Presentation is loading. Please wait.

Presentation is loading. Please wait.

UNM RESEARCH NETWORKS Steve Perry CCNP, CCDP, CCNP-V, CCNP-S, CCNP-SP, CCAI, CMNA, CNSS 4013 Director of Networks.

Similar presentations


Presentation on theme: "UNM RESEARCH NETWORKS Steve Perry CCNP, CCDP, CCNP-V, CCNP-S, CCNP-SP, CCAI, CMNA, CNSS 4013 Director of Networks."— Presentation transcript:

1 UNM RESEARCH NETWORKS Steve Perry CCNP, CCDP, CCNP-V, CCNP-S, CCNP-SP, CCAI, CMNA, CNSS 4013 Director of Networks

2 Overview Why Research Specific Networks? Production Network/ScienceDMZ Design Basics ScienceDMZ Components UNM CCIIE Grant/Researchers Requirements UNM Design

3 Possibilities??

4 Design Considerations 1. Type of R&E traffic – TCP –based, microburst traffic that can quickly consume entire available bandwidth a. Subject to TCP Global Synchronization 2. TCP traffic needs deep buffer on ports when congestion occurs. 3. No commercially available security devices can sit in- path with line-rate process speed 4. 100 Gbps backbone across continental US 5. The general rule of thumb is that you need 50ms of line- rate output queue buffer for a 10G port, so there should be around 60MB of buffer.

5 Research Network: Science DMZ A network optimized for business is not designed or capable of supporting data intensive science.  Universities will always need to support security features that protect organizational financial and personnel data.  Solution: create separate data intensive science network, external to university enterprise network  Design formalized by ESnet, based on traditional network DMZ paradigm

6 Basic Science DMZ Science DMZ: (1) dedicated access to high-performance WAN, (2) high-performance switching infrastructure (large buffer memory), (3) dedicated data transfer nodes

7 ScienceDMZ Components DTNs (Data Transfer Nodes—Originator/Responder) High capacity servers capable of wire speed 10Gbps Transfer Globus GridFTP Application tuned for large data transfers Large Buffer capable switches to smooth TCP drops Must have 60MB per port buffer space Must be SDN capable PerfSONAR measurement nodes at each location Bro IDS (IDS versus IPS, to minimize deep packet inspection) Open Daylight SDN Controller Supporting Staff

8 Managing by Measuring--PerfSONAR Off campus / On campus Service tuning - Dedicated PerfSonar Beyond UNM https://pas.net.internet2.edu/maddash-webui/ http://ps-dashboard.es.net/

9 How To Secure it? Use Bro to monitor it out of line IDS, not an IPS Requires full understanding of Bro libraries and expertise in application stacks Router ACL or SDN policy on key switches for traffic engineering IPTables at the boxes

10 CC*IIE Grant NSF Grant awarded to UNM Collaborative amongst researchers/IT Initial funding to build out the basic network Smaller regional schools up for grants this year Hope to apply for additional grants as available

11 UNM Design

12 Summary Why Research Specific Networks? Production Network/ScienceDMZ Design Basics ScienceDMZ Components UNM CCIIE Grant/Researchers Requirements UNM Design

13


Download ppt "UNM RESEARCH NETWORKS Steve Perry CCNP, CCDP, CCNP-V, CCNP-S, CCNP-SP, CCAI, CMNA, CNSS 4013 Director of Networks."

Similar presentations


Ads by Google