1 / 20

The HEPiX IPv6 Working Group

The HEPiX IPv6 Working Group. David Kelsey GridPP29, Oxford 27 Sep 2012. Outline. IPv4 status The HEPiX IPv6 Working Group IPv6 testbed and testing WLCG software and tools IPv6 survey F uture plans GridPP & IPv6 First presentation on this to GridPP UK HEP SYSMAN talk last year.

brad
Download Presentation

The HEPiX IPv6 Working Group

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The HEPiX IPv6 Working Group David Kelsey GridPP29, Oxford27 Sep 2012

  2. Outline • IPv4 status • The HEPiX IPv6 Working Group • IPv6 testbed and testing • WLCG software and tools IPv6 survey • Future plans • GridPP & IPv6 First presentation on this to GridPP • UK HEP SYSMAN talk last year HEPiX IPv6

  3. IPv4 Addresses • From Geoff Huston (http://ipv4.potaroo.net) • IANA Unallocated Address Pool (Global) Exhaustion happened: 03-Feb-2011 • Projected Regional (RIR) Address Pool Exhaustion Dates:   • APNIC: 19-Apr-2011  (Asia Pacific - happened) • RIPENCC: 14-Sep-2012   (Europe - happened) • ARIN: 15-Aug-2013   (North America) • LACNIC: 21-May-2015   (South America) • AFRINIC: 22-Nov-2019 (Africa) HEPiX IPv6

  4. HEPiX IPv6 Working Group Created in April 2011 with aims: • Consider whether/how IPv6 should be deployed in HEP • especially WLCG (Worldwide Large Hadron Collider Grid) • Readiness and Gap analysis • HEP applications, middleware, security issues, system management and monitoring tools, end to end network monitoring tools • Run a distributed HEP testbed • to help explore all the above issues • We meet face to face 3 or 4 times a year • And by video conference in between HEPiX IPv6

  5. IPv6 Testbed and testing • We have deployed a distributed testbed • CERN, DESY, FZU, GARR, INFN, KIT and USLHCnet • Connected to IPv6 and IPv4 networks • IPv6-only/IPv4-only names also registered in DNS • e.g. hepix-v6.desy.de & hepix-v4.desy.de • https://w3.hepix.org/ipv6-bis/doku.php?id=ipv6:testbed • A perl script (on wiki) validates configuration • Checks all DNS entries • runs ping and ping6 to all nodes TNC2012, Kelsey, HEP IPv6

  6. Tests for IPv6 • Does the service break/slow down when used with IPv4 on a dual-stack host with IPv6 enabled ? • Will the service try using (connecting/binding to) an IPv6 address (AAAA record), when available from DNS ? • Will the service prefer IPv6 addresses from DNS, when preferred at the host level ? 
Does this need to be configured ? How ? • Can the service be persuaded to fall back to IPv4 if needed ? HEPiX IPv6

  7. Data transfer tests • Virtual Organisation – ipv6.hepix.org • We have successfully installed and tested GridFTP clients and servers on all nodes • Full mesh of data transfers (globus_url_copy) • Tested and works • CMS members of the working group • Performing continuous data transfers between pairs of nodes TNC2012, Kelsey, HEP IPv6

  8. The CMS file transfer tests • - Reliability test - not a stress/performance test • - Single 2000 MB file from IPv6 VM at CERN transfered to 4 systems • - globus_url_copy and uberftp to confirm file arrived then delete • - Tests have been running since February 2012 • Statistics since April/May 2012: • Site #_of_transfersFailed_transf. Average_durationDuration_range • DESY 390 13 (3.3 %) 66s (~30 MB/s) 41 - 425s • Gridka 780 29 (3.7 %) 130s (~15 MB/s) 110 - 439s • INFN 1299 43 (3.3 %) 66s (~30 MB/s) 34 - 549s • Uslhcnet 1299 28 (2.2 %) 81s (~25 MB/s) 38 - 549s • Can still conclude: no show-stoppers. CMS PhEDEx should work. • Note: Failure rate increased after installation of new firewall at CERN – reasons still not understood TNC2012, Kelsey, HEP IPv6 8

  9. File Transfer Service (FTS) • An interesting example of “IPv6-ready” middleware • Functional IPv6 support in a software component does not imply that IPv6 transport is enabled by default • This is hard to capture in either a survey or by automated code-checking tools TNC2012, Kelsey, HEP IPv6

  10. FTS (2) • gSOAP supports IPv6 • on TCP since version 2.5 (2005) • on UDP since version 2.7.2 (still 2005) • BUT compiled without the “WITH_IPv6” flag • Oracle IPv6-enabled from version 11g rel 2 • but FTS transfer agent libraries in EMI-1 still carry a hard dependency on Oracle V10 • Transfer agents (Tomcat/Axis servlets) can be invoked on dual stack hosts and from dual stack clients • but ‘urlcopy’ agent still uses IPv4 for file transfer • As in the globus-url-copy command, IPv6 resolution in the Globus FTP client needs to be explicitly enabled TNC2012, Kelsey, HEP IPv6

  11. Data tests – summer 2012 • Several FTS channels defined and used over IPv6 • Successfully installed IPv6 DPM on several nodes • Successfully transferred data to a dual-stack DPM server over IPv6 HEPiX IPv6

  12. IPv6 problems found • OpenAFS, dCache, UberFTP • FTS & globus_url_copy • MyProxy • ISC dhcp on Scientific Linux (Red Hat like) v5 • ARNES/Slovenia – EGI testing • No LRMS system works (ARC) – SLURM, Torque, PBS, … • Many IGTF CA CRLs not available on IPv6 • Work ongoing! TNC2012, Kelsey, HEP IPv6

  13. Managing IPv6 at large sites • Best practices are still far from clear! • Large sites (e.g. CERN and DESY) wish to manage the allocation of addresses • Do not like autoconfiguration (SLAAC) • Wish to filter out Router Advertisements • DHCPv6 very attractive • BUT IETF still discussing • Will the ‘route’ options be there or not? TNC2012, Kelsey, HEP IPv6

  14. Software & Tools IPv6 Survey • An “Asset” survey is underway (BUT SLOW!) • A spreadsheet to be completed by sites and the LHC experiments • Includes all applications, middleware and tools • Tickets to be entered for all problems found • If IPv6-readiness is known, can be recorded • Otherwise we will need to investigate further • Ask developer and/or supplier • Scan source code or look for network calls while running • Test the running application under dual stack conditions HEPiX IPv6

  15. IPv6 security • Are operational security teams ready for IPv6? No! • Challenges include • Address format has multiple forms, many addresses per host and addresses difficult to remember • IPv6 standards contain many suggestions - implementation optional • Required security features, like RAGuard and SEND, are a long way from full deployment • Incomplete and immature implementations • Many vulnerabilities expected • Log parsing tools must all change • Dual stack and tunnels cause problems – e.g. packet inspection • Must test that things which are not supposed to work do not TNC2012, Kelsey, HEP IPv6

  16. Future plans • Performing a WLCG/HEP site readiness survey now • Continue asset survey and testbed/testing • Now merging more with EGI testbed • Common BDII – but separate VOs • EGI is testing WMS and batch systems • Review status at end of 2012 • Produce plans for LS1and/or later • Need to perform tests on the production infrastructure • involve WLCG Tier 1 centres • Plan several HEP IPv6 “Days” (for LS1?) • turn on dual stack for 24 hours on production infrastructure and test/observe • Earliest date for production support of IPv6-only systems is (currently) Jan 2014 TNC2012, Kelsey, HEP IPv6

  17. GridPP & IPv6? • !st priority • Glasgow and Manchester to join testbed • We need IPv6 at RAL (to join testbed) • Would be good to get the UK Tier 1 involved • Other UK sites? • Please reply to the site survey • Try some GridPP testing in 2013? HEPiX IPv6

  18. Further info • HEPiX IPv6 wiki https://w3.hepix.org/ipv6-bis/ • Working group meetings http://indico.cern.ch/categoryDisplay.py?categId=3538 HEPiX IPv6

  19. For info - EGEE IPv6 tools • Presented at several conferences in 2010 • Source code checker • A bash script looking for non compliant function calls and address data structures • Dynamic Code Checker (IPV6 CARE tool) • A tool based on the LD_PRELOAD mechanism to intercept calls to non compliant functions in the dynamically linked libraries • Analysis of all gLite code was performed • And code was modified to fix problems • https://twiki.cern.ch/twiki/bin/view/EGEE/IPv6FollowUp TNC2012, Kelsey, HEP IPv6

  20. Summary • MUCH work still to be done during the next year or three & effort is difficult to find • Further volunteers welcome to join • Please contact me • not able to support IPv6-only systems in WLCG before 2014 • Decision on timetable to be made during2013 • And needs to be jointly made with EGI, OSG etc. HEPiX IPv6

More Related