Science DMZ
15
Science DMZ Dr Alan Buxey, Loughborough University, Campus network engineering workshop 19/10/2016 1
-
Upload
jisc -
Category
Technology
-
view
214 -
download
1
Transcript of Science DMZ
Science DMZDr Alan Buxey, Loughborough University, Campus network engineering workshop
19/10/2016
1
“Science DMZ”
Or “exo-perimeter safe-harboured segmented network architecture facilitating science and research data transfer and access”
JISC e2e event, 19th Oct 2016
Dr Alan BuxeyLoughborough University
Science DMZ• An overview of the concept
• In one slide!
• Versus the typical ‘ad-hoc’ deployment
• Deployment…and onwards....
Consists of three key components, all required:
• “Friction free” network path– Highly capable network devices (wire-speed, deep queues)– Virtual circuit connectivity option– Security policy and enforcement specific to science workflows– Located at or near site perimeter if possible
• Dedicated, high-performance Data Transfer Nodes (DTNs)– Hardware, operating system, libraries all optimized for transfer– Includes optimized data transfer tools such as Globus Online and GridFTP
• Performance measurement/test node– perfSONAR
Did we say *3* components?
• Engagement with end users
Details at http://fasterdata.es.net/science-dmz/
The Science DMZ* in 1 Slide
* Science DMZ is a trademark of The Energy Sciences Network (ESnet)
Familiar?• Presented at JISC e2e performance initiative event in
2015
• Presented at Networkshop 44
• Presented at TNC2016
Getting the concept and message out there
Who/what/where?• DTN / HPC
• Have requirements for 10Gbit data transfer• Access/control now self-contained
• SDN experiments • Out of the way, isolated from inside production
• IPv6 experiments• ditto
Cost/benefits10G firewalls (Palo Alto) – campus traffic already using that budget (e.g. students)
“We need to transfer data….need 10Gbit...”
$$$$$$ for bigger firewalls, ‘small change’ for suitable 10G (and higher!) switches
Start small, build the environment• Basic small L2/L3 switch e.g. catalyst 3750
• Route statically from the external• (then find out about buffers, QoS limitations etc ;-) )
• Measurement tools e.g. PerfSONAR• Be ready to see difference• Inside/outside (can use to e.g. verify firewall)
• Engage with local community, propose idea• Trust!
Looks like… (Nexus 9372PX-E)
Image during staging. 2x10G to border, 2x10G to HPC, 2x10G VCP, 1G keepalive/heartbeat(40G optics not in use at this stage), long loopy fibres due to flexibility ;-)
PerfSONAR MadDash (small nodes)
IPv4 throughput IPv6 throughput
eduPERTA small amount of packet loss makes a HUGE difference in TCP performance
The future?file://localhost/.file/id=6571367.66263948
