QI Fazhi ／ IHEP CC HEPiX IPv6 F2F Meeting IPv6 Network Status in IHEP/China QI Fazhi Computing Center, IHEP July 4, CERN

QI Fazhi ／ IHEP CC 2 * CSTNet CERNet CNGI IHEPNet Summary Outline

QI Fazhi ／ IHEP CC CSTNet China Science and Technology Network Domain name: *.ac.cn An academic network system operated by Chinese Academy of Sciences Covers the whole country via 13 regional sub-centers to form the domestic backbone Operation Center: CNNIC

QI Fazhi ／ IHEP CC CERNet China Education & Research Network Domain name is *.edu.cn the largest academic network in China Connects more than 200 cities Provides connectivity to ~2000 colleges and institutes.

QI Fazhi ／ IHEP CC CNGI China Next Generation Internet A government-supported IPv6 project A largest ipv6 pure network in the world the largest academic network in China consists of six core networks implemented by China Telecom, China Netcom/CAS, China Mobile, China Unicom, CERNET and China Railcom

QI Fazhi ／ IHEP CC CERNet2 The CERNet part of CNGI 2.5~10Gbps backbone

QI Fazhi ／ IHEP CC CSTNet2

QI Fazhi ／ IHEP CC

IPv –1Gbps IPv6 Link to CNGI, Part of IHEP endpoints support IPv –IHEP started to use the IPv6 Link to do the HEP data transfer between the cooperation Universities(SDU/…) 2011 –IHEP DNS supports IPv –Dual Stack IHEP Campus Network, 10Gbps IPv6 link CNGI(Fund from The National Reform and Development Committee ) 2013 –IHEP Gird-Area Network supports IPv6(test bed) –The project start up(IPv6 enabled)

QI Fazhi ／ IHEP CC IPv6 deployment Dual Stack The same management and security policies with IPv4 –Users (IP) management –Monitoring –Access control Step by Step –Public Network Services DNS WEB …… –Grid & Cloud Computing

QI Fazhi ／ IHEP CC （ Dibbler ） Dibbler –Open source software – Author : Tomasz Mrugalski and Marek Senderski from Gdansk University of Technology A dhcpv6 solution include – Server – Client (Support Windows XP) – Relay Feature – OS supported Linux 2.4/2.6; Windows NT4.0,XP,WIN7/8; Mac OS – Multi-server supported –Autoconguration p rocotol supported Stateful /Stateless IA,TA,PD client IP configuration control – Dhcpv6 relay request supported – Per client conguration by MAC or UUID – Server caching

QI Fazhi ／ IHEP CC Current Status Infrastructure deployment ✔ –All the network devices(switch/router/firewall) support IPv6 Infrastructure Monitoring ✔ –Easy to do (all the devices are dual stack supported) –Cacti & Nagios with IPv6 patch User(IP) management ✔ –The ipdb & access control system ✔ –DHCPv6 server: ✔ DHCPv6 server service (DHCPv6 server  Dibbler server; running on the same server with DHCPv4) All the office users use the dibbler client to achieve ipv6 address. Security ✔ –Firewall: ✔ –Network traffic and user behavior analysis: ✔

QI Fazhi ／ IHEP CC Current Status User Management & Access Control Central Database – IPDB –MAC Address is the key Static IP address for Users –IPv6/IPv4 host addresses assigned by Dibbler/DHCPv4 servers, based on the MAC address declared in the IPDB Central Control System –User information management –Network devices information management –Dhcpd configuration auto-updated –Release access policies to the proper user switch

QI Fazhi ／ IHEP CC Assign IP address ok Current Status User Access Control Procedure Online Register MAC/User Name/ /Tel/Building/R oom number/Plugin number/…… Switch configuration updated IPDB Dibbler/DHCP configuration updated save Approved by Admin Submit no Switch information: IP/Port/Vlan/ Switch-Room/Plugin Number relationship Vlan/IP subnet/switch-port relationship IP/MAC relationship …… Switch information: IP/Port/Vlan/ Switch-Room/Plugin Number relationship Vlan/IP subnet/switch-port relationship IP/MAC relationship ……

QI Fazhi ／ IHEP CC Current Status Grid Area Network Grid Computing Environment –The gridftp(ipv6) test bed was set up – IP Name: ui01-hepix.ihep.ac.cn –ui01-hepix-v6.ihep.ac.cn (2401:de00::9998) –ui01-hepix-v4.ihep.ac.cn ( ) –OS: Scientific Linux 5.9 x86_64 –CPU: Intel E5345 X 2 –Mem: 16GB –DISK: 320GB. Will add to 6TB(2TBX3 Raid 0). For Transfer test. – Middle ware: Gridftp server and EMI-2 UI –Web server: nginx with ipv6 support

QI Fazhi ／ IHEP CC IPV6 check result New CA server included in EGI-ca-policy 1.53 Gridftp server or client ca version less than 1.53 will failed to transfer

QI Fazhi ／ IHEP CC Problems No enough resources and applications in the IPv6 internet world –Most of the IHEP IPv6 traffic are video/iptv/…… –Less scientific data go through IPv6 And Project

QI Fazhi ／ IHEP CC What is SDN?

QI Fazhi ／ IHEP CC Goal – A flexible, reliable and high performance HEP data transfer network (virtual and private) and system platform in China – IPv4 and IPv6 supported – The traffic can be switched between IPv4 and IPv6 infrastructure and physical path automatically or manually  IHEPDTN – End user network – Backbone network （ IPv6 & IPv4 ） – SDN Switch (L2VPN gateway & Openflow supported) – Control center (API to Application) – Applications(FTS/NMS/…….) Members – IHEP/SJU/SDU/TsingHua/…… – Network manufacturer ： Ruijie Networks, A high performance network union lab （ IHEP-Ruijie) 19 高能所－锐捷网络高性能计算网络联合实验室

QI Fazhi ／ IHEP CC model

QI Fazhi ／ IHEP CC Final Result

QI Fazhi ／ IHEP CC Summary IPv6 is running well The IPv6 management and support platform is running well The Gridftp for IPv6 is ready – We would like to jion the mesh test for data transfer IHEP SDN project will build a platform in China for HEP(BESIII/Daya Bay Experiments) data transfer with the current/IPv6 network infrastructure

QI Fazhi ／ IHEP CC Thank you