Presentation is loading. Please wait.

Presentation is loading. Please wait.

MGRID: Network Testing and Performance Charles J. Antonelli Center for Information Technology Integration University of Michigan.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "MGRID: Network Testing and Performance Charles J. Antonelli Center for Information Technology Integration University of Michigan."— Presentation transcript:

1 MGRID: Network Testing and Performance Charles J. Antonelli Center for Information Technology Integration University of Michigan

2 MGRID NTAP Project NTAP : Network Testing and Performance Purpose : provide a secure and extensible network testing and performance tool invocation service at U-M Service based on Globus Runs on dedicated nodes attached to routers in a VLAN environment

3 MGRID Architecture mod ssl mod kx509 mod kct CHEF Apache Tomcat KCT GateKeeper Resource Grid Resource KCA kx509 kinit User Workstation KDC Kerberos V5 SSL – Client Certificate required GSI Kerberos SASL MGRID Portal 1 2 3 4 5 6 7 6 Authorization Resource Mng SASL 8 mod jk mod php LDAP Authorization LDAP libpkcs11 Browser

4 MGRID NTAP Project Initial work implemented a bandwidth reservation tool: – Securely modifies network switch configurations to provide differentiated services – Based on GARA “General-purpose Architecture for Reservation and Allocation” Layered on Globus Implements role-based authorization Includes scheduler for future reservations

5 MGRID NTAP Project Added modular, fine-grained authorization – Added signed group membership(s) to reservation data – Now provides two authorization methods: Keynote policy engine / AFS PTS group service PERMIS policy engine / LDAP group service Generalized from bandwidth reservations to the ability to run securely arbitrary programs at a Grid service endpoint – Designed to easily add functionality – Network testing tools being used now Iperf, traceroute, ping, owamp, etc

6 MGRID NTAP Architecture Web Portal Router 1 Host A Router 2Router 3 Host B PMP 1PMP 2PMP 3 GSI Attribute Callout AFS PTSPERMISFlat File

7 MGRID NTAP Project Multihomed PMP support – One routing table per VLAN – Routing policy selects routing table based on source address of outgoing packet – Emulates a default route per virtual interface Path discovery – Use traceroute to obtain routing information – Use network topology databases to map network segments to PMP pairs

8 MGRID NTAP Project PERMIS authorization – User, Target, Action – Attribute, policy certificates – Policy engine Production hardening – Error handling/recovery – Cleanup/restart – Log file management – Deployment packaging

9 MGRID NTAP Project Performance measurement – Deployment to ITCom lab Output Database – Permanent, secure storage of results – Searches and aggregations – Throughput/latency matrix Host Endpoint Testing – The “last mile” segment – Secure download of signed binaries

10 MGRID NTAP Project Demonstration R1 Host A PMP 1 R2 Host B PMP 2 192.168.10.50192.168.20.50 192.168.10.110.1.1.1/3010.1.1.2/30 192.168.10.19192.168.20.99

11 MGRID NTAP Project Performance test, step 1 – locate the first PMP, the performance machine “nearest” to the tester

12 MGRID NTAP Project Performance test, step 2 – discover network path (i.e. routers)

13 MGRID NTAP Project Performance test, steps 3, 4, …, n – run pairwise tests between “adjacent” PMPs ideally, this will capture hop-by-hop network data sometimes there are network “holes” – lastly, timestamp and store the output for post- processing (generate graphs, check for empirical anomalies, etc)

14 Any Questions? http://mgrid.umich.edu

Download ppt "MGRID: Network Testing and Performance Charles J. Antonelli Center for Information Technology Integration University of Michigan."

Similar presentations

Data Management Expert Panel - WP2. WP2 Overview.

Data Management Expert Panel - WP2. WP2 Overview.
Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Secure Network Performance Testing using SeRIF Dr. Charles J. Antonelli Center for Information Technology Integration University of Michigan Winter 2006.

Secure Network Performance Testing using SeRIF Dr. Charles J. Antonelli Center for Information Technology Integration University of Michigan Winter 2006.
Authenticated QoS Signaling William A. (Andy) Adamson Olga Kornievskaia CITI, University of Michigan.

Authenticated QoS Signaling William A. (Andy) Adamson Olga Kornievskaia CITI, University of Michigan.
Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.
PlanetLab Operating System support* *a work in progress.

PlanetLab Operating System support* *a work in progress.
11 Modelnet Emulation environment for wide-area systems

11 Modelnet Emulation environment for wide-area systems
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.1 Module 6 Switch Configuration.

1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.1 Module 6 Switch Configuration.
Holding slide prior to starting show. Supporting Collaborative Working of Construction Industry Consortia via the Grid - P. Burnap, L. Joita, J.S. Pahwa,

Holding slide prior to starting show. Supporting Collaborative Working of Construction Industry Consortia via the Grid - P. Burnap, L. Joita, J.S. Pahwa,
Authenticated QoS Project Overview Andy Adamson Research Investigator Center for Information Technology Integration University of Michigan Ann Arbor.

Authenticated QoS Project Overview Andy Adamson Research Investigator Center for Information Technology Integration University of Michigan Ann Arbor.
Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.

Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.
Challenges Running an NFSv4- backed OSG Cluster Kevin Coffman Center for Information Technology Integration University of Michigan.

Challenges Running an NFSv4- backed OSG Cluster Kevin Coffman Center for Information Technology Integration University of Michigan.
Mr. Mark Welton.  Three-tiered Architecture  Collapsed core – no distribution  Collapsed core – no distribution or access.

Mr. Mark Welton.  Three-tiered Architecture  Collapsed core – no distribution  Collapsed core – no distribution or access.
Understanding Active Directory

Understanding Active Directory
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
IT:Network:Applications Fall 2009.  Running one “machine” inside another “machine”  OS in Virtual machines sees ◦ CPU(s) ◦ Memory ◦ Disk ◦ USB ◦ etc.

IT:Network:Applications Fall  Running one “machine” inside another “machine”  OS in Virtual machines sees ◦ CPU(s) ◦ Memory ◦ Disk ◦ USB ◦ etc.
Implementing Dynamic Host Configuration Protocol

Implementing Dynamic Host Configuration Protocol

Similar presentations

Ads by Google