Hepix LAL April 2001

An alternative to ftp : bbftpAn alternative to ftp : bbftp

Gilles FarracheIn2p3 Computing Center

farrache@cc.in2p3.fr

2Hepix LAL April 2001 Gilles Farrache

HistoryHistory

In 1999, the members of the French Babar collaboration decided to import from SLAC to Lyon a big part of the SLAC objectivity database

First approach : via tapes Needs a lot of manpower Problems with cartridge compatibility Delay between data production at SLAC and their availability in

Lyon quite long

3Hepix LAL April 2001 Gilles Farrache

HistoryHistory

Second approach : via the network using standard ftp

Security problems :Username and password flying unencryptedUsername and password present in .netrc file

Performances problems (Maximum bandwidth available at this time between

SLAC and Lyon was 6 Mbps) : Throughput performance on one ftp session : 80 Kbytes/s~Seven hours for one two-gigabytes file

4Hepix LAL April 2001 Gilles Farrache

HistoryHistory

First idea to improve ftp performances : Start n concurrent ftp

• Total throughput reaches 3.5 Mbps But you still need no network outage for seven hours

Second idea to improve ftp performances : Cut the file in n parts Start n concurrent ftp (one for each part) Rebuild the file But you double the disk space usage at each endpoint

5Hepix LAL April 2001 Gilles Farrache

GoalsGoals

Improve performances on single file transfer

Optimize disk space usage

Improve security

6Hepix LAL April 2001 Gilles Farrache

Performance improvementsPerformance improvements

Use several TCP streams to transfer a file

Use large TCP windows (RFC 1323)

Compress the data on the fly (using gzip algorithm)

7Hepix LAL April 2001 Gilles Farrache

Performance improvementsPerformance improvements

The client opens a control connection to the server

Exchange control information

Each side starts as many processes as requested, each process will send a slice of the file.

8Hepix LAL April 2001 Gilles Farrache

Performance improvementsPerformance improvements

100 MB file

0

10

20

30

40

50

60

70

90

100

80

0

10

20

30

40

50

60

70

90

100

80

compress uncompress

bbftp client process bbftp server process

100 MB file

9Hepix LAL April 2001 Gilles Farrache

Performance improvementsPerformance improvements

Compression plus parallel streams lead to throughput between 7 and 20 Mbps on the 6 Mbps link (often 12 Mbps with a standard Babar file)

But with higher speed links (34 Mbps), compression often reduces performance due to lack of CPU (perhaps we have to use another algorithm)

10Hepix LAL April 2001 Gilles Farrache

Security improvementsSecurity improvements

Standard bbftp connection method Use RSA encryption methods to transfer username and password

SSH bbftp connection method (Tim Adye’s idea) Use ssh to remotely start the server

11Hepix LAL April 2001 Gilles Farrache

Security improvementsSecurity improvements

Standard bbftp connection method

client server

connection

RSA key pair generationsend public key

Crypt user name and password using the public key

send encrypted data

Decrypt user name and password using the private key

OK or BAD

12Hepix LAL April 2001 Gilles Farrache

Security improvementsSecurity improvements

Standard bbftp connection method without password

Start a bbftpcd client which will keep the username and password in memory

Start a bbftpc client which will talk with bbftpcd and will give it the command to execute

Limitation : bbftpcd and bbftpc have to run on the same computer

13Hepix LAL April 2001 Gilles Farrache

Security improvementsSecurity improvements

SSH bbftp connection method

client

SSHD start the bbftpd process

Start a ssh client like ssh -x -l username “bbftpd -s” host

SSH client SSH daemon bbftpd process

Use the encrypted connection as control connection

14Hepix LAL April 2001 Gilles Farrache

Security improvementsSecurity improvements

SSH bbftp connection method without password

If the sshd server side allows the RSA authentication, a connection without any password is possible

15Hepix LAL April 2001 Gilles Farrache

BBFTP state of the artBBFTP state of the art

Current version 2.0.0 patch03 Possibility to play with :

• TCP window size• Read (Write) buffer size• Compression• Automatic directory creation• File mode• File access time • Number of streams• Remote and local umask• .bbftprc file• RFIO

16Hepix LAL April 2001 Gilles Farrache

BBFTP state of the artBBFTP state of the art

Current commands :• cd• get• put• lcd• mkdir• mget• mput

17Hepix LAL April 2001 Gilles Farrache

BBFTP state of the artBBFTP state of the art

Control file example :• 1 setnbstream 20 • 2 setremoteumask 022 • 3 setoption nocreatedir • 4 put /home/babar/jon/f1 /home/babar/bbrdist/newfiles/f1 • 5 setoption createdir • 6 put /home/babar/jon/f1 /home/babar/bbrdist/newfiles/f1 • 7 setnbstream 5 • 8 setrecvwinsize 1024 • 9 setoption gzip • 10 put /home/babar/jon/f2 /home/babar/bbrdist/newfiles/f2

18Hepix LAL April 2001 Gilles Farrache

BBFTP state of the artBBFTP state of the art

BBFTP home page : http://ccweb.in2p3.fr/bbftp/ BBFTP discussion list : bbftp-l@in2p3.fr

Archives on : http://ccmail.in2p3.fr/archives/bbftp-l.html Current experiments or sites using it :

PHENIX

ALICE (project)