Presentation is loading. Please wait.

Presentation is loading. Please wait.

Brookhaven Science Associates U.S. Department of Energy 1 Network Services LHC OPN Networking at BNL Summer 2006 Internet 2 Joint Techs John Bigrow July.

Published byLauren Doyle Modified over 8 years ago

Similar presentations

Presentation on theme: "Brookhaven Science Associates U.S. Department of Energy 1 Network Services LHC OPN Networking at BNL Summer 2006 Internet 2 Joint Techs John Bigrow July."— Presentation transcript:

1 Brookhaven Science Associates U.S. Department of Energy 1 Network Services LHC OPN Networking at BNL Summer 2006 Internet 2 Joint Techs John Bigrow July 18, 2006

2 Brookhaven Science Associates U.S. Department of Energy 2 Network Services n LHC Overview (very simple overview, I’m not a physicist) LHC / Atlas Experiments Overview (The What) The Physics Architecture (The Why) Preliminary Network and Security Architecture (The How)

3 Brookhaven Science Associates U.S. Department of Energy 3 Network Services CERN Accelerator Ring Aerial View

4 Brookhaven Science Associates U.S. Department of Energy 4 Network Services

5 Brookhaven Science Associates U.S. Department of Energy 5 Tier 1 Tier2 Center Online System CERN ~5M SI2K >1 PB Disk Tape Robot BNL: ~2M SI2K; 2PB Tape Robot IN2P3 Center INFN Center RAL Center Institute Workstations < GBytes/sec 2.5 Gbps 100 - 1000 Mbits/sec Physics data cache ~PByte/sec ~10 Gbits/sec Tier2 Center ~2.5 Gbps Tier 0 +1 Tier 3 Tier 4 Tier2 Center ATLAS Experiment CERN:Outside Resource Ratio ~1:2 Tier0:(  Tier1):(  Tier2) ~1:1:1 Tier 2 Tier 0: DAQ, reconstruction, archive Tier 1: Reconstruction, simulation, archive, mining and (large scale) analysis Tier 2+: Analysis, simulation Tier 3+: Interactive analysis Network Services

6 Brookhaven Science Associates U.S. Department of Energy 6 130.199.48.0…… 130.199.185.0 130.199.48.0 The same host name for dual NIC dCache door is resolved to different IP addresses depending on which DNS is inquired. Network Services

7 Brookhaven Science Associates U.S. Department of Energy 7 Network Services

8 Brookhaven Science Associates U.S. Department of Energy 8 Network Services

9 Brookhaven Science Associates U.S. Department of Energy 9 Other connections MAN LAN CERN (?) NLR ESnet GEANT, etc. BNL internal Network Services

10 Brookhaven Science Associates U.S. Department of Energy 10 Network Services

11 Brookhaven Science Associates U.S. Department of Energy 11 n Network Security Limitations Current firewall Architecture –6 virtual 1 Gb/Sec EtherChannel to Catalyst backplane –Rated total throughput of 5 Gb/Sec –EtherChannel Overhead Loss –Single 1 Gb/Sec flow / interface New Cisco ACE blade might address these limitations Network Services

12 Brookhaven Science Associates U.S. Department of Energy 12 n Network Security Limitations (Continued) Current Router Architecture –Single Access Control List (ACL) / interface -1 inbound and 1 outbound per interface -Default behavior Implicit deny -Policy route map for traffic flow –A single ACL can become unwieldy in a complex WAN environment (what are the network prefixes, DHCP, NAT) –Manual changes to the route map for additional access Network Services

13 Brookhaven Science Associates U.S. Department of Energy 13 n BNL LHC Overview cont. Networking resources –IP Address space allocations / access –10Gig interfaces / 20Gig Etherchannels –Performance Monitoring Network Services

14 Brookhaven Science Associates U.S. Department of Energy 14 n IP Address Allocation Tier 0 to Tier 1 (BNL - CERN) Requires routable IP Address space Direct dedicated access with CERN to / from BNL Limited route advertisements between T0 and T1 –For the LHC OPN Circuit BNL will use 192.12.15.0/24 –No direct T1 to T1 access through CERN at this time Network Services

15 Brookhaven Science Associates U.S. Department of Energy 15 n BNL OPN to Tier 2 and others Tier 2 and other traffic dependant on Internet connectivity –Path to BNL via all service providers (ES Net now, NYSERNET, Broadwing in the future ?) –Dedicated paths to other institutions welcome (you buy) Network Services

16 Brookhaven Science Associates U.S. Department of Energy 16 Network Services

17 Brookhaven Science Associates U.S. Department of Energy 17 n Future BNL LHC OPN Enhancements Dedicated Cisco Firewall Service Modules (ACE) when available –Eliminate router ACL Functionality / Maintenance –Connection Logging –Each FWSM circuit will not impede the 10 Gb/Sec. –Stateful FWSM redundancy IDS / IPS when available Network Services

18 Brookhaven Science Associates U.S. Department of Energy 18 Network Services

19 Brookhaven Science Associates U.S. Department of Energy 19 Network Services n Mon browser-based IP service monitor Internet-centric WAN based monitor application Interrogates essential BNL network services

20 Brookhaven Science Associates U.S. Department of Energy 20

21 Brookhaven Science Associates U.S. Department of Energy 21 Network Services n MonaLisa Java based SNMP monitoring tool n External WAN based monitor n Tracks BNL 10G/Sec. Interfaces n Firewall Service Module n 20 Gb/Sec. Uplinks to the BNL core

22 Brookhaven Science Associates U.S. Department of Energy 22 Network Services

23 Brookhaven Science Associates U.S. Department of Energy 23 Network Services

24 Brookhaven Science Associates U.S. Department of Energy 24 Network Services n Cacti SNMP monitoring tool Replacement for MRTG Tracks most BNL core network interfaces Firewall Service Module EtherChannel interfaces also

25 Brookhaven Science Associates U.S. Department of Energy 25 Network Services

26 Brookhaven Science Associates U.S. Department of Energy 26 Network Services

27 Brookhaven Science Associates U.S. Department of Energy 27 Network Services

28 Brookhaven Science Associates U.S. Department of Energy 28 Network Services

29 Brookhaven Science Associates U.S. Department of Energy 29 Network Services

30 Brookhaven Science Associates U.S. Department of Energy 30 n Thanks (a few kind words to so many) Thanks to the many individuals and groups who have donated their time, code, and talents to make the Internet what it is today. Without their efforts, this infrastructure we take for granted would not exist. We owe many our gratitude. Network Services

31 Brookhaven Science Associates U.S. Department of Energy 31 Questions/Comments ??? Network Services

32 Brookhaven Science Associates U.S. Department of Energy 32 BNL Points of Contact n Scott Bradley, Manager of Network Services 631.344.5745, bradley@bnl.gov n John Bigrow, Senior Network Architect 631.344.2648, big@bnl.gov Network Services

Download ppt "Brookhaven Science Associates U.S. Department of Energy 1 Network Services LHC OPN Networking at BNL Summer 2006 Internet 2 Joint Techs John Bigrow July."

Similar presentations

T1-NREN Luca dell’Agnello CCR, 21-Ottobre-2005. The problem Computing for LHC experiments –Multi tier model (MONARC) –LHC computing based on grid –Experiment.

T1-NREN Luca dell’Agnello CCR, 21-Ottobre The problem Computing for LHC experiments –Multi tier model (MONARC) –LHC computing based on grid –Experiment.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
FNAL Site Perspective on LHCOPN & LHCONE Future Directions Phil DeMar (FNAL) February 10, 2014.

FNAL Site Perspective on LHCOPN & LHCONE Future Directions Phil DeMar (FNAL) February 10, 2014.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.

Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
Trial of the Infinera PXM Guy Roberts, Mian Usman.

Trial of the Infinera PXM Guy Roberts, Mian Usman.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Other servers Java client, ROOT (analysis tool), IGUANA (CMS viz. tool), ROOT-CAVES client (analysis sharing tool), … any app that can make XML-RPC/SOAP.

Other servers Java client, ROOT (analysis tool), IGUANA (CMS viz. tool), ROOT-CAVES client (analysis sharing tool), … any app that can make XML-RPC/SOAP.
HEP Prospects, J. Yu LEARN Strategy Meeting Prospects on Texas High Energy Physics Network Needs LEARN Strategy Meeting University of Texas at El Paso.

HEP Prospects, J. Yu LEARN Strategy Meeting Prospects on Texas High Energy Physics Network Needs LEARN Strategy Meeting University of Texas at El Paso.
1 IPv6 Address Management Rajiv Kumar. 2 Lecture Overview Introduction to IP Address Management Rationale for IPv6 IPv6 Addressing IPv6 Policies & Procedures.

1 IPv6 Address Management Rajiv Kumar. 2 Lecture Overview Introduction to IP Address Management Rationale for IPv6 IPv6 Addressing IPv6 Policies & Procedures.
Agenda Network Infrastructures LCG Architecture Management

Agenda Network Infrastructures LCG Architecture Management
March 27,28 2009IndiaCMS Meeting, Delhi1 T2_IN_TIFR of all-of-us, for all-of-us, by some-of-us Tier-2 Status Report.

March 27, IndiaCMS Meeting, Delhi1 T2_IN_TIFR of all-of-us, for all-of-us, by some-of-us Tier-2 Status Report.
Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.

Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.
Questionaire answers D. Petravick P. Demar FNAL. 7/14/05 DLP -- GDB2 FNAL/T1 issues In interpreting the T0/T1 document how do the T1s foresee to connect.

Questionaire answers D. Petravick P. Demar FNAL. 7/14/05 DLP -- GDB2 FNAL/T1 issues In interpreting the T0/T1 document how do the T1s foresee to connect.
Copyright © 2010 Platform Computing Corporation. All Rights Reserved.1 The CERN Cloud Computing Project William Lu, Ph.D. Platform Computing.

Copyright © 2010 Platform Computing Corporation. All Rights Reserved.1 The CERN Cloud Computing Project William Lu, Ph.D. Platform Computing.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Welcome to the Human Network Matt Duke 11/29/06.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Welcome to the Human Network Matt Duke 11/29/06.
Cisco Threaded Case Study

Cisco Threaded Case Study
Fermi National Accelerator Laboratory, U.S.A. Brookhaven National Laboratory, U.S.A, Karlsruhe Institute of Technology, Germany CHEP 2012, New York, U.S.A.

Fermi National Accelerator Laboratory, U.S.A. Brookhaven National Laboratory, U.S.A, Karlsruhe Institute of Technology, Germany CHEP 2012, New York, U.S.A.
Slide 1 Experiences with NMI R2 Grids Software at Michigan Shawn McKee April 8, 2003 Internet2 Spring Meeting.

Slide 1 Experiences with NMI R2 Grids Software at Michigan Shawn McKee April 8, 2003 Internet2 Spring Meeting.
Challenges to address in the next future Apr 3, 2006 HEPiX Spring Meeting 2006 Enzo Valente, GARR and INFN.

Challenges to address in the next future Apr 3, 2006 HEPiX Spring Meeting 2006 Enzo Valente, GARR and INFN.

Similar presentations

Ads by Google