ESnet Site Coordinators Committee (ESCC) Meeting
Jefferson Lab, Newport News, VA, September 30 - October 3, 1997


ESnet Site Coordinators Committee (ESCC) Meeting *

Introduction *

ESnet Network Group Status Update - Joe Burrescia *

ESCC NMTF/NMFG Status - Les Cottrell, SLAC *

IPng WG Status - Bob Fink, ESnet *

Multipath Routing Protocol Test (Steve Batsell) *

Discussions in the Hall *

Report from Washington - George Seweryniak *

ESnet Steering Committee Report - Sandy Merola *

ESnet Report - Jim Leighton *

Network Information & Services Group Update - Alan Sturtevant, ESnet *

Video Collaboration Services Scheduler - Craig Tenney, ESnet *

Security Issues *

NGI Futures - Bob Aiken *

Java Based Applications - Dave Dowty, Christopher Newport University *

A Coordinated Browsing System - Mohammed Zubair, Old Dominion University *


This was the Fall meeting of the ESCC. There were three attendees from SLAC including Warren Matthews, Bob Cowles and myself. The first afternoon was devoted to the Network Working Group, the second day to plenary issues (updates from DOE, Esnet, the ESSC, networking WG report, Esnet information and services etc.) and the last 2 days to working groups on distributed computing (DCE, remote conferencing, security issues, directory services etc.). I attended the first 2 days that covered the network and plenary issues. There was considerable interest in the SLAC/HEPNRC monitoring tools. The exclusion of DOE from the NGI (Next Generation Initiative) was a hot topic. Funding may still be available for DOE Mission-oriented applications that are network challenged. Interest in security is increasing. As is often the case much of the useful sharing of information came from break-time discussions so I have included a section entitled "Discussions in the Hall" to cover this.

ESnet Network Group Status Update - Joe Burrescia

Two new members, one Chin Guok is working on monitoring.

Multicast developments

Set up special scoping for multicast for Russian videoconferences. Also investigating PIM running on routers carrying full nodes. Sparse mode may be problematic. Dense mode allows pruning. Sites need to be aware of setting up tunnels to non-ER funded sites, since ESnet not authorized to carry non-ESnet traffic. Several real-time events have been supported recently including Milwaukee collaboration, DOE 2000, a Whitehouse demo, ESSC. They will support the SC97 conference (, will pull in an OC3.

IPv6 & 6bone

Lot of work on BGP4+, new sites, new registry etc. They have three interworking BGP4 implementations (one is from Cisco). Trying to bring up a mail host supporting IPv6 natively. They plan to run IPv6 over ATM; an IPv6 over ATM PVCs RFC was just published. Cisco says will ready to implement when spec is ready. Spectrum Network Management Spectrum works well for LAN, not so good for ATM/WAN. Cabletron claims they will provide better WAN/ATM support for Spectrum, but it has not happened yet. Moving to version 4.0.3 which has monitors for alarm thresholds. Joe is interested in setting up an ESnet Spectrum user group. They are working on a new statistics system called BestView. Has been in alpha/beta for last 6 months. In process of cutting over from in-house designed system.

Increasing number of network attacks

Ping attack sends an ICMP request to a broadcast address at your site with a spoofed source address. Need spoof filtering. This swamps the spoofed source with ping responses. Turn off IP directed broadcast, if possible. However this will break DHCP helpers, and is rumored to cause problems with the Microsoft browser. May have to deep six the packets at the firewall if they are addressed to the all-1 or all-0 addresses. If you are a victim, then will see lots of ping traffic. It is hard to find the real perpetrator. Can only track back to where the packet enters the ESnet cloud. ESCC NMTF/NMFG Status - Les Cottrell, SLAC


IPng WG Status - Bob Fink, ESnet

For more see

The IPng WG is really dormant while various things happen, the 6bone evolves, sites connect to the 6bone with ESnet help, it waits for real activity.

What is the IPv6?

An international testbed to test IPv6 implementations & standards, tryout IPv6 transition strategies, get early applications/operations experience, motivate implementers & ISPs, get experience to try IPv6, and to start the transition.

Other areas besides 6bone are doing testing including trade shows & UNH.

Renumbering of sites in IPv6 is a very important issue to get round of sites moving ISP and not giving up site address, and so making the new ISP carry a new lot of routes.

FTP Software is dropping their development of a Windows IPv6 stack. Microsoft is believed to be willing to implement IPv6 when they have the common driver format in place (WNT=W95 drivers), and things look a bit clearer. The IPv6 folks do not want to bring in Microsoft until more issues are resolved and it becomes less of a research project. Two people in Sweden are working on a WNT implementation. Cisco version is currently not optimized (it runs in processor mode).

There is still a need for an IPv6 over ATM specification. Someone from Ipsilon was working on a spec, Japan also claims to have one, plus another one appeared. Cisco is said to have completed an implentation of a specification, but unclear which one.

Mike O’Dell (UUnet) raised concerns about the old addressing structure, which resulted in Aggregation Based Addressing. Hope most ISPs in 4 or 5 years will be converted to IPv6, but some will not be there, so how does one skip across the intervening IPv4s ISPs. The idea is to use Next Hop Routing Protocol (NHRP) server that will return the Ipv4 tunneling boundary point so can tunnel to it and then it goes via IPv6 within the IPv6 cloud. It will be an extension of NHRP.

Besides running out of IP addresses in IPv4 the current IPv4 infrastructure is suffering from complexity explosion. To address this they introduced Aggregatable Unicast Addressing. The TLA is for < 8000 big players (MCIs, Sprints etc., but unclear how one determines who is a TLA, and who makes the determination). This limits the size of the routing tables that have to be carried by the TLAs. I.e. only need to know how to reach the right TLA then the TLA will determine how to get to the NLA. This removes the need for a centralized registry (as long as one can assign TLAs). SLA is for the site; it will probably be the site subnet number. An important advantage of the AUA is important for allowing site renumbering.

The EUI-64 Interface ID are used to identify interfaces on a link. The IEEE EUI-64 format has an extended IEEE 48-but MAC address embedded in it. The old Ethernet address consists of a manufacturer code (cccccc) and a device field (eeeeee). The new EUI-64 that incorporates this is thus ccccccFFFFeeeeee (where FFFF indicates an Ethernet).

Selling IPv6 will be important. It will need to have a transparent conversion; desktops will need to be delivered with both an IPv4 and an IPv6 stack. It is also has to be seen as not a choice since Ipv4 will not meet the needs. If IPv4 goes away it will be very slow and long term. New devices (e.g. traffic light devices) will probably only come with an IPv6 stack.

People are starting to do IPv6 pinging so they can ensure they have a production backbone.

Bob feels that IPv6 is still 2-4 years away (i.e. before you can make an honest call that it is a success).

Multipath Routing Protocol Test (Steve Batsell)

For more see

Conventional routing optimizes a single metric such as delay, hops, bandwidth, jitter, shortest path or shortest-widest path. QoS routing selects path to meet QoS requirements. Batsell/Rao have implemented a multipath routing algorithm and will incorporate into gated.

Spring 98 want to do a test on a Morphnet version of ESnet.

If interested in partnering send email to

More efficient way of doing QoS, and reduces the risk of rejections.

ESnet International

Discussions in the Hall


Coordinated Password Files Videoconferencing Charging for Network Access Network Monitoring DOE  

Report from Washington - George Seweryniak

Large scale networks:

ESnet & NGI programmatic Goals ESnet Future FTS2001 Services Summary ESnet Steering Committee Report - Sandy Merola


ESnet university connectivity policy. DOE Corporate network International Issues Longer term issues Applications Requirements Working Group ESnet Report - Jim Leighton


Domestic Issues University Access VBNS peers today Bad list of Universities from ESSC study was (+ already there, - soon (we hope)): The poor list was: International Issues Japan Hub connections for International Links Issues with International Links ESnet Contract

Contract with Sprint runs out soon. Looking at negotiating a new contract. Will compete. NASA/NREN interested in collaborating.


New requirements: Schedule for reprocurement: Research Directions DOE corporate network PR Work Network Information & Services Group Update - Alan Sturtevant, ESnet

FTEs: Mike Helm (directory services & CA services), Marcy Kamps, Joe Metzger (news), Joe Ramus, Sue Smith, Allen Sturtevant; contract people Craig Tenney (VCS/VCSS services), Don Varner; plus a summer student.

ESnet mail hubs & split. Now have 199 mailing lists, spam filtering now available for lists (primarily for

ESnet news feed is alive again, not an ESnet wide newsreader service.

NIS group server machines: all new servers on 100 Mb Ethernet switch, telnet & ftp disabled everywhere, clear text disabled for ssh logins & Kerberized rlogin/telnet logins, 1 secure terminal server deployed, 2 to go.

NISG high availability system on two dual cpu 300 MHz Sun servers (which heartbeat one another), two dual connected Sun RAID disk arrays (using Veritas & FirstWatch dynamic failover), supports VCSS, web server, Oracle dB, ESnet site info, MOUs etc.

ESnet DCE servers upgraded 4 Sun Enterprise 1 servers, 2 Sun Enterprise 2 servers (dual CPUs) 2 Sun RAID arrays (FS file servers). Primary ESnet Web server (HA) Netscape Enterprise v2.0a, Netscape Catalogue Server 1.0.

ESnet distributed help desk, draft v1.0 white paper available on ESCC private page. Needs work on clarification of concepts, clarification of riles. Pilot version by next ESCC meeting. They are still evaluating commercial products.

ESnet digital services: goal to seamlessly integrate audio, video & digital technologies including: VCS/VCSS, Mbone/multicast, Unicast, ISDN, ATM, packet-switched, A/V streaming, A/V library, record on demand playback on demand, Web technologies. Looking at First Virtual Corporation with a video storage server (ATM based), ATM-ISDN gateway, and ATM switch. They also support MPEG1 for VHS.

VCS 40 port PictureTel ISDN video hub with a future ATM interface.

They have a SGI workstation for Webforce, Cosmo, Kai's Power tools, Adobe Photoshop / Illustrator / premier … for picture editing etc.

Storage / transfer requirements: MPEG1 500kbps to 3Mbps (typical 1.5Mbps), MPEG2 4-100Mbps, DVD ~ 10 Mbps, HDTV ~ 20Mbps, typically 10 Mbps. The broadcast industry is moving to MPEG2.

Video Collaboration Services Scheduler - Craig Tenney, ESnet

See and

Started as a two-week projects, first internal beta release was October 27, 1993, was a telnet interface based on NIC menuing system, with a few hundred lines of Perl.

Now it is Web based, with a 40 port MCU, with automatic conference setup and tear down, they have added the Mbone gateway, an online help desk.

Web based scheduler provides online reservations & schedules with 20K lines of code, with an Oracle backend and provides automated reservation, modification and cancellation plus daily & weekly schedules.

Automated conference setup/teardown is integrated with PictureTel LiveScheduler (runs on PC running Unix). The setup starts 2 minutes before start of conference. Takedown is scheduled 5 minutes before the end of the conference Directory numbers are provided online & in email notices. The MCU autodials the Mbone gateway. Vic & vat start automatically.

ESnet to Mbone gateway runs on a DEC Alphastation with Vic v2.8, Vat v4.0b2, a VGA & AV321 interface. The VGA goes to NTSC to the VTEL & thus to ISDN cloud (can support up to 384kbps). Lose quality from Mbone to room based video at the VGA to NTSC interface, they are looking at an alternative.

The Help desk has a Remedy trouble ticket system. There is a site registration system and a form for reporting problems.

Plans for the future include two mbone gateways, and looking at the FNAL multi-session bridge. They are looking at encrypted versions of vic & vat. They are also looking to port some of scheduling package from Perl cgi scripts to Java. They are looking at the Latitude audio bridge to allow phone conversations to be bridged in. There is a FAQ for the help desk.

George Seweryniak asked for the statistics to report on mbone usage, this is important for justifying the adding of more Mbone gateways. The Mbone gateway is assigned as a room (resource) so utilization will be available.

Van Jacobson is working on a floor control system for videoconferences for moderating who talks. White Pine has a reflector that is H323 compliant, but vat & vic are not H323 compliant so unclear how they could be put together.

Security Issues

ORNL transitioning their security from all of Lockheed/Martin at ORNL to just the Laboratory. This has delayed start up of the advanced security group.

Hacker got into local Linux multi-user system PC at CEBAF. The cracker installed a sniffer, got lots of passwords (not easy to detect on a Linux PC), had to pull plug on Friday for 5 days, so they could change passwords etc. Lesson learnt is that cannot tell users not to bring their machines on site. They are making a load of recommendations as to how users run their Unix PCs etc. For example they insist the machines use ssh on site, and they must allow a login from a central site machine so it can be checked for being in promiscuous mode, MD5 passwords have changed, or there is something mysterious. At CEBAF they will not give out an IP address until the central site has installed and checked the configuration of the PC. Unclear how far they can push users. Users may not like the ssh terminal emulator (e.g. key layout, or colors), so may resist and may require a policy to impose. It appears one has to go through the pain and agony of a break in before the community will accept the smaller amount of pain. LANL has decided to partition its networks with gradations of security, for users who come in from offsite they will be less trusted. ORNL is setting up a more secure subnet for people who require increased security, which has more stringent requirements to be allowed onto. The problem will get worse when NT is multi-user. SLAC has tied it into phone pager system.

We could look into sharing spam-blocking addresses. This could be part of the distributed help desk.

NGI Futures - Bob Aiken

As usual Bob made this presentation at light speed, so the notes below are fragmentary. Hopefully his transparencies when available will be a big help.

Main goal now is to do research (as opposed to providing increased speed) to advance the networking technologies. Networking engineering, monitoring, QOS end-to-end to application (how to bid on resources needed to provide a QOS, bidding requires security/authentication), data delivery, security (surety of routing updates, nomadic/remote access, PKI, smart net management, secure & fair access). Morphnet adopted by agencies as a possible way to do both production and research. Will need distributed help desk.

Goal 2 is 10 sites at 1000x, e.g. HIPPI64, will require new OS & end system architectures, WDM (to allow better utilization of existing fiber). Also 100 sites at 100x. IPv4 minimum bearer service, with IPv6 in future. ATM and others services as required (VPNs). Interconnections will require GigaPOPs. Big concerns will be QOS will need good monitoring to be able to show somebody got what they paid for.

NGI FY98 proposed $105M, DOD 10-40 (need 20 to break even), NSF 10-23, DoE 0-0, NASA 10, NIST 5, NLM/NIH 5. Much of this is not new money (but redirected)

Internet 2 is University program. Will use vBNS/MCI, get NSF $. Internet 2 is production net oriented (e.g. beta test QOS). NGI - aggressive integration of NET R&D and applications. NGI connections peering policy supports program requirements, ESnet will not be a transit. 13M to universities, 2M for FedNet interconnection R&D, 4M for ultra high-speed nets (e.g. NTON), 6M for Lab high-speed network access 4M for applications. Senate markup not only not provided the $25M but also said "is unnecessary for DOE to fund the development of enabling technologies to meet its Internet requirements".

So no funding for Lab upgrades, ultra high speed nets, interconnection R&D, connecting GigaPOPs except vBNS <> ESnet interconnects. Primary focus on DOE mission, will keep vBNS <> ESnet interconnections for access to DOE facilities, will peer with states & GigaPOPs ONLY when cost effective & mission requires it. Will keep DOE affiliated universities on ESnet when they show the requirements as well as a letter from the Dean / Provost (e.g. MIT, UCLA, Caltech …). Will continue informational coordination through meetings like this & JET.

Networked challenged applications is a partnering opportunity with MICS. Establish a small number of testbeds for ER research applications that require advances in network & security research and are willing t adopt these new technologies while they are still experiment al evolutionary & in nature

Storage, visualization, retrieval of large data sets.

Interactive steering of experiments. Congestion control, …

MICSW will fund net & security R&D & limited deployment, possibly enhanced connectivity, assure appropriate access of the applications to new network capabilities, funding 0.5 \to 2M

Provide a network challenged application willing to be tolerant of less than production networking.

Benefit applications are afforded the opportunity to live in the future

Next steps consider opportunities, send white paper by …

Possible R&D includes data & control channels, QOS, CBQ, ATM, RSVP, security, Morphnet & active nets.

We may need a debriefing on why the DOE proposal was not acceptable. The next round in 1999 will be different, will depend on how initial NGI partners do.

Java Based Applications - Dave Dowty, Christopher Newport University

Web centric application for collaborations. It is designed to be simple, intuitive and extensible. Works on PCs & Sun's HotJava. Not been fully qualified on WNT yet. Macs are Java challenged, they are behind. Web-4M has a POP email client, calendar, bulletin board, plus chat rooms with whiteboard. Can cut and paste between applications, can enclose whiteboard stuff in email or save in document library etc. Can have private rooms, private conversations. There is a lot of security, supports Ssh, but does not yet do end-to-end encryption (awaits Java support).

Browsable document library can be looked at easily from Web browser, supports gif, jpg, txt, html, mpeg. Simply drop browsable document into Web browser.

Supports an interactive slide show. One person can control the slide show many others can follow the show. Do not have real time streaming audio yet, they do have some audio support.

Group ware can be expensive to support and admin. For 100 total user licenses it is $3500, which includes the server, for 25 users it is $1200. You can run multiple servers. Support for other Unix clients: they expect that it already works, but have not qualified it yet, it needs JDK 1.1 compatibility. IBM & HP have JDK 1.1 compatibility. Netscape support requires new (imminent) release of Netscape.

A Coordinated Browsing System - Mohammed Zubair, Old Dominion University

Want a group of users to be able to surf any web site with no new software. User has to register herself so can surf. This causes the user to download an applet that establishes a connection between the client and application server. Then set up proxy server for all clients that send the requests to the central registration server that then tells the applet(s) to download the web page. There are nasty details to do with making sure one gets all the objects for a given page. At the moment they do not synchronize scrolling, they only synchronize the page retrievals. They plan to add audio support. One target is to allow help desk to have a similar view as the user; another could be for education.