network services
Download
Skip this Video
Download Presentation
Network Services

Loading in 2 Seconds...

play fullscreen
1 / 20

Network Services - PowerPoint PPT Presentation


  • 126 Views
  • Uploaded on

Network Services. BNL USATLAS. Tier 1 / Tier 2 Meeting John Bigrow December 14, 2005. Network Services. BNL LHC Overview Preliminary Network and Security Architecture IP Address space allocations Performance Monitoring. Network Services.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Network Services' - ayasha


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
network services
Network Services

BNL USATLAS

Tier 1 / Tier 2 Meeting

John Bigrow

December 14, 2005

network services1
Network Services
  • BNL LHC Overview
    • Preliminary Network and Security Architecture
    • IP Address space allocations
    • Performance Monitoring
network services2
Network Services
  • Network Security Limitations
    • Current firewall Architecture
      • 6 virtual 1 Gb/Sec EtherChannel to backplane
      • Rated total throughput of 5 Gb/Sec
        • EtherChannel Overhead Loss
      • Single 1 Gb/Sec flow / interface
network services3
Network Services
  • Network Security Limitations (Continued)
    • Current Router Architecture
      • Single Access Control List (ACL) / interface
        • 1 inbound and 1 outbound
        • Default behavior Implicit deny
      • A single ACL can become unwieldy in a complex WAN environment
network services4
Network Services
  • Network Security Limitations (Continued)

………….

access-list 109 deny ip host 81.12.96.78 any

access-list 109 remark Block IPs per ticket 160,729 1 Month 12/8

access-list 109 deny ip host 219.105.44.115 any

access-list 109 deny ip host 217.199.177.208 any

access-list 109 deny ip host 202.108.13.91 any

access-list 109 deny ip host 210.219.231.2 any

access-list 109 remark ********************* Allow *************************

access-list 109 remark permit all before implicit deny

access-list 109 permit ip any any

network services5
Network Services
  • IP Address Allocation Tier 0 to Tier 1 (BNL - CERN)
    • Requires routable IP Address space
    • Direct BGP peering with CERN to / from BNL
    • Limited route advertisements between T0 and T1
      • For the LHC OPN Circuit BNL will use 192.12.15.0/24
network services6
Network Services
  • IP Address Allocation Tier 1 to Tier X (BNL - Internet)
    • Requires routable IP Address space
    • Direct BGP peering with ES Net from BNL
    • Full Internet route advertisements
      • ES Net CIDR IP Address Space
      • For the Internet circuit BNL will use 198.124.220.0/24
      • 3 additional class C networks available
network services7
Network Services
  • IP Address Allocation Tier 1 to Tier X (Continued)
    • DNS Fully Qualified Domain Hostname
    • Accessible ONLY from ES Net
      • No other path to get to BNL for LHC / Atlas
network services8
Network Services
  • Future BNL LHC OPN Enhancements
    • Dedicated Cisco Firewall Service Modules when available
      • Eliminate router ACL Functionality / Maintenance
      • Connection Logging
      • Each FWSM circuit will not impede the 10 Gb/Sec.
      • Stateful FWSM redundancy
    • IDS / IPS when available
network services10
Network Services
  • Mon
    • browser-based IP service monitor
  • Internet-centric WAN based monitor application
  • Interrogates essential BNL network services
network services11
Network Services
  • MonaLisa
    • Java based SNMP monitoring tool
  • External WAN based monitor
  • Tracks BNL EtherChannel OC-48
  • Firewall Service Module
  • 10 Gb/Sec. Uplink to the BNL core
network services14
Network Services
  • Summary
    • Tier 2 traffic dependant on Internet connectivity
      • Path to BNL via ES Net only
      • Initial router ACL based access to BNL
      • BNL provides DNS hostname for Internet resolution
questions comments
Questions/Comments

Network Services

???

bnl points of contact
BNL Points of Contact

Network Services

ad