Transcript Document

KONOE, a toolkit for an objectoriented online environment,
with Gate Package
M.Abe,
Y.Nagasaka,
T.Tamura, I.Nakano,
Y.Sakamoto,S.Enomoto,
R.Tanaka, S.Kawabata,
T.Sasaki
F.Fujiwara,
H.Sakamoto,
I.Iwai,
A.Manabe,
Contents







Background
Firewall
Port-forwarding
SSH’s port-forwarding
Gate package
Bench mark
Conclusions
2/12
Background
Online DAQ model

The KONOE for DAQ

Analysis
Storage
Toolkit for building DAQ systems




Collecting experiment data
Saving the data
Online monitoring and controlling
Processing log messages
DAQ
The Internet

The firewall Blocks the traffic
Event
Detector
The function to pass the Firewall is needed
3/12
Firewall

It looks at the packet in the networks


IP, Port, Protocol and so on.
It allows and rejects the packet according to a rule
Analysis
The Internet
80
22
Wait at
11000 port
DAQ
80
22
Wait at
12000 port
Only allowed request can connect
4/12
Port-forwarding
Firewall

Forwarding to a request port
Connection request
22 port
request of using
port 22
waiting at 22
and
process
forwarding to 12000
process
request of using
port 12000
process
Communicating is possible
even if the firewall exists
Waiting at
12000 port
5/12
SSH port-forwarding


SSH is shell to secure remote login
It encodes the transmission data

It uses encoding and decoding functions
22 port
ssh
process
21000
port
sshd
process
Waiting at
21000 port
Transmission speed will slow down
by encrypting
6/12
Benchmarking

environment





OS linux kernel-2.4.18
CPU Xeon 2GHz
Memory 256MByte
Network 1000BaseT
Evaluation



Direct transfer
SSH transfer
How to


Transfer 1-20 kbyte data
Measure transmission time
Measure time of
transmission
Send
Receive
1000Base
1~20K
data
7/12
Transmission speed (Mbyte/s)
Speed of SSH port-forwarding
Slow down( about 60% )
42.5 Mbyte/s
25 Mbyte/s
8/12
Gate package

Features of the gate package



Can Pass the firewall by using port-forwarding
Realizes a high speed transmission performance
Uses the Ctrl-packet to connect
Gate package
Wait at
8080 and 80 port
Data size 32bit
Firewall
Using open-port connection
Any connection
Ctrl-packet
IP address 32bit Port number 32bit
Head/Area/Command flag 8bit
9/12
Bench marking

Environment




OS linux kernel-2.4.18
CPU Xeon 2GHz
Memory 256MByte
Network 1000BaseT

How to measure


Transfer 1-20 kbyte data
Measure transmission time
Receive

1~20K
data
Evaluation



Direct transfer
SSH transfer
Gate package transfer
Send
Measure time of
transmission
1000BaseT
10/12
Transmission speed (Mbyte/s)
Transmission speed of this package
Same with direct
at greater than 8K byte
Mark a good
performance
Higher than SSH
at 1K byte or more
11/12
Conclusions

Recently, the online DAQ is executing using the
internet


Traffic is blocked by the firewall
Developed the Gate package

function


Performance



Communication passing the firewall
At greater than 1 kbyte, transmission speed is higher than SSH
At greater than 8 kbyte, transmission speed is same to direct one
The KONOE become to able to pass the firewall.
12/12
Time (u sec)
Transmission time
13/12
Data format

2 kind of data format

Control format

It uses to establish connection
Data size
32bit

Data format
Data size
32bit
IP address
32bit
PORT
32bit
Head/Area/Command flag
8bit
Payload data
32
0～(2 × 8 - 40) bit
Data flag
8bit
14/12