from ipv4 to eternity
play

From IPv4 to eternity The High Energy Physics transition to IPv6 - PowerPoint PPT Presentation

Jul 02, 2023 •215 likes •507 views

From IPv4 to eternity The High Energy Physics transition to IPv6 David Kelsey EGI Community Forum, Munich 30 March 2012 On behalf of my co-authors Bob Cowles (SLAC), Phil DeMar (FNAL), Marek Elias (FZU), Thomas Finnern (DESY), David

  1. “From IPv4 to eternity” The High Energy Physics transition to IPv6 David Kelsey EGI Community Forum, Munich 30 March 2012

  2. On behalf of my co-authors • Bob Cowles (SLAC), Phil DeMar (FNAL), Marek Elias (FZU), Thomas Finnern (DESY), David Foster (CERN), Bruno Hoeft (KIT), Tomas Kouba (FZU), Soumaya Lanouar (EPFL), Simon Leinen (SWITCH), Edoardo Martelli (CERN), Mark Mitchell (Univ Glasgow), Kars Ohrenberg (DESY), Andreas Pfeiffer (CERN), Francesco Prelz (INFN), Mario Reale (GARR), Julia Rohlfing (KIT), Sandor Rozsa (Caltech), Sabah Salih (Univ Manchester), Luuk Uljee (SARA), Ronald van der Pol (SARA), Ramiro Voicu (Caltech), Mattias Wadenstein (Univ Umea), Tony Wildish (Princeton University) • Many thanks to them! 01/03/2012 HEP IPv6 at EGI CF 2012 2

  3. Outline • Background – why move to IPv6? • The HEPiX IPv6 Working Group – n.b. HEPiX is a forum of worldwide HEP IT staff • HEPiX IPv6 testbed and testing • WLCG software and tools IPv6 survey • Managing large sites – addressing etc. • IPv6 security • Recommendations and future plans 01/03/2012 HEP IPv6 at EGI CF 2012 3

  4. IPv4 Free Addresses (/8 blocks) http://en.wikipedia.org/wiki/File:Ipv4-exhaust.svg 01/03/2012 HEP IPv6 at EGI CF 2012 4

  5. IPv4 Addresses • From Geoff Huston ( http://ipv4.potaroo.net ) • IANA Unallocated Address Pool (Global) Exhaustion happened: 03-Feb-2011 • Projected Regional (RIR) Address Pool Exhaustion Dates: – APNIC: 19-Apr-2011 (Asia Pacific - happened) – RIPENCC: 11-Aug-2012 (Europe) – ARIN: 27-Jul-2013 (North America) – LACNIC: 28-Jan-2014 (South America) – AFRINIC: 29-Oct-2014 (Africa) 01/03/2012 HEP IPv6 at EGI CF 2012 5

  6. IPv6 more generally IPv6 World Day (8 Jun 2011) • Many major players successfully turned on and tested IPv6 for 24 hours – Including Google, Facebook, Yahoo! ... • But then turned it off again! In the future... • US Federal Government requires all their outward facing public services to be running IPv6 by 30 Sep 2012 (and clients by Sep 2014) 01/03/2012 HEP IPv6 at EGI CF 2012 6

  7. World IPv6 Launch Day • http://www.worldipv6launch.org/ • 6 June 2012 “The Future is Forever” • ISPs, home routing equipment vendors, web companies all coming together • Permanently enable IPv6 by 6 th June 2012 01/03/2012 HEP IPv6 at EGI CF 2012 7

  8. When to move to IPv6? • IPv6 *is* coming – HEP, WLCG, EGI will need to move “soon” • Is HEP/WLCG ready? • What does “ready” mean? • When will HEP be ready? 01/03/2012 HEP IPv6 at EGI CF 2012 8

  9. HEPiX IPv6 Working Group Created in April 2011 with aims: • Consider whether/how IPv6 should be deployed in HEP – especially WLCG (Worldwide Large Hadron Collider Grid) • Readiness and Gap analysis • HEP applications, middleware, security issues, system management and monitoring tools, end to end network monitoring tools • Run a distributed HEP testbed – to help explore all the above issues • Initial report at end of 2011 01/03/2012 HEP IPv6 at EGI CF 2012 9

  10. WG membership • Currently active: – CERN, DESY, EPFL, FNAL, FZU, GARR, Glasgow, INFN, KIT, Manchester, RAL, SARA, SLAC, SWITCH, Umea, USLHCNet (Caltech) – CMS & LHCb (ATLAS & ALICE to come) • Nearly 50 on the mail list 01/03/2012 HEP IPv6 at EGI CF 2012 10

  11. IPv6 and WLCG • We currently do not know when WLCG will need to deploy IPv6-capable services – No current requests or warnings • BUT to get there takes time! – Full survey of all software and tools – Need operational monitoring, security and tools – IPv6 operation, security and performance must be as good as IPv4 • Physicists must not notice! 01/03/2012 HEP IPv6 at EGI CF 2012 11

  12. Limiting the scope • The working group decided to concentrate on outward-facing WLCG services – Some backend services, e.g. Databases, could stay IPv4 only • But need to include middleware, tools etc. • Wherever possible, work with others (EGI) 01/03/2012 HEP IPv6 at EGI CF 2012 12

  13. The HEPiX IPv6 Testbed • We have deployed a distributed testbed – CERN, DESY, FZU, GARR, INFN, KIT and USLHCnet • Connected to IPv6 and IPv4 networks – IPv6-only/IPv4-only names also registered in DNS – e.g. hepix-v6.desy.de & hepix-v4.desy.de • https://w3.hepix.org/ipv6-bis/doku.php?id=ipv6:testbed • A perl script (on wiki) validates configuration – Checks all DNS entries – runs ping and ping6 to all nodes 01/03/2012 HEP IPv6 at EGI CF 2012 13

  14. Testbed (2) 01/03/2012 HEP IPv6 at EGI CF 2012 14

  15. Data transfer tests • Virtual Organisation – ipv6.hepix.org • We have successfully installed and tested GridFTP clients and servers on all nodes • Full mesh of data transfers (globus_url_copy) – Tested and works • CMS members of the working group – Now performing continuous data transfers between pairs of nodes – In future this will use PhEDEx and FTS 01/03/2012 HEP IPv6 at EGI CF 2012 15

  16. GridFTP mesh (extract) 01/03/2012 HEP IPv6 at EGI CF 2012 16

  17. CMS data transfer IPv6 reliability • Reliability test – not a stress/performance test • Single 200 MB file from IPv6 VM at CERN transfer to 2 systems • globus_url_copy and uberftp to confirm copy then delete • In 1 week: uslhc: 8373 transfers, infn: 8355 (1 error each) – BGP timers too short caused packet loss in firewall • Since then (3 weeks) transferring 2 GB files • uslhcnet: 8844, infn:8853, DESY:2207 transfers • Transfer failures: uslhcnet:106, infn:107, DESY:52 – Vast majority since change in CERN IPv6 firewall hardware – Transfer speed less to DESY – still investigating both observations • Conclude: no show-stoppers. CMS PhEDEx should work. 01/03/2012 HEP IPv6 at EGI CF 2012 17

  18. File Transfer Agent (FTS) Thanks to EGEE JRA1 01/03/2012 HEP IPv6 at EGI CF 2012 18

  19. File Transfer Service (FTS) – to enable IPv6 • Use gLite 3.2 repository • cGSI-GSOAP does not resolve IPv6 names up to version 2.7-1.3.3-1 – still found on some production UIs • gSOAP supports IPv6 – on TCP since version 2.5 (2005) – on UDP since version 2.7.2 (still 2005) • BUT compiled without the “WITH_IPv6” flag 01/03/2012 HEP IPv6 at EGI CF 2012 19

  20. FTS and IPv6 (2) – Oracle IPv6-enabled from version 11g rel 2 • but FTS transfer agent libraries in EMI-1 still carry a hard dependency on Oracle V10 – Transfer agents (Tomcat/Axis servlets) can be invoked on dual stack hosts and from dual stack clients – but ‘ urlcopy ’ agent still uses IPv4 for file transfer – As in the globus-url-copy command, IPv6 resolution in the Globus FTP client needs to be explicitly enabled 01/03/2012 HEP IPv6 at EGI CF 2012 20

  21. FTS and IPv6 - conclusions • FTS/IPv4 not broken on dual-stack host • Functional IPv6 support in a software component does not imply that IPv6 transport is enabled by default • This is hard to capture in either a survey or by automated code-checking tools • Next steps: CMS data transfers using FTS 01/03/2012 HEP IPv6 at EGI CF 2012 21

  22. Software & Tools IPv6 Survey • An “Asset” survey is now underway – A spreadsheet to be completed by sites and the LHC experiments – Includes all applications, middleware and tools – Tickets to be entered for all problems found • If IPv6-readiness is known, can be recorded • Otherwise we will need to investigate further – Ask developer and/or supplier – Scan source code or look for network calls while running – Test the running application under dual stack conditions 01/03/2012 HEP IPv6 at EGI CF 2012 22

  23. Software with IPv6 problems • Need to check many things – Break when installed on a dual-stack node? – Does it bind to both stacks? – Is IPv6 preferred? – Can it be configured to prefer V4 or V6? • Already found a few problems • OpenAFS, dCache, UberFTP • FTS, globus_url_copy etc. 01/03/2012 HEP IPv6 at EGI CF 2012 23

  24. Managing IPv6 at large sites • Best practices are still far from clear! • Large sites (e.g. CERN and DESY) wish to manage the allocation of addresses – Do not like autoconfiguration (SLAAC) • Wish to filter out Router Advertisements • DHCPv6 very attractive – BUT IETF still discussing – Will the ‘route’ options be there or not? 01/03/2012 HEP IPv6 at EGI CF 2012 24

  25. IPv6 security • Are operational security teams ready for IPv6? No! • Challenges include – Address format has multiple forms, many addresses per host and addresses difficult to remember – IPv6 standards contain many suggestions - implementation optional – Required security features, like RAGuard and SEND, are a long way from full deployment – Incomplete and immature implementations – Many vulnerabilities expected – Log parsing tools must all change – Dual stack causes problems – complicates packet inspection • Must test that things which are not supposed to work do not 01/03/2012 HEP IPv6 at EGI CF 2012 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ETERNITY ME ETERNITY ME The Complete Communication System for Medium Enterprises ETERNITY ME

ETERNITY ME ETERNITY ME The Complete Communication System for Medium Enterprises ETERNITY ME

ETERNITY ME ETERNITY ME The Complete Communication System for Medium Enterprises ETERNITY ME ETERNITY ME16S Matrix ETERNITY ME The Complete Communication System for Medium Enterprises Introduction Integrated Digital Voice

726 views • 41 slides
ETERNITY GE ETERNITY GE The All-Integrated Communication Platform for Growing Enterprises

ETERNITY GE ETERNITY GE The All-Integrated Communication Platform for Growing Enterprises

ETERNITY GE ETERNITY GE The All-Integrated Communication Platform for Growing Enterprises ETERNITY GE ETERNITY GE12S ETERNITY GE6S Matrix ETERNITY GE The All-Integrated Communication Platform for Growing Enterprises Introduction

909 views • 41 slides
Guest Speaker: Ray Mondragon World History is Jewish From Eternity to Eternity Part 1 June

Guest Speaker: Ray Mondragon World History is Jewish From Eternity to Eternity Part 1 June

Guest Speaker: Ray Mondragon World History is Jewish From Eternity to Eternity Part 1 June 10, 2018 Dean Bible Ministries www.deanbibleministries.org Dr. Ray Mondragon WORLD HISTORY IS JEWISH - from Eternity to Eternity Tel Aviv Coast

743 views • 41 slides
eternity Revelation 19 Revelation 19 Revelation 19 Revelation 19 eternity Revelation 19

eternity Revelation 19 Revelation 19 Revelation 19 Revelation 19 eternity Revelation 19

eternity Revelation 19 Revelation 19 Revelation 19 Revelation 19 eternity Revelation 19 Revelation 19 Revelation 19 Revelation 19 eternity: return 0f the king eternity: return 0f the king 1. Jesus is the great King eternity: return 0f

643 views • 32 slides
IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool

IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool

IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool IPv4 with NAT/Tunnels But we can use IPv4 and NAT or Tunnels!!! Yeah, right IPv6 IPv6 Readiness Laptops, pads, mobile phones, dongles,

477 views • 19 slides
IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4

IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4

IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4 exhaustion (link to RIRs and highlight relevant trends for your region) Regional Internet Authorities are in various phases of IPv4 exhaustion

486 views • 13 slides
Is there available IPv4 space in the LAC region? Sergio Rojas sergio@lacnic.net IPv4 IPv4

Is there available IPv4 space in the LAC region? Sergio Rojas sergio@lacnic.net IPv4 IPv4

Is there available IPv4 space in the LAC region? Sergio Rojas sergio@lacnic.net IPv4 IPv4 space 4.294.967.296 IP addresses (not all of them are usable) It seems a lot of space, right? But the world population is almost 7 billion

201 views • 16 slides
IPv4 Pricing and Transfer Update Sandra Brown IPv4 Market Group January 19, 2016 IPv4 Life

IPv4 Pricing and Transfer Update Sandra Brown IPv4 Market Group January 19, 2016 IPv4 Life

IPv4 Pricing and Transfer Update Sandra Brown IPv4 Market Group January 19, 2016 IPv4 Life Cycle Events ARIN Runout RIPE Inter-RIR Transfers /8s come to market IPv6 Adoption 2 Factors Affecting Pricing # OF IP TRANSFERS

223 views • 8 slides
IPv4 Exhaus,on And IPv6 Deployment Carlos Mar)nez @Sint-Maarten Internet Week IPv4 There

IPv4 Exhaus,on And IPv6 Deployment Carlos Mar)nez @Sint-Maarten Internet Week IPv4 There

IPv4 Exhaus,on And IPv6 Deployment Carlos Mar)nez @Sint-Maarten Internet Week IPv4 There are 4,294,967,296 IPv4 addresses (32 bits long) but not all of them can be used Looks like a lot, right? But... World popula)on currently stands

501 views • 27 slides
Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4

Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4

Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4 addresses have 32 bits only not enough for 1 IP address per person dynamic IPs, NAT, Manual configuration time consuming (in larger

655 views • 16 slides
SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36,

SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36,

SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36, London, January 2017 Incremental IPv6 deployment in DC IPv4-only IPv4-only + IPv6 via NAT/proxy/etc Dual-stacked public frontend, IPv4 BE Full

550 views • 15 slides
Exhaustion of IPv4 Address in 2010 Exhaustion of IPv4 Address in 2010 Associate Professor Dr.

Exhaustion of IPv4 Address in 2010 Exhaustion of IPv4 Address in 2010 Associate Professor Dr.

802.16 IP Telephony Lab Exhaustion of IPv4 Address in 2010 Exhaustion of IPv4 Address in 2010 Associate Professor Dr. Quincy Wu solomon@ipv6.club.tw Graduate Institute of Communication Engineering National Chi Nan University 1 1

943 views • 77 slides
Post IPv4 completion Making IPv6 deployable incrementally by making it backward compatible

Post IPv4 completion Making IPv6 deployable incrementally by making it backward compatible

Post IPv4 completion Making IPv6 deployable incrementally by making it backward compatible with IPv4. Alain Durand The Internet must support continued, un-interrupted growth regardless of IPv4 address availability DISCLAIMER:

614 views • 17 slides
Rethinking Eternity Psalm 90 What Happens When We Die? What is Hea ven Like? Do the Unsa ved

Rethinking Eternity Psalm 90 What Happens When We Die? What is Hea ven Like? Do the Unsa ved

Rethinking Eternity Psalm 90 What Happens When We Die? What is Hea ven Like? Do the Unsa ved Suffer Forever? What, in Hell, Do You W ant? What Happens When We Die? Traditional View Hea ven Unending Bliss Life Death Hell Unending

380 views • 21 slides
Comparing IPv4 and IPv6 from the perspec7ve of BGP dynamic

Comparing IPv4 and IPv6 from the perspec7ve of BGP dynamic

Comparing IPv4 and IPv6 from the perspec7ve of BGP dynamic ac7vity Geoff Huston APNIC February 2012 The IPv4 Table: 2004 - now The IPv6

770 views • 47 slides
Two Problems 1. Global IPv4 address depletion 2. Private IPv4 address depletion depletion

Two Problems 1. Global IPv4 address depletion 2. Private IPv4 address depletion depletion

Two Problems 1. Global IPv4 address depletion 2. Private IPv4 address depletion depletion a.k.a. completion Scenarios Focus work on most significant, and most solvable, scenarios Solving every possible design iteration is

428 views • 9 slides
Li Living on the Edge: (Re)focus DN DNS Efforts orts on on th the e En End-Po Points

Li Living on the Edge: (Re)focus DN DNS Efforts orts on on th the e En End-Po Points

Li Living on the Edge: (Re)focus DN DNS Efforts orts on on th the e En End-Po Points Benno Overeinder NLnet Labs RIPE 75, Dubai, UAE http://www.nlnetlabs.nl/ Complexity at Core-Middle-Edge moderate Authoritative . complex simple

481 views • 25 slides
CS 356: Computer Network Architectures Lecture 9: The Internet Protocol (IP) Ch 3.2 Xiaowei

CS 356: Computer Network Architectures Lecture 9: The Internet Protocol (IP) Ch 3.2 Xiaowei

CS 356: Computer Network Architectures Lecture 9: The Internet Protocol (IP) Ch 3.2 Xiaowei Yang xwy@cs.duke.edu Overview History of IP IP header format IP addressing IP forwarding Forwarding algorithm Fragmentation

882 views • 57 slides
Introduction to exterior routing S-38.2121 / Fall-2006 / RKa, NB CIDR-1 Autonomous Systems

Introduction to exterior routing S-38.2121 / Fall-2006 / RKa, NB CIDR-1 Autonomous Systems

Introduction to exterior routing S-38.2121 / Fall-2006 / RKa, NB CIDR-1 Autonomous Systems An Autonomous System (AS) is a part of the Internet owned by a single organization. In an AS, usually one interior routing protocol is used

471 views • 10 slides
Linux Performance 2018 Brendan Gregg Senior Performance Architect Apr 2018

Linux Performance 2018 Brendan Gregg Senior Performance Architect Apr 2018

Linux Performance 2018 Brendan Gregg Senior Performance Architect Apr 2018 h1p://neuling.org/linux-next-size.html Post frequency: 4 per year h1ps://kernelnewbies.org/Linux_4.15 h1ps://lwn.net/Kernel/ 4 per week LKML 400 per day

468 views • 19 slides
Linux Performance 2018 Brendan Gregg Senior Performance Architect

Linux Performance 2018 Brendan Gregg Senior Performance Architect

Linux Performance 2018 Brendan Gregg Senior Performance Architect http://neuling.org/linux-next-size.html Post frequency: 4 per year https://kernelnewbies.org/Linux_4.15 https://lwn.net/Kernel/ 4 per week LKML 400 per day

473 views • 19 slides
CS615 - Aspects of System Administration Networking I Department of Computer Science Stevens

CS615 - Aspects of System Administration Networking I Department of Computer Science Stevens

CS615 - Aspects of System Administration Slide 1 CS615 - Aspects of System Administration Networking I Department of Computer Science Stevens Institute of Technology Jan Schaumann jschauma@stevens.edu

1.19k views • 62 slides
Lecture 8: Internetworking, Naming CSE 123: Computer Networks Chris Kanich Project 1 due 11:59pm

Lecture 8: Internetworking, Naming CSE 123: Computer Networks Chris Kanich Project 1 due 11:59pm

Lecture 8: Internetworking, Naming CSE 123: Computer Networks Chris Kanich Project 1 due 11:59pm tonight Lecture 8 Overview Finish up IP Fragmentation, Route Aggregation CIDR Packet forwarding example User-friendly names (DNS)

760 views • 16 slides
CS615 - Aspects of System Administration Networking I Department of Computer Science Stevens

CS615 - Aspects of System Administration Networking I Department of Computer Science Stevens

CS615 - Aspects of System Administration Slide 1 CS615 - Aspects of System Administration Networking I Department of Computer Science Stevens Institute of Technology Jan Schaumann jschauma@stevens.edu https://stevens.netmeister.org/615/

818 views • 80 slides

More recommend