) ïîðòû: íîìåðà îò 49152 äî 65535, íå íàçíà÷åíû è íå ïðåäíàçíà÷åíû äëÿ äèíàìè÷åñêîãî âûäåëåíèÿ è âðåìåííîãî èñïîëüçîâàíèÿ äëÿ êëèåíòñêîãî ïðèëîæåíèÿ âî âðåìÿ åãî ðàáîòû. Íà ðèñóíêå 4 ïîêàçàí ïðèìåð, â êîòîðîì èñïîëüçóþòñÿ òðè âðåìåííûõ ïîðòà íà ïîëüçîâàòåëüñêîì óñòðîéñòâå ñëåâà, à ñåðâåð ñïðàâà èñïîëüçóåò äâà õîðîøî èçâåñòíûõ ïîðòà è îäèí ïîëüçîâàòåëüñêèé ïîðò. Êîìïüþòåðû èñïîëüçóþò òðè ïðèëîæåíèÿ îäíîâðåìåííî; ñëåäîâàòåëüíî, îòêðûòî òðè ñîêåòíûõ ñîåäèíåíèÿ. Ïîñêîëüêó ñîêåò íà îäíîì êîìïüþòåðå äîëæåí áûòü óíèêàëüíûì, ñîåäèíåíèå ìåæäó äâóìÿ ñîêåòàìè äîëæíî èäåíòèôèöèðîâàòü óíèêàëüíîå ñîåäèíåíèå ìåæäó äâóìÿ êîìïüþòåðàìè. Ýòà óíèêàëüíîñòü îçíà÷àåò, ÷òî âû ìîæåòå èñïîëüçîâàòü íåñêîëüêî ïðèëîæåíèé îäíîâðåìåííî, ðàçãîâàðèâàÿ ñ ïðèëîæåíèÿìè, çàïóùåííûìè íà îäíîì èëè ðàçíûõ êîìïüþòåðàõ. Ìóëüòèïëåêñèðîâàíèå íà îñíîâå ñîêåòîâ ãàðàíòèðóåò, ÷òî äàííûå áóäóò äîñòàâëåíû â íóæíûå ïðèëîæåíèÿ. Íîìåðà ïîðòîâ ÿâëÿþòñÿ âàæíîé ÷àñòüþ êîíöåïöèè ñîêåòîâ. Ñåðâåðû èñïîëüçóþò õîðîøî èçâåñòíûå ïîðòû (èëè ïîëüçîâàòåëüñêèå ïîðòû), òîãäà êàê êëèåíòû èñïîëüçóþò äèíàìè÷åñêèå ïîðòû. Ïðèëîæåíèÿ, êîòîðûå ïðåäîñòàâëÿþò óñëóãè, òàêèå êàê FTP, Telnet è âåá-ñåðâåðû, îòêðûâàþò ñîêåò, èñïîëüçóÿ èçâåñòíûé ïîðò, è ïðîñëóøèâàþò çàïðîñû íà ïîäêëþ÷åíèå. Ïîñêîëüêó ýòè çàïðîñû íà ïîäêëþ÷åíèå îò êëèåíòîâ äîëæíû âêëþ÷àòü íîìåðà ïîðòîâ èñòî÷íèêà è íàçíà÷åíèÿ, íîìåðà ïîðòîâ, èñïîëüçóåìûå ñåðâåðàìè, äîëæíû áûòü èçâåñòíû çàðàíåå. Òàêèì îáðàçîì, êàæäàÿ ñëóæáà èñïîëüçóåò îïðåäåëåííûé õîðîøî èçâåñòíûé íîìåð ïîðòà èëè íîìåð ïîëüçîâàòåëüñêîãî ïîðòà. Êàê îáùåèçâåñòíûå, òàê è ïîëüçîâàòåëüñêèå ïîðòû ïåðå÷èñëåíû íà www.iana.org/assignments/servicenames-port-numbers/service-names-port-numbers.txt. Íà êëèåíòñêèõ ìàøèíàõ, îòêóäà èñõîäÿò çàïðîñû, ìîæíî âûäåëèòü ëþáîé ëîêàëüíî íåèñïîëüçóåìûé íîìåð ïîðòà.  ðåçóëüòàòå êàæäûé êëèåíò íà îäíîì è òîì æå õîñòå èñïîëüçóåò äðóãîé íîìåð ïîðòà, íî ñåðâåð èñïîëüçóåò îäèí è òîò æå íîìåð ïîðòà äëÿ âñåõ ïîäêëþ÷åíèé. Íàïðèìåð, 100 âåá-áðàóçåðîâ íà îäíîì è òîì æå õîñò-êîìïüþòåðå ìîãóò ïîäêëþ÷àòüñÿ ê âåá-ñåðâåðó, íî âåá-ñåðâåð ñî 100 ïîäêëþ÷åííûìè ê íåìó êëèåíòàìè áóäåò èìåòü òîëüêî îäèí ñîêåò è, ñëåäîâàòåëüíî, òîëüêî îäèí íîìåð ïîðòà (â äàííîì ñëó÷àå ïîðò 80). Ñåðâåð ìîæåò îïðåäåëèòü, êàêèå ïàêåòû îòïðàâëåíû îò êàêîãî èç 100 êëèåíòîâ, ïîñìîòðåâ íà ïîðò èñòî÷íèêà ïîëó÷åííûõ ñåãìåíòîâ TCP. Ñåðâåð ìîæåò îòïðàâëÿòü äàííûå ïðàâèëüíîìó âåá-êëèåíòó (áðàóçåðó), îòïðàâëÿÿ äàííûå íà òîò æå íîìåð ïîðòà, êîòîðûé óêàçàí â êà÷åñòâå ïîðòà íàçíà÷åíèÿ. Êîìáèíàöèÿ ñîêåòîâ èñòî÷íèêà è íàçíà÷åíèÿ ïîçâîëÿåò âñåì ó÷àñòâóþùèì õîñòàì ðàçëè÷àòü èñòî÷íèê è íàçíà÷åíèå äàííûõ. Õîòÿ â ïðèìåðå îáúÿñíÿåòñÿ êîíöåïöèÿ èñïîëüçîâàíèÿ 100 TCP-ñîåäèíåíèé, òà æå êîíöåïöèÿ íóìåðàöèè ïîðòîâ ïðèìåíÿåòñÿ ê ñåàíñàì UDP òàêèì æå îáðàçîì. Ïî÷èòàéòå ïðîäîëæåíèå öèêëà ïðî ïîïóëÿðíûå ïðèëîæåíèÿ TCP/IP.