Presentation is loading. Please wait.

Presentation is loading. Please wait.

BNL PDN Enhancements. Perimeter Load Balancers Scaleable Performance Fault Tolerance Server Maintainability User Convenience Perimeter Security.

Published byDerrick Fox Modified over 9 years ago

Similar presentations

Presentation on theme: "BNL PDN Enhancements. Perimeter Load Balancers Scaleable Performance Fault Tolerance Server Maintainability User Convenience Perimeter Security."— Presentation transcript:

1 BNL PDN Enhancements

2 Perimeter Load Balancers Scaleable Performance Fault Tolerance Server Maintainability User Convenience Perimeter Security

3 Cisco Content Sensitive Switches Dual Cisco 11506 units for fault tolerance Dual Cisco 4506 switches for proxies Rated at 40GB/Sec. Maximum throughput Virtualizes site perimeter services Extreme scaleable and flexibility High availability and redundancy

4 Content Switches cont. ACL based proxy service access (secure) Provides expandable pools of servers and services Transparent to end users A single IP address / DNS name for all servers in the service pool (Virtual IP) Load balanced user access to proxies based on Least Number of Connections algorithm

5 Content Switches cont. Proxies assigned RFC 1918 (Private IP) space (additional isolation) Linear scalability Individual servers can be added to or removed from the service pool at will. This facilitates software upgrades, maintenance, and patch support for the actual servers.

6 CSS VIP Security Behavior similar to Pix Firewall Outbound traffic permitted by default Inbound traffic subject to ACL optional Protects all pool services Internet scans show no or minimal services (Only the advertised services)

7 Performance Overview Services virtualized and “Pooled” together Approximately Linear Scalability / 28 for individual service pools 14 slaves max Separate management and load traffic paths

8 Proxy Services Virtual IP’s SMTP 1.1.1.1 HTTP 1.1.1.2 SSH 1.1.1.3 TELNET 1.1.1.4 HTTP/Reverse 1.1.1.5 FTP 1.1.1.6 Others as we grow

9

10 Example eth0.310 Link encap:Ethernet HWaddr 00:03:47:DB:6D:6B inet addr:172.16.1.13 Bcast:172.16.1.15 Mask:255.255.255.240 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1945993 errors:0 dropped:0 overruns:0 frame:0 TX packets:214508 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:91180210 (86.9 MiB) TX bytes:14828768 (14.1 MiB) Management Server Configuration IEEE 802.1q Trunk Format (LB Monitor Interface) Custom Linux Kernel Configuration Parameters Subset of NIC cards, Intel EEPro 100 with Intel Driver Vconfig utility to create vlan (IEEE 802.1q tag) interfaces

11

12

13

14 Performance Tests single test [SUM] 0.0-253.6 sec 15.2 GBytes 516 Mbits/sec psudo double test smtpvip2:~#iperf -c 198.124.238.14 -n 209715200 -t 300 -P5 ------------------------------------------------------------ Client connecting to 198.124.238.14, TCP port 5001 TCP window size: 64.0 KByte (default) ------------------------------------------------------------ [ 5] local 172.16.129.66 port 32832 connected with 198.124.238.14 port 5001 [ 6] local 172.16.129.66 port 32833 connected with 198.124.238.14 port 5001 [ 7] local 172.16.129.66 port 32834 connected with 198.124.238.14 port 5001 [ 8] local 172.16.129.66 port 32835 connected with 198.124.238.14 port 5001 [ 9] local 172.16.129.66 port 32836 connected with 198.124.238.14 port 5001 [ ID] Interval Transfer Bandwidth [ 8] 0.0-300.1 sec 1.89 GBytes 54.2 Mbits/sec [ 6] 0.0-300.1 sec 1.85 GBytes 53.0 Mbits/sec [ 5] 0.0-300.1 sec 1.87 GBytes 53.6 Mbits/sec [ 9] 0.0-300.2 sec 1.76 GBytes 50.3 Mbits/sec [ 7] 0.0-300.2 sec 1.84 GBytes 52.7 Mbits/sec [SUM] 0.0-300.2 sec 9.22 GBytes 264 Mbits/sec [ ID] Interval Transfer Bandwidth [ 7] 0.0-300.1 sec 1.78 GBytes 51.0 Mbits/sec [ 9] 0.0-300.2 sec 1.86 GBytes 53.3 Mbits/sec [ 5] 0.0-300.7 sec 2.00 GBytes 57.0 Mbits/sec [ 8] 0.0-300.7 sec 1.68 GBytes 48.1 Mbits/sec [ 6] 0.0-301.0 sec 1.82 GBytes 52.0 Mbits/sec [SUM] 0.0-301.0 sec 9.14 GBytes 261 Mbits/sec

15 2 runs of a single machine in the VIP, 2 runs 2 machines in the VIP

16 Confirmation from different measuring tool

17 netmon:~# nmap -P0 1.1.1.1-5 Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-07-12 15:11 EDT All 1659 scanned ports on csssm1 (1.1.1.1) are: filtered …... Interesting ports on smtpgateway (1.1.1.2): (The 1656 ports scanned but not shown below are in state: filtered) PORT STATE SERVICE 25/tcp open smtp 79/tcp open finger 113/tcp open auth All 1659 scanned ports on httpgateway (1.1.1.3) are: filtered Interesting ports on cecache (1.1.1.4): (The 1655 ports scanned but not shown below are in state: filtered) PORT STATE SERVICE 80/tcp open http 443/tcp open https 563/tcp open snews 8080/tcp open http-proxy All 1659 scanned ports on 1.1.1.5 are: filtered

18 Summary Cisco CSS provides a high throughput scalable solution for most BNL perimeter services Security enhancements are additional features

19 IP v6 Test Bed Deployment Campus Network and Host Security Low Cost

20

21 Built from “recycled” 7513 free Separate Infrastructure IPv6 802.1q Trunk Encapsulation EUI-64 /64 subnets HTTP and FTP servers Next Step: Fix DNS NatPT or dual stack

Download ppt "BNL PDN Enhancements. Perimeter Load Balancers Scaleable Performance Fault Tolerance Server Maintainability User Convenience Perimeter Security."

Similar presentations

Ethernet Switch Features Important to EtherNet/IP

Ethernet Switch Features Important to EtherNet/IP
Jump to first page Setup Ethernet & PPP client on Laptop computer Presented by: Xuewu Cai Jianfang Wang.

Jump to first page Setup Ethernet & PPP client on Laptop computer Presented by: Xuewu Cai Jianfang Wang.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.
Virtual LANs.

Virtual LANs.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.
Linux network troubleshooting If your network connection is not working..

Linux network troubleshooting If your network connection is not working..
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Inter-VLAN Routing Routing And Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Inter-VLAN Routing Routing And Switching.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing & Switching.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Module 8: Concepts of a Network Load Balancing Cluster

Module 8: Concepts of a Network Load Balancing Cluster
Network Management And Debugging

Network Management And Debugging
Lesson 1: Configuring Network Load Balancing

Lesson 1: Configuring Network Load Balancing
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.

Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.
1 IPv6 Address Management Rajiv Kumar. 2 Lecture Overview Introduction to IP Address Management Rationale for IPv6 IPv6 Addressing IPv6 Policies & Procedures.

1 IPv6 Address Management Rajiv Kumar. 2 Lecture Overview Introduction to IP Address Management Rationale for IPv6 IPv6 Addressing IPv6 Policies & Procedures.
Interior Gateway Routing Protocol (IGRP) is a distance vector interior routing protocol (IGP) invented by Cisco. It is used by routers to exchange routing.

Interior Gateway Routing Protocol (IGRP) is a distance vector interior routing protocol (IGP) invented by Cisco. It is used by routers to exchange routing.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Barracuda Load Balancer Server Availability and Scalability.

Barracuda Load Balancer Server Availability and Scalability.
HALP! Something is in my tubes! Part I by Jason Testart, IST.

HALP! Something is in my tubes! Part I by Jason Testart, IST.

Similar presentations

Ads by Google