Transcript Revisiting APAN Services #2

Revisiting APAN Services #2
Yoshikata Hattori, [email protected]
Pensri A., [email protected]
Lee, Jaehwa, [email protected]
APAN NOC
19th APAN Meeting, Bangkok
What Are APAN Services?
• WWW
– apan.net and www.apan.net
• DNS
– ns.kaist.apan.net and ns.jp.apan.net
• E-mail/mailing lists
– apan.net
• Distributed among/operated by APANKR/ANF and APAN-JP NOC’s
Why Revisiting?
• These are the most important services for us
– to get information from APAN thru WWW
– to communicate with others thru e-mail/mailing lists
– based on the APAN DNS
• So they need
– correctness of information
– reliability and stability of operation/monitoring
• And they are naturally based upon the network
architecture/operation.
• Now APAN network architecture/operation has
changed greatly which requires revisiting the services.
– 24x7 operation/monitoring
– GbE connection between JP and KR
(Previous) Problems
• WWW
– Contents of apan.net(KR) and www.apan.net(JP)
have 4 hours’ difference -> Harmful
• DNS
– No backup of primary database(KR) -> Dangerous
• E-mail/mailing lists
– No backup of mailing lists(KR) -> Dangerous
• Operated/monitored jointly by APAN-KR/ANF
and APAN-JP NOC’s
– No 24x7 operation/monitoring on KR side
New Scheme
• Servers distributed among JP and KR
– Controlled/operated/monitored by APAN NOC
– Redundancy/reliability
• Information correctness, reliability, and
stability
– NFS between servers for WWW
– Backup of data for WWW, DNS, Mailing Lists
– Servers location independence of the sec.
Current Status/Follow-up
•
WWW servers, apan.net = www.apan.net
– 2 official servers(JP and KR) with 1 hidden server(master.apan.net in
Sec./TH)
• Sec controls the contents
– Hidden server is rcync’ed by JP server (with a reliable backup) in every 4
hours
• Sec must have a way to trigger rsync
– KR server NFS-mounting JP server contents
• KR must have a local copy : local copy of NFS-mounted contents
– Need performance test for this scheme
•
DNS servers
– Primary server moved to APAN NOC from KAIST, but it’s hidden now
– The same 2 servers(secondary) seen from outside
– 1 hidden server + 2 servers or just 2 servers?
•
Mail server/mailing lists reconfiguration
– Still pending
• Should follow WWW servers scheme – 2 official mail exchangers
• Sec must control ML lists
•
Is it worth trying anycast for these services?
Current Status on KR Side
• KOREN/APAN-KR NOC has moved to Seoul
with servers
– I(JH Lee) am working for Convergence Lab., KT in
Seoul
• Our new servers (still going on)
– 2 redundant 1-u servers for WWW, DNS, mail
servers w/ storage servers
• These will host the APAN servers/services
– Planning to have specialized servers for tunnel
broker, AG bridge servers, SNMP servers, etc.
• Only in 6 years we’re going to have many new
servers
Figure of APAN Web Servers Relocation by Mr.Hattori
TH
JP
Secretariats can edit and
update web contents on
master.apan.net.
Slave:203.181.248.3
JHLee-san sent CD-Rs to Pensri-san.
They contain the whole web contents of
apan.net. And Pensri-san has uploaded
them on master.apan.net.
Web
Contents
master.apan.net Synchronizing the contents by
203.159.31.33 SSH-wrapped rsync every 4 hours
$ cat rsyncd.conf
hosts allow = 203.181.248.30
use chroot = no
max connections = 4
syslog facility = local5
# pid file = /var/run/rsyncd.pid
timeout = 6000
Web
Contents
ns2.jp.apan.net
= apan.net
= www.apan.net
203.181.248.30
Domain Name Servers of apan.net
apan.net A 203.181.248.30
A 203.255.255.86
www
CNAME apan.net.
These A records and CNAME
record realize round robin
service.
Mounted with NFS
Real-time updating can be
done
%crontab –l
20 */4 * * * /usr/home/httpd/cron/wwwsync/wwwsync.sh
%cat /usr/home/httpd/cron/wwwsync/wwwsync.sh
#!/bin/sh
/usr/local/bin/rsync -e ssh -aqz [email protected]::www /home/httpd/www.apan.net
KR
Master:203.255.248.57
Master:192.249.24.62
Web
Contents
Old KR web server
Web
Contents
noc6-5.kr.apan.net
= apan.net
= www.apan.net
203.255.255.86
Users can access JP or KR server using
http://apan.net/ or http://www.apan.net/.
The result of DNS query determines
which server will be selected.
Results of DNS query are round robin.
[www]
path = /usr/local/src/www/html/apan.net
lock file = /home/inetapan/rsyncd.lock
uid = inetapan
gid = users
read only = true
This rsyncd.conf on master.apan.net
allows rsync accessing from JP server.
This crontab with script on JP server remotely runs
rsyncd command wrapped by SSH every 4 hours.
Then rsync checks the updated contents on
master.apan.net and transfers them to JP server.
1st time
%nslookup apan.net
Name: apan.net
Addresses: 203.181.248.30, 203.255.255.86
2nd time
%nslookup apan.net
Name: apan.net
Addresses: 203.255.255.86, 203.181.248.30
3rd time
%nslookup apan.net
Name: apan.net
Addresses: 203.181.248.30, 203.255.255.86
Redundancy for Web Service
• How to build redundancy for http://apan.n
et/ and http://www.apan.net/
– Synchronize contents from TH to JP and from JP to KR
– Allocate 2 IP addresses (KR:203.255.255.86 and JP:203.
181.248.30) for apan.net and www.apan.net
– Use round robin DNS
• How to synchronize the web contents
– The bandwidth and RTT of TH-JP and KR-JP are taken i
nto account
– KR-JP use NFS, enough bandwidth and good RTT
– TH-JP use SSH-wrapped rsync because of limited band
width
Building KR-JP Synchronization by NFS
• NFS for synchronization between KR and JP,
and he led the implementation
– NFS has already showed enough performance with
in Korea
– Fortunately, there is enough bandwidth between K
R and JP
– JP server, exports the web contents as read-only
NFS server only to KR server
– KR server remotely mounted them as NFS client
• Destination is from JP to KR
• Need further tests for NFS/WWW performance
New Services
•
•
•
•
•
•
•
NTP
Information/Routing Registry
H.323/SIP
APAN Observatory
LDAP
…
Any services members want to have
• Now comes the detailed
report of the APAN services
relocation by APAN/APAN-JP
NOC