Science DMZ
-
Upload
jisc -
Category
Technology
-
view
220 -
download
1
Transcript of Science DMZ
![Page 1: Science DMZ](https://reader036.fdocuments.net/reader036/viewer/2022081507/5872eb8e1a28abfa548b7203/html5/thumbnails/1.jpg)
Science DMZDr Alan Buxey, Loughborough University, Campus network engineering workshop
19/10/2016
1
![Page 2: Science DMZ](https://reader036.fdocuments.net/reader036/viewer/2022081507/5872eb8e1a28abfa548b7203/html5/thumbnails/2.jpg)
“Science DMZ”
Or “exo-perimeter safe-harboured segmented network architecture facilitating science and research data transfer and access”
JISC e2e event, 19th Oct 2016
Dr Alan BuxeyLoughborough University
![Page 3: Science DMZ](https://reader036.fdocuments.net/reader036/viewer/2022081507/5872eb8e1a28abfa548b7203/html5/thumbnails/3.jpg)
Science DMZ• An overview of the concept
• In one slide!
• Versus the typical ‘ad-hoc’ deployment
• Deployment…and onwards....
![Page 4: Science DMZ](https://reader036.fdocuments.net/reader036/viewer/2022081507/5872eb8e1a28abfa548b7203/html5/thumbnails/4.jpg)
Consists of three key components, all required:
• “Friction free” network path– Highly capable network devices (wire-speed, deep queues)– Virtual circuit connectivity option– Security policy and enforcement specific to science workflows– Located at or near site perimeter if possible
• Dedicated, high-performance Data Transfer Nodes (DTNs)– Hardware, operating system, libraries all optimized for transfer– Includes optimized data transfer tools such as Globus Online and GridFTP
• Performance measurement/test node– perfSONAR
Did we say *3* components?
• Engagement with end users
Details at http://fasterdata.es.net/science-dmz/
The Science DMZ* in 1 Slide
* Science DMZ is a trademark of The Energy Sciences Network (ESnet)
![Page 5: Science DMZ](https://reader036.fdocuments.net/reader036/viewer/2022081507/5872eb8e1a28abfa548b7203/html5/thumbnails/5.jpg)
![Page 6: Science DMZ](https://reader036.fdocuments.net/reader036/viewer/2022081507/5872eb8e1a28abfa548b7203/html5/thumbnails/6.jpg)
![Page 7: Science DMZ](https://reader036.fdocuments.net/reader036/viewer/2022081507/5872eb8e1a28abfa548b7203/html5/thumbnails/7.jpg)
Familiar?• Presented at JISC e2e performance initiative event in
2015
• Presented at Networkshop 44
• Presented at TNC2016
Getting the concept and message out there
![Page 8: Science DMZ](https://reader036.fdocuments.net/reader036/viewer/2022081507/5872eb8e1a28abfa548b7203/html5/thumbnails/8.jpg)
Who/what/where?• DTN / HPC
• Have requirements for 10Gbit data transfer• Access/control now self-contained
• SDN experiments • Out of the way, isolated from inside production
• IPv6 experiments• ditto
![Page 9: Science DMZ](https://reader036.fdocuments.net/reader036/viewer/2022081507/5872eb8e1a28abfa548b7203/html5/thumbnails/9.jpg)
Cost/benefits10G firewalls (Palo Alto) – campus traffic already using that budget (e.g. students)
“We need to transfer data….need 10Gbit...”
$$$$$$ for bigger firewalls, ‘small change’ for suitable 10G (and higher!) switches
![Page 10: Science DMZ](https://reader036.fdocuments.net/reader036/viewer/2022081507/5872eb8e1a28abfa548b7203/html5/thumbnails/10.jpg)
Start small, build the environment• Basic small L2/L3 switch e.g. catalyst 3750
• Route statically from the external• (then find out about buffers, QoS limitations etc ;-) )
• Measurement tools e.g. PerfSONAR• Be ready to see difference• Inside/outside (can use to e.g. verify firewall)
• Engage with local community, propose idea• Trust!
![Page 11: Science DMZ](https://reader036.fdocuments.net/reader036/viewer/2022081507/5872eb8e1a28abfa548b7203/html5/thumbnails/11.jpg)
Looks like… (Nexus 9372PX-E)
Image during staging. 2x10G to border, 2x10G to HPC, 2x10G VCP, 1G keepalive/heartbeat(40G optics not in use at this stage), long loopy fibres due to flexibility ;-)
![Page 12: Science DMZ](https://reader036.fdocuments.net/reader036/viewer/2022081507/5872eb8e1a28abfa548b7203/html5/thumbnails/12.jpg)
PerfSONAR MadDash (small nodes)
IPv4 throughput IPv6 throughput
![Page 13: Science DMZ](https://reader036.fdocuments.net/reader036/viewer/2022081507/5872eb8e1a28abfa548b7203/html5/thumbnails/13.jpg)
eduPERTA small amount of packet loss makes a HUGE difference in TCP performance
![Page 14: Science DMZ](https://reader036.fdocuments.net/reader036/viewer/2022081507/5872eb8e1a28abfa548b7203/html5/thumbnails/14.jpg)
The future?file://localhost/.file/id=6571367.66263948