Revisiting apan services 2
Download
1 / 12

Revisiting APAN Services #2 - PowerPoint PPT Presentation


  • 102 Views
  • Uploaded on

Revisiting APAN Services #2. Yoshikata Hattori, [email protected] Pensri A., [email protected] Lee, Jaehwa, [email protected] APAN NOC 19 th APAN Meeting, Bangkok. What Are APAN Services?. WWW apan.net and www.apan.net DNS ns.kaist.apan.net and ns.jp.apan.net

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Revisiting APAN Services #2' - lindley


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Revisiting apan services 2

Revisiting APAN Services #2

Yoshikata Hattori, [email protected]

Pensri A., [email protected]

Lee, Jaehwa, [email protected]

APAN NOC

19th APAN Meeting, Bangkok


What are apan services
What Are APAN Services?

  • WWW

    • apan.net and www.apan.net

  • DNS

    • ns.kaist.apan.net and ns.jp.apan.net

  • E-mail/mailing lists

    • apan.net

  • Distributed among/operated by APAN-KR/ANF and APAN-JP NOC’s


Why revisiting
Why Revisiting?

  • These are the most important services for us

    • to get information from APAN thru WWW

    • to communicate with others thru e-mail/mailing lists

    • based on the APAN DNS

  • So they need

    • correctness of information

    • reliability and stability of operation/monitoring

  • And they are naturally based upon the network architecture/operation.

  • Now APAN network architecture/operation has changed greatly which requires revisiting the services.

    • 24x7 operation/monitoring

    • GbE connection between JP and KR


Previous problems
(Previous) Problems

  • WWW

    • Contents of apan.net(KR) and www.apan.net(JP) have 4 hours’ difference -> Harmful

  • DNS

    • No backup of primary database(KR) -> Dangerous

  • E-mail/mailing lists

    • No backup of mailing lists(KR) -> Dangerous

  • Operated/monitored jointly by APAN-KR/ANF and APAN-JP NOC’s

    • No 24x7 operation/monitoring on KR side


New scheme
New Scheme

  • Servers distributed among JP and KR

    • Controlled/operated/monitored by APAN NOC

    • Redundancy/reliability

  • Information correctness, reliability, and stability

    • NFS between servers for WWW

    • Backup of data for WWW, DNS, Mailing Lists

    • Servers location independence of the sec.


Current status follow up
Current Status/Follow-up

  • WWW servers, apan.net = www.apan.net

    • 2 official servers(JP and KR) with 1 hidden server(master.apan.net in Sec./TH)

      • Sec controls the contents

    • Hidden server is rcync’ed by JP server (with a reliable backup) in every 4 hours

      • Sec must have a way to trigger rsync

    • KR server NFS-mounting JP server contents

      • KR must have a local copy : local copy of NFS-mounted contents

    • Need performance test for this scheme

  • DNS servers

    • Primary server moved to APAN NOC from KAIST, but it’s hidden now

    • The same 2 servers(secondary) seen from outside

    • 1 hidden server + 2 servers or just 2 servers?

  • Mail server/mailing lists reconfiguration

    • Still pending

      • Should follow WWW servers scheme – 2 official mail exchangers

      • Sec must control ML lists

  • Is it worth trying anycast for these services?


Current status on kr side
Current Status on KR Side

  • KOREN/APAN-KR NOC has moved to Seoul with servers

    • I(JH Lee) am working for Convergence Lab., KT in Seoul

  • Our new servers (still going on)

    • 2 redundant 1-u servers for WWW, DNS, mail servers w/ storage servers

      • These will host the APAN servers/services

    • Planning to have specialized servers for tunnel broker, AG bridge servers, SNMP servers, etc.

  • Only in 6 years we’re going to have many new servers


Figure of apan web servers relocation by mr hattori
Figure of APAN WebServers Relocationby Mr.Hattori

Domain Name Servers of apan.net

TH

JP

KR

apan.net A 203.181.248.30 A 203.255.255.86www CNAME apan.net.

Secretariats can edit and update web contents on master.apan.net.

Slave:203.181.248.3

Master:203.255.248.57

These A records and CNAME record realize round robin service.

JHLee-san sent CD-Rs to Pensri-san. They contain the whole web contents of apan.net. And Pensri-san has uploaded them on master.apan.net.

Master:192.249.24.62

WebContents

Old KR web server

Previous rsync configuration between old KR server and JP had deleted.

WebContents

WebContents

WebContents

Mounted with NFSReal-time updating can be done

Synchronizing the contents by SSH-wrapped rsync every 4 hours

master.apan.net203.159.31.33

ns2.jp.apan.net= apan.net= www.apan.net203.181.248.30

noc6-5.kr.apan.net= apan.net= www.apan.net203.255.255.86

$ cat rsyncd.confhosts allow = 203.181.248.30use chroot = nomax connections = 4syslog facility = local5# pid file = /var/run/rsyncd.pidtimeout = 6000[www] path = /usr/local/src/www/html/apan.net lock file = /home/inetapan/rsyncd.lock uid = inetapan gid = users read only = true

Users can access JP or KR server using http://apan.net/ or http://www.apan.net/.The result of DNS query determines which server will be selected.

%crontab –l20 */4 * * * /usr/home/httpd/cron/wwwsync/wwwsync.sh%cat /usr/home/httpd/cron/wwwsync/wwwsync.sh#!/bin/sh/usr/local/bin/rsync -e ssh -aqz [email protected]::www /home/httpd/www.apan.net

Results of DNS query are round robin.

1st time

%nslookup apan.net

Name: apan.net

Addresses: 203.181.248.30, 203.255.255.86

2nd time

%nslookup apan.net

Name: apan.net

Addresses: 203.255.255.86, 203.181.248.30

3rd time

%nslookup apan.net

Name: apan.net

Addresses: 203.181.248.30, 203.255.255.86

This crontab with script on JP server remotely runs rsyncd command wrapped by SSH every 4 hours. Then rsync checks the updated contents on master.apan.net and transfers them to JP server.

This rsyncd.conf on master.apan.net allows rsync accessing from JP server.


Redundancy for web service
Redundancy for Web Service

  • How to build redundancy for http://apan.net/ and http://www.apan.net/

    • Synchronize contents from TH to JP and from JP to KR

    • Allocate 2 IP addresses (KR:203.255.255.86 and JP:203.181.248.30) for apan.net and www.apan.net

    • Use round robin DNS

  • How to synchronize the web contents

    • The bandwidth and RTT of TH-JP and KR-JP are taken into account

    • KR-JP use NFS, enough bandwidth and good RTT

    • TH-JP use SSH-wrapped rsync because of limited bandwidth


Building kr jp synchronization by nfs
Building KR-JP Synchronization by NFS

  • NFS for synchronization between KR and JP, and he led the implementation

    • NFS has already showed enough performance within Korea

    • Fortunately, there is enough bandwidth between KR and JP

    • JP server, exports the web contents as read-only NFS server only to KR server

    • KR server remotely mounted them as NFS client

  • Destination is from JP to KR

  • Need further tests for NFS/WWW performance


New services
New Services

  • NTP

  • Information/Routing Registry

  • H.323/SIP

  • APAN Observatory

  • LDAP

  • Any services members want to have



ad