Rough notes by Les Cottrell 7/21/04
Same mission as before. There have been many planning workshops on computing and networking. Question on future focus/purpose of ESCC.
ESnet top 20 flows are heavily SLAC driven (2 of top 3). Some flows (~10) are > 100GBytes. ESnet is a central cross-cutting organization for ESnet sites so can provide general services and interfaces such as PKI, federated RADIUS service. There is a One-Time Password (OTP) initiative, the RADIUS federation will enable interworking between different OTP domains. H.323 video use continues to increase will increase the audio & video ports. ISDN will disappear in January 2004. Mike O'Connor trying to catalog, assign alarms etc. (e.g 48.8/day on average June 03 Apr 04 16342 alarms).
Updating the ESnet Site Coordinator Model (presented to the SLCCC June '04).Coming up with a roles and responsibilities document. Will include formalizing the site coordinator selection process; provide a formal mechanism for an alternate site coordinator to ensure a continuously available site contact; expand the roles & responsibilities; formally documented. SC must supply a Site Security Contact for ESnet's use, a Net operation s contact for use in problem diagnosis (probably an email list), the SC must supply the information necessary to register an assignment of ESnet's address space to the site. Provide a pointer to a locally maintained mail loist for distribution of ESnet status messages. SC must establish responsibility for ESnet property (routers etc. coordinate the signing of a property responsibility MOU, provide prompt response to information requests from ESnet/DoE etc.
Have designed and will be installing MAN rings for Bay Area, Chicago, looking at Long Island and JLab, also LANL Sandia UNM looking at a proposal. Will provide high performance with no single point of failure. Will have production IP service, ESnet managed circuits, research net and a spare on different lambdas. Will use 10GE which are half cost of 10Gbps OC192 interfaces. In Bay Area will get to PAIX. SFO MAN funded this year. Will use segments on NLR to provide backup to ESnet circuits, also provides high speed access to SDSC & GA.
New SciDAC & MICS nework research projects:
Gap (Network enabled storage sys)
Leadership class national supercomputer will have impact on program
Budget reduction in FY04 will go into FY05 budget
SC net PI meeting in late Sept 2004. Will hold kickoff for new projects and show what was accomplished on previous 3 years programs
Need to revisit program focus.
Leadership class supercomputing
Program elements:
Budget: '03/04 $6.5M -> '04/05 $4M Added testbeds and ECPI.
Future lot of data from HENP, bio climate etc. need multiu-Gbps data transfer capabilities for next 2 years.
Program activities:
Need to provide different capabilities to communities, i.e. give choice of transport, (e.g. TCP, UDP, FC etc.), networks (switched, packets, hybrid).
Require a multi-tier network: advanced research net (exp optical inter-working; on demand bw DWDM circuits; GMPLS); High-impact science network (connect few high-impact science sites; ultra hi-speed IP net tech; reliable & secuer,; QoS/MPLSW for on-demand bw). Production nets (connect all DoE sites, 7x24 etc.)
Category A sites: w local fiber arrangements: FNAL, ANL, ORNL, PNNL, NERSC, LBL, SLAC - use Ultranet to link site with local fiber, develop dynamic provisioning technologies to manage DWDM circuits, develop & test advanced transport protocols for high-speed data transfers.
Category B: BNL, JLab, GA, Princeton, MIT.
Advanced research net testbeds (QoS & MPLS). SLAC is not an MPLS/QoS site.
UltraNet: Dynamic provisioning develop data circuit technologies; IP control plane based on GMPLS, integration of QoS, MPLS, GMPLS, inter-domain control plane signaling, bandwidth on-demand technologies'
Iltra HS data transfer protocols: his speed transport protocols for dedicated channels, hi-speed data transfer.
UltraNet/GMPLs include SLAC.
USN ops & mgmt: will be an
Leadership computing will require revision of USN/ESnet plans.
A lambda switching network
enaough lambda (2 initial) to make switching real
Explore light paths for high end transport
connect 4 hubs close to large DOE science users (but let Labs play last mile connections)
Bubs SNV, SEA, CHI, ATL
Off-hours bnadwidth via MPLS on SONET
Core SONET at 4 hubs
Edge MSPP boxes for added services
GE attached storage
A control plane to tie it all together.
NLR CHI_SNV first light late Augusr (10GE not SONET), traffic test Aug-Sep; NLR SONET circuits follow in October, expect full system just in time for SC2004.
Using for cyber-security. Have 5 min sliding window, cron job to analyze each minute. Keep data for a year. Look for scans on firewall open ports (read FW config each 30 mins). Look for problem machines at Lab. Also looking for in to out problems (exclude a priori known hosts/servers such as email, dns, scanner ... servers). Also looking at in to in (often for post-mortem forensics, e.g. what did machine do after it was infected). Start by classifying IP addresses into a taxonomy: possible bad guy, possible victims, possible intermediary (stepping stone, rootkit resource site, etc.). Process can be aided by syslog etc. Integration/correlation with IDS logs, ARP/CAM tables (MAC persistence), firewall logs, DHCP/VPN logs, host based syslogs.
When gets a DHCP address then will do a Nessus scan, if infected then bump off VPN, does not require admin/root access, complete scan in first 10 seconds of user getting connected. May get false positives. Looking at host profiling and variations from norm.
Need to get network review for all purchases that need to network accessible. Same for credit card requisitions.
Have 65 APs, do not use WEP in Guest/Conference wireless. Do use WEP on JLab wireless network. Had to close down visitor network. Need to treat WEP keys like user passwords (store, change, distribution). Need detection for rogue access points.
Flat network security model was a concern. Recommended to segment the network using ACLs.
They use Nagios which appears to have a lot of capabilities for alerts etc.