Connect Communicate Collaborate perf SONAR MDM Service for
Connect. Communicate. Collaborate perf. SONAR MDM Service for LHC OPN Loukik Kudarimoti DANTE
Multi Domain Monitoring Service Introduction -1 - Connect. Communicate. Collaborate • perf. SONAR Consortium – ESnet – GÉANT 2 – Internet 2 – RNP • perf. SONAR MDM Service – Support for GÉANT 2 users of monitoring software – Managed Service portfolio to support hardware 2
Multi Domain Monitoring Service Introduction -2 - Connect. Communicate. Collaborate perf. SONAR MDM Service • Monitor the network – Deploy and maintain hardware – Install and maintain monitoring software – Reports on monitoring results • Provide access to measurement capabilities & data – Authorized groups of users – Various visualisation tools • Support users of tools and data – Service Desk – Agreements with Software development teams – Reports on Service desk performance 3
Network Monitoring -1 - Connect. Communicate. Collaborate Primary Monitoring Objective • LHC OPN links between Tier-0 & Tier-1 • Links between Tier-1 sites (ex: ATLAS experiments) • Metrics – One way delay, One way delay variation – TCP Achievable Bandwidth – Status of circuits – Traceroute, packet loss and packet re-ordering – IP Interface statistics - utilisation, errors and discards 4
Network Monitoring -2 - Connect. Communicate. Collaborate • Data Visualisation – Map based tools, diagnostic tools and alarms – Recent data & archived data for trend analysis – Data and Tool Administration Interfaces 5
Connect. Communicate. Collaborate 6
Connect. Communicate. Collaborate 7
Connect. Communicate. Collaborate 8
Connect. Communicate. Collaborate 9
Connect. Communicate. Collaborate 10
Connect. Communicate. Collaborate 11
Appliance Deployment -1 - Connect. Communicate. Collaborate Deployment Location • 12 sites – 8 in Europe – 2 in USA – 1 in Canada – 1 in Taiwan • Equipment deployed at each Tier-1 site – 2 x Sun Servers – 1 x Bee Server • Location suggested: close to the site’s border routers 12
Appliance Deployment -2 - Connect. Communicate. Collaborate • Single Border Router Scenario • Sites: – BNL – CNAF – FNAL – IN 2 P 3 – NDGF – PIC – RAL 13
Appliance Deployment -3 - Connect. Communicate. Collaborate • Scenario 2 a: Two border routers with primary & backup links • Sites: – Gridka 14
Appliance Deployment -4 - Connect. Communicate. Collaborate • Scenario 2 b: Two border routers in a triangle • Sites: – ASGC – CERN 15
Appliance Deployment -4 - Connect. Communicate. Collaborate • Scenario 2 c: Two border routers using Virtual Router technique • Sites: – SARA (? ) 16
Site Responsibilities -1 - Connect. Communicate. Collaborate • GPS Antenna & receiver card - according to spec – Installation of GPS Antenna and all necessary cabling • Dedicated Gig. E switch • Network connections and IP Addresses • Terminal Server - according to spec – Out of band access for terminal server (PSTN / ISDN) – In band access via switch • Dedicated interface(s) on border routers • 60 minute UPS backup and notification procedures 17
Site Responsibilities -2 - Connect. Communicate. Collaborate • Site Network firewall configurations – Importantly: SNMP read access to border routers • Site administrator(s) for local support – Physical hardware installation – Provide Network topology and configuration information – Some on-site maintenance tasks • Remote hands and eyes • Site access to 3 rd party support on behalf of DANTE • Other (rack space, electricity) 18
Site Responsibilities -3 - Connect. Communicate. Collaborate • Provide Network Topology and configuration information – About Routers, IP interfaces, connectivity, network topology – About links that are part of end-to-end circuits • Status of links – Update information whenever there are changes • Web Interfaces and service desk procedures will be available • Software to help in updating the status of circuits 19
Security -1 - Connect. Communicate. Collaborate • Network Firewalls and isolation – Well known flows and ports – Well defined access to site network equipment – Separate VLANs and interfaces • Isolation from the Tier-0/Tier-1 LAN • Operating System Security – Red Hat Enterprise 5 – Maintained and promptly updated by Service Desk – “Bolted down” 20
Security -2 - Connect. Communicate. Collaborate • Monitoring tools and perf. SONAR software – Stable, supported software – Low privileges – Well defined ports, protocols and firewall requirements • Data Security and Availability – edu. GAIN framework for access control • Data and measurement capability limited to specific user groups – RAID system for local data backup 21
Support -1 - Connect. Communicate. Collaborate • Service Desk @ DANTE – Single Point Of Contact for users – Support for deployments, data and tools – ITIL Principles – Agreements with development groups • Supported user groups – Tier-0 and Tier-1 Operation Centers – LHC OPN IP Co-ordination Unit (LIPCU) – E 2 ECU – Performance Enhancement Response Teams 22
Support -2 - Connect. Communicate. Collaborate • Service Desk Reports – Incidents reported and resolved – Deployment Availability • Data and Tool Availability statistics – Statistics on network monitoring results 23
Service Extensions and Conclusions Connect. Communicate. Collaborate • Service Extension possibilities – Investigate more measurements if requested – Controlled change process to the services • perf. SONAR MDM Service in beta phase (public trial) – 1 st phase - Rolled out to six NRENs – 2 nd phase - eleven NRENs • Trial phase extended to LHC OPN – In partnership with Internet 2 and ESnet, service desk made available to Tier-0 and all Tier-1 sites. 24
- Slides: 24