LHCONE Operational Framework
|
|
- Edmund Hampton
- 8 years ago
- Views:
Transcription
1 LHCONE Operational Framework Part 1 : principles and ideas for the operational model Part 2 : LHCONE VRF operational handbook Part 3 : Next step Xavier Jeannin RENATER 2013/01/28
2 Part 1 : principles and ideas for the operational model LHCONE VRF nature In standard a L3 VRF/VPN, Users manage Site operation changes (new peering/site withdraw/prefixes) maintenance Information: relevant, location, maintaining up-to-date, publication Security policy: firewall / filtering / science DMZ Monitoring policy: tools, information and test available NSP manage routing policy network monitoring : tools, statistics network operation: Relevant information ( , tel., ) Troubleshooting process: basic trouble (connectivity issue, ), asymmetric traffic, performance LHCONE VRF is a specific L3 VPN Multi user entities Multi NSPs collaboration is required 2
3 Part 1 : principles and ideas for the operational model operational handbook Create a light documentation : Avoid a 100 pages, static document, never updated Living document : the strict minimum but be accurate enough to Summarize all operation specification in one document Collect the result of different sub-groups (routing, security, monitoring sub group Point to all relevant documents Goals help a new site for its connection to the LHCONE and to provide the appropriate information /tools Help a new NSP to manage the LHCONE and to provide the appropriate information /tools Help experiment to interact with LHCONE Topics covered Specify routing policy: protocol BGP / community / load balancing Specify security policy: firewall / filtering / science DMZ? Specify monitoring policy: tools, information and test available? Site operation (connection, withdraw, maintenance ) Network operation and troubleshooting process : Most of network entities (VRF/NSP) have their own operational procedure already defined basic trouble (connectivity issue, ), asymmetric traffic, performance Information management: relevant, location, maintaining up-to-date, publication (who can access to what?) 3
4 Approach Define actors, roles & responsibilities Separate roles from implementation Identify relationship of the actors Identify Relevant use cases Relevant information and their location who is responsible to keep the information up to date Tools that can help network operation Operational model manufacturing An iterative approach validation during LHCOPN/LHCONE meeting Be careful as it is hard to have «agreement» from all entities 4
5 Operational Framework Not enough involvement of users and NSP in operational framework design In order to make progress, sub-groups have been proposed Routing (NSP, Liaison sponsor) Specify routing policy: protocol BGP / community / load balancing Security (Users) Specify security policy: firewall / filtering / science DMZ Monitoring (Users/NSP) Tool to be deployed both in sites en in NSP domain Appeal for author or reviewer for the document no answer These others topics have to be handled too Site operation (connection, withdraw, maintenance ) (Users) Network operation and troubleshooting process (NSP) Information management (Users/NSP) a reliable mechanism to broadcast information 5
6 Part 2: operational handbook LHCONE VRF operational handbook version 0.5 Contributor : Xavier Jeannin 2012/11/28??? Inspired from G. cessieux work on LHCOPN operational model
7 Table of contents Drawing convention Actors Information management: relevant, location, maintaining up-to-date, publication (who can access to what?) Site operation (connection, withdraw, maintenance ) Network operation and troubleshooting process : basic trouble (connectivity issue, ) asymmetric traffic, performance maintenance process Routing policy (simple pointer) Security policy (simple pointer) Specify monitoring policy (simple pointer) 7
8 Drawing convention A A A B B B A can access information in B with no authentication A can access information in B with authentication A sends an alarm to B A A A A B Ticket exchange between A and B A is responsible for maintaining 1 operational A is responsible for maintaining information upto-date within 1 A is responsible for maintaining information upto-date within 1 Peering BGP Actors Information repository Optional Information repository Peering BGP with load balancing Optional or non yet existing relational, repository information, 8
9 Part 2: Actors LHCONE Actors VRF Provides a connection to other VRF for NSP s and sites/tiers VRF is a specific NSP and VRF interconnection defines the free zone NSP Provides a connection to sites/tiers Users Sites/tiers T1 T2/T3 (should T2D be clearly identify by others actors?) LHC experiments Atlas, CMS, LHCb, Alice Use the infrastructure Define data flow model Interact at operational level: down time (agenda), site ranking 9
10 Part 2: Actors LHCONE Actors Users LHC Experiments LHC Experiments LHC LHC Experiments (ATLAS, CMS, LHCb, ALICE) Infrastructure operators Sites Sites (T0/T1) Sites (T1/T2/T2D/T3) (T0/T1) NSP VRF Actor 10
11 Part 2: Actors NSP LHCONE infrastructure actors NSP Site Site Free Zone Site VRF VRF NSP VRF Site Site Site Actors Peering BGP Peering BGP with load balancing 11
12 Part 2: Information management Network operation information organization A unique information access point known by every one: A central portal (wiki CERN) should allow to find where to find the information Provide an exhaustive list of pointers to other repositories: for instance RIR database, monitoring tools, VRF site Information could/should be distributed Each information should be put under the responsibility of one identified actor For instance: One site is responsible to maintain the list announced prefixes / a NSP is responsible to maintain the list sites connected to him. Critical information should be mirrored? For instance, a mirror of the central portal could be implemented on other continent (America, Asia, Europe)? 12
13 Part 2: Information management information and repositories management VRF or NSP site CERN PerfSONAR PS or MDM L3 monitoring BGP looking glass Statistics reports Operational procedure and information (routing policy, AS, filter implemented ) LHC experiment Operation service (TBD) Global web repository (Twiki) Operational contacts (site/nsp) Network sites information Pointer toward all other repositories (RIR database, monitoring) LHCONE TT Trouble Ticket (GGUS) Statistics reports Ranking site A B A is responsible for maintaining B operational Information repository Optional Information repository Actor A A B B A is responsible for maintaining information upto-date within B A is responsible for maintaining information upto-date within B 13
14 List of information maintained up-to-date by NSP/VRF Network Operators' Contact information Required Optional * Authentication required HTML link on twiki table Operators Served region POPs Contact information VRF/NSP Site connected connected CERNlight Europe/any Geneve (CH) extip@cernspamnot.ch GEANT, CERN phone ESnet US MANLAN, WIX, trouble@esspamnot.net I2, BNL,FNAL, SLAC, Geant Europe Roberto.Sabatino@ I2, Esnet,? CernLight, RedIRIS.. RedIRIS Spain Madrid?? PIC Monitoring information* HTML link on twiki table Operators BWCTL One Way Delay BGP announce / received route Looking glass Statistic @server 14
15 List of information maintained up-to-date by sites Site Operators' Contact information Site Name Country Tier Technical Contact VRF/NSP connected Phone Required Optional * Authentication required HTML link on twiki table AGLT2 (UM) US Tier-2D Shawn McKee smckee@umichspamnot.edu DESY-HH DE Tier-2D Kars Ohrenberg Kars.Ohrenberg@ de? DFN Sites network related information published HTML link on twiki table Site Name AGLT2 (UM) NSP/VRF connected Prefixes MTU firewall comment published either on LHCONE or RIR Database Monitoring information * HTML link on twiki table Operators BWCTL One Way Delay BGP announce / Looking glass received Routes Routes 15
16 Part 2: Information management Information access VRF or NSP site Operational procedure and information (routing policy, AS, filter implemented ) monitoring Global web repository (Twiki) Operational contacts (site/nsp) Network sites information PerfSONAR PS or MDM BGP looking glass Statistics reports Pointer toward all other repositories ((RIR database, monitoring) Statistics reports Ranking site LHCONE TT Trouble Ticket (GGUS) LHC experiment Operation service (TBD) A A B B A can access information in B with no authentication A can access information in B with authentication Information repository Optional Information repository Actor A B Ticket exchange between A and B 16
17 Part 2: information management Information pending question An authorization framework is needed for the access to some information: Looking glass Monitoring tools Data Should prefix being published in RIR database or in the CERN twiki? With RIR database, one can easily built automatic tools to check if prefixes sent by a site is appropriately declared Twiki: easy in first place but less robust in long term 17
18 Part 2: information management Information broadcast channels How to inform of a maintenance / a trouble? Operational list Which other tools should we set-up for more interactive activity? Instant messenger Skype, Possibility to set-up audio and video conference quickly EVO, skype,. An always open conference on a MCU bridge or in EVO? 18
19 Part 2: Network operation Basic troubleshooting process Free Zone VRF or NSP where the site A is connected VRF VRF or NSP where the site B is connected Site A LHCONE TT Trouble Ticket (GGUS) Use cases: Generic trouble Connectivity problem Site A cannot join the LHCONE anymore Site A cannot join site B VRF or NSP where the site B is connected Site B In general, NSP/VRF procedures should be reused to solve basic trouble Investigate internally and contact potential involved partner Entity X Entity X Entity Y Entity Y Ticket exchange between entity X and Y Entity X sends an alarm to Entity Y 19
20 Part 2: Network operation Asymmetric troubleshooting process Free Zone Site A 2 VRF or NSP where the site A is connected 2 VRF 2 VRF or NSP where the site B is connected 1 Site B LHCONE TT Trouble Ticket (GGUS) Experiment asymmetric is often due to route propagation issue or route filtering 1. Site A contact site B to check if there is a filtering problem or check thanks to site B looking glass 2. Check route distribution along the path on NSP looking glass. If looking glass is not available site A will send an alarm to NSP that has to be checked. Investigate internally and contact potential involved partner Entity X Entity X Entity Y Entity Y Ticket exchange between entity X and Y Entity X sends an alarm to Entity Y 20
21 Part 2: Network operation Performance troubleshooting process Free Zone Site A VRF or NSP where the site A is connected VRF VRF or NSP where the site B is connected 1 Site B LHCONE TT Trouble Ticket (GGUS) 1. Site A make end to end test between site A and B thanks to remote monitoring tools : Perfsonar PS / MDM 2. Identify the faulty span A. Launch test between site A and every NSP crossed toward site B B. If the entity responsible of the faulty span is identified then contact the entity or contact suspected entities for investigation Investigate internally and contact potential involved partner Entity X Entity X Entity Y Entity Y Ticket exchange between entity X and Y Entity X sends an alarm to Entity Y 21
22 Part 2: Network operation Maintenance management Use case A link will be have a maintenance Routers will have a maintenance Question List of entities to inform about this event? broadcast channel How much time before an service interruption a NSP has to warn? To be discussed with experiment and sites 22
23 Part 2: Site operation Site operation connection, withdraw, maintenance A new site connects the LHCONE New prefixes announced New link Site maintenance... 23
24 Part 2: Routing Policy Routing policy We can insert the of Routing policy group within operational handbook General Rule BGP protocol must be used to connect LHCONE VRF Public ASN must be use ; Do not allow private AS ; VRF operator can announce the site address as belonging to the VRF's AS if necessary. Public IP addresses must be use.. Or simply put a pointer to the relevant document 24
25 Part 2: Security and monitoring Policy Security policy See Michael O Connors presentation Simply put a pointer to the relevant document provided by the sub-group Monitoring policy Simply put a pointer to the relevant document provided by the sub-group
26 Part 3 : Next step Next step 1. If there is an agreement on this approach This document needed to be reviewed especially by users: experiment end site 1. Implement now the information repository (almost done on CERN Twiki) 2. Implement information broadcast channels 3. Network maintenance management well defined 4. Review and improve troubleshooting use case 5. Users must define site operation 6. Validation of the new specification during the next LHCOPN/LHCONE meeting Appeal to volunteers as a author or reviewer and contributor especially for Routing policy Site operation Security policy 26
LHCONE Site Connections
LHCONE Site Connections Michael O Connor moc@es.net ESnet Network Engineering Asia Tier Center Forum on Networking Daejeon, South Korea September 23, 2015 Outline Introduction ESnet LHCONE Traffic Volumes
More informationThe LHC Open Network Environment Kars Ohrenberg DESY Computing Seminar Hamburg, 10.12.2012
The LHC Open Network Environment Kars Ohrenberg DESY Computing Seminar Hamburg, 10.12.2012 LHC Computing Infrastructure > WLCG in brief: 1 Tier-0, 11 Tier-1s, ~ 140 Tier-2s, O(300) Tier-3s worldwide Kars
More informationLHCOPN and LHCONE an introduction
LHCOPN and LHCONE an introduction APAN workshop Nantou, 13 th August 2014 Edoardo.Martelli@cern.ch CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/it 1 Summary - WLCG - LHCOPN - LHCONE - L3VPN
More informationperfsonar MDM updates for LHCONE: VRF monitoring, updated web UI, VM images
perfsonar MDM updates for LHCONE: VRF monitoring, updated web UI, VM images Domenico Vicinanza DANTE, Cambridge, UK perfsonar MDM Product Manager domenico.vicinanza@dante.net LHCONE Meeting Oslo 20-21
More informationperfsonar MDM updates: New interface, new possibilities
perfsonar MDM updates: New interface, new possibilities Domenico Vicinanza perfsonar MDM Product Manager domenico.vicinanza@dante.net GÉANT Multi-Domain Service Desk http://mdsd.geant.net perfsonar MDM
More informationMPLS multi-domain services MD-VPN service
MPLS multi-domain services MD-VPN service Xavier Jeannin, RENATER Tomasz Szewczyk / PSNC Training and Workshops for advancing NRENs 8-11 Sept 2014 Chisinau, Moldova MPLS brief overview Original purpose:
More informationGN3+ SA3T3 / Multi-Domain-VPN service: Collaboration of NREN s NOC
GN3+ SA3T3 / Multi-Domain-VPN service: Collaboration of NREN s NOC 10 th TF NOC meeting (Cambridge) Friday, 21 March 2014 Xavier Jeannin / RENATER, SA3T3 Task Leader Miguel Angel Sotos / RedIRIS Bojan
More informationIntroduction to Routing
Introduction to Routing How traffic flows on the Internet Philip Smith pfs@cisco.com RIPE NCC Regional Meeting, Moscow, 16-18 18 June 2004 1 Abstract Presentation introduces some of the terminologies used,
More informationIntroduction to perfsonar
Introduction to perfsonar Loukik Kudarimoti, DANTE 27 th September, 2006 SEEREN2 Summer School, Heraklion Overview of this talk Answers to some basic questions The need for Multi-domain monitoring What
More informationperfsonar MDM release 3.0 - Product Brief
perfsonar MDM release 3.0 - Product Brief In order to provide the fast, reliable and uninterrupted network communication that users of the GÉANT 2 research networks rely on, network administrators must
More informationDeploying distributed network monitoring mesh
Deploying distributed network monitoring mesh for LHC Tier-1 and Tier-2 sites Phil DeMar, Maxim Grigoriev Fermilab Joe Metzger, Brian Tierney ESnet Martin Swany University of Delaware Jeff Boote, Eric
More informationHow To Build A Lightpath Network For Multiple Lightpath Projects
Building a LAN to Support Multiple Lightpath Projects Ronald van der Pol About SARA Computing and Networking services Houses and operates national supercomputer Huygens Houses and operates national
More informationNetwork monitoring with perfsonar. Duncan Rand Imperial College London
Network monitoring with perfsonar Duncan Rand Imperial College London A little history: Gridmon Cast your minds back to GridPP16 at QMUL about 6 years ago; we saw a not too dissimilar network monitoring
More informationTrial of the Infinera PXM. Guy Roberts, Mian Usman
Trial of the Infinera PXM Guy Roberts, Mian Usman LHC Workshop Recap Rather than maintaining distinct networks, the LHC community should aim to unify its network infrastructure Traffic aggregation on few
More informationGlobal Network Mobility NANOG 31
Ben Abarbanel cbbrouting@boeing.com Global Network Mobility NANOG 31 Implementing Global Network Mobility What is Connexion by Boeing? Summary of the problem Network and Service Challenges BGP as a mobility
More informationperfsonar Multi-Domain Monitoring Service Deployment and Support: The LHC-OPN Use Case
perfsonar Multi-Domain Monitoring Service Deployment and Support: The LHC-OPN Use Case Fausto Vetter, Domenico Vicinanza DANTE TNC 2010, Vilnius, 2 June 2010 Agenda Large Hadron Collider Optical Private
More informationInternet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering
Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls
More informationGlobal Network Mobility RIPE 48
John Bender Don Bowman cbbrouting@boeing.com Global Network Mobility RIPE 48 Implementing Network Mobility Summary What is Connexion by Boeing? Network and Service Challenges BGP as a mobility solution
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationBuilding Trusted VPNs with Multi-VRF
Building Trusted VPNs with Introduction Virtual Private Networks (VPNs) have been a key application in networking for a long time. A slew of possible solutions have been proposed over the last several
More informationperfsonar MDM The multi-domain monitoring service for the GÉANT Service Area connect communicate collaborate
DATASHEET Network Performance Services perfsonar MDM The multi-domain monitoring service for the GÉANT Service Area connect communicate collaborate What is perfsonar MDM? perfsonar MDM (Multi-Domain Monitoring)
More informationPolycom. RealPresence Ready Firewall Traversal Tips
Polycom RealPresence Ready Firewall Traversal Tips Firewall Traversal Summary In order for your system to communicate with end points in other sites or with your customers the network firewall in all you
More informationTable of Contents. Cisco Configuring a Basic MPLS VPN
Table of Contents Configuring a Basic MPLS VPN...1 Introduction...1 Prerequisites...1 Requirements...1 Components Used...2 Related Products...2 Conventions...2 Configure...3 Network Diagram...3 Configuration
More informationFirewalling beyond 10Gbps
Firewalling beyond 10Gbps Firewall design, deployment and management for a very large site Authors Edoardo Martelli: CERN, IT department. Email: edoardo.martelli@cern.ch Nils Høimyr: CERN, IT department.
More informationMPLS-based Layer 3 VPNs
MPLS-based Layer 3 VPNs Overall objective The purpose of this lab is to study Layer 3 Virtual Private Networks (L3VPNs) created using MPLS and BGP. A VPN is an extension of a private network that uses
More informationIT-INFN-CNAF Status Update
IT-INFN-CNAF Status Update LHC-OPN Meeting INFN CNAF, 10-11 December 2009 Stefano Zani 10/11/2009 Stefano Zani INFN CNAF (TIER1 Staff) 1 INFN CNAF CNAF is the main computing facility of the INFN Core business:
More informationLab - Mapping the Internet
Objectives Part 1: Test Network Connectivity Using Ping Part 2: Trace a Route to a Remote Server Using Windows Tracert Part 3: Trace a Route to a Remote Server Using Web-Based and Software Tools Part 4:
More informationDisaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs
Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs As a head of the campus network department in the Deanship of Information Technology at King Abdulaziz University for more
More informationMicrosoft Azure ExpressRoute
Microsoft Azure ExpressRoute Michael Washam Summary: Microsoft Azure ExpressRoute makes it easy to establish dedicated and private circuits between your data center and Microsoft Azure. ExpressRoute connections
More informationIPv6 Troubleshooting for Helpdesks
IPv6 Troubleshooting for Helpdesks Using test-ipv6.com Draft v.00 Contributors and authors: Lee Howard, John Jason Brzozowski, David Freedman, Jason Fesler, Tim Chown, Sander Steffann, Chris Grundemann,
More informationBELNET: Service Level Description Version (29/7/2009)
BELNET: Service Level Description Version (29/7/2009) Table of Contents I Introduction...3 A Goal of this document... 3 B Publishing... 3 C Definitions... 3 II Network Services...5 A Connectivity (BELNET
More informationMPLS-based Virtual Private Network (MPLS VPN) The VPN usually belongs to one company and has several sites interconnected across the common service
Nowdays, most network engineers/specialists consider MPLS (MultiProtocol Label Switching) one of the most promising transport technologies. Then, what is MPLS? Multi Protocol Label Switching (MPLS) is
More informationProposal for a perfsonar Multi Domain Monitoring Service for LHCOPN
Proposal for a perfsonar Multi Domain Monitoring Service for LHCOPN Service Specification Version 10 Proposal for a perfsonar Multi Domain Monitoring Service for LHCOPN Document History Product/Version
More informationMPLS VPN Security Best Practice Guidelines
Security Best Practice Guidelines con 2006 May 24 2006 Monique Morrow and Michael Behringer Distinguished Consulting Engineer and Distinguished Systems Engineer Cisco Systems, Inc. mmorrow@cisco.com mbehring@cisco.com
More informationNetwork performance monitoring Insight into perfsonar
Network performance monitoring Insight into perfsonar Szymon Trocha, Poznań Supercomputing and Networking Center E-infrastructure Autumn Workshops, Chisinau, Moldova 9 September 2014 Agenda! Network performance
More informationDD2491 p1 2008. Load balancing BGP. Johan Nicklasson KTHNOC/NADA
DD2491 p1 2008 Load balancing BGP Johan Nicklasson KTHNOC/NADA Dual home When do you need to be dual homed? How should you be dual homed? Same provider. Different providers. What do you need to have in
More informationBGP (Border Gateway Protocol)
BGP (Border Gateway Protocol) Document revision 1.2 (Thu Mar 04 19:34:34 GMT 2004) This document applies to V2.8 Table of Contents Table of Contents General Information Summary Specifications Related Documents
More informationTroubleshooting and Maintaining Cisco IP Networks Volume 1
Troubleshooting and Maintaining Cisco IP Networks Volume 1 Course Introduction Learner Skills and Knowledge Course Goal and E Learning Goal and Course Flow Additional Cisco Glossary of Terms Your Training
More informationRegaining MPLS VPN WAN Visibility with Route Analytics. Seeing through the MPLS VPN Cloud
Regaining MPLS VPN WAN Visibility with Route Analytics Seeing through the MPLS VPN Cloud Executive Summary Increasing numbers of enterprises are outsourcing their backbone WAN connectivity to MPLS VPN
More informationBuilding VPNs. Nam-Kee Tan. With IPSec and MPLS. McGraw-Hill CCIE #4307 S&
Building VPNs With IPSec and MPLS Nam-Kee Tan CCIE #4307 S& -.jr."..- i McGraw-Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto
More informationDDOS in academic Networks. Herramientas para la seguridad prevención y mitigación de DDOS. CSUC. 3 de Abril 2014
DDOS in academic Networks Herramientas para la seguridad prevención y mitigación de DDOS. CSUC. 3 de Abril 2014 Academic networks? Real Target for DDOS? Lesson learned; DDOS @RedIRIS Mitigation Projects
More informationA Network Design Primer
Network Design Recommendations Recommendations for s to take into account when doing network design to help create a more easily defendable and manageable network K-20 Network Engineering 6/30/15 Network
More informationDD2491 p2 2011. MPLS/BGP VPNs. Olof Hagsand KTH CSC
DD2491 p2 2011 MPLS/BGP VPNs Olof Hagsand KTH CSC 1 Literature Practical BGP: Chapter 10 MPLS repetition, see for example http://www.csc.kth.se/utbildning/kth/kurser/dd2490/ipro1-11/lectures/mpls.pdf Reference:
More information2. What is the maximum value of each octet in an IP address? A. 28 B. 255 C. 256 D. None of the above
CCNA1 V3.0 Mod 10 (Ch 8) 1. How many bits are in an IP C. 64 2. What is the maximum value of each octet in an IP A. 28 55 C. 256 3. The network number plays what part in an IP A. It specifies the network
More informationOSG CAMPUS INFRASTRUCTURES SERIES
OSG CAMPUS INFRASTRUCTURES SERIES Methods for Network Troubleshooting in Distributed High Throughput Environments --- Webinar Shawn McKee OSG Networking / University of Michigan Physics January 25, 2013
More informationSEC-370. 2001, Cisco Systems, Inc. All rights reserved.
SEC-370 2001, Cisco Systems, Inc. All rights reserved. 1 Understanding MPLS/VPN Security Issues SEC-370 Michael Behringer SEC-370 2003, Cisco Systems, Inc. All rights reserved. 3
More informationperfsonar deployment over Spanish LHC Tier 2 sites
perfsonar deployment over Spanish LHC Tier 2 sites alberto.escolano@rediris.es www.eu-egee.org EGEE and glite are registered trademarks Agenda Enabling Grids for E-sciencE www.eu-egee.org Introduction
More informationTop-Down Network Design
Top-Down Network Design Chapter Five Designing a Network Topology Copyright 2010 Cisco Press & Priscilla Oppenheimer Topology A map of an internetwork that indicates network segments, interconnection points,
More informationNetwork provider filter lab
Network provider filter lab Olof Hagsand Pehr Söderman KTH CSC Group Nr Name 1 Name 2 Name 3 Name 4 Date Instructor s Signature Table of Contents 1 Goals...3 2 Introduction...3 3 Preparations...3 4 Lab
More informationApplication of perfsonar architecture in support of GRID monitoring
Application of perfsonar architecture in support of GRID monitoring Binczewski A, Lawenda M, Łapacz R, Trocha Sz INGRID 2007, S.Margherita Ligure, Italy Agenda Start point Network monitoring perfsonar
More informationperfsonar MDM Deployment PERT workshop, TNC2012
perfsonar MDM Deployment PERT workshop, TNC2012 Szymon Trocha, Poznań Supercomputing and Networking Centre Reykjavik, 21 May 2012 The research leading to these results has received funding from the European
More informationTroubleshooting Network Performance with Alpine
Troubleshooting Network Performance with Alpine Jeffrey Papen As a Network Engineer, I am often annoyed by slow Internet performance caused by network issues like congestion, fiber cuts, and packet loss.
More informationMPLS VPN Security. Intelligent Information Network. Klaudia Bakšová Systems Engineer, Cisco Systems kbaksova@cisco.com
Intelligent Information Network MLS VN Security Klaudia Bakšová Systems Engineer, Cisco Systems kbaksova@cisco.com Agenda Analysis of MLS/VN Security Inter-AS VNs rovider Edge DoS possibility Secure MLS
More informationBell Aliant. Business Internet Border Gateway Protocol Policy and Features Guidelines
Bell Aliant Business Internet Border Gateway Protocol Policy and Features Guidelines Effective 05/30/2006, Updated 1/30/2015 BGP Policy and Features Guidelines 1 Bell Aliant BGP Features Bell Aliant offers
More informationWeek 4 / Paper 1. Open issues in Interdomain Routing: a survey
Week 4 / Paper 1 Open issues in Interdomain Routing: a survey Marcelo Yannuzzi, Xavier Masip-Bruin, Olivier Bonaventure IEEE Network, Nov.-Dec. 2005, vol. 19, no. 6, pp. 49 56 Main point There are many
More informationHow To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN
How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN Applicable Version: 10.6.2 onwards Overview Virtual host implementation is based on the Destination NAT concept. Virtual
More informationImplementing Secured Converged Wide Area Networks (ISCW) Version 1.0
COURSE OVERVIEW Implementing Secure Converged Wide Area Networks (ISCW) v1.0 is an advanced instructor-led course that introduces techniques and features that enable or enhance WAN and remote access solutions.
More informationMPLS WAN Explorer. Enterprise Network Management Visibility through the MPLS VPN Cloud
MPLS WAN Explorer Enterprise Network Management Visibility through the MPLS VPN Cloud Executive Summary Increasing numbers of enterprises are outsourcing their backbone WAN routing to MPLS VPN service
More informationNComputing L-Series LAN Deployment
NComputing L-Series LAN Deployment Best Practices for Local Area Network Infrastructure Scope: NComputing s L-Series terminals connect to a host computer through an Ethernet interface and IP protocol.
More informationSoftware Defined Networking for big-data science
Software Defined Networking for big-data science Eric Pouyoul Chin Guok Inder Monga (presenting) TERENA Network Architects meeting, Copenhagen November 21 st, 2012 ESnet: World s Leading Science Network
More informationSecure Web Appliance. Reverse Proxy
Secure Web Appliance Reverse Proxy Table of Contents 1. Introduction... 1 1.1. About CYAN Secure Web Appliance... 1 1.2. About Reverse Proxy... 1 1.3. About this Manual... 1 1.3.1. Document Conventions...
More informationUse of Alternate Path WAN Circuits at Fermilab
Use of Alternate Path WAN Circuits at Fermilab Phil DeMar, Andrey Bobyshev, Matt Crawford, Vyto Grigaliunas Fermilab, PO BOX 500, Batavia, IL 60510, USA demar@fnal.gov Abstract. Fermilab hosts the American
More informationMANAGED SECURITY SERVICES RESPONSIBILITIES GUIDE July 2013
MANAGED SECURITY SERVICES RESPONSIBILITIES GUIDE July 2013 1. ABOUT THIS GUIDE...3 1.1 S NEW CTOMERS...3 1.2 S ALL CTOMERS...3 1.3 OUR S...3 1.4 KEEPING R CONTACT DETAILS UP-TO-DATE...4 1.5 RECORDING R
More informationSupport Model for SC4 Pilot WLCG Service
Model for SC4 Pilot WLCG Flavia Donno CERN www.eu-egee.org Problems reporting SC : what s implied? Deployment and configuration, middleware, external components, mass storage support, etc. (from site admins,
More informationTraffic Diversion Techniques for DDoS Mitigation using BGP Flowspec. Leonardo Serodio leonardo.serodio@alcatel-lucent.com May 2013
Traffic Diversion Techniques for DDoS Mitigation using BGP Flowspec Leonardo Serodio leonardo.serodio@alcatel-lucent.com May 2013 Distributed Denial of Service (DDoS) Attacks DDoS attack traffic consumes
More informationBREAKING HTTPS WITH BGP HIJACKING. Artyom Gavrichenkov R&D Team Lead, Qrator Labs ag@qrator.net
BREAKING HTTPS WITH BGP HIJACKING Artyom Gavrichenkov R&D Team Lead, Qrator Labs ag@qrator.net ABSTRACT OVERVIEW OF BGP HIJACKING GLOBAL AND LOCAL HIJACKING HIJACKING A CERTIFICATE AUTHORITY MITIGATIONS
More informationDetecting BGP hijacks in 2014
Detecting BGP hijacks in 2014 Guillaume Valadon & Nicolas Vivet Agence nationale de la sécurité des systèmes d information http://www.ssi.gouv.fr/en NSC - November 21th, 2014 ANSSI - Detecting BGP hijacks
More informationLicia Florio Project Development Officer licia@terena.org www.terena.org Identity Federations in Europe
APAN Conference Honolulu, Hawaii 24 January 2008 Licia Florio Project Development Officer licia@terena.org www.terena.org Identity Federations in Europe Outline Networking Organisations in Europe Requirements
More informationOVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS
OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS Matt Eclavea (meclavea@brocade.com) Senior Solutions Architect, Brocade Communications Inc. Jim Allen (jallen@llnw.com) Senior Architect, Limelight
More informationIPv6 Troubleshooting for Residential ISP Helpdesks
IPv6 Troubleshooting for Residential ISP Helpdesks (Using test-ipv6.com) Draft v.01 Contributors and authors: Lee Howard, John Jason Brzozowski, David Freedman, Jason Fesler, Tim Chown, Sander Steffann,
More informationSecure VoIP for optimal business communication
White Paper Secure VoIP for optimal business communication Learn how to create a secure environment for real-time audio, video and data communication over IP based networks. Andreas Åsander Manager, Product
More informationForschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft. Global Grid User Support - GGUS - within the LCG & EGEE environment
Global Grid User Support - GGUS - within the LCG & EGEE environment Abstract: For very large projects like the LHC Computing Grid Project (LCG) involving some 8,000 scientists from universities and laboratories
More informationTRUFFLE Broadband Bonding Network Appliance. A Frequently Asked Question on. Link Bonding vs. Load Balancing
TRUFFLE Broadband Bonding Network Appliance A Frequently Asked Question on Link Bonding vs. Load Balancing 5703 Oberlin Dr Suite 208 San Diego, CA 92121 P:888.842.1231 F: 858.452.1035 info@mushroomnetworks.com
More informationSIP Security Controllers. Product Overview
SIP Security Controllers Product Overview Document Version: V1.1 Date: October 2008 1. Introduction UM Labs have developed a range of perimeter security gateways for VoIP and other applications running
More informationGÉANT for HEAnet clients
GÉANT for HEAnet clients Guy Roberts GÉANT CTO Office HEAnet National Conference 12 th November 2015 Global R+E connectivity for Ireland HEAnet + GÉANT provide access for Irish R+E users to the world s
More informationSecure Testing Service
Secure Testing Service Overview and pre-release use Authors: Andrej Sokoll Matthew Loewengart Revisions: 2011 Version 1.0 Page 2 Contents Overview... 3 Background... 3 How does the secure testing service
More informationScalable DDoS mitigation using BGP Flowspec
Scalable DDoS mitigation using BGP Flowspec Wei Yin TAY Consulting Systems Engineer Cisco Systems 2010 Cisco and/or its affiliates. All rights reserved. Goals of DDoS Mi,ga,on Problem descrip,on Tradi,onal
More informationPrivate to Public Overflow between IP Media Gateways
1 of 5 04/10/2013 15:29 Version 02, October 2006 Private to Public Overflow between IP Media Gateways Detailed description Table of contents Steps of an Overflow Overflow to a DID Set Overflow to DID Set
More informationInternet Protocol: IP packet headers. vendredi 18 octobre 13
Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)
More informationThe dcache Storage Element
16. Juni 2008 Hamburg The dcache Storage Element and it's role in the LHC era for the dcache team Topics for today Storage elements (SEs) in the grid Introduction to the dcache SE Usage of dcache in LCG
More informationCisco on Cisco Best Practices Cisco IP Addressing Policy
Cisco on Cisco Best Practices All contents are Copyright 1992-2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 13 TABLE OF CONTENTS 1 INTRODUCTION 3 2
More informationGlobal IP Network Mobility
Brian L. Skeen brian.l.skeen@boeing.com Global IP Network Mobility using Border Gateway Protocol (BGP) BGP Network Mobility Connexion Service Summary Current IP Mobility standards Network and Service Challenges
More informationChapter 4 Customizing Your Network Settings
Chapter 4 Customizing Your Network Settings This chapter describes how to configure advanced networking features of the RangeMax Dual Band Wireless-N Router WNDR3300, including LAN, WAN, and routing settings.
More informationNetwork Architecture Validated designs utilizing MikroTik in the Data Center
1-855-MIKROTIK Network Architecture Validated designs utilizing MikroTik in the Data Center P R E S E N T E D B Y: K E V I N M Y E R S, N E T W O R K A R C H I T E C T / M A N AG I N G PA R T NER I P A
More informationLevel: 3 Credit value: 9 GLH: 80. QCF unit reference R/507/8351. This unit has 6 learning outcomes.
This unit has 6 learning outcomes. 1. Know telephony principles. 1.1. Demonstrate application of traffic engineering concepts Prioritization of voice traffic Trunking requirements Traffic shaping. 1.2.
More informationWhat communication protocols are used to discover Tesira servers on a network?
Understanding device discovery methods in Tesira OBJECTIVES In this application note, basic networking concepts will be summarized to better understand how Tesira servers are discovered over networks.
More informationFigure 41-1 IP Filter Rules
41. Firewall / IP Filter This function allows user to enable the functionality of IP filter. Both inside and outside packets through router could be decided to allow or drop by supervisor. Figure 41-1
More informationVMDC 3.0 Design Overview
CHAPTER 2 The Virtual Multiservice Data Center architecture is based on foundation principles of design in modularity, high availability, differentiated service support, secure multi-tenancy, and automated
More informationBarracuda IM Firewall Administrator s Guide
Barracuda IM Firewall Administrator s Guide Version 3.0 Barracuda Networks Inc. 3175 S. Winchester Blvd Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2007, Barracuda Networks www.barracuda.com
More informationSmall Business Server Part 2
Small Business Server Part 2 Presented by : Robert Crane BE MBA MCP director@ciaops.com Computer Information Agency http://www.ciaops.com Agenda Week 1 What is SBS / Setup Week 2 Using & configuring SBS
More informationINTERNET ORGANIZATION OVERVIEW OF THE INTERNET'S ORGANIZATION AND MAIN STANDARD BODIES. Internet Organization. Peter R. Egli INDIGOO.COM. indigoo.
INTERNET ORGANIZATION OVERVIEW OF THE INTERNET'S ORGANIZATION AND MAIN STANDARD BODIES Peter R. Egli INDIGOO.COM 1/17 Contents 1. Internet Organizations 2. Why the Internet is called Inter-Net 3. Internet
More informationCourse Contents CCNP (CISco certified network professional)
Course Contents CCNP (CISco certified network professional) CCNP Route (642-902) EIGRP Chapter: EIGRP Overview and Neighbor Relationships EIGRP Neighborships Neighborship over WANs EIGRP Topology, Routes,
More informationAWS Direct Connect. User Guide API Version 2013-10-22
AWS Direct Connect User Guide AWS Direct Connect: User Guide AWS Direct Connect User Guide Table of Contents What is AWS Direct Connect?... 1 Requirements... 1 How Do I...?... 2 Getting Started... 3 Getting
More informationWhite Paper. Traversing Firewalls with Video over IP: Issues and Solutions
Traversing Firewalls with Video over IP: Issues and Solutions V Table of Contents Introduction Role of a Firewall Deployment Issues Relating to IP Video and Firewall Traversal The VCON SecureConnect Solution
More informationJuniper Networks Certified Internet Associate (JNCIA-Junos) Exam. http://www.examskey.com/jn0-101.html
Juniper JN0-101 Juniper Networks Certified Internet Associate (JNCIA-Junos) Exam TYPE: DEMO http://www.examskey.com/jn0-101.html Examskey Juniper JN0-101 exam demo product is here for you to test the quality
More informationSecurity. TestOut Modules 12.6 12.10
Security TestOut Modules 12.6 12.10 Authentication Authentication is the process of submitting and checking credentials to validate or prove user identity. 1. Username 2. Credentials Password Smart card
More informationLoad Balancing ContentKeeper With RadWare
Load Balancing ContentKeeper With RadWare The RadWare Fireproof may be used with ContentKeeper to provide load balanced and redundant Internet content filtering for your network. The RadWare FireProof
More informationWhite Paper How to Remotely Access Ethernet I/O Over the Internet
White Paper How to Remotely Access Ethernet I/O Over the Internet ACROMAG INCORPORATED Tel: (248) 295-0880 30765 South Wixom Road Fax: (248) 624-9234 P.O. BOX 437 Wixom, MI 48393-7037 U.S.A. Copyright
More informationHow To Set Up A Network Measurement Toolkit For A Network Performance Test On A Network With A Network (Networking) On A Microsoft Ipa 2.5 (Netware) On An Ipa2 (Netcom) On Your Computer
Firewall Port Recommendations for the ps Performance Toolkit Prepared by the NTAC Performance Working Group November 2014 Edited by J. Zurawski (ESnet), A. Brown (Internet2), A. Lake (ESnet), K. Miller
More informationChapter 4 Customizing Your Network Settings
. Chapter 4 Customizing Your Network Settings This chapter describes how to configure advanced networking features of the Wireless-G Router Model WGR614v9, including LAN, WAN, and routing settings. It
More information