Infrastructure for the LHCb RTTC Artur Barczyk CERN/PH RTTC meeting, 26.10.04.

Slides:



Advertisements
Similar presentations
/30 Host Name : R1 Serial 0/0/0.1.2 Host Name : R2 Router Lab 3 : 2 - Routers Connection DTE DCE.
Advertisements

Prof. Kristofer S.J. Pister’s team Berkeley Sensor and Actuator Center University of California, Berkeley.
1 Teredo - Tunneling IPv6 through NATs Date: Speaker: Quincy Wu National Chiao Tung University.
Understanding Internet Protocol
Southampton Open Wireless Network The Topology Talk.
CHEP 2012 – New York City 1.  LHC Delivers bunch crossing at 40MHz  LHCb reduces the rate with a two level trigger system: ◦ First Level (L0) – Hardware.
NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.
Wi-Fi Structures.
IFIN-HH LHCB GRID Activities Eduard Pauna Radu Stoica.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
Microsoft Load Balancing and Clustering. Outline Introduction Load balancing Clustering.
Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.
March 27, IndiaCMS Meeting, Delhi1 T2_IN_TIFR of all-of-us, for all-of-us, by some-of-us Tier-2 Status Report.
Virtual IP Network Windows Server 2012 Windows 08 Dual Subnets.
Basic Network Training. Cable/DSL Modem The modem is the first link in the chain It is usually provided by the ISP and often has a coax cable connector.
Layering and the TCP/IP protocol Suite  The TCP/IP Protocol only contains 5 Layers in its networking Model  The Layers Are 1.Physical -> 1 in OSI 2.Network.
Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.
Networking : Subnets COMP3. IP Addressing Within a Network Each node within a network must be uniquely identified Identification makes use of an IP address.
30/11/ Q & A on Networking. Question No. 1 What is Networking? Two or more computers that are linked in order to share – Resources (such as printers.
User Management in LHCb Gary Moine, CERN 29/08/
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Addressing Networking for Home and Small Businesses – Chapter 5.
NAT (Network Address Translation) Natting means "Translation of private IP address into public IP address ". In order to communicate with internet we must.
ITS CSS Desktop Support Introduction to networking concepts Last updated: 9/30/2008 by pxahelp.
Lab How to Use WANem Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.
Computer Networks. IP Addresses Before we communicate with a computer on the network we have to be able to identify it. Every computer on a network must.
Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.
Why are we here? Enterprise Voice for Lync from dial-tone to the desktop –Best practices –Best hardware –Best financial options.
KONOE, a toolkit for an object- oriented online environment, with Gate Package M.Abe,Y.Nagasaka,F.Fujiwara, T.Tamura,I.Nakano,H.Sakamoto, Y.Sakamoto,S.Enomoto,
SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.
BT IPStream Products James Appleton 01/09/ BT IPStream Portfolio IP switch Content Provider Corporate High speed IP infrastructure with DSL access.
© 2007 Cisco Systems, Inc. All rights reserved. 1 Network Addressing Networking for Home and Small Businesses – Chapter 5 Darren Shaver – Modified Fall.
Network Plus Virtualization Concepts. Virtualization Overview Virtualization is the emulation of a computer environment called a Virtual Machine. A Hypervisor.
Guide to Linux Installation and Administration, 2e1 Chapter 2 Planning Your System.
NETWORK COMPONENTS Assignment #3. Hub A hub is used in a wired network to connect Ethernet cables from a number of devices together. The hub allows each.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Planning the Addressing Structure Working at a Small-to-Medium Business.
Cisco Discovery Semester 1 Chapter 5 JEOPADY Q&A by R. Prensky, Template by K. Martin.
Management of the LHCb DAQ Network Guoming Liu * †, Niko Neufeld * * CERN, Switzerland † University of Ferrara, Italy.
Clara Gaspar, March 2005 LHCb Online & the Conditions DB.
Homework 02 NAT 、 DHCP 、 Firewall 、 Proxy. Computer Center, CS, NCTU 2 Basic Knowledge  DHCP Dynamically assigning IPs to clients  NAT Translating addresses.
IP addresses IPv4 and IPv6. IP addresses (IP=Internet Protocol) Each computer connected to the Internet must have a unique IP address.
Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.
Online View and Planning LHCb Trigger Panel Beat Jost Cern / EP.
Welcome to Early Bird Class
Connection Technologies and IP Addressing CONNECTING TO THE INTERNET.
Computer and Network Infrastructure for the LHCb RTTC Artur Barczyk CERN/PH-LBC RTTC meeting,
Infrastructure availability and Hardware changes Slides prepared by Niko Neufeld Presented by Rainer Schwemmer for the Online administrators.
.  Hubs send data from one computer to all other computers on the network. They are low-cost and low-function and typically operate at Layer 1 of the.
© 2006 Intertex Data AB 1 Connect your LAN to the SIP world, while keeping your existing firewall*! The IX67 LAN SIParator (Part of the SIP Switch option.
“ is not to be used to pass on information or data. It should used only for company business!” – Memo from IBM Executive The Languages, Methods &
DAQ & ConfDB Configuration DB workshop CERN September 21 st, 2005 Artur Barczyk & Niko Neufeld.
Introduction to DAQ Architecture Niko Neufeld CERN / IPHE Lausanne.
Chapter 5. An IP address is simply a series of binary bits (ones and zeros). How many binary bits are used? 32.
System Optimization Networking
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Introduction to TCP/IP.
Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.
SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.
FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.
Planning the Addressing Structure
LESSON Networking Fundamentals Understand IPv4.
NAT、DHCP、Firewall、FTP、Proxy
Welcome! Thank you for joining us. We’ll get started in a few minutes.
Wireless Modes.
WSU Linux Users Group By Haven Hash
Introducing To Networking
Transport Layer Systems Firewalls and NAT
CS580 Special Project: IOS Firewall Setup using CISCO 1600 router
Planning the Addressing Structure
Cengage Learning: Computer Networking from LANs to WANs
Use Of GAUDI framework in Online Environment
Layering and the TCP/IP protocol Suite
Presentation transcript:

Infrastructure for the LHCb RTTC Artur Barczyk CERN/PH RTTC meeting,

2CERN, Artur Barczyk, CERN/PH Background Proposed setup for RTTC (Beat, ): Controls switch Disk server SFC Node Data switch Node ECS Disk server SFC Node Data switch Node Data switch

3CERN, Artur Barczyk, CERN/PH Background Existing equipment in 157: 46 compute nodes 46 compute nodes 4 SFCs 4 SFCs 1 dual Xeon (32 bit architecture) 2 dual Opteron (64 bit architecture) 1 dual Itanium (64 bit architecture) 1 ECS server (Windows) 1 ECS server (Windows) 1 NFS server (Linux) 1 NFS server (Linux) 3 24 port GbE switches 3 24 port GbE switches 1 48 port FE switch (farm connectivity for controls) 1 48 port FE switch (farm connectivity for controls)  2 complete Sub-Farms with 23 nodes each (although aging, so no speed record to be expected… … but planned to buy 23 dual CPU farm nodes) All hosts (incl. switches) are on LHCb private network

4CERN, Artur Barczyk, CERN/PH Private Network Private Network is: IP network using private address range IP network using private address range Private = administered within organisation, i.e. the LHCb Online team in this case Private = administered within organisation, i.e. the LHCb Online team in this case Not directly connected to the internet  access via Gateway Not directly connected to the internet  access via Gateway Reserved private numbers are (RFC 1918) Reserved private numbers are (RFC 1918) Class A: / 8 (16 Mhosts) Class B: / 12 (1 Mhosts) Class C: / 16 (64 khosts) In general, all hosts are accessible via gateway Some boxes, in particular the servers, can be accessed from the CERN network as usual (Network Address Translation (NAT) on the Gateway machine transparent to the user) Gateway functions also as a firewall, need to identify services from outside, and open corresponding ports (e.g. AFS, DNS etc.)

5CERN, Artur Barczyk, CERN/PH Why bother Future: Readout network will be a private network, as will be the Controls Network etc. Present: DAQ test bed in 157 runs out of CERN IP numbers (“our” segment has 127 possible addresses, 101 already used up) Good opportunity to switch over, and test functionality before/during the Trigger Challenge CERN/IT LHCb Point 8IT Controls Storage Workstations Gateway

6CERN, Artur Barczyk, CERN/PH Control interfaces The setup in 157 uses class A private numbers Subnet /16 used for control interfaces Use 3 rd octet to distinguish between Farm nodes ( 10.1.N.0 / 24 ) Farm nodes ( 10.1.N.0 / 24 ) SFCs ( / 24 ) SFCs ( / 24 ) Servers ( / 24 ) Servers ( / 24 ) Gateway Farm NSRCsSRVsSFCs CERN NETWORK LBTBGW DAQ PRIVATE NETWORK / / 24 e.g for pclbtbsrc N.0 / 24 e.g for PC 7 in farm / 24 e.g for pclbtbsrv / 24 e.g. 10.1,100.5 for pclbtbsfc05

7CERN, Artur Barczyk, CERN/PH User access Generally through gateway (lbtbgw), in two steps: pclhcb114> ssh pclhcb114> ssh lbtbgw> ssh lbtbgw> ssh Firewall currently open only for ssh ssh IP-time IP-time DNS DNS AFS AFS AFS can be accessed as usual on directly NATed boxes (servers, SFCs) as usual on directly NATed boxes (servers, SFCs) via dynamic NAT from all other boxes (farm nodes) via dynamic NAT from all other boxes (farm nodes) This means that only the host in question can start a connection, and that only a limited number of hosts can access AFS at the same time Meant for e.g. system upgrades Other services will be allowed to pass the gateway when identified as needed In principle, the RTTC traffic should be local within our domain

8CERN, Artur Barczyk, CERN/PH Data interfaces Subnet /16 used for data interfaces Use 3 rd octet to distinguish between Data source N ( 10.2.N.0 / 24 ) Data source N ( 10.2.N.0 / 24 ) SFC M ( M.0 / 24 ) SFC M ( M.0 / 24 ) Farm (K) node ( K.0 / 24 ) Farm (K) node ( K.0 / 24 ) Note: no gateway! Source SFC 5 Farm 1, node

9CERN, Artur Barczyk, CERN/PH Status/Outlook The setup is running on the private network as of recently So far used for switch testing and SFC benchmarking We have to gain experience with running behind a firewall: Identify outside services needed Identify outside services needed Install whatever is missing/useful Install whatever is missing/useful Other operational details like e.g. ssh tunnelling, security/OS updates etc. Other operational details like e.g. ssh tunnelling, security/OS updates etc. Hardware installations: 1-2 disk servers for RTTC data 1-2 disk servers for RTTC data 23 state-of-the-art farm nodes 23 state-of-the-art farm nodes

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.