Presentation is loading. Please wait.

Presentation is loading. Please wait.

UNM SCIENCE DMZ Sean Taylor Senior Network Engineer.

Published byEdward Mitchell Modified over 8 years ago

Similar presentations

Presentation on theme: "UNM SCIENCE DMZ Sean Taylor Senior Network Engineer."— Presentation transcript:

1 UNM SCIENCE DMZ Sean Taylor Senior Network Engineer

2 Overview Why Research Specific Networks? Production Network/ScienceDMZ Design Basics ScienceDMZ Components Tools Used UNM CCIIE Grant/Researchers Requirements UNM Design

3 Possibilities??

4 Design Considerations 1. Type of R&E traffic – TCP –based, microburst traffic that can quickly consume entire available bandwidth a. Subject to TCP Global Synchronization 2. TCP traffic needs deep buffer on ports when congestion occurs. 3. No commercially available security devices can sit in- path with line-rate process speed 4. 100 Gbps backbone across continental US 5. The general rule of thumb is that you need 50ms of line- rate output queue buffer for a 10G port, so there should be around 60MB of buffer. UNM Infrastructure has 256MB or 153 MB depending on model.

5 Research Network: Science DMZ A network optimized for business is not designed or capable of supporting data intensive science.  Universities will always need to support security features that protect organizational financial and personnel data.  Solution: create separate data intensive science network, external to university enterprise network  Design formalized by ESnet, based on traditional network DMZ paradigm

6 Basic Science DMZ Science DMZ: (1) dedicated access to high-performance WAN, (2) high-performance switching infrastructure (large buffer memory), (3) dedicated data transfer nodes

7 ScienceDMZ Components DTNs (Data Transfer Nodes—Originator/Responder) High capacity servers capable of wire speed 10Gbps Transfer Globus GridFTP Application tuned for large data transfers Large Buffer capable network devices to smooth TCP drops Must have 60MB per port buffer space Must be Openflow capable PerfSONAR measurement nodes at each location Bro IDS (IDS versus IPS, to minimize deep packet inspection) Brocade SDN Controller Globus for Researchers Supporting Staff

8 Managing by Measurement Off campus / On campus data points Service tuning - Dedicated PerfSonars in DMZ Beyond UNM – Connectivity to other research institutions

9 Globus for the User Easy to use File Transfer Interface Existing Data Transfer Nodes at UNM Parallel transferring via GridFTP to utilize full 10G throughput

10 SDN for the DMZ Brocade SDN Controller Bro IDS Communication between these for event based responses automatically

11 How To Secure it? Use Bro to monitor it out of line IDS, not an IPS Requires full understanding of Bro libraries and expertise in TCP/IP stacks SDN Policies applied to DMZ Routers Flows describe TCP/IP traffic between two hosts. SDN controls these flows via Openflow 1.3 IPTables at the Data Transfer Nodes ACLs on Router interfaces and Unix files

12 CC*IIE Grant NSF Grant awarded to UNM Collaborative amongst researchers/IT Initial funding to build out the basic network Hope to apply for additional grants as available

13 UNM Design

14

15 Summary Why Research Specific Networks? Production Network/ScienceDMZ Design Basics ScienceDMZ Components Tools Used UNM Design

16

17 That’s So Cool! When can my department or myself join this network? This is a funding based network that requires listed Personal Investigators and funding for installation To be considered for inclusion into the round of grant funding contact Steve Perry and Elaine Rising at erising@unm.edu

Download ppt "UNM SCIENCE DMZ Sean Taylor Senior Network Engineer."

Similar presentations

Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.

Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Lesson 3 – UNDERSTANDING NETWORKING. Network relationship types Network features OSI Networking model Network hardware components OVERVIEW.

Lesson 3 – UNDERSTANDING NETWORKING. Network relationship types Network features OSI Networking model Network hardware components OVERVIEW.
Optical Ring Networks Research over MAC protocols for optical ring networks with packet switching. MAC protocols divide the ring bandwidth according to.

Optical Ring Networks Research over MAC protocols for optical ring networks with packet switching. MAC protocols divide the ring bandwidth according to.
Module – 7 network-attached storage (NAS)

Module – 7 network-attached storage (NAS)
KEK Network Qi Fazhi 2004.8. KEK SW L2/L3 Switch for outside connections Central L2/L3 Switch A Netscreen Firewall Super Sinet Router 10GbE 2 x GbE IDS.

KEK Network Qi Fazhi KEK SW L2/L3 Switch for outside connections Central L2/L3 Switch A Netscreen Firewall Super Sinet Router 10GbE 2 x GbE IDS.
CMS Data Transfer Challenges LHCOPN-LHCONE meeting Michigan, Sept 15/16th, 2014 Azher Mughal Caltech.

CMS Data Transfer Challenges LHCOPN-LHCONE meeting Michigan, Sept 15/16th, 2014 Azher Mughal Caltech.
NETWORKING COMPONENTS By Scott H. Bowers. HUB A hub can be easily mistaken for a switch, physically there are no defining characteristics, both have power.

NETWORKING COMPONENTS By Scott H. Bowers. HUB A hub can be easily mistaken for a switch, physically there are no defining characteristics, both have power.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Identifying Application Impacts on Network Design Designing and Supporting Computer.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Identifying Application Impacts on Network Design Designing and Supporting Computer.
Module 4: Designing Routing and Switching Requirements.

Module 4: Designing Routing and Switching Requirements.
2016-5-261 SDN based Network Security Monitoring in Dynamic Cloud Networks Xiuzhen CHEN School of Information Security Engineering Shanghai Jiao Tong University,

SDN based Network Security Monitoring in Dynamic Cloud Networks Xiuzhen CHEN School of Information Security Engineering Shanghai Jiao Tong University,
Research Opportunities Facilitated via UCR’s Network Infrastructure Presented by Charles Rowley AVC Computing and Communications University of California,

Research Opportunities Facilitated via UCR’s Network Infrastructure Presented by Charles Rowley AVC Computing and Communications University of California,
INTERNATIONAL NETWORKS At Indiana University Hans Addleman TransPAC Engineer, International Networks University Information Technology Services Indiana.

INTERNATIONAL NETWORKS At Indiana University Hans Addleman TransPAC Engineer, International Networks University Information Technology Services Indiana.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Identifying Application Impacts on Network Design Designing and Supporting.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Identifying Application Impacts on Network Design Designing and Supporting.
UNM RESEARCH NETWORKS Steve Perry CCNP, CCDP, CCNP-V, CCNP-S, CCNP-SP, CCAI, CMNA, CNSS 4013 Director of Networks.

UNM RESEARCH NETWORKS Steve Perry CCNP, CCDP, CCNP-V, CCNP-S, CCNP-SP, CCAI, CMNA, CNSS 4013 Director of Networks.
LAN Switching and Wireless – Chapter 1 Vilina Hutter, Instructor

LAN Switching and Wireless – Chapter 1 Vilina Hutter, Instructor
OBJECTIVE: o Describe various network topologies o Discuss the role of network devices o Understand Network Configuration Factors to deploy a new network.

OBJECTIVE: o Describe various network topologies o Discuss the role of network devices o Understand Network Configuration Factors to deploy a new network.
Enabling Technologies (Chapter 1)  Understand the technology and importance of:  Virtualization  Cloud Computing  WAN Acceleration  Deep Packet Inspection.

Enabling Technologies (Chapter 1)  Understand the technology and importance of:  Virtualization  Cloud Computing  WAN Acceleration  Deep Packet Inspection.
Cisco 3 - Switch Perrine. J Page 111/6/2015 Chapter 5 At which layer of the 3-layer design component would users with common interests be grouped? 1.Access.

Cisco 3 - Switch Perrine. J Page 111/6/2015 Chapter 5 At which layer of the 3-layer design component would users with common interests be grouped? 1.Access.

Similar presentations

Ads by Google