Transcript IPv6Status@IHEP-HEPiX-F2F

HEPiX IPv6 F2F Meeting
IPv6 Network Status in IHEP/China
QI Fazhi [[email protected]]
Computing Center, IHEP
July 4, 2013. CERN
QI Fazhi／IHEP CC
2
Outline
•
•
•
•
CSTNet
CERNet
CNGI
IHEPNet
• IPv6@IHEP
• SDN@IHEP
• Summary
QI Fazhi／IHEP CC
*
CSTNet
• China Science and
Technology Network
• Domain name: *.ac.cn
• An academic network
system operated by Chinese
Academy of Sciences
• Covers the whole country
via 13 regional sub-centers
to form the domestic
backbone
• Operation Center: CNNIC
QI Fazhi／IHEP CC
CERNet
• China Education &
Research Network
• Domain name is
*.edu.cn
• the largest academic
network in China
• Connects more than
200 cities
• Provides connectivity to
~2000 colleges and
institutes.
QI Fazhi／IHEP CC
CNGI
• China Next Generation Internet
• A government-supported IPv6
project
• A largest ipv6 pure network in
the world
• the largest academic network in
China
• consists of six core networks
implemented by China Telecom,
China Netcom/CAS, China
Mobile, China Unicom,
CERNET and China Railcom
•
QI Fazhi／IHEP CC
CERNet2
• The CERNet part of CNGI
• 2.5~10Gbps backbone
•
QI Fazhi／IHEP CC
CSTNet2
QI Fazhi／IHEP CC
QI Fazhi／IHEP CC
IPv6 History @IHEP
• 2008
– 1Gbps IPv6 Link to CNGI, Part of IHEP endpoints support IPv6
• 2009
– IHEP started to use the IPv6 Link to do the HEP data transfer between the
cooperation Universities(SDU/…)
• 2011
– IHEP DNS supports IPv6
• 2012
– Dual Stack IHEP Campus Network, 10Gbps IPv6 link CNGI(Fund from The
National Reform and Development Committee )
• 2013
– IHEP Gird-Area Network supports IPv6(test bed)
– The SDN @IHEP project start up(IPv6 enabled)
QI Fazhi／IHEP CC
IPv6 deployment principles
@IHEP
• Dual Stack
• The same management and security policies with IPv4
– Users (IP) management
– Monitoring
– Access control
• Step by Step
– Public Network Services
•
•
•
•
DNS
WEB
Email
……
– Grid & Cloud Computing
QI Fazhi／IHEP CC
DHCPv6 @IHEP （Dibbler）
• Feature
• Dibbler
– Open source software
– Author :Tomasz Mrugalski
and Marek Senderski from
Gdansk University of
Technology
• A dhcpv6 solution include
– Server
– Client (Support Windows XP)
– Relay
– OS supported
• Linux 2.4/2.6; Windows
NT4.0,XP,WIN7/8; Mac
OS
– Multi-server supported
– Autoconguration procotol
supported
• Stateful /Stateless
• IA,TA,PD client IP
configuration control
– Dhcpv6 relay request
supported
– Per client conguration by
MAC or UUID
– Server caching
QI Fazhi／IHEP CC
Current Status
• Infrastructure deployment ✔
– All the network devices(switch/router/firewall) support IPv6
• Infrastructure Monitoring ✔
– Easy to do (all the devices are dual stack supported)
– Cacti & Nagios with IPv6 patch
• User(IP) management ✔
– The ipdb & access control system ✔
– DHCPv6 server: ✔
•
•
DHCPv6 server service (DHCPv6 serverDibbler server; running on the same server with DHCPv4)
All the office users use the dibbler client to achieve ipv6 address.
• Security ✔
–
Firewall: ✔
– Network traffic and user behavior analysis: ✔
QI Fazhi／IHEP CC
Current Status
User Management & Access Control
• Central Database – IPDB
– MAC Address is the key
• Static IP address for Users
– IPv6/IPv4 host addresses assigned by Dibbler/DHCPv4 servers,
based on the MAC address declared in the IPDB
• Central Control System
–
–
–
–
User information management
Network devices information management
Dhcpd configuration auto-updated
Release access policies to the proper user switch
QI Fazhi／IHEP CC
Current Status
User Access Control Procedure
MAC/User
Name/Email/Tel/Building/R
oom number/Plugin
number/……
Online Register
Submit
no
Approved
by Admin
ok
Assign IP address
save
Dibbler/DHCP
configuration updated
Switch configuration
updated
IPDB
Switch information: IP/Port/Vlan/
Switch-Room/Plugin Number relationship
Vlan/IP subnet/switch-port relationship
IP/MAC relationship
……
QI Fazhi／IHEP CC
Current Status
Grid Area Network
• Grid Computing Environment
–
–
–
–
–
–
–
–
–
–
The gridftp(ipv6) test bed was set up
IP Name: ui01-hepix.ihep.ac.cn
ui01-hepix-v6.ihep.ac.cn (2401:de00::9998)
ui01-hepix-v4.ihep.ac.cn (202.122.32.172)
OS: Scientific Linux 5.9 x86_64
CPU: Intel E5345 X 2
Mem: 16GB
DISK: 320GB. Will add to 6TB(2TBX3 Raid 0). For Transfer test.
Middle ware: Gridftp server and EMI-2 UI
Web server: nginx with ipv6 support
QI Fazhi／IHEP CC
IPV6 check result
• New CA server included in EGI-ca-policy 1.53
• Gridftp server or client ca version less than 1.53
will failed to transfer
QI Fazhi／IHEP CC
Problems
• No enough resources and applications in the IPv6
internet world
– Most of the IHEP IPv6 traffic are video/iptv/……
– Less scientific data go through IPv6
• And Then…….SDN@IHEP Project
QI Fazhi／IHEP CC
What is SDN?
QI Fazhi／IHEP CC
19
SDN@IHEP
• Goal
– A flexible, reliable and high performance HEP data transfer network (virtual and
private) and system platform in China
– IPv4 and IPv6 supported
– The traffic can be switched between IPv4 and IPv6 infrastructure and physical path
automatically or manually
• SDN@IHEPIHEPDTN
–
–
–
–
–
End user network
Backbone network（IPv6 & IPv4）
SDN Switch (L2VPN gateway & Openflow supported)
Control center (API to Application)
Applications(FTS/NMS/…….)
• Members
– IHEP/SJU/SDU/TsingHua/……
– Network manufacturer：Ruijie Networks, A high performance network union lab （
IHEP-Ruijie)
QI Fazhi／IHEP CC
高能所－锐捷网络高性能计算网络联合实验室
SDN@IHEP model
QI Fazhi／IHEP CC
Final Result
团中央网络影视中心
数据中心
高清新媒体应用
中青网广州数据中心
城市及分中心间链路
数据中心
城市间备选链路
APT安全防范应用
高清新媒
体应用
一级控制器间协同工作链路
一级控制器与二级控制器间
管理链路
二级控制器
一级控制器
二级控制器
上海
中科院网络中心
数据中心
10G
10G
APT安全
防范应用
VLBI应用
10G
10G
北京
大亚湾中微子
10G
10G
数据中心
广州
10G
二级控制器
10G
10G
高能物理
数据应用
二级控制器
一级控制器
中国散裂中子源
中科院高能所
数据中心
数据中心
高能物理数据应用
二级控制器
APT安全防范应用
二级控制器
QI Fazhi／IHEP CC
高能物理
数据应用
Summary
• IPv6 infrastructure @IHEP is running well
• The IPv6 management and support platform is running well
• The Gridftp testbed @IHEP for IPv6 is ready
– We would like to jion the mesh test for data transfer
• IHEP SDN project will build a platform in China for
HEP(BESIII/Daya Bay Experiments) data transfer with the
current/IPv6 network infrastructure
QI Fazhi／IHEP CC
Thank you
QI Fazhi／IHEP CC