Presentation of the VPN solution

Tuesday 3 Jul 2007, 16:00 → 18:00 Europe/Zurich

31/1-012 (CERN)

Veronique Lefebure (IT-FIO/FS)

As agreed on our last meeting, Andreas Hirstius will give a detailed presentation of the VPN solution as a possibility for a large scale deployment of usage of virtual machines in the CERN Computing Center. People from Netops are encourage to attend this presentation and to give feedback.

Present:
From Openlab: Andreas H., Xavier, Harvard,
From Netops: Luna, Jean-Michel, David, Eduardo
from GD; Andreas U., Dimitar, Konstantin
From FIO: Bernd,Alex, Jan M., Veronique

 Presentation on VPN by Andreas H.

See attached slides.
Main points:

1. Xen virtualisation is becoming heavily used, support from vendors increases
2. We can expect to run one Virtual machine per core, means up to 32 VM's per box, for each of them one needs on IP address.

3. One has to pay to get enough public IP addresses

4. Dom0 can run on a public IP address, and domU's on private IP addresses
   -------> here is where the argument stops. As reminded by Bernd, the grid WN
   software runs only on public IP addresses. It is for that reason that all WN
   boxes were re-IP'ed ~3 years ago. If not, we need a lot of gateways to keep with
   the data rate, and then we have a scalibility issue.

Other use-cases:

• It has been mentionned at the previous brainstormings that we could expect users
  to come with their own image to run on the WN.
  - pro: Experiments could live with a given environment longer than now
  - cons: it makes an extra step into the certification process:
       for ex. SLC5+Xen+SLC3+VO sw.
• Andreas U.: GRID testbeds.
  GD heavily uses VM for functionnality tests. They are hit by the limitation at the switch
  level: VM IP addresses can not be moved from on service to another.
  Netops can accomodate that requirement at a small scale.
  Requirements:
   - now: ~10 boxes x 4 VM's = 40 IP addresses
   - soon: ~30 boxes x 5 VM's = 150 IP addresses.
   ---> will request a "cluster" to Netops, by September 2007.
• INFN:
   - they use VM for reliability of critical glite services.
   Do they use life-migration ? checkpointing ? NFS.

Next meeting:
in 2 weeks: demo of GD use-case with more details on their requirements.