HEPiX Fall/Autumn 2017 Workshop

Session

Networking and security

SN

16 Oct 2017, 14:00

KEK

15. The LHCONE network

Mr Vincenzo Capone (GÉANT)

16/10/2017, 14:00

Security & Networking

LHCONE is a worldwide network dedicated to the data transfers of HEP experiments. The presentation will explain the origin and the architecture of the network, the services and advantages it provides, the benefits achieved so far. It will also include an update with the latest achievements

25. WLCG/OSG Networking Update

Marian Babik (CERN)

16/10/2017, 14:25

Security & Networking

WLCG relies on the network as a critical part of its infrastructure and therefore needs to guarantee effective network usage and prompt detection and resolution of any network issues, including connection failures, congestion and traffic outing. The OSG Networking Area is a partner of the WLCG effort and is focused on being the primary source of networking information for its partners and...

57. The TransPAC project

Andrew Lee (Indiana University)

16/10/2017, 14:50

Security & Networking

The TransPAC project has a long history of supporting R&E networking, connecting the Asia Pacific region to the United States to facilitate research. This talk will give an overview of the project for those who may not be familiar with it or its activities and a brief sketch of future plans. Then the talk will cover LHCONE connectivity from our perspective and lay out options for how TransPAC...

18. AutoGOLE bringing high speed data transfers

Joe Mambretti (Northwestern University)

16/10/2017, 15:15

Security & Networking

The Automated GOLE (AutoGOLE) fabric enables research and education networks worldwide to automate their inter-domain service provisioning. By using the AutoGOLE control plane infrastructure, services to other countries can be setup in minutes. Besides automated provisioning we experiment with connecting high-speed Data Transfer Nodes (DTNs) to the AutoGOLE environment. This talk will discuss...

54. Next Generation Software Defined Services and the Global Research Platform

Joe Mambretti (Northwestern University)

16/10/2017, 16:10

Security & Networking

The Global Research Platform is a world-wide software defined distributed environment designed specifically for data intensive science. The talk will show how this environment could be used for experiments like the LHC

58. NetSage, a unified network measurement and visualization service

Andrew Lee (Indiana University)

16/10/2017, 16:35

Security & Networking

Modern science is increasingly data-driven and collaborative in nature, producing petabytes of data that can be shared by tens to thousands of scientists all over the world. NetSage is a project to develop a unified open, privacy-aware network measurement, and visualization service to better understand network usage in support of these large scale applications. New capabilities to measure and...

24. Tier-1 networking cost and optimizations

Erik Mattias Wadenstein

16/10/2017, 17:00

Security & Networking

As the WLCG data sets grow ever bigger, so will network usage. For those of us with limited budgets, it would be nice if network costs won't get ever bigger too.

As NDGF is one of the few tier-1 sites in WLCG required to pay full networking costs, including transit, we'll look at the cost breakdown of networking for a tier-1 site and talk about where optimizations might be found.

32. Network Functions Virtualisation Working Group Proposal

Marian Babik (CERN)

16/10/2017, 17:25

Security & Networking

High Energy Physics (HEP) experiments have greatly benefited from a strong relationship with Research and Education Network (REN) providers and thanks to the projects such as LHCOPN/LHCONE and REN contributions, have enjoyed significant capacities and high performance networks for some time. RENs have been able to continually expand their capacities to over-provision the networks relative to...

63. Recent network connectivity around KEK

Soh Suzuki

17/10/2017, 14:00

Security & Networking

Last year, KEK had upgraded the upstream link to 100Gbps in Apr.
then officially started the peer with LHCONE since Sep.
Then KEK can distribute huge data to WLCG sites by adequate
throughput altough this upgrade didn't made large impact on
the firewalls for the ordinary internet usage from the campus
network.

We will report changes by the LHCONE peer and
how we connect our campus network and...

75. Network related updates in IHEP

Mr zhihui sun (Institute of High Energy Physics Chinese Academy of Sciences)

17/10/2017, 14:20

Security & Networking

We give the design and plan of network architecture updates in IHEP at HEPIX Spring 2017, and it has been finished in August 2017. This report talks about the network architecture upgrades, Dual stack ipv6 test, network measurement and morning at IHEP and network security upgrades.

66. Netbench –testing network devices with real-life traffic patterns

Stefan Nicolae Stancu (CERN)

17/10/2017, 14:40

Security & Networking

Network performance is key to the correct operation of any modern datacentre or campus infrastructure. Hence, it is crucial to ensure the devices employed in the network are carefully selected to meet the required needs.

The established benchmarking methodology [1,2] consists of various tests that create perfectly reproducible traffic patterns. This has the advantage of being able to...

34. Deployment of IPv6-only CPU on WLCG - an update from the HEPiX IPv6 Working Group

Dave Kelsey (STFC - Rutherford Appleton Lab. (GB))

17/10/2017, 15:05

Security & Networking

This update from the HEPiX IPv6 Working Group will present the activities of the last 6-12 months. In September 2016, the WLCG Management Board approved the group’s plan for the support of IPv6-only CPU, together with the linked requirement for the deployment of production Tier 1 dual-stack storage and other services. A reminder of the requirements for support of IPv6 and the deployment...

17. Using Configuration Management to deploy and manage network services

Quentin Barrand (CERN)

17/10/2017, 16:00

Security & Networking

Configuration Release Management (CRM) is rapidly gaining popularity among service managers, as it brings version control, automation and lifecycle management to system administrators. At CERN, most of the virtual and physical machines are managed through the Puppet framework, and the networking team is now starting to use it for some of its services.
This presentation will focus on the...

12. Follow-up about Wi-Fi service enhancement at CERN

Vincent Ducret (CERN)

17/10/2017, 16:25

Security & Networking

As presented during HEPiX Fall 2016, a full renewal of the CERN Wi-Fi network was launched in 2016 in order to provide a state-of-the-art Campus-wide Wi-Fi Infrastructure. This year, the presentation will give a status and feedback about this overall deployment. It will provide information about the technical choices made, the methodology used for such a deployment, the issues we faced and how...

16. Configuration automation for CERN's new Wi-Fi infrastructure

Quentin Barrand (CERN)

17/10/2017, 16:50

Security & Networking

As presented at HEPiX Fall 2016, CERN is currently in the process of renewing its standalone Wi-Fi Access Points with a new state-of-the-art, controller-based infrastructure. With more than 4000 new Access Points to be installed, it is desirable to keep the existing deployment procedures and tools to avoid repetitive and error-prone actions during configuration and maintenance steps.
This...

13. Firewall Load-Balancing solution at CERN

Vincent Ducret (CERN)

17/10/2017, 17:15

Security & Networking

The CERN network infrastructure has several links to the outside world. Some are well identified and dedicated for experiments and research traffic (LHCOPN/LHCONE), some are more generics (general internet). For the latter, a specific firewall inspection is required for obvious security reasons, but with tens of gigabits per second of traffic, the firewalls capacities are highly challenged....

33. Low-Power Wide-Area Network (LPWAN) at CERN

Mr Rodrigo Sierra (CERN)

18/10/2017, 16:00

Security & Networking

The interest in the Internet of Things (IoT) is growing exponentially so multiple technologies and solutions have emerged to connect mostly everything. A ‘thing’ can be a car, a thermometer or a robot that, when equipped with a transceiver, will exchange information over the internet with a defined service. Therefore, IoT comprises a wide variety of user cases with very different...

78. Fancy Networking

Tristan Suerink (Nikhef National institute for subatomic physics (NL))

18/10/2017, 16:25

Security & Networking

We've redesigned our HPC/Grid network to be capable of full network function virtualisation, to be prepared for large amounts of 100Gbps connections, and to be 400G ready. In this talk we want to take you through the design considerations for a fully non-blocking 6 Tbps virtual network, and what type of features we have build-in for the cloudification of our clusters using OpenContrail....

79. Network Automation for Intrusion Detection System

Adam Lukasz Krajewski (CERN)

18/10/2017, 16:50

Security & Networking

CERN networks are dealing with an ever-increasing volume of network traffic. The traffic leaving and entering CERN must be precisely monitored and analysed to properly protect the networks from potential security breaches. To provide the required monitoring capabilities, the Computer Security team and the Networking team at CERN have joined efforts in designing and deploying a scalable...

45. EGI CSIRT: Keeping EGI Secure

Vincent Brillault (CERN)

19/10/2017, 09:00

Security & Networking

The EGI CSIRT main goal is, in collaboration with all resources providers, to keep the EGI e-Infrastructure running and secure. During the past years, under the EGI-Engage project, the EGI CSIRT has been driving the infrastructure in term of incident prevention and response, but also security training. This presentation provides an overview of these activities, focusing on the impact for the...

46. Security update

Romain Wartel (CERN)

19/10/2017, 09:25

Security & Networking

This presentation gives an overview of the current computer security landscape. It describes the main vectors of compromises in the academic community including lessons learnt, and reveal inner mechanisms of the underground economy to expose how our resources are exploited by organised crime groups, as well as recommendations to protect ourselves. By showing how these attacks are both...

64. Current Status and Future Directions of KEK Computer Security

Dr Fukuko Yuasa (KEK)

19/10/2017, 09:50

Security & Networking

Recently Japanese universities and academic organizations had experienced sever cyber attacks. To mitigate computer security incidents, we are forced to rethink our strategies in aspects of security management and network design.
In this talk, we report current status and present future directions of KEK Computer security.

47. Security: case study

Romain Wartel (CERN), Vincent Brillault (CERN)

19/10/2017, 10:15

Security & Networking

This is a TLP:RED presentation of a case study. Slides and details will not be made publicly available, and attendees have to agree to treat all information presented as confidential and refrain from sharing details on social media or blog. The presentation focuses on an insider attack and concentrates on the technical aspects of the investigation, in particular the network and file system...