NERSC Overview Karen Schafer. Wireless Ruckus centralized controller 802.11a/g/n Employee, Visitor, and Guest Access Captive portal registration for visitor.

Slides:



Advertisements
Similar presentations
NAGIOS AND CACTI NETWORK MANAGEMENT AND MONITORING SYSTEMS.
Advertisements

Routing Routing in an internetwork is the process of directing the transmission of data across two connected networks. Bridges seem to do this function.
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
Project by: Palak Baid (pb2358) Gaurav Pandey (gip2103) Guided by: Jong Yul Kim.
Giảng viên : Ts. Lê Anh Ngọc Học viên: Trịnh Hồng Điệp Nguyễn Minh H ư ớng 1.
Cisco S3 C5 Routing Protocols. Network Design Characteristics Reliable – provides mechanisms for error detection and correction Connectivity – incorporate.
COM555: Mobile Technologies Location-Identifier Separation.
Firewalls and Intrusion Detection Systems
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
1 6/14/ :27 CS575Internetworking & Routers1 Rivier College CS575: Advanced LANs Chapter 13: Internetworking & Routers.
ROYAL PALM NETWORK PROJECT John Healy Tom Jamieson
Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
OpenContrail Quickstart
Jennifer Rexford Princeton University MW 11:00am-12:20pm Data-Center Traffic Management COS 597E: Software Defined Networking.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The ProCurve 3500yl/5400zl/6200yl.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Chapter 4: Managing LAN Traffic
Dartmouth’s Wireless Network May 16, 2005 David W. Bourque.
S T A N F O R D U N I V E R S I T Y I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S C o m m u n i c a t i o n S e r v i c e s July 12,
TCOM 515 Lecture 6.
Jamel Callands Austin Chaet Carson Gallimore.  Downloading  Recommended Specifications  Features  Reporting and Monitoring  Questions.
TCP/SYN Attack – use ACL to allow traffic from TCP connections that were established from the internal network and block packets from an external network.
1 Chapter 27 Internetwork Routing (Static and automatic routing; route propagation; BGP, RIP, OSPF; multicast routing)
Submitted by: Shailendra Kumar Sharma 06EYTCS049.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
NetFlow: Digging Flows Out of the Traffic Evandro de Souza ESnet ESnet Site Coordinating Committee Meeting Columbus/OH – July/2004.
Anycast DNS. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Outline Current Anycast routing Anycast implemented Problems resolved.
Cloud Scale Performance & Diagnosability Comprehensive SDN Core Infrastructure Enhancements vRSS Remote Live Monitoring NIC Teaming Hyper-V Network.
© Synergon Informatika Rt., 1999 Chapter 12 Connecting Enterprises to an Internet Service Provider.
Planning and Implementing Multimedia Messaging Service (MMS) in General Packet Radio Service (GPRS) Network Master’s Thesis Presentation Student: Li Tan.
Hosting Providers and IPv6.  Managed Service Providers and Hosting Providers are an often overlooked player  Neither a traditional ISP or a traditional.
1 Internet Routing. 2 Terminology Forwarding –Refers to datagram transfer –Performed by host or router –Uses routing table Routing –Refers to propagation.
1 Network Layer Lecture 13 Imran Ahmed University of Management & Technology.
Based on work by DoIT Network Services, UW-Madison The Network and the Role of Tools January 6, 2006 Ron Kraemer, Deputy CIO.
Brookhaven Science Associates U.S. Department of Energy 1 Network Services BNL USATLAS Tier 1 / Tier 2 Meeting John Bigrow December 14, 2005.
Terri Lahey Control System Cyber-Security Workshop October 14, SLAC Controls Security Overview Introduction SLAC has multiple.
A machine that acts as the central relay between computers on a network Low cost, low function machine usually operating at Layer 1 Ties together the.
11 CLUSTERING AND AVAILABILITY Chapter 11. Chapter 11: CLUSTERING AND AVAILABILITY2 OVERVIEW  Describe the clustering capabilities of Microsoft Windows.
1 MSRBot Web Crawler Dennis Fetterly Microsoft Research Silicon Valley Lab © Microsoft Corporation.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
BNL PDN Enhancements. Perimeter Load Balancers Scaleable Performance Fault Tolerance Server Maintainability User Convenience Perimeter Security.
Registry Functions Essential components for operating a ccTLD registry.
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 1 Module 10 Routing Fundamentals and Subnets.
ORNL Site Report ESCC July 15, 2013 Susan Hicks David Wantland.
Central Management of 300 Firewalls and Access-Lists Fabian Mauchle TNC 2012 Reykjavík, 21-May-2012.
UNM SCIENCE DMZ Sean Taylor Senior Network Engineer.
IBM Tivoli Provisioning Manager IPv6 Enablement
Determining Topology from a Capture File
Web application hosting with Openshift, and Docker images
Web application hosting with Openshift, and Docker images
Jian Wu (University of Michigan)
HEPiX Fall 2017 Firewall Load Balancing Solution
What Are Routers? Routers are an intermediate system at the network layer that is used to connect networks together based on a common network layer protocol.
Introduction To Networking
Virtual Local Area Network
Module Summary BGP is a path-vector routing protocol that allows routing policy decisions at the AS level to be enforced. BGP is a policy-based routing.
Chapter 9: Subnetting IP Networks
Digital Pacman: Firewall Edition
Implement Inter-VLAN Routing
Based on work by DoIT Network Services, UW-Madison
Chapter 9: Subnetting IP Networks
DDoS Attack Detection under SDN Context
File Transfer Issues with TCP Acceleration with FileCatalyst
Implement Inter-VLAN Routing
Implement Inter-VLAN Routing
Presentation transcript:

NERSC Overview Karen Schafer

Wireless Ruckus centralized controller a/g/n Employee, Visitor, and Guest Access Captive portal registration for visitor and employee access Guestpass must be generated by NERSC employee

IPv6 Current – Provider dependent address block – DNS, , and www mandate met – Separate infrastructure, connectivity Future – Provider independent block acquired – Will deploy/migrate in 100G environment

ESnet5/100G Implementation Current – Juniper M320 connected at 10G – Alcatel Lucent connected at 100G Future (near term) – iBGP between border routers – OSPF internal, area 0 – Strict primary/secondary policy

NERSC 100G Security Monitoring Jim Mellander (Scott Campbell)

100GB Monitoring Design ACL LAG Data In Manager Bro Cluster 100G Router Workers

100Gb IDS: Front Hardware ACL LAG Data In 100G Router Router: MLXe-16, running 5.4c OS Data enters and is Policy Routed to LAG Group based on ACL – Allows for maximum flexibility. LAG Group load balances across 10G interfaces using source and dest IP addresses for flow symmetry. ACL is blunt tool – severe limitations on what you can make decisions on. Unclean.

100Gb Monitoring: Bro Cluster Manager Bro Cluster Workers Bro Cluster is “out of the box” without significant functional changes. Small number of worker nodes is a product of our traffic profile (Very heavy tail). Note: While per worker maximum data rate is 10G/s, this problem is addressed via shunting.

Bro Policy Shunt unit is a single connection based on TCP 5-tuple. If enough connections between two IP pairs are observed (high water mark), the pair of hosts are shunted. As connections close, the count can fall below a low water mark and the IP pair shunt is removed. Number of Connections Seen between two IPs High Water Low Water

Data Volume vs. Efficiency As expected, the larger the volume of data per connection size, the greater the shunt efficiency.

ROC Graph: Conn Size vs. %Total Data 0MB 200MB 400MB 600MB 800MB 1000MB 1200MB Connection Data (to + from) in MB 100% 80% 60% 40% 20% 0% 99.3 % Connections < 1 MB

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.