Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Testing and Performance Using SeRIF Charles J. Antonelli David Richter Olga Kornievskaia Nathan Gallaher Center for Information Technology Integration.

Published byAlvin Horn Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Testing and Performance Using SeRIF Charles J. Antonelli David Richter Olga Kornievskaia Nathan Gallaher Center for Information Technology Integration."— Presentation transcript:

1 Network Testing and Performance Using SeRIF Charles J. Antonelli David Richter Olga Kornievskaia Nathan Gallaher Center for Information Technology Integration University of Michigan Work supported by U-M ITCom

2 SeRIF SeRIF : Secure Remote Invocation Framework Purpose : provide a secure and extensible remote process invocation service, with strong authentication and flexible authorization Based on Globus, GARA Adds fine-grained authorization – Walden

3 SeRIF Central portal host – Authentication – Control (invocation, parameters, results) – Databases (LDAP) Dedicated remote nodes – Gatekeeper – Local scheduler for execution and cleanup – Provides status and output redirection – Fine grained authorization at resource

4 NTAP NTAP : Network Testing and Performance Purpose : provide a secure and extensible network testing and performance tool invocation service at U-M Uses SeRIF framework Runs on portal host and Performance Measurement Platforms (PMPs) attached to routers in a VLAN environment

5 MGRID Architecture mod ssl mod kx509 mod kct Apache Tomcat KCT GateKeeper Resource Grid Resource KCA kx509 kinit User Workstation KDC Kerberos V5 SSL – Client Certificate required GSI Kerberos SASL MGRID Portal 1 2 3 4 5 6 7 Authorization Resource Mng SASL 8 WALDEN Authorization WALDEN libpkcs11 Browser mod php mod jk CHEF LDAP NW Topology Output

6 NTAP Architecture Web Portal Router 1 Host A Router 2Router 3 Host B PMP 1PMP 2PMP 3 GSI Attribute Callout AFS PTS Flat File Walden

7 NTAP I Bandwidth reservation tool: – Securely modifies network switch configurations to provide differentiated services – Based on GARA extension “General-purpose Architecture for Reservation and Allocation” Layered on Globus Includes scheduler for future reservations – Implements modular, fine-grained, role-based authorization Added signed group membership(s) to reservation data Keynote policy engine / AFS PTS group service

8 NTAP II Added authorization plug-in – PERMIS policy engine / LDAP group service Generalized from bandwidth reservations to the ability to run securely arbitrary programs at a Grid service endpoint – Designed to add functionality easily – Network testing tools supported iperf, traceroute, ping, etc Implemented automatic path discovery

9 Segment Mapping Strategy – Use traceroute to obtain packet routing path – Use network topology database to map each router to its associated PMP – Execute pairwise performance tests along path Multi-homed PMP support – One routing table per VLAN – Routing policy selects routing table based on source address of outgoing packet – Emulates a default route per virtual interface

10 Segment Mapping Search types (Anchors) – Host – Router – Router, no path discovery – PMP – PMP, no LDAP search

11 Segment Mapping Testing Modes – Simple Uses default VLANs only Fallback mode – Source One-way QoS modeling, best for asymmetric applications, accurate for multi-hop – Full Two-way QoS modeling, but not useful for multi-hop

12 Production Hardening Stable, robust product suitable for continuous operation – Error handling/recovery – Cleanup/restart – Log file management – Deployment packaging – Deployment verifier – Documentation

13 Output Database Test program outputs captured Stored in LDAP database Database display tool – Output hop-by-hop matrix display – Color-coded test history – Click through cells for detailed views Links to most recent tests – Config file for rapid prototyping

14 NTAP III Deployment – PMPs deployed at ITCom, Merit, Internet2 Added authorization plug-in – PERMIS policy engine / LDAP group service 10 Gbps PMPs Host Endpoint Testing Automated Testing Profile-based interface

15 Walden Fine-grained authorization at gatekeeper Uses XACML policy file –Resource, Action, Subject attributes

16 Automated Testing Want repetitive, automated testing – … but with secure authentication and authorization Solution: renewable credentials – User obtains Globus credentials – Portal schedules repetitive testing – Prior to test cycle, portal derives single-use credential from user credential – Rest of NTAP architecture unchanged

17 Host Endpoint Testing First mile problem – Leverages Network Diagnostic Tester Uses JavaWebStart to run signed apps on client – Client downloads NDT app Multi-step process User clicks two links – Client identifies first-hop router and attached PMP running NDT server – Client runs NDT test and displays results as usual – NDT server sends results to NTAP database Router 1 Host A

18 Profile-based Interface Database of test paths and test requests – Segment mapped or user-specified – Captures common test configurations Available as library of standard configurations – Select test profile – Attach one or more test profiles – Run test and record results Leverages test expertise Authorized access contemplated

19 MGRID NTAP Project Demonstration

20 Future Work Post-processed statistics, graphs Cross-domain testing Alternatives to topology database Automated tools – Tune TCP stack – Detect duplex mismatches Graph the topology database

21 Any Questions? http://www.citi.umich.edu

Download ppt "Network Testing and Performance Using SeRIF Charles J. Antonelli David Richter Olga Kornievskaia Nathan Gallaher Center for Information Technology Integration."

Similar presentations

NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)

NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
EVERY CONNECTION has a starting point. EVERY CONNECTION has a starting point. WorldCat Navigator - Authentication Library Hosted Navigator EZproxy and.

EVERY CONNECTION has a starting point. EVERY CONNECTION has a starting point. WorldCat Navigator - Authentication Library Hosted Navigator EZproxy and.
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
Data Management Expert Panel - WP2. WP2 Overview.

Data Management Expert Panel - WP2. WP2 Overview.
METALOGIC s o f t w a r e © Metalogic Software Corporation 2004-2006 DACS Developer Overview DACS – the Distributed Access Control System.

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.
Secure Network Performance Testing using SeRIF Dr. Charles J. Antonelli Center for Information Technology Integration University of Michigan Winter 2006.

Secure Network Performance Testing using SeRIF Dr. Charles J. Antonelli Center for Information Technology Integration University of Michigan Winter 2006.
Authenticated QoS Signaling William A. (Andy) Adamson Olga Kornievskaia CITI, University of Michigan.

Authenticated QoS Signaling William A. (Andy) Adamson Olga Kornievskaia CITI, University of Michigan.
Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.
CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.

CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.1 Module 6 Switch Configuration.

1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.1 Module 6 Switch Configuration.
Authenticated QoS Project Overview Andy Adamson Research Investigator Center for Information Technology Integration University of Michigan Ann Arbor.

Authenticated QoS Project Overview Andy Adamson Research Investigator Center for Information Technology Integration University of Michigan Ann Arbor.
Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.

Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.
GridScape Ding Choon Hoong Grid Computing and Distributed Systems (GRIDS) Lab. The University of Melbourne Melbourne, Australia www.gridbus.org WW Grid.

GridScape Ding Choon Hoong Grid Computing and Distributed Systems (GRIDS) Lab. The University of Melbourne Melbourne, Australia WW Grid.
Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.

Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.
Challenges Running an NFSv4- backed OSG Cluster Kevin Coffman Center for Information Technology Integration University of Michigan.

Challenges Running an NFSv4- backed OSG Cluster Kevin Coffman Center for Information Technology Integration University of Michigan.
MGRID: Network Testing and Performance Charles J. Antonelli Center for Information Technology Integration University of Michigan.

MGRID: Network Testing and Performance Charles J. Antonelli Center for Information Technology Integration University of Michigan.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Managing Client Access

Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Similar presentations

Ads by Google