1. QI Fazhi ／ IHEP CC HEPiX IPv6 F2F Meeting IPv6 Network Status in IHEP/China QI Fazhi [qfz@ihep.ac.cn]qfz@ihep.ac.cn Computing Center, IHEP July 4, 2013. CERN

2. QI Fazhi ／ IHEP CC 2 * CSTNet CERNet CNGI IHEPNet IPv6@IHEP SDN@IHEP Summary Outline

3. QI Fazhi ／ IHEP CC CSTNet China Science and Technology Network Domain name: *.ac.cn An academic network system operated by Chinese Academy of Sciences Covers the whole country via 13 regional sub-centers to form the domestic backbone Operation Center: CNNIC

4. QI Fazhi ／ IHEP CC CERNet China Education & Research Network Domain name is *.edu.cn the largest academic network in China Connects more than 200 cities Provides connectivity to ~2000 colleges and institutes.

5. QI Fazhi ／ IHEP CC CNGI China Next Generation Internet A government-supported IPv6 project A largest ipv6 pure network in the world the largest academic network in China consists of six core networks implemented by China Telecom, China Netcom/CAS, China Mobile, China Unicom, CERNET and China Railcom

6. QI Fazhi ／ IHEP CC CERNet2 The CERNet part of CNGI 2.5~10Gbps backbone

7. QI Fazhi ／ IHEP CC CSTNet2

8. QI Fazhi ／ IHEP CC

9. IPv6 History @IHEP 2008 –1Gbps IPv6 Link to CNGI, Part of IHEP endpoints support IPv 6 2009 –IHEP started to use the IPv6 Link to do the HEP data transfer between the cooperation Universities(SDU/…) 2011 –IHEP DNS supports IPv6 2012 –Dual Stack IHEP Campus Network, 10Gbps IPv6 link CNGI(Fund from The National Reform and Development Committee ) 2013 –IHEP Gird-Area Network supports IPv6(test bed) –The SDN @IHEP project start up(IPv6 enabled)

10. QI Fazhi ／ IHEP CC IPv6 deployment principles @IHEP Dual Stack The same management and security policies with IPv4 –Users (IP) management –Monitoring –Access control Step by Step –Public Network Services DNS WEB Email …… –Grid & Cloud Computing

11. QI Fazhi ／ IHEP CC DHCPv6 @IHEP （ Dibbler ） Dibbler –Open source software – Author : Tomasz Mrugalski and Marek Senderski from Gdansk University of Technology A dhcpv6 solution include – Server – Client (Support Windows XP) – Relay Feature – OS supported Linux 2.4/2.6; Windows NT4.0,XP,WIN7/8; Mac OS – Multi-server supported –Autoconguration p rocotol supported Stateful /Stateless IA,TA,PD client IP configuration control – Dhcpv6 relay request supported – Per client conguration by MAC or UUID – Server caching

12. QI Fazhi ／ IHEP CC Current Status Infrastructure deployment ✔ –All the network devices(switch/router/firewall) support IPv6 Infrastructure Monitoring ✔ –Easy to do (all the devices are dual stack supported) –Cacti & Nagios with IPv6 patch User(IP) management ✔ –The ipdb & access control system ✔ –DHCPv6 server: ✔ DHCPv6 server service (DHCPv6 server  Dibbler server; running on the same server with DHCPv4) All the office users use the dibbler client to achieve ipv6 address. Security ✔ –Firewall: ✔ –Network traffic and user behavior analysis: ✔

13. QI Fazhi ／ IHEP CC Current Status User Management & Access Control Central Database – IPDB –MAC Address is the key Static IP address for Users –IPv6/IPv4 host addresses assigned by Dibbler/DHCPv4 servers, based on the MAC address declared in the IPDB Central Control System –User information management –Network devices information management –Dhcpd configuration auto-updated –Release access policies to the proper user switch

14. QI Fazhi ／ IHEP CC Assign IP address ok Current Status User Access Control Procedure Online Register MAC/User Name/Email/Tel/Building/R oom number/Plugin number/…… Switch configuration updated IPDB Dibbler/DHCP configuration updated save Approved by Admin Submit no Switch information: IP/Port/Vlan/ Switch-Room/Plugin Number relationship Vlan/IP subnet/switch-port relationship IP/MAC relationship …… Switch information: IP/Port/Vlan/ Switch-Room/Plugin Number relationship Vlan/IP subnet/switch-port relationship IP/MAC relationship ……

15. QI Fazhi ／ IHEP CC Current Status Grid Area Network Grid Computing Environment –The gridftp(ipv6) test bed was set up – IP Name: ui01-hepix.ihep.ac.cn –ui01-hepix-v6.ihep.ac.cn (2401:de00::9998) –ui01-hepix-v4.ihep.ac.cn (202.122.32.172) –OS: Scientific Linux 5.9 x86_64 –CPU: Intel E5345 X 2 –Mem: 16GB –DISK: 320GB. Will add to 6TB(2TBX3 Raid 0). For Transfer test. – Middle ware: Gridftp server and EMI-2 UI –Web server: nginx with ipv6 support

16. QI Fazhi ／ IHEP CC IPV6 check result New CA server included in EGI-ca-policy 1.53 Gridftp server or client ca version less than 1.53 will failed to transfer

17. QI Fazhi ／ IHEP CC Problems No enough resources and applications in the IPv6 internet world –Most of the IHEP IPv6 traffic are video/iptv/…… –Less scientific data go through IPv6 And Then…….SDN@IHEP Project

18. QI Fazhi ／ IHEP CC What is SDN?

19. QI Fazhi ／ IHEP CC SDN@IHEP Goal – A flexible, reliable and high performance HEP data transfer network (virtual and private) and system platform in China – IPv4 and IPv6 supported – The traffic can be switched between IPv4 and IPv6 infrastructure and physical path automatically or manually SDN@IHEP  IHEPDTN – End user network – Backbone network （ IPv6 & IPv4 ） – SDN Switch (L2VPN gateway & Openflow supported) – Control center (API to Application) – Applications(FTS/NMS/…….) Members – IHEP/SJU/SDU/TsingHua/…… – Network manufacturer ： Ruijie Networks, A high performance network union lab （ IHEP-Ruijie) 19 高能所－锐捷网络高性能计算网络联合实验室

20. QI Fazhi ／ IHEP CC SDN@IHEP model

21. QI Fazhi ／ IHEP CC Final Result

22. QI Fazhi ／ IHEP CC Summary IPv6 infrastructure @IHEP is running well The IPv6 management and support platform is running well The Gridftp testbed @IHEP for IPv6 is ready – We would like to jion the mesh test for data transfer IHEP SDN project will build a platform in China for HEP(BESIII/Daya Bay Experiments) data transfer with the current/IPv6 network infrastructure

23. QI Fazhi ／ IHEP CC Thank you