ESnet Site Coordinators Committee (ESCC) Meeting
Jefferson Lab, Newport News, VA, September 30 - October 3, 1997

Contents

ESnet Site Coordinators Committee (ESCC) Meeting *

Introduction *

ESnet Network Group Status Update - Joe Burrescia *

ESCC NMTF/NMFG Status - Les Cottrell, SLAC *

IPng WG Status - Bob Fink, ESnet *

Multipath Routing Protocol Test (Steve Batsell) *

Discussions in the Hall *

Report from Washington - George Seweryniak *

ESnet Steering Committee Report - Sandy Merola *

ESnet Report - Jim Leighton *

Network Information & Services Group Update - Alan Sturtevant, ESnet *

Video Collaboration Services Scheduler - Craig Tenney, ESnet *

Security Issues *

NGI Futures - Bob Aiken *

Java Based Applications - Dave Dowty, Christopher Newport University *

A Coordinated Browsing System - Mohammed Zubair, Old Dominion University *

Introduction

This was the Fall meeting of the ESCC. There were three attendees from SLAC including Warren Matthews, Bob Cowles and myself. The first afternoon was devoted to the Network Working Group, the second day to plenary issues (updates from DOE, Esnet, the ESSC, networking WG report, Esnet information and services etc.) and the last 2 days to working groups on distributed computing (DCE, remote conferencing, security issues, directory services etc.). I attended the first 2 days that covered the network and plenary issues. There was considerable interest in the SLAC/HEPNRC monitoring tools. The exclusion of DOE from the NGI (Next Generation Initiative) was a hot topic. Funding may still be available for DOE Mission-oriented applications that are network challenged. Interest in security is increasing. As is often the case much of the useful sharing of information came from break-time discussions so I have included a section entitled "Discussions in the Hall" to cover this.

ESnet Network Group Status Update - Joe Burrescia

Two new members, one Chin Guok is working on monitoring.

Multicast developments

Set up special scoping for multicast for Russian videoconferences. Also investigating PIM running on routers carrying full nodes. Sparse mode may be problematic. Dense mode allows pruning. Sites need to be aware of setting up tunnels to non-ER funded sites, since ESnet not authorized to carry non-ESnet traffic. Several real-time events have been supported recently including Milwaukee collaboration, DOE 2000, a Whitehouse demo, ESSC. They will support the SC97 conference (http://www.supercomp.org/sc97), will pull in an OC3.

IPv6 & 6bone

Lot of work on BGP4+, new sites, new registry etc. They have three interworking BGP4 implementations (one is from Cisco). Trying to bring up a mail host supporting IPv6 natively. They plan to run IPv6 over ATM; an IPv6 over ATM PVCs RFC was just published. Cisco says will ready to implement when spec is ready. Spectrum Network Management Spectrum works well for LAN, not so good for ATM/WAN. Cabletron claims they will provide better WAN/ATM support for Spectrum, but it has not happened yet. Moving to version 4.0.3 which has monitors for alarm thresholds. Joe is interested in setting up an ESnet Spectrum user group. They are working on a new statistics system called BestView. Has been in alpha/beta for last 6 months. In process of cutting over from in-house designed system.

Increasing number of network attacks

Ping attack sends an ICMP request to a broadcast address at your site with a spoofed source address. Need spoof filtering. This swamps the spoofed source with ping responses. Turn off IP directed broadcast, if possible. However this will break DHCP helpers, and is rumored to cause problems with the Microsoft browser. May have to deep six the packets at the firewall if they are addressed to the all-1 or all-0 addresses. If you are a victim, then will see lots of ping traffic. It is hard to find the real perpetrator. Can only track back to where the packet enters the ESnet cloud. ESCC NMTF/NMFG Status - Les Cottrell, SLAC

IPng WG Status - Bob Fink, ESnet

For more see http://www.6bone.net/

The IPng WG is really dormant while various things happen, the 6bone evolves, sites connect to the 6bone with ESnet help, it waits for real activity.

What is the IPv6?

An international testbed to test IPv6 implementations & standards, tryout IPv6 transition strategies, get early applications/operations experience, motivate implementers & ISPs, get experience to try IPv6, and to start the transition.

Other areas besides 6bone are doing testing including trade shows & UNH.

Renumbering of sites in IPv6 is a very important issue to get round of sites moving ISP and not giving up site address, and so making the new ISP carry a new lot of routes.

FTP Software is dropping their development of a Windows IPv6 stack. Microsoft is believed to be willing to implement IPv6 when they have the common driver format in place (WNT=W95 drivers), and things look a bit clearer. The IPv6 folks do not want to bring in Microsoft until more issues are resolved and it becomes less of a research project. Two people in Sweden are working on a WNT implementation. Cisco version is currently not optimized (it runs in processor mode).

There is still a need for an IPv6 over ATM specification. Someone from Ipsilon was working on a spec, Japan also claims to have one, plus another one appeared. Cisco is said to have completed an implentation of a specification, but unclear which one.

Mike O’Dell (UUnet) raised concerns about the old addressing structure, which resulted in Aggregation Based Addressing. Hope most ISPs in 4 or 5 years will be converted to IPv6, but some will not be there, so how does one skip across the intervening IPv4s ISPs. The idea is to use Next Hop Routing Protocol (NHRP) server that will return the Ipv4 tunneling boundary point so can tunnel to it and then it goes via IPv6 within the IPv6 cloud. It will be an extension of NHRP.

Besides running out of IP addresses in IPv4 the current IPv4 infrastructure is suffering from complexity explosion. To address this they introduced Aggregatable Unicast Addressing. The TLA is for < 8000 big players (MCIs, Sprints etc., but unclear how one determines who is a TLA, and who makes the determination). This limits the size of the routing tables that have to be carried by the TLAs. I.e. only need to know how to reach the right TLA then the TLA will determine how to get to the NLA. This removes the need for a centralized registry (as long as one can assign TLAs). SLA is for the site; it will probably be the site subnet number. An important advantage of the AUA is important for allowing site renumbering.

The EUI-64 Interface ID are used to identify interfaces on a link. The IEEE EUI-64 format has an extended IEEE 48-but MAC address embedded in it. The old Ethernet address consists of a manufacturer code (cccccc) and a device field (eeeeee). The new EUI-64 that incorporates this is thus ccccccFFFFeeeeee (where FFFF indicates an Ethernet).

Selling IPv6 will be important. It will need to have a transparent conversion; desktops will need to be delivered with both an IPv4 and an IPv6 stack. It is also has to be seen as not a choice since Ipv4 will not meet the needs. If IPv4 goes away it will be very slow and long term. New devices (e.g. traffic light devices) will probably only come with an IPv6 stack.

People are starting to do IPv6 pinging so they can ensure they have a production backbone.

Bob feels that IPv6 is still 2-4 years away (i.e. before you can make an honest call that it is a success).

Multipath Routing Protocol Test (Steve Batsell)

For more see http://www.epm.ornl.gov/~sgb/net.html

Conventional routing optimizes a single metric such as delay, hops, bandwidth, jitter, shortest path or shortest-widest path. QoS routing selects path to meet QoS requirements. Batsell/Rao have implemented a multipath routing algorithm and will incorporate into gated.

Spring 98 want to do a test on a Morphnet version of ESnet.

If interested in partnering send email to sgb@ornl.gov

More efficient way of doing QoS, and reduces the risk of rejections.

ESnet International

Discussions in the Hall

DHCP

• ANL has one DHCP server. It is for the business services type people only. It is probably based on a WNT platform. It is not centrally managed.
• BNL does not run a DHCP server.
• FNAL is looking at running a single central DHCP server. It will be centrally managed. Mark Kaletka believes it is based on the Cisco DHCP server and runs on a Sun. They give out dynamic IP addresses with dynamic names (e.g. temp1). They keep a log of Ethernet addresses to IP addresses for auditing. They also support static DHCP. The contact is Matt Crawford <crawdad@fnal.gov>
• CEBAF has no DHCP server.
• ORNL provides a single DHCP server for its PPP service.
• LBL runs a DHCP server. They give out dynamic addresses. For conference rooms they allocate fixed addresses so that they can have demos with computers that do not support DHCP clients. They have a Web page with the IP addresses for conference room taps.
• ORNL have built some tools that allows one to enter a password for an account into Unix and then have that same password/userid placed in the WNT registry and the VMS userid/password files. It is called CAMS and the contact for WNT is Sandy Guinn.
• Mark Kaletka said that FNAL have something similar. The contact is Keith Chadwick chadwick@fnal.gov.
Videoconferencing
• Jim Rome, of ORNL, showed a videoconference of a meeting being broadcast (by streaming video) from Gatlinburg. It was using a product from RealAudio (see http:/www.realaudio.com/) which was impressive. The resolution looked like about 400x300. It was using about 100kbps. The audio was excellent; the video was also very good. They cache the feed so it is about 20 seconds behind, and this is how they get the good performance. It was very well reviewed in a recent PC magazine. The cost is about $8000 for the server to support up to 80 clients. The client software is freely downloadable over the Internet and is bundled in MSIE 4.0. Microsoft recently licensed the technology and bought 10% (non-voting) stock from the company. Jim is also keen on using Internet Relay Chat. One collaboratory function he also likes is the new Visual IRC product (see: http://www.virc.com/) for Windows. It also has some form of video support and it is free (at least at the moment). • LBL has a joint project with industry on diesel engines. The industry folks are very interested in NetMeeting, and so LBL is also getting more interested in it. Stu claims there will be a NetMeeting for Unix (is only Windows at the moment) and that it will support multicast (it does not support multicast at the moment). There is also interest in something called Hub & Arrow since it allows one to add features such as "floor control" (e.g. who can write on the White Board during a presentation, who controls the microphone). The Applications Working Group has a web page at: http://www-itg.lbl.gov/AWG.html from which one can get to useful notes (FAQ) on how to use the video tools. Charging for Network Access • CEBAF is a single purpose Lab and does not charge outside users for the network connections, unless it requires a major building rewiring or some other major effort. They have only a few 100Mbps ports, and are giving them away to power users who have a verbally identified need. If they do not feel the request is justified then they will provide the 100Mbps connection as long as the requester pays their part. • ORNL charges ~$40/month for the basic UID service, this includes email, access to the help desk, various accounts, access to the online databases, insertion in the phone directory, etc. They also have a $15/month charge for providing WAN access to the Internet and the intersite infrastructure. For connections on public networks (i.e. plugging in a machine to a wall jack on a public network) they charge ~$20month. This fee is based on cost recovery of the network services (i.e. takes the LAN network budget and divides it by the number of IP addresses registered). They also have a substantial amount of private networks which are not charged, but they are moving increasingly to public networks, as users need better connectivity and recognize the costs of running their own LAN. To ensure that hosts are registered in the DNS server, the Web server looks at the IP packet, does a reverse lookup to the name server, and if the node is not registered then they do not serve up pages to it. They do not charge for the initial connection. There is also an assessment of ~ $7/month on public ports at the Lab to enable continuous evolution and upgrading. People who want extra resources (e.g. 100Mbps ports) are addressed on a case by case basis. Sometimes the network group covers the initial connection cost, sometimes the user covers it, and sometimes it is shared. • At LBL most of the networking is charged to infrastructure. They long ago figured it was too complex and costly to try and charge based on usage. They do charge one time for new hookups. The costs used to be$260 for a 10Mbps shared port, $480 for a switched 10Mbps port, &$980 for a 100Mbps switched port. They are reviewing the charges based on new Ethernet equipment. This includes: the Cisco 1900 with 24 switched 10 Mbps ports with a 100Mbps feed for < $60/port; the Cisco 2926 with 26 10/100 switched ports for <$400/port. Bob said that Bay's new switched Ethernet offerings look much better than Cisco's price wise, and hopes Cisco will become more competitive. The above costs do not include core switches or routers that are not charged back to the users. They are skipping providing 100Mbps shared Ethernet ports, everything is moving to switching. The avoidance of 100Mbps shared is due to:
• the limited savings compared to switched 100Mbps;
• the increased problems with isolating problems compared to switched Ethernet; problems with using auto-sensing ports (what if there is nothing on the segment and a 10Mbps only workstation connects up, the whole segment will be at 10Mbps even though many of the workstations could use 100Mbps);
• The reduced bandwidth availability is due to half duplex and sharing etc.
Network Monitoring
• Steve Batsell of ORNL has been working with a Ph.D. candidate to look at how to use statistical experiment design to see how to optimize network monitoring. The goal is to get the network monitoring to provide the optimal information about what one is interested in, for the minimum amount of resources used (number of collection sites, number of remote sites monitored, amount of data collected etc.) They used the early tools that were developed between SLAC/ORNL/HEPNRC for gathering the data. I had a short look at the thesis, it was heavily oriented to statistics (as opposed to networking) but it looked very interesting. Anyhow Steve hopes to get some funding to support further effort in this area, and wants to collaborate with SLAC to get the latest tools and access to all the data we (SLAC/HEPNRC) are archiving. He hopes to visit SLAC in late October/November to discuss this further.
• ORNL has hired someone to take over from Gary Haney (who was doing the WAN monitoring at ORNL and left to head up a network group at a local hospital). There is a person in the network research group (Lawrence MacIntyre) and another person in the operations group who will be involved in picking up the SLAC/HEPNRC code and making ORNL into a Collection site.
• Bill Wing agreed to take the lead on finding a place to publish the paper we (HEPNRC, ORNL & SLAC) put together last January for submission to the IEEE. We (Bill, Dave Martin & I) felt it was worth the effort, and that some revision might be needed to bring it up to date.
• I talked to Mike O'Connor of BNL about the traceroute CGI script BNL has. Terry Healy developed it. Mike agreed to talk to Terry about making the tool public domain and providing instruction on how to get and install on the Web. If this was done then we could put a pointer to the tool on our Web page and encourage collection sites and remote sites to install it. Mike is also interested in Java applets so I showed him Mapnet and discussed with him about extending it to show our data on performance. Mike also mentioned that BNL has a useful tool that displays nodes registered by subnet, nodes responding to pings, free addresses by subnet etc. He is willing to share it with others.
• BNL is also interested in installing a Surveyor; I will pass on the information to Guy Almes.
• We need a name for the SLAC/HEPNRC monitoring tools. It has to do with "brand name recognition" so each time one talks about them one does not have to describe in detail what one is talking about together with who should take credit etc. I discussed this with Bob Aiken and he agreed. He said having the name Morphnet (Multipurpose Operational and Research and Production Hierarchical network) to refer to the idea of building a multilayered network with both production and research parts at each layer has been enormously helpful in promoting the idea. A couple of ideas came up PingEM (for Ping ESnet monitoring, or Ping End-to-end Monitoring), and PingWAN. I am also discussing this issue with the HEPNRC folks and previously had suggested pmeter and pmon.
• Esnet has hired a new person, Chin Guok, to look after network monitoring. He appears very interested in the SLAC/HEPNRC tools, though his main emphasis is on understanding the performance of the overall Esnet. We had several discussions on how they could use our tools, and I encouraged him to install them at LBL/Esnet.
DOE
• The DoE budget has been approved by the joint House & Senate Conference Committee and sent to the President.

Report from Washington - George Seweryniak

Large scale networks:

• The FNC and FNCAC have gone. Will be picked up by a committee (LSN (Large-Scale Networking) WG - falls under NTSC/CCIC under Computing Information & Communications R&D Subcommittee) led by George Strawn & Dave Nelson.
• PSWG/CIS privacy security working group will continue for information sharing among agencies. Report due out end of this month.
• EOWG è JET (Joint Engineering Team) Look at sharing of networking among the agencies will take up work of FNC. Working on getting a common AUP. Proposal to also worry about International AUPs.
ESnet & NGI programmatic Goals
• ESnet progress report expected early CY 97, is a little behind, it is an important report in terms of informing the government what we have done
• NGI Concept paper/Impl plan Jul 97 complete (see http://www.ngi.gov/ ).
• NGI workshop May 13
• ESnet video support re-evaluation mid CY97 complete, there was a threat that support would be cut off in favor of commercial service, but OK.
• ESnet program plan mid CY97
• NGI budget info late CY 97 (DOE got zeroed out, did not lose any money), will do NGI with internal funds
• ESnet program review mid CY98 (question is the review for the DOE or the ESSC)
• ESnet follow-on RFP release mid CY 98. The current contract expires 1999, last one took 2 years to award with all the protests, Jim expects to have the RFP ready early 1998, could be problems due to conflict with FTS 2001 will be awarded at the same time and is expected to cover many of the services provided by ESnet.
• This is a major issue, has to do with follow on contract for ESnet. ESnet has done well, funding is stable
• NGI & DOE funding issues (all 1998). Will do more publicity and try to get extra NGI funding for 1999.
ESnet Future
• Current contract expires
• Post FTS-2000 (FTS-2001) issues www.gsa.gov
• Requirements
• International
• R&D vs. Production (need to look carefully at the balance, in particular is it a research network, or a network that supports research)
• Other agencies (NASA is on the present contract, should we include other agencies in future contract, should we join another agencies contract, pro it could give better prices and better interworking, but could be harder to award)
• NGI (www.ngi.gov)
• Funding
FTS2001 Services
• Circuit switched (e.g. ATM), satellite services (mobile & fixed), video conferencing, EMS (X.400), electronic commerce, video teleconferencing, international services etc. so it will need a lot of substantiation as to why ESnet is different and should not use FTS2001
Summary
• Need program reps. To provide input to Program Plan
• Need Program Representatives to provide input to the Progress Report
• Need committee to carefully analyze our future requirements in light of FTS2001 and NGI (concerns over protests for RFP award for ESnet).
• Need ESSC to provide input on the R&D production futures of ESnet & follow on contract to DOE & Jim.
ESnet Steering Committee Report - Sandy Merola

NGI

• Payoff not proportionate to efforts of hosting regional meetings, the DOE plan, the LSN, the NGI R&D workshops.
• The counter forces were politics, congress seems disinterested in DoE's role in research
• Expected positive outcome was $0.0 • The known outcome: new policy restricting university connectivity to ESnet. ESnet university connectivity policy. • Approving the direct connection of a university will now also include a letter from an appropriate official of the university. MICS will re-evaluate existing direct university connections to ESnet. Universities with existing ESnet connections will need to affirm their need to connect to ESnet. DOE Corporate network • EMnet the DOE business & corporate network. • There were early offers to carry their traffic & work with us. It is a separate non-ESSC issue; it is a potential site issue that the ESCC may serve as a reasonable forum for. There will be multiple networks in the DOE, the DOE EM, ESnet, and the emergency network. These networks will touch. • There will be a document recommending the creation of the EMnet to the DOE CIO (Woody Hall), and the ESSC will be requested to comment on. International Issues • Greatly increasing requirements • Rising costs • No increased funding • Focus on CERN: • HEP want better access to CERN • Increased funding requested but the ESSC was unsympathetic, given the constant funding • Changes in routing requested allowing direct routing access from all HENP including partner Labs & universities. The ESSC concurs with the goal, but wants to get a hassle-estimate from ESnet • ESSC must do its share to get networking to be a more important, visible & funded effort by the DOE. Longer term issues • ESSC agrees that supporting production & research on the same infrastructure is desirable • ESnet is not just an ISP • MICS provides not only ESnet but R&D of the needed future networking services • MICS: QoS by over-provisioning bandwidth will be non-affordable • Cost per bit will decreases, but demand is rising, so net increased cost. Applications Requirements Working Group • Has been formed to help ensure that future network requirements of the ESnet community are identified • The process includes the following steps • Extract currently documented applications from the draft program plan • ESSC review (ESCC)? • Working group will work with network providers & researchers (Leighton, Steves, Loken Jacobson) to id needed supporting networking services/research • Deliverable white paper identifying issues etc by Jan 1998 ESnet Report - Jim Leighton Statistics • July 1998 18.8 Gpkts accepted (approx. 0.7% DECnet), 5.22 Tbytes accepted, 277 bytes/pkt. • July 1997 10.7 Gpkts accepted (approx. 2.96%), 3.03 Tbytes accepted, 283 bytes/pkt. • DECnet was holding steady while everything else was increasing, over lattes few months DECnet dropped off by factor 3. • Moving 50 Mbps into & out of network during heat of the day. Domestic Issues • New sites: • INEL T1 via LLNL, link installed, awaiting routing plan resolution • Chicago hub with ATM OC3 installed May 1997, ANL @ OC3 installed Jun 1997, FNAL @ OC3 installed September 1997, the NAP @ OC3 is expected October 1997 (upgraded from T3 to support NASA requirements). • Albuquerque hub at OC3c expected anytime now • DC hub • Connecticut Ave at DS3 was installed Jun 97, will upgrade to OC3 to support NASA. • Perryman at DS3 installed August 97, will upgrade 2xDS3 to support NASA • VBNS T3 via GA to SDSC operational ??/97 • Network Virginia local interconnect @ DC hub operational Sept-97. • George Washington U T3 via DC hub will pay for T3 access circuit, HQ letter to be written. • Human Genome Center T3 via Oakland hub, a new center is being established in Walnut Creek CA(joint LLNL, LBL, Berkeley effort), operational status expected Spring '98 • LIGO (Laser Interferometer Gravitational Observatory) NSF project: NxT1 via PNNL, is an experimental facility near PNNL that needs connectivity to Caltech & other collaborators. • ANL moved to Chicago hub, completed Jun-97, upgrade OC12c expected early 1998. • FIX-West > upgrade to T3 expected ?? via Oakland hub • FNAL > move to Chicago hub installed Sep 97, upgraded to OC3c • GA > local loop upgraded to OC3c expected Sep-97 • ITER-US > local loop upgraded to OC3c expected Sep-97 • JLAB > moved to DC hub @ T3 completed Jul-98 • LANL upgrade to OC3c, expected September 1997 • LBNL to move to OC12 • MAE-East moved to DC hub completed Jun 97 • Upgraded to 10 Mbps/T3 connection, T1 was very heavily congested • MIT upgrade to T3 completed Jun 97 • ORNL upgrade to OC3c completed Jun-97 • Sprint NAP upgrade to T3 via PNNL • Begun removing FTS 2000 T1 circuits, minimal number left for keep alive. • All this has cleaned up the architecture by using Hibbing University Access • There is a new DOE policy that requires a written letter from university for direct ESnet connects. • VBNS is moving ahead with Internet 2 & NSF "Connections" program, the GigaPOPs seem to be stalled (for the most part), little/no info on universities-GigaPOP binding, no schedule information. May expect more activity by the end of 1997. Part of the problem is the cost; they did not get as much discount as hoped for from MCI. The GigaPOPs are very interesting to ESnet since it could provide a rational way to connect up a lot of universities. • ESnet has established peering with vBNS at SDSC, MAE-East, and the Sprint NAP. Perryman and Ameritech NAP are in progress. University interest is high in reaching DOE National Labs. • Likely new peers: • AADS (Ameritech) - Northwestern U, U Chicago, U of Illinois at Chicago, U Minn, Merit, U Mich, Michigan Sate, Iowa State, Notre Dame, Indiana U, U Wisc-Madison • Perryman - JUHU, Umd, Upenn, U Virginia, Old Dominion • SDSC (CalREN2) - CIT, UCI, UCLA, UCR, UCSB, USC, USC-ISI • Connecticut Ave - Network Virginia, GWU • No Cal (?) CalREN2 - Stanford, UCB, UCD, UCSF, UCSF • More expensive: • Atlanta hub - Georgia Sate, Georgia Tech, UT, • Sacramento - Oregon State, University of Oregon VBNS peers today • CMU, Cornell, NorthWestern, (Chicago & Evanston), U Washington, U Oregon, Harvard, Duke Bad list of Universities from ESSC study was (+ already there, - soon (we hope)): • University of Washington - is planned to have vBNS connectivity at Sacramento. • Purdue ?? • Johns Hopkins - will peer at Perryman • U Oregon - via vBNS at Sacramento • Harvard - via vBNS • Duke - could peer with vBNS at Atlanta The poor list was: • UCSD + UCnet • UMd - Perryman • U Michigan - Chi NAP • U Colorado + vBNS • U Wisconsin + FNAL/NAP (ATM tunnel) • U Pennsylvania + vBNS • U Minnesota - Chi NAP • UC Irvine + UCnet International Issues • TEN-34/155 has approx. 300Mbps cross Atlantic traffic, European cost=$40M/year, essentially no contribution by US (see www.dante.net/ten-34)
• DFN considering putting voice over ATM, are doing native ATM pilots, expect transition to OC12c next year, have T3 connection to TEN-34 up & running, 2*T3 to US 20MDm/year. Traffic to Germany appears to be 3 times that coming from Germany.
• GARR has 250 sites, 30 INFN points, 70 universities, GARR-B next phase TEN-34 Oct97-Jul98, 155/622Mbps in '99. Seem to have 4-5 nodes running ATM. Looking for 45Mbps transatlantic bandwidth via Telecom Italia to be delivered summer '98. Install GARR router in Perryman, move T1 to ESnet from PPPL to Perryman
• Japan ESnet 1.5Mbps operational Sep-97, Beijing moving up to 128kbps, Novosibirsk to be installed at 128kbps. NACSIS = 6Mbps to US (heavily saturated) almost unusable going to T3 to SprintLink Oct 97, NACSIS has 2Mbps to Europe. Major problems are connections to US universities and to TEN-34. They want connections to universities via ESnet.
• UK UKERNA = 155Mnps for national academic net, use TEN-34 for European connections, have T3 to US.
• Canada has 1.5Mbps link via PPPL. CA*net II production network to support advanced research has OC3c to STAR-TAP, will support all CA universities & labs, will use GigaPOPS, they view the STAR-TAP as the center of international connectivity.
• ITER is quite happy with network support, want better access to Russia (Kurcvhatov), ITER project end in 1998, then want to go into a 3 year pre construction phase.
• CERN will have 2*E1 transatlantic, direct connection to ESnet planned. Will provide QoS via frame-relay on CERN end. Also looking at Committed Access Rate capability from Cisco.
Japan
• JAERI was 256kbps, 768kbps/1Mbps from NAKA-LBNL
• Problem with providing "default"
• Status: operational Sep-97vBNS, DFN (2*T3), CERN (2*E1 working with CERN to install), INFN (T1, Dec-97)), DANTE (T3, Dec-97) with ATM interconnect, looking at a peering at T3 access to vBNS which is also located at Perryman with an OC3 to vBNS
• NIFS (was 64kbps)
• 128/256 kbps FR Tokai-LBNL
• Status: expected operational Sep-97
• KEK was 512kbps
• T1 circuit Tsukuba - LBNL
• Status: expect operational Sep-97
• Providing temporary default routing
• Perryman (it is a big MCI POP near Aberdeen Proving grounds in Maryland, I think):
• vBNS, DFN (2*T3), CERN (2*E1 working with CERN to install), INFN (T1, Dec-97)), DANTE (T3, Dec-97) with ATM interconnect, looking at a peering at T3 access to vBNS which is also located at Perryman with an OC3 to vBNS
• Sprint. Has a big POP at Connecticut Avenue where ESnet is collocated:
• Plus ESnet has 2*T3s between Connecticut Ave and Perryman
• At Connecticut Avenue there are connections to ESnet (T3è OC3 with connections to NASA/NREN), DOE-GTWN (3*T1), MAE-East (T3), Network Virginia, Georgetown University, JLAB (T3).
• Upgraded ESnet connection to DFN via Perryman, bandwidth & cost - draft agreement, guaranteed bandwidth CBR.
• CA*net T1 to PPPL operational Sep-97, interested in access to CERN.
• CERN carry as ESnet "semi-primary" site.
• DANTE plans to establish a POP at Perryman
• General university access
• STAR-TAP access
ESnet Contract

Contract with Sprint runs out soon. Looking at negotiating a new contract. Will compete. NASA/NREN interested in collaborating.

Framework

• Will use successful aspects of current contract including advanced communications services, partnership arrangement working within vendor's general strategy, term = 3+1+1 years, highly flexible contract. Need to consider whether to coordinate with other DOE/Fed networks (e.g. EMnet).
New requirements:
• ATM ABR, SVC,
• hubbing & collocation support,
• international support,
• transition support from current contract,
• dealing with growing bandwidth requirements with fixed budgets,
• local-loop costs (1/3 budget goes into last mile).
Schedule for reprocurement:
• Outline general requirements, approach, schedule - 4Q97.
• Establish working teams (have a volunteer from NASA), evaluation, procurement - 4Q97
• Do initial vendor visits - 4Q97
• Refine approach, solicitation - 4Q97
• Complete procurement package - 1Q98
• Do vendor briefing - 1Q98
• Release procurement - 1Q98
• Complete evaluation - 2Q98
• Develop transition plan -3-4Q98
• Begin transition - 1Q99
• Complete transition - 3Q99
Research Directions
• QoS
• ATM capabilities
• ABR (Available Bit Rate)- fair sharing of bandwidth
• ESnet ATM users, international
• CBR (Constant Bit Rate) dedicated line emulation
• Video/ISDN replacement
• UBR (Unspecified Bit Rate) no guaranteed service
• Costs effectiveness
• Research support
• RT-VBR (Real Time Variable Bit Rate)- delay & jitter control
• Experimental control (?), video
• SVCs (Switched Virtual Circuits)
• All the above capabilities on demand
• IP capabilities
• Tag switching
• Class Based Queuing (CBQ) being promoted by Van Jacobson uses a spare bit in the IPv4 header.
• Integrated Services (IETF model), least likely to make it, it tries do all things for all people, but is inordinately complicated
• Issues
• Coupling of IP & ATM QoS capabilities
• Allocation of resources
• Interior vs. exterior QoS
• QoS performance levels
• IPv6 based collaboration with
• Ellemtel ( a non-profit co-owned subsidiary or Ericson & Telia in Sweden) various network trials of native IP multicast, native IPv6, & IPv4 & IPv6 QoS mechanisms
• May be willing to pull a T3 into Perryman
• Test beds
• Proposing to establish an alpha ESnet backbone research & trials for emerging technology will use PVC connections on existing ATM infrastructure
• Other project testbeds are being considered
DOE corporate network
• DoE's Information Management Council (IMC) has tasked the DOE Networking Group headed by Tom Rowlett of HR, to create a business plan for a DOE corporate network.
• The precise nature is not understood, for example security requirements, however it could clearly impact ESnet, the Labs & the field offices
• It is generally recognized at this time that the creation of a new network is not advisable thus an issue facing the DOENG is "Upon which existing network should the DOE corporate network be built?" it is very clear that most of DOENG wants to build its own network.
• It could make life more complicated for network people at sites, e.g. to decide how to route packets if the site connects to both ESnet and DOENG.
PR Work
• Services, overview, Impact on Science
• Short videos to show impact of networking on research collaboration with US industry, distributed computing support, support for other programs through virtual network support. Will make available over the Web in a variety of formats
• SC97 support (vBNS will not support this year), have been asked to support, Sprint will provide OC12c from Oakland hub to SC97 show floor and ESnet will get an OC3 out of this.
Network Information & Services Group Update - Alan Sturtevant, ESnet

FTEs: Mike Helm (directory services & CA services), Marcy Kamps, Joe Metzger (news), Joe Ramus, Sue Smith, Allen Sturtevant; contract people Craig Tenney (VCS/VCSS services), Don Varner; plus a summer student.

ESnet mail hubs nersc.gov & es.net split. Now have 199 mailing lists, spam filtering now available for lists (primarily for rem-conf@es.net).

ESnet news feed is alive again, not an ESnet wide newsreader service.

NIS group server machines: all new servers on 100 Mb Ethernet switch, telnet & ftp disabled everywhere, clear text disabled for ssh logins & Kerberized rlogin/telnet logins, 1 secure terminal server deployed, 2 to go.

NISG high availability system on two dual cpu 300 MHz Sun servers (which heartbeat one another), two dual connected Sun RAID disk arrays (using Veritas & FirstWatch dynamic failover), supports VCSS, web server, Oracle dB, ESnet site info, MOUs etc.

ESnet DCE servers upgraded 4 Sun Enterprise 1 servers, 2 Sun Enterprise 2 servers (dual CPUs) 2 Sun RAID arrays (FS file servers). Primary ESnet Web server (HA) Netscape Enterprise v2.0a, Netscape Catalogue Server 1.0.

ESnet distributed help desk, draft v1.0 white paper available on ESCC private page. Needs work on clarification of concepts, clarification of riles. Pilot version by next ESCC meeting. They are still evaluating commercial products.

ESnet digital services: goal to seamlessly integrate audio, video & digital technologies including: VCS/VCSS, Mbone/multicast, Unicast, ISDN, ATM, packet-switched, A/V streaming, A/V library, record on demand playback on demand, Web technologies. Looking at First Virtual Corporation with a video storage server (ATM based), ATM-ISDN gateway, and ATM switch. They also support MPEG1 for VHS.

VCS 40 port PictureTel ISDN video hub with a future ATM interface.

They have a SGI workstation for Webforce, Cosmo, Kai's Power tools, Adobe Photoshop / Illustrator / premier … for picture editing etc.

Storage / transfer requirements: MPEG1 500kbps to 3Mbps (typical 1.5Mbps), MPEG2 4-100Mbps, DVD ~ 10 Mbps, HDTV ~ 20Mbps, typically 10 Mbps. The broadcast industry is moving to MPEG2.

Video Collaboration Services Scheduler - Craig Tenney, ESnet

Started as a two-week projects, first internal beta release was October 27, 1993, was a telnet interface based on NIC menuing system, with a few hundred lines of Perl.

Now it is Web based, with a 40 port MCU, with automatic conference setup and tear down, they have added the Mbone gateway, an online help desk.

Web based scheduler provides online reservations & schedules with 20K lines of code, with an Oracle backend and provides automated reservation, modification and cancellation plus daily & weekly schedules.

Automated conference setup/teardown is integrated with PictureTel LiveScheduler (runs on PC running Unix). The setup starts 2 minutes before start of conference. Takedown is scheduled 5 minutes before the end of the conference Directory numbers are provided online & in email notices. The MCU autodials the Mbone gateway. Vic & vat start automatically.

ESnet to Mbone gateway runs on a DEC Alphastation with Vic v2.8, Vat v4.0b2, a VGA & AV321 interface. The VGA goes to NTSC to the VTEL & thus to ISDN cloud (can support up to 384kbps). Lose quality from Mbone to room based video at the VGA to NTSC interface, they are looking at an alternative.

The Help desk has a Remedy trouble ticket system. There is a site registration system and a form for reporting problems.

Plans for the future include two mbone gateways, and looking at the FNAL multi-session bridge. They are looking at encrypted versions of vic & vat. They are also looking to port some of scheduling package from Perl cgi scripts to Java. They are looking at the Latitude audio bridge to allow phone conversations to be bridged in. There is a FAQ for the help desk.

George Seweryniak asked for the statistics to report on mbone usage, this is important for justifying the adding of more Mbone gateways. The Mbone gateway is assigned as a room (resource) so utilization will be available.

Van Jacobson is working on a floor control system for videoconferences for moderating who talks. White Pine has a reflector that is H323 compliant, but vat & vic are not H323 compliant so unclear how they could be put together.

Security Issues

ORNL transitioning their security from all of Lockheed/Martin at ORNL to just the Laboratory. This has delayed start up of the advanced security group.

Hacker got into local Linux multi-user system PC at CEBAF. The cracker installed a sniffer, got lots of passwords (not easy to detect on a Linux PC), had to pull plug on Friday for 5 days, so they could change passwords etc. Lesson learnt is that cannot tell users not to bring their machines on site. They are making a load of recommendations as to how users run their Unix PCs etc. For example they insist the machines use ssh on site, and they must allow a login from a central site machine so it can be checked for being in promiscuous mode, MD5 passwords have changed, or there is something mysterious. At CEBAF they will not give out an IP address until the central site has installed and checked the configuration of the PC. Unclear how far they can push users. Users may not like the ssh terminal emulator (e.g. key layout, or colors), so may resist and may require a policy to impose. It appears one has to go through the pain and agony of a break in before the community will accept the smaller amount of pain. LANL has decided to partition its networks with gradations of security, for users who come in from offsite they will be less trusted. ORNL is setting up a more secure subnet for people who require increased security, which has more stringent requirements to be allowed onto. The problem will get worse when NT is multi-user. SLAC has tied it into phone pager system.

We could look into sharing spam-blocking addresses. This could be part of the distributed help desk.

NGI Futures - Bob Aiken

As usual Bob made this presentation at light speed, so the notes below are fragmentary. Hopefully his transparencies when available will be a big help.

Main goal now is to do research (as opposed to providing increased speed) to advance the networking technologies. Networking engineering, monitoring, QOS end-to-end to application (how to bid on resources needed to provide a QOS, bidding requires security/authentication), data delivery, security (surety of routing updates, nomadic/remote access, PKI, smart net management, secure & fair access). Morphnet adopted by agencies as a possible way to do both production and research. Will need distributed help desk.

Goal 2 is 10 sites at 1000x, e.g. HIPPI64, will require new OS & end system architectures, WDM (to allow better utilization of existing fiber). Also 100 sites at 100x. IPv4 minimum bearer service, with IPv6 in future. ATM and others services as required (VPNs). Interconnections will require GigaPOPs. Big concerns will be QOS will need good monitoring to be able to show somebody got what they paid for.

NGI FY98 proposed $105M, DOD 10-40 (need 20 to break even), NSF 10-23, DoE 0-0, NASA 10, NIST 5, NLM/NIH 5. Much of this is not new money (but redirected) Internet 2 is University program. Will use vBNS/MCI, get NSF$. Internet 2 is production net oriented (e.g. beta test QOS). NGI - aggressive integration of NET R&D and applications. NGI connections peering policy supports program requirements, ESnet will not be a transit. 13M to universities, 2M for FedNet interconnection R&D, 4M for ultra high-speed nets (e.g. NTON), 6M for Lab high-speed network access 4M for applications. Senate markup not only not provided the $25M but also said "is unnecessary for DOE to fund the development of enabling technologies to meet its Internet requirements". So no funding for Lab upgrades, ultra high speed nets, interconnection R&D, connecting GigaPOPs except vBNS <> ESnet interconnects. Primary focus on DOE mission, will keep vBNS <> ESnet interconnections for access to DOE facilities, will peer with states & GigaPOPs ONLY when cost effective & mission requires it. Will keep DOE affiliated universities on ESnet when they show the requirements as well as a letter from the Dean / Provost (e.g. MIT, UCLA, Caltech …). Will continue informational coordination through meetings like this & JET. Networked challenged applications is a partnering opportunity with MICS. Establish a small number of testbeds for ER research applications that require advances in network & security research and are willing t adopt these new technologies while they are still experiment al evolutionary & in nature Storage, visualization, retrieval of large data sets. Interactive steering of experiments. Congestion control, … MICSW will fund net & security R&D & limited deployment, possibly enhanced connectivity, assure appropriate access of the applications to new network capabilities, funding 0.5 \to 2M Provide a network challenged application willing to be tolerant of less than production networking. Benefit applications are afforded the opportunity to live in the future Next steps consider opportunities, send white paper by … Possible R&D includes data & control channels, QOS, CBQ, ATM, RSVP, security, Morphnet & active nets. We may need a debriefing on why the DOE proposal was not acceptable. The next round in 1999 will be different, will depend on how initial NGI partners do. Java Based Applications - Dave Dowty, Christopher Newport University Web centric application for collaborations. It is designed to be simple, intuitive and extensible. Works on PCs & Sun's HotJava. Not been fully qualified on WNT yet. Macs are Java challenged, they are behind. Web-4M has a POP email client, calendar, bulletin board, plus chat rooms with whiteboard. Can cut and paste between applications, can enclose whiteboard stuff in email or save in document library etc. Can have private rooms, private conversations. There is a lot of security, supports Ssh, but does not yet do end-to-end encryption (awaits Java support). Browsable document library can be looked at easily from Web browser, supports gif, jpg, txt, html, mpeg. Simply drop browsable document into Web browser. Supports an interactive slide show. One person can control the slide show many others can follow the show. Do not have real time streaming audio yet, they do have some audio support. Group ware can be expensive to support and admin. For 100 total user licenses it is$3500, which includes the server, for 25 users it is \$1200. You can run multiple servers. Support for other Unix clients: they expect that it already works, but have not qualified it yet, it needs JDK 1.1 compatibility. IBM & HP have JDK 1.1 compatibility. Netscape support requires new (imminent) release of Netscape.

A Coordinated Browsing System - Mohammed Zubair, Old Dominion University

Want a group of users to be able to surf any web site with no new software. User has to register herself so can surf. This causes the user to download an applet that establishes a connection between the client and application server. Then set up proxy server for all clients that send the requests to the central registration server that then tells the applet(s) to download the web page. There are nasty details to do with making sure one gets all the objects for a given page. At the moment they do not synchronize scrolling, they only synchronize the page retrievals. They plan to add audio support. One target is to allow help desk to have a similar view as the user; another could be for education.