isabella weger head computer division ecmwf isabella weger@ecmwf int n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
14 th meeting of the RMDCN Operations Committee 3-4 June 2008, Vienna PowerPoint Presentation
Download Presentation
14 th meeting of the RMDCN Operations Committee 3-4 June 2008, Vienna

Loading in 2 Seconds...

play fullscreen
1 / 25

14 th meeting of the RMDCN Operations Committee 3-4 June 2008, Vienna - PowerPoint PPT Presentation


  • 184 Views
  • Uploaded on

Isabella Weger Head, Computer Division ECMWF isabella.weger@ecmwf.int. 14 th meeting of the RMDCN Operations Committee 3-4 June 2008, Vienna. 14 th Meeting of the RMDCN Operations Committee. RMDCN Status Report RMDCN configuration Network Reliability and Performance

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '14 th meeting of the RMDCN Operations Committee 3-4 June 2008, Vienna' - markku


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
isabella weger head computer division ecmwf isabella weger@ecmwf int
Isabella Weger

Head, Computer Division

ECMWF

isabella.weger@ecmwf.int

14th meeting of the RMDCN Operations Committee3-4 June 2008, Vienna

RMDCN Steering Group, 4-6 June 2008, Vienna

14 th meeting of the rmdcn operations committee
14th Meeting of the RMDCN Operations Committee
  • RMDCN Status Report
    • RMDCN configuration
    • Network Reliability and Performance
    • Service Level Agreement
  • Status of the WIS
  • Report on Tests
    • IPSEC VPN
    • IPv6
  • Price Review for 2008

RMDCN Steering Group, 4-6 June 2008, Vienna

migration to mpls ipvpn technology
Migration to MPLS IPVPN technology
  • RMDCN was migrated from Frame Relay to MPLS (Multi-Protocol Label Switching) technology
    • Any-to-any connectivity
    • Class of Service concept
    • Doubling of bandwidth for the basic configuration
    • ISDN backup
    • Improved SLA
  • Migration to MPLS completed on 18 June 2007

RMDCN Steering Group, 4-6 June 2008, Vienna

rmdcn configuration
RMDCN configuration

RMDCN Steering Group, 4-6 June 2008, Vienna

rmdcn configuration1
RMDCN Configuration
  • 11 Mission Critical Sites (dual access lines)
  • 1 extra enhanced (dual access lines; single router)
  • 29 ISDN NAS Backup
  • 1 site no Backup (Saudi Arabia)
  • Doubling IP throughput
  • Better Backup
  • Better SLA

RMDCN Steering Group, 4-6 June 2008, Vienna

rmdcn availability
RMDCN – Availability
  • Service metrics
    • Site Availability (used to be PVC availability in Frame Relay network)
    • SLA 99.9% (100% for Mission Critical sites)

RMDCN Steering Group, 4-6 June 2008, Vienna

service problems
Service Problems
  • Audits carried out by OBS
    • Diversity access circuits
    • Diversity of ISDN NAS Backup
    • Ownership of ISDN connection
  • Support issues
    • 24*7 local PTT support
    • Service Desk contact

RMDCN Steering Group, 4-6 June 2008, Vienna

14 th meeting of the rmdcn operations committee1
14th Meeting of the RMDCN Operations Committee
  • RMDCN Status Report
    • RMDCN configuration
    • Network Reliability and Performance
    • Service Level Agreement
  • Status of the WIS
  • Report on Tests
    • IPSEC VPN
    • IPv6
  • Price Review for 2008

RMDCN Steering Group, 4-6 June 2008, Vienna

ipsec vpn tests
IPSec VPN Tests
  • 2002: IPSec feasibility study
    • guidelines and recommendations for building secure connections over the Internet
  • 2005: IPSec-based VPN as a backup for the RMDCN study
    • Provides a framework for an operational RMDCN backup solution using an Internet-based IPSec VPN
    • Only “static” rerouting considered
  • 2007-2008: IPSec VPN Backup for the RMDCN project
    • Using and IPSec-based VPN infrastructure to transport operational RMDCN traffic between RMDCN sites as an alternative to the RMDCN network itself
    • Phase #1: Building the IPSec-based infrastructure
    • Phase #2: Using the IPSec-based VPN infrastructure as a backup for the RMDCN in an operational context

RMDCN Steering Group, 4-6 June 2008, Vienna

test configuration
Test configuration
  • Mimic the NAS ISDN backup implementation within the RMDCN: ECMWF acts as an IPSec centralising site, which guarantees the any-to-any connectivity of the RMDCN IPVPN cloud

RMDCN Steering Group, 4-6 June 2008, Vienna

manual vs automatic re routing
Manual vs. automatic re-routing

RMDCN Steering Group, 4-6 June 2008, Vienna

other technical solutions checkpoint
Other Technical Solutions - Checkpoint
  • All Checkpoint – 2 Topologies
    • “hub-and-spoke” topology (“Star VPN Community")
    • “any-to-any” topology ("Meshed VPN Community")
      • if all the gateways are centrally managed, this is easy to implement as the conf would be "pushed" to all the gateways
    • Solution is more suitable for a centralised "Corporate" deployment

RMDCN Steering Group, 4-6 June 2008, Vienna

other technical solutions dmvpn
Other Technical Solutions - DMVPN
  • Cisco IOS solution for building IPsec+GRE VPNs
    • Relies on two proven Cisco technologies Next Hop Resolution Protocol (NHRP) and Multipoint GRE Tunnel Interface
  • Hub-and-spoke
    • All VPN traffic must go via hub; Hub bandwidth and CPU utilization limit VPN
  • Dynamic-Mesh – Dynamic spoke-spoke tunnels
    • Control traffic — Hub to Hub and Hub and spoke
    • Data traffic — Dynamic mesh
  • Does not alter the standards-based IPsec VPN tunnels, but it changes their configuration
  • Very scalable and easy to configure
other technical solutions
Other Technical Solutions
  • NHRP Resolution – Process Switching

?

= Dynamic permanent IPsec tunnels

192.168.0.1/24

?

10.0.0.11  172.16.1.1

10.0.0.12  172.16.2.1

NHRP mapping (*NHS)

Physical: 172.17.0.1

Tunnel0: 10.0.0.1

192.168.0.0/24  Conn.

Routing Table

192.168.1.0/24  10.0.0.11

192.168.2.0/24  10.0.0.12

Physical: (dynamic)

Tunnel0: 10.0.0.12

172.16.2.1

Physical: (dynamic)

Tunnel0: 10.0.0.11

172.16.1.1

Web

Spoke B

Spoke A

.1

.37

192.168.2.0/24

.1

192.168.1.0/24

.25

10.0.0.1  172.17.0.1 (*)

10.0.0.1  172.17.0.1 (*)

PC

10.0.0.11  172.16.1.1

10.0.0.12  172.16.2.1

192.168.1.0/24  172.16.1.1

192.168.1.25/32  ???

192.168.1.0/24  172.16.1.1 (l)

192.168.2.0/24  172.16.2.1 (l)

192.168.2.37/32  ???

192.168.2.0/24  172.16.2.1

192.168.0.0/24  10.0.0.1

192.168.1.0/24  Conn.

192.168.0.0/24  10.0.0.1

192.168.2.0/24  Conn.

192.168.1.0/24  10.0.0.11

192.168.2.0/24  10.0.0.12

RMDCN Steering Group, 4-6 June 2008, Vienna

conclusion from the tests recommendations
Conclusion from the tests & recommendations
  • The use of shared devices between the RMDCN operational traffic exchange and the IPSec-based backup infrastructure created additional constraints
    • Using dedicated IPSec box should to be considered in an operational environment
  • The use of IPSec devices from different vendors proved to be challenging
    • Consider using one device type or at least one device brand for an operational deployment
  • “manual” re-routing is time-consuming and prone to mistakes
    • The traffic re-routing has to be fast, automatic and reliable. Only dynamic routing processes can ensure this in an operational environment

RMDCN Steering Group, 4-6 June 2008, Vienna

14 th roc agreement on internet backup
14th ROC: Agreement on Internet backup
  • Backup solution must maintain any-to-any connections
  • Dedicated IPSec equipment needed for RMDCN backup
  • Same type of equipment will be used by all sites
  • Equipment will be managed locally by the sites
  • Portfolio of backup solutions will be
    • RMDCN mission critical sites
    • ISDN NAS backup within the managed network (to be phased out in the future)
    • Backup over the Internet
    • ECMWF will continue to provide a gateway function, so that connectivity between sites using different backup solutions will be maintained

RMDCN Steering Group, 4-6 June 2008, Vienna

next steps for internet backup tests
Next steps for Internet backup tests
  • Preferred solution is Cisco DMVPN
    • Setup of a test environment for DMVPN including 6 or 7 routers internally at ECMWF
    • If successful, Q4-2008 3 or 4 routers will be sent to volunteers sites to try DMVPN over the Internet. DMVPN will then be used to create the IPSEC VPN solution to backup the RMDCN
    • Q1-2009 results of these tests.
    • If successful, consider recommendation of Cisco Routers using DMVPN for the backup of the RMDCN
    • Otherwise, market survey to find the correct solution
  • Agree on future solution and equipment in ROC-15 (spring 2009)

RMDCN Steering Group, 4-6 June 2008, Vienna

ipv6 testing status update
IPv6 Testing Status Update
  • Objectives of IPv6 tests
    • To assess potential benefits and/or problems of deploying IPv6 in an operational environment.
    • To assess IPv6 performance over existing infrastructure.
  • Partners involved
    • CMA (China)
    • CNR (Italy)
    • DWD (Germany)
    • JMA (Japan)
    • KNMI (The Netherlands)
    • SMHI (Sweden)
    • ECMWF

RMDCN Steering Group, 4-6 June 2008, Vienna

topology for external ipv6 tests
Topology for external IPv6 tests

RMDCN Steering Group, 4-6 June 2008, Vienna

initial results
Initial results
  • Only a few tests have been completed.
  • Sites did not have any major IPv6 basic connectivity problems with ISPs.
  • Firewalls are ready.
  • Not all applications are IPv6 ready yet, but for the main services such as DNS, web and ftp there is no problem.
  • Plug and play is nice … but requires support staff to really understand IPv6 to solve problems.
  • Performance to/from European sites similar to IPv4, but to/from Asian countries seems a lot better
    • New IPv6 infrastructure is in place but not fully used yet.
    • IPv6 routes may be more efficient than IPv4

RMDCN Steering Group, 4-6 June 2008, Vienna

situation with the providers and authorities
Situation with the providers and authorities
  • Most of the Internet provider are now IPv6 ready
  • RMDCN Market Survey shown that MPLS Network Operator are IPv6 ready. The use seems quite minimal though
  • EU has recently announced the funding of initiatives in order for IPv6 to represent 25% of the overall traffic exchanged in Europe
  • OECD in a recent report:

http://www.oecd.org/dataoecd/7/1/40605942.pdf

Is also urging towards IPv6 adoption.

RMDCN Steering Group, 4-6 June 2008, Vienna

what happens next at ecmwf
What happens next at ECMWF
  • Enable IPv6 operationally on some DMZ subnets.
  • Enable IPv6 operationally on the main Firewalls.
  • Modify ECMWF Dissemination transmission software (ECPDS) to be IPv6 capable (over the Internet).
  • Modify ECACCESS to be IPv6 capable.

What will not happen … yet

  • Not planning to deploy on the LAN
  • Not planning to migrate from IPv4 but rather to complement it with additional IPv6 services.

RMDCN Steering Group, 4-6 June 2008, Vienna

14 th meeting of the rmdcn operations committee2
14th Meeting of the RMDCN Operations Committee
  • RMDCN Status Report
    • RMDCN configuration
    • Network Reliability and Performance
    • Service Level Agreement
  • Status of the WIS
  • Report on Tests
    • IPSEC VPN
    • IPv6
  • Price Review for 2008

RMDCN Steering Group, 4-6 June 2008, Vienna

mpls migration
MPLS Migration
  • 18th June 2008 Migration completed
  • Liquidated Damages due to the late delivery of the new Network
    • Failure to meet milestone dates
    • 0.1 % of annual charges per day delay; max. 7% (= 70 days)
    • LDs are a percentage of the first 12 months of Service Charges, so OBS will act on this after 18 June 2008

RMDCN Steering Group, 4-6 June 2008, Vienna

price reviews for mpls network
Price Reviews for MPLS network
  • Price Review 2007
    • First MPLS Price Review was scheduled for 1 April 2007
    • Offer was 10% on IP Bandwidth Charges only (No reduction on Access Line, Router and Management charges)
    • Overall reduction 5.52% (per site this varied between 0 and 10%)
    • Total Redistribution Charges reduced from ~£14.5K to £9.25K
  • Price Review 2008
    • Market survey by The Network Collective (a consultancy company) indicated that there should be a significant reduction
    • OBS’s first offer is an overall reduction of the charges of 28% (per site this varies between 0% and 58%)
    • No change in Access Line Charges; this is still being addressed with OBS.

RMDCN Steering Group, 4-6 June 2008, Vienna