Network services
This presentation is the property of its rightful owner.
Sponsored Links
1 / 20

Network Services PowerPoint PPT Presentation


  • 88 Views
  • Uploaded on
  • Presentation posted in: General

Network Services. BNL USATLAS. Tier 1 / Tier 2 Meeting John Bigrow December 14, 2005. Network Services. BNL LHC Overview Preliminary Network and Security Architecture IP Address space allocations Performance Monitoring. Network Services.

Download Presentation

Network Services

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Network services

Network Services

BNL USATLAS

Tier 1 / Tier 2 Meeting

John Bigrow

December 14, 2005


Network services1

Network Services

  • BNL LHC Overview

    • Preliminary Network and Security Architecture

    • IP Address space allocations

    • Performance Monitoring


Network services2

Network Services

  • Network Security Limitations

    • Current firewall Architecture

      • 6 virtual 1 Gb/Sec EtherChannel to backplane

      • Rated total throughput of 5 Gb/Sec

        • EtherChannel Overhead Loss

      • Single 1 Gb/Sec flow / interface


Network services3

Network Services

  • Network Security Limitations (Continued)

    • Current Router Architecture

      • Single Access Control List (ACL) / interface

        • 1 inbound and 1 outbound

        • Default behavior Implicit deny

      • A single ACL can become unwieldy in a complex WAN environment


Network services4

Network Services

  • Network Security Limitations (Continued)

………….

access-list 109 deny ip host 81.12.96.78 any

access-list 109 remark Block IPs per ticket 160,729 1 Month 12/8

access-list 109 deny ip host 219.105.44.115 any

access-list 109 deny ip host 217.199.177.208 any

access-list 109 deny ip host 202.108.13.91 any

access-list 109 deny ip host 210.219.231.2 any

access-list 109 remark ********************* Allow *************************

access-list 109 remark permit all before implicit deny

access-list 109 permit ip any any


Network services

Network Services


Network services5

Network Services

  • IP Address Allocation Tier 0 to Tier 1 (BNL - CERN)

    • Requires routable IP Address space

    • Direct BGP peering with CERN to / from BNL

    • Limited route advertisements between T0 and T1

      • For the LHC OPN Circuit BNL will use 192.12.15.0/24


Network services6

Network Services

  • IP Address Allocation Tier 1 to Tier X (BNL - Internet)

    • Requires routable IP Address space

    • Direct BGP peering with ES Net from BNL

    • Full Internet route advertisements

      • ES Net CIDR IP Address Space

      • For the Internet circuit BNL will use 198.124.220.0/24

      • 3 additional class C networks available


Network services7

Network Services

  • IP Address Allocation Tier 1 to Tier X (Continued)

    • DNS Fully Qualified Domain Hostname

    • Accessible ONLY from ES Net

      • No other path to get to BNL for LHC / Atlas


Network services

Network Services


Network services8

Network Services

  • Future BNL LHC OPN Enhancements

    • Dedicated Cisco Firewall Service Modules when available

      • Eliminate router ACL Functionality / Maintenance

      • Connection Logging

      • Each FWSM circuit will not impede the 10 Gb/Sec.

      • Stateful FWSM redundancy

    • IDS / IPS when available


Network services9

Network Services


Network services10

Network Services

  • Mon

    • browser-based IP service monitor

  • Internet-centric WAN based monitor application

  • Interrogates essential BNL network services


Network services11

Network Services

  • MonaLisa

    • Java based SNMP monitoring tool

  • External WAN based monitor

  • Tracks BNL EtherChannel OC-48

  • Firewall Service Module

  • 10 Gb/Sec. Uplink to the BNL core


Network services12

Network Services


Network services13

Network Services


Network services14

Network Services

  • Summary

    • Tier 2 traffic dependant on Internet connectivity

      • Path to BNL via ES Net only

      • Initial router ACL based access to BNL

      • BNL provides DNS hostname for Internet resolution


Questions comments

Questions/Comments

Network Services

???


Bnl points of contact

BNL Points of Contact

Network Services

  • Scott Bradley, Manager of Network Services

    • 631.344.5745, [email protected]

  • John Bigrow, Senior Network Architect

    • 631.344.2648, [email protected]


  • Login