1 / 20

Network Services

Network Services. BNL USATLAS. Tier 1 / Tier 2 Meeting John Bigrow December 14, 2005. Network Services. BNL LHC Overview Preliminary Network and Security Architecture IP Address space allocations Performance Monitoring. Network Services.

ayasha
Télécharger la présentation

Network Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Services BNL USATLAS Tier 1 / Tier 2 Meeting John Bigrow December 14, 2005

  2. Network Services • BNL LHC Overview • Preliminary Network and Security Architecture • IP Address space allocations • Performance Monitoring

  3. Network Services • Network Security Limitations • Current firewall Architecture • 6 virtual 1 Gb/Sec EtherChannel to backplane • Rated total throughput of 5 Gb/Sec • EtherChannel Overhead Loss • Single 1 Gb/Sec flow / interface

  4. Network Services • Network Security Limitations (Continued) • Current Router Architecture • Single Access Control List (ACL) / interface • 1 inbound and 1 outbound • Default behavior Implicit deny • A single ACL can become unwieldy in a complex WAN environment

  5. Network Services • Network Security Limitations (Continued) …………. access-list 109 deny ip host 81.12.96.78 any access-list 109 remark Block IPs per ticket 160,729 1 Month 12/8 access-list 109 deny ip host 219.105.44.115 any access-list 109 deny ip host 217.199.177.208 any access-list 109 deny ip host 202.108.13.91 any access-list 109 deny ip host 210.219.231.2 any access-list 109 remark ********************* Allow ************************* access-list 109 remark permit all before implicit deny access-list 109 permit ip any any

  6. Network Services

  7. Network Services • IP Address Allocation Tier 0 to Tier 1 (BNL - CERN) • Requires routable IP Address space • Direct BGP peering with CERN to / from BNL • Limited route advertisements between T0 and T1 • For the LHC OPN Circuit BNL will use 192.12.15.0/24

  8. Network Services • IP Address Allocation Tier 1 to Tier X (BNL - Internet) • Requires routable IP Address space • Direct BGP peering with ES Net from BNL • Full Internet route advertisements • ES Net CIDR IP Address Space • For the Internet circuit BNL will use 198.124.220.0/24 • 3 additional class C networks available

  9. Network Services • IP Address Allocation Tier 1 to Tier X (Continued) • DNS Fully Qualified Domain Hostname • Accessible ONLY from ES Net • No other path to get to BNL for LHC / Atlas

  10. Network Services

  11. Network Services • Future BNL LHC OPN Enhancements • Dedicated Cisco Firewall Service Modules when available • Eliminate router ACL Functionality / Maintenance • Connection Logging • Each FWSM circuit will not impede the 10 Gb/Sec. • Stateful FWSM redundancy • IDS / IPS when available

  12. Network Services

  13. Network Services • Mon • browser-based IP service monitor • Internet-centric WAN based monitor application • Interrogates essential BNL network services

  14. Network Services • MonaLisa • Java based SNMP monitoring tool • External WAN based monitor • Tracks BNL EtherChannel OC-48 • Firewall Service Module • 10 Gb/Sec. Uplink to the BNL core

  15. Network Services

  16. Network Services

  17. Network Services • Summary • Tier 2 traffic dependant on Internet connectivity • Path to BNL via ES Net only • Initial router ACL based access to BNL • BNL provides DNS hostname for Internet resolution

  18. Questions/Comments Network Services ???

  19. BNL Points of Contact Network Services • Scott Bradley, Manager of Network Services • 631.344.5745, bradley@bnl.gov • John Bigrow, Senior Network Architect • 631.344.2648, big@bnl.gov

More Related