Transcript perfSONAR MDM Service for LHC OPN

Connect. Communicate. Collaborate
perfSONAR MDM Service for
LHC OPN
Loukik Kudarimoti
DANTE
Multi Domain Monitoring Service
Introduction
-1-
Connect. Communicate. Collaborate
• perfSONAR Consortium
– ESnet
– GÉANT2
– Internet2
– RNP
• perfSONAR MDM Service
– Support for GÉANT2 users of monitoring software
– Managed Service portfolio to support hardware
2
Multi Domain Monitoring Service
Introduction
-2-
Connect. Communicate. Collaborate
perfSONAR MDM Service
• Monitor the network
– Deploy and maintain hardware
– Install and maintain monitoring software
– Reports on monitoring results
• Provide access to measurement capabilities & data
– Authorized groups of users
– Various visualisation tools
• Support users of tools and data
– Service Desk
– Agreements with Software development teams
– Reports on Service desk performance
3
Network Monitoring
-1-
Connect. Communicate. Collaborate
Primary Monitoring Objective
• LHC OPN links between Tier-0 & Tier-1
• Links between Tier-1 sites (ex: ATLAS experiments)
• Metrics
– One way delay, One way delay variation
– TCP Achievable Bandwidth
– Status of circuits
– Traceroute, packet loss and packet re-ordering
– IP Interface statistics - utilisation, errors and discards
4
Network Monitoring
-2-
Connect. Communicate. Collaborate
• Data Visualisation
– Map based tools, diagnostic tools and alarms
– Recent data & archived data for trend analysis
– Data and Tool Administration Interfaces
5
Connect. Communicate. Collaborate
6
Connect. Communicate. Collaborate
7
Connect. Communicate. Collaborate
8
Connect. Communicate. Collaborate
9
Connect. Communicate. Collaborate
10
Connect. Communicate. Collaborate
11
Appliance Deployment
-1-
Connect. Communicate. Collaborate
Deployment Location
• 12 sites
– 8 in Europe
– 2 in USA
– 1 in Canada
– 1 in Taiwan
• Equipment deployed at each Tier-1 site
– 2 x Sun Servers
– 1 x Bee Server
• Location suggested: close to the site’s border routers
12
Appliance Deployment
-2-
Connect. Communicate. Collaborate
• Single Border Router Scenario
• Sites:
– BNL
– CNAF
– FNAL
– IN2P3
– NDGF
– PIC
– RAL
13
Appliance Deployment
-3-
Connect. Communicate. Collaborate
• Scenario 2a: Two border routers
with primary & backup links
• Sites:
– Gridka
14
Appliance Deployment
-4-
Connect. Communicate. Collaborate
• Scenario 2b: Two border routers
in a triangle
• Sites:
– ASGC
– CERN
15
Appliance Deployment
-4-
Connect. Communicate. Collaborate
• Scenario 2c: Two border routers
using Virtual Router technique
• Sites:
– SARA (?)
16
Site Responsibilities
-1-
Connect. Communicate. Collaborate
• GPS Antenna & receiver card - according to spec
– Installation of GPS Antenna and all necessary cabling
• Dedicated GigE switch
• Network connections and IP Addresses
• Terminal Server - according to spec
– Out of band access for terminal server (PSTN / ISDN)
– In band access via switch
• Dedicated interface(s) on border routers
• 60 minute UPS backup and notification procedures
17
Site Responsibilities
-2-
Connect. Communicate. Collaborate
• Site Network firewall configurations
– Importantly: SNMP read access to border routers
• Site administrator(s) for local support
– Physical hardware installation
– Provide Network topology and configuration information
– Some on-site maintenance tasks
• Remote hands and eyes
• Site access to 3rd party support on behalf of DANTE
• Other (rack space, electricity)
18
Site Responsibilities
-3-
Connect. Communicate. Collaborate
• Provide Network Topology and configuration information
– About Routers, IP interfaces, connectivity, network
topology
– About links that are part of end-to-end circuits
• Status of links
– Update information whenever there are changes
• Web Interfaces and service desk procedures will be
available
• Software to help in updating the status of circuits
19
Security
-1-
Connect. Communicate. Collaborate
• Network Firewalls and isolation
– Well known flows and ports
– Well defined access to site network equipment
– Separate VLANs and interfaces
• Isolation from the Tier-0/Tier-1 LAN
• Operating System Security
– Red Hat Enterprise 5
– Maintained and promptly updated by Service Desk
– “Bolted down”
20
Security
-2-
Connect. Communicate. Collaborate
• Monitoring tools and perfSONAR software
– Stable, supported software
– Low privileges
– Well defined ports, protocols and firewall requirements
• Data Security and Availability
– eduGAIN framework for access control
• Data and measurement capability limited to specific
user groups
– RAID system for local data backup
21
Support
-1-
Connect. Communicate. Collaborate
• Service Desk @ DANTE
– Single Point Of Contact for users
– Support for deployments, data and tools
– ITIL Principles
– Agreements with development groups
• Supported user groups
– Tier-0 and Tier-1 Operation Centers
– LHC OPN IP Co-ordination Unit (LIPCU)
– E2ECU
– Performance Enhancement Response Teams
22
Support
-2-
Connect. Communicate. Collaborate
• Service Desk Reports
– Incidents reported and resolved
– Deployment Availability
• Data and Tool Availability statistics
– Statistics on network monitoring results
23
Service Extensions and Conclusions
Connect. Communicate. Collaborate
• Service Extension possibilities
– Investigate more measurements if requested
– Controlled change process to the services
• perfSONAR MDM Service in beta phase (public trial)
– 1st phase - Rolled out to six NRENs
– 2nd phase - eleven NRENs
• Trial phase extended to LHC OPN
– In partnership with Internet2 and ESnet, service desk
made available to Tier-0 and all Tier-1 sites.
24