Revisiting APAN Services #2 Yoshikata Hattori, Pensri A., Lee, Jaehwa, APAN NOC 19 th APAN Meeting, Bangkok
What Are APAN Services? WWW –apan.net and DNS –ns.kaist.apan.net and ns.jp.apan.net /mailing lists –apan.net Distributed among/operated by APAN- KR/ANF and APAN-JP NOCs
Why Revisiting? These are the most important services for us –to get information from APAN thru WWW –to communicate with others thru /mailing lists –based on the APAN DNS So they need –correctness of information –reliability and stability of operation/monitoring And they are naturally based upon the network architecture/operation. Now APAN network architecture/operation has changed greatly which requires revisiting the services. –24x7 operation/monitoring –GbE connection between JP and KR
(Previous) Problems WWW –Contents of apan.net(KR) and have 4 hours difference -> Harmful DNS –No backup of primary database(KR) -> Dangerous /mailing lists –No backup of mailing lists(KR) -> Dangerous Operated/monitored jointly by APAN-KR/ANF and APAN-JP NOCs –No 24x7 operation/monitoring on KR side
New Scheme Servers distributed among JP and KR –Controlled/operated/monitored by APAN NOC –Redundancy/reliability Information correctness, reliability, and stability –NFS between servers for WWW –Backup of data for WWW, DNS, Mailing Lists –Servers location independence of the sec.
Current Status/Follow-up WWW servers, apan.net = –2 official servers(JP and KR) with 1 hidden server(master.apan.net in Sec./TH) Sec controls the contents –Hidden server is rcynced by JP server (with a reliable backup) in every 4 hours Sec must have a way to trigger rsync –KR server NFS-mounting JP server contents KR must have a local copy : local copy of NFS-mounted contents –Need performance test for this scheme DNS servers –Primary server moved to APAN NOC from KAIST, but its hidden now –The same 2 servers(secondary) seen from outside –1 hidden server + 2 servers or just 2 servers? Mail server/mailing lists reconfiguration –Still pending Should follow WWW servers scheme – 2 official mail exchangers Sec must control ML lists Is it worth trying anycast for these services?
Current Status on KR Side KOREN/APAN-KR NOC has moved to Seoul with servers –I(JH Lee) am working for Convergence Lab., KT in Seoul Our new servers (still going on) –2 redundant 1-u servers for WWW, DNS, mail servers w/ storage servers These will host the APAN servers/services –Planning to have specialized servers for tunnel broker, AG bridge servers, SNMP servers, etc. Only in 6 years were going to have many new servers
Web Contents THJPKR noc6-5.kr.apan.net = apan.net = ns2.jp.apan.net = apan.net = master.apan.net Mounted with NFS Real-time updating can be done Synchronizing the contents by SSH-wrapped rsync every 4 hours apan.net A A www CNAME apan.net. Master: Slave: Users can access JP or KR server using or The result of DNS query determines which server will be selected. Domain Name Servers of apan.net Results of DNS query are round robin. 1 st time %nslookup apan.net Name: apan.net Addresses: , nd time %nslookup apan.net Name: apan.net Addresses: , rd time %nslookup apan.net Name: apan.net Addresses: , Secretariats can edit and update web contents on master.apan.net. This crontab with script on JP server remotely runs rsyncd command wrapped by SSH every 4 hours. Then rsync checks the updated contents on master.apan.net and transfers them to JP server. These A records and CNAME record realize round robin service. Previous rsync configuration between old KR server and JP had deleted. Old KR web server $ cat rsyncd.conf hosts allow = use chroot = no max connections = 4 syslog facility = local5 # pid file = /var/run/rsyncd.pid timeout = 6000 [www] path = /usr/local/src/www/html/apan.net lock file = /home/inetapan/rsyncd.lock uid = inetapan gid = users read only = true This rsyncd.conf on master.apan.net allows rsync accessing from JP server. Web Contents Figure of APAN Web Servers Relocation by Mr.Hattori JHLee-san sent CD-Rs to Pensri-san. They contain the whole web contents of apan.net. And Pensri-san has uploaded them on master.apan.net. %crontab –l 20 */4 * * * /usr/home/httpd/cron/wwwsync/wwwsync.sh %cat /usr/home/httpd/cron/wwwsync/wwwsync.sh #!/bin/sh /usr/local/bin/rsync -e ssh -aqz /home/httpd/ Master:
Redundancy for Web Service How to build redundancy for a nd –Synchronize contents from TH to JP and from JP to KR –Allocate 2 IP addresses (KR: and JP: ) for apan.net and –Use round robin DNS How to synchronize the web contents –The bandwidth and RTT of TH-JP and KR-JP are taken into account –KR-JP use NFS, enough bandwidth and good RTT –TH-JP use SSH-wrapped rsync because of limited bandwidt h
Building KR-JP Synchronization by NFS NFS for synchronization between KR and JP, an d he led the implementation –NFS has already showed enough performance within Korea –Fortunately, there is enough bandwidth between KR a nd JP –JP server, exports the web contents as read-only NFS server only to KR server –KR server remotely mounted them as NFS client Destination is from JP to KR Need further tests for NFS/WWW performance
New Services NTP Information/Routing Registry H.323/SIP APAN Observatory LDAP … Any services members want to have
Now comes the detailed report of the APAN services relocation by APAN/APAN- JP NOC