Presentation is loading. Please wait.

Presentation is loading. Please wait.

NERSC Overview Karen Schafer. Wireless Ruckus centralized controller 802.11a/g/n Employee, Visitor, and Guest Access Captive portal registration for visitor.

Published byAron Jefferson Modified over 8 years ago

Similar presentations

Presentation on theme: "NERSC Overview Karen Schafer. Wireless Ruckus centralized controller 802.11a/g/n Employee, Visitor, and Guest Access Captive portal registration for visitor."— Presentation transcript:

1 NERSC Overview Karen Schafer

2 Wireless Ruckus centralized controller 802.11a/g/n Employee, Visitor, and Guest Access Captive portal registration for visitor and employee access Guestpass must be generated by NERSC employee

3 IPv6 Current – Provider dependent address block – DNS, Email, and www mandate met – Separate infrastructure, connectivity Future – Provider independent block acquired – Will deploy/migrate in 100G environment

4 ESnet5/100G Implementation Current – Juniper M320 connected at 10G – Alcatel Lucent connected at 100G Future (near term) – iBGP between border routers – OSPF internal, area 0 – Strict primary/secondary policy

5 NERSC 100G Security Monitoring Jim Mellander (Scott Campbell)

6 100GB Monitoring Design ACL LAG Data In Manager Bro Cluster 100G Router Workers

7 100Gb IDS: Front Hardware ACL LAG Data In 100G Router Router: MLXe-16, running 5.4c OS Data enters and is Policy Routed to LAG Group based on ACL – Allows for maximum flexibility. LAG Group load balances across 10G interfaces using source and dest IP addresses for flow symmetry. ACL is blunt tool – severe limitations on what you can make decisions on. Unclean.

8 100Gb Monitoring: Bro Cluster Manager Bro Cluster Workers Bro Cluster is “out of the box” without significant functional changes. Small number of worker nodes is a product of our traffic profile (Very heavy tail). Note: While per worker maximum data rate is 10G/s, this problem is addressed via shunting.

9 Bro Policy Shunt unit is a single connection based on TCP 5-tuple. If enough connections between two IP pairs are observed (high water mark), the pair of hosts are shunted. As connections close, the count can fall below a low water mark and the IP pair shunt is removed. Number of Connections Seen between two IPs High Water Low Water

10 Data Volume vs. Efficiency As expected, the larger the volume of data per connection size, the greater the shunt efficiency.

11 ROC Graph: Conn Size vs. %Total Data 0MB 200MB 400MB 600MB 800MB 1000MB 1200MB Connection Data (to + from) in MB 100% 80% 60% 40% 20% 0% 99.3 % Connections < 1 MB

Download ppt "NERSC Overview Karen Schafer. Wireless Ruckus centralized controller 802.11a/g/n Employee, Visitor, and Guest Access Captive portal registration for visitor."

Similar presentations

NAGIOS AND CACTI NETWORK MANAGEMENT AND MONITORING SYSTEMS.

NAGIOS AND CACTI NETWORK MANAGEMENT AND MONITORING SYSTEMS.
Routing Routing in an internetwork is the process of directing the transmission of data across two connected networks. Bridges seem to do this function.

Routing Routing in an internetwork is the process of directing the transmission of data across two connected networks. Bridges seem to do this function.
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
Project by: Palak Baid (pb2358) Gaurav Pandey (gip2103) Guided by: Jong Yul Kim.

Project by: Palak Baid (pb2358) Gaurav Pandey (gip2103) Guided by: Jong Yul Kim.
Giảng viên : Ts. Lê Anh Ngọc Học viên: Trịnh Hồng Điệp Nguyễn Minh H ư ớng 1.

Giảng viên : Ts. Lê Anh Ngọc Học viên: Trịnh Hồng Điệp Nguyễn Minh H ư ớng 1.
Cisco S3 C5 Routing Protocols. Network Design Characteristics Reliable – provides mechanisms for error detection and correction Connectivity – incorporate.

Cisco S3 C5 Routing Protocols. Network Design Characteristics Reliable – provides mechanisms for error detection and correction Connectivity – incorporate.
COM555: Mobile Technologies Location-Identifier Separation.

COM555: Mobile Technologies Location-Identifier Separation.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) SriramGopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
1 6/14/2015 06:27 CS575Internetworking & Routers1 Rivier College CS575: Advanced LANs Chapter 13: Internetworking & Routers.

1 6/14/ :27 CS575Internetworking & Routers1 Rivier College CS575: Advanced LANs Chapter 13: Internetworking & Routers.
ROYAL PALM NETWORK PROJECT John Healy Tom Jamieson

ROYAL PALM NETWORK PROJECT John Healy Tom Jamieson
Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932

Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.

Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
OpenContrail Quickstart

OpenContrail Quickstart
Jennifer Rexford Princeton University MW 11:00am-12:20pm Data-Center Traffic Management COS 597E: Software Defined Networking.

Jennifer Rexford Princeton University MW 11:00am-12:20pm Data-Center Traffic Management COS 597E: Software Defined Networking.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The ProCurve 3500yl/5400zl/6200yl.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The ProCurve 3500yl/5400zl/6200yl.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Chapter 4: Managing LAN Traffic

Chapter 4: Managing LAN Traffic

Similar presentations

Ads by Google