Harnessing HPC resources for CMS jobs using a Virtual Private Network

20 May 2021, 15:00
13m
Short Talk Distributed Computing, Data Management and Facilities Facilities and Networks

Speaker

Benjamin Tovar Lopez (University of Notre Dame)

Description

The processing needs for the High Luminosity (HL) upgrade for the LHC require the CMS collaboration to harness the computational power available on non-CMS resources, such as High-Performance Computing centers (HPCs). These sites often limit the external network connectivity of their computational nodes. In this paper we describe a strategy in which all network connections of CMS jobs inside a facility are routed to a single point of external network connectivity using a Virtual Private Network (VPN) server by creating virtual network interfaces in the computational nodes. We show that when the computational nodes and the host running the VPN server have the namespaces capability enabled, the setup can run entirely on user space with no other root permissions required. The VPN server host may be a privileged node inside the facility configured for outside network access, or an external service that the nodes are allowed to contact. When namespaces are not enabled at the client side, then the setup falls back to using a SOCKS server instead of virtual network interfaces. We demonstrate the strategy by executing CMS Monte Carlo production requests on opportunistic non-CMS resources at the University of Notre Dame. For these jobs, cvmfs support is tested via fusermount (cvmfsexec), and the native fuse module.

Primary authors

Benjamin Tovar Lopez (University of Notre Dame) Brian Paul Bockelman (University of Wisconsin Madison (US)) Mike Hildreth (Department of Physics-College of Science-University of Notre Da) Kevin Patrick Lannon (University of Notre Dame (US)) Douglas Thain (University of Notre Dame)

Presentation materials

Proceedings

Paper