Presentation is loading. Please wait.

Presentation is loading. Please wait.

“From IPv4 to eternity” - the High Energy Physics transition to IPv6 David Kelsey TNC2012, Reykjavik 23 May 2012.

Published byDwain Norman Modified over 7 years ago

Similar presentations

Presentation on theme: "“From IPv4 to eternity” - the High Energy Physics transition to IPv6 David Kelsey TNC2012, Reykjavik 23 May 2012."— Presentation transcript:

1 “From IPv4 to eternity” - the High Energy Physics transition to IPv6 David Kelsey TNC2012, Reykjavik 23 May 2012

2 On behalf of my colleagues Bob Cowles (SLAC), Marek Elias (FZU), Thomas Finnern (DESY), Lars Fischer (NORDUnet), David Foster (CERN), Bruno Hoeft (KIT), Tomas Kouba (FZU), Simon Leinen (SWITCH), Edoardo Martelli (CERN), Mark Mitchell (Univ Glasgow), Kars Ohrenberg (DESY), Andreas Pfeiffer (CERN), Francesco Prelz (INFN), Mario Reale (GARR), Sandor Rozsa (Caltech), Sabah Salih (Univ Manchester), Luuk Uljee (SARA), Ronald van der Pol (SARA), Ramiro Voicu (Caltech), Mattias Wadenstein (Univ Umea), Tony Wildish (Princeton University) And several others who have participated in the past Many thanks to them! – Credit to them – Mistakes are mine 23 May2012TNC2012, Kelsey, HEP IPv62

3 Outline The Worldwide LHC Computing Grid (WLCG) The HEPiX IPv6 Working Group WLCG software and tools IPv6 survey The HEP IPv6 testbed Problems found Managing IPv6 at large sites IPv6 security issues Future plans Lessons learned Summary 23 May20123TNC2012, Kelsey, HEP IPv6

4 Worldwide LHC Computing Grid 23 May2012TNC2012, Kelsey, HEP IPv64 WLCG Data processing, storage and analysis for the CERN Large Hadron Collider Experiments Making data equally available to all partners, regardless of their physical location WLCG is made up of more than 140 computing centres in ~ 35 countries several * 100K CPU Cores several * 100 PB Storage

5 IPv6 and WLCG We currently do not know when WLCG will need to deploy IPv6-capable services – Virtualisation and Asian sites may drive this BUT to get there takes time! – Full survey of all software and tools – Need operational monitoring, security and tools – IPv6 operation, security and performance must be as good as IPv4 Physicists must not notice! 23 May2012TNC2012, Kelsey, HEP IPv65

6 HEPiX IPv6 Working Group HEPiX is a global body sharing info on HEP IT issues IPv6 working group created in April 2011 with aims: Consider whether/how IPv6 should be deployed in HEP – especially WLCG (Worldwide Large Hadron Collider Grid) Readiness and Gap analysis Run a distributed HEP testbed – to help explore all the above issues We meet face to face 4 times a year – And by video conference in between 23 May20126TNC2012, Kelsey, HEP IPv6

7 Limiting the scope The working group decided to concentrate on outward-facing WLCG services – Some backend services could stay IPv4 only But need to include middleware, tools etc. Wherever possible, work with others – EGI, EMI,… 23 May2012TNC2012, Kelsey, HEP IPv67

8 Software & Tools IPv6 Survey An “Asset” survey is underway – A spreadsheet to be completed by sites and the LHC experiments – Includes all applications, middleware and tools – Tickets to be entered for all problems found If IPv6-readiness is known, can be recorded Otherwise we will need to investigate further – Ask developer and/or supplier – Scan source code or look for network calls while running – Test the running application under dual stack conditions 23 May20128TNC2012, Kelsey, HEP IPv6

9 IPv6 survey (2) Need to check many things – Break when installed on a dual-stack node? – Does it bind to both stacks? – Is IPv6 preferred? – Can it be configured to prefer V4 or V6? 23 May2012TNC2012, Kelsey, HEP IPv69

10 IPv6 Testbed and testing We have deployed a distributed testbed – CERN, DESY, FZU, GARR, INFN, KIT and USLHCnet Connected to IPv6 and IPv4 networks – IPv6-only/IPv4-only names also registered in DNS – e.g. hepix-v6.desy.de & hepix-v4.desy.de https://w3.hepix.org/ipv6-bis/doku.php?id=ipv6:testbed A perl script (on wiki) validates configuration – Checks all DNS entries – runs ping and ping6 to all nodes 23 May201210TNC2012, Kelsey, HEP IPv6

11 Data transfer tests Virtual Organisation – ipv6.hepix.org We have successfully installed and tested GridFTP clients and servers on all nodes Full mesh of data transfers (globus_url_copy) – Tested and works CMS members of the working group – Performing continuous data transfers between pairs of nodes 23 May2012TNC2012, Kelsey, HEP IPv611

12 12 The CMS file transfer tests - Reliability test - not a stress/performance test - Single 2000 MB file from IPv6 VM at CERN transfered to 4 systems - globus_url_copy and uberftp to confirm file arrived then delete - Tests have been running continuously since February 2012 - Statistics since April 20th: Site#_of_transfers Failed_transf. Average_duration Duration_range DESY 390 13 (3.3 %) 66s (~30 MB/s) 41 - 425s Gridka 780 29 (3.7 %) 130s (~15 MB/s)110 - 439s INFN 1299 43 (3.3 %) 66s (~30 MB/s) 34 - 549s Uslhcnet 1299 28 (2.2 %) 81s (~25 MB/s) 38 - 549s Can still conclude: no show-stoppers. CMS PhEDEx should work. Note: Failure rate increased after installation of new firewall at CERN – reasons still not understood 23 May2012TNC2012, Kelsey, HEP IPv612

13 File Transfer Service (FTS) An interesting example of IPv6-ready middleware Functional IPv6 support in a software component does not imply that IPv6 transport is enabled by default This is hard to capture in either a survey or by automated code-checking tools 23 May2012TNC2012, Kelsey, HEP IPv613

14 FTS (2) gSOAP supports IPv6 – on TCP since version 2.5 (2005) – on UDP since version 2.7.2 (still 2005) BUT compiled without the “WITH_IPv6” flag Oracle IPv6-enabled from version 11g rel 2 – but FTS transfer agent libraries in EMI-1 still carry a hard dependency on Oracle V10 Transfer agents (Tomcat/Axis servlets) can be invoked on dual stack hosts and from dual stack clients – but ‘urlcopy’ agent still uses IPv4 for file transfer As in the globus-url-copy command, IPv6 resolution in the Globus FTP client needs to be explicitly enabled 23 May2012TNC2012, Kelsey, HEP IPv614

15 IPv6 problems found OpenAFS dCache UberFTP FTS globus_url_copy MyProxy ISC dhcp on Scientific Linux (Red Hat like) v5 Work ongoing! 23 May2012TNC2012, Kelsey, HEP IPv615

16 Managing IPv6 at large sites Best practices are still far from clear! Large sites (e.g. CERN and DESY) wish to manage the allocation of addresses – Do not like autoconfiguration (SLAAC) Wish to filter out Router Advertisements DHCPv6 very attractive – BUT IETF still discussing – Will the ‘route’ options be there or not? 23 May2012TNC2012, Kelsey, HEP IPv616

17 IPv6 security Are operational security teams ready for IPv6? No! Challenges include – Address format has multiple forms, many addresses per host and addresses difficult to remember – IPv6 standards contain many suggestions - implementation optional – Required security features, like RAGuard and SEND, are a long way from full deployment – Incomplete and immature implementations – Many vulnerabilities expected – Log parsing tools must all change – Dual stack and tunnels cause problems – e.g. packet inspection Must test that things which are not supposed to work do not 23 May2012TNC2012, Kelsey, HEP IPv617

18 Future plans Finalise survey and continue testing Review status at end of 2012 Produce implementation plans for 2013 and/or later Need to perform tests on the production infrastructure – involve WLCG Tier 1 centres Plan several HEP IPv6 “Days” (for 2013?) – turn on dual stack for 24 hours on production infrastructure and test/observe Earliest date for production of IPv6-only systems is (currently) Jan 2014 23 May201218TNC2012, Kelsey, HEP IPv6

19 Lessons learned For other research communities – Need to do a full-systems analysis – Consider all important applications and tools – Deploy a testbed and share experiences Don’t believe claims of IPv6 compliance – test! Testbeds are essential but eventually need to run tests on the production infrastructure Start soon – Analysis and testing all takes lots of time! 23 May2012TNC2012, Kelsey, HEP IPv619

20 Further info HEPiX IPv6 wiki https://w3.hepix.org/ipv6-bis/ Working group meetings http://indico.cern.ch/categoryDisplay.py?categId=3538 23 May2012TNC2012, Kelsey, HEP IPv620

21 For info - EGEE IPv6 tools Presented at TNC2010 Source code checker – A bash script looking for non compliant function calls and address data structures Dynamic Code Checker (IPV6 CARE tool) – A tool based on the LD_PRELOAD mechanism to intercept calls to non compliant functions in the dynamically linked libraries Analysis of all gLite code was performed – And code was modified to fix problems https://twiki.cern.ch/twiki/bin/view/EGEE/IPv6FollowUp 23 May2012TNC2012, Kelsey, HEP IPv621

22 Summary The HEPiX IPv6 working group functioning well much work still to be done during the next year or two not able to support IPv6-only systems in WLCG before 2014 – Decision on timetable to be made by end 2012 23 May2012TNC2012, Kelsey, HEP IPv622

Download ppt "“From IPv4 to eternity” - the High Energy Physics transition to IPv6 David Kelsey TNC2012, Reykjavik 23 May 2012."

Similar presentations

The HEPiX IPv6 Working Group David Kelsey GridPP29, Oxford 27 Sep 2012.

The HEPiX IPv6 Working Group David Kelsey GridPP29, Oxford 27 Sep 2012.
IPv6 at CERN Update on Network status David Gutiérrez Co-autor: Edoardo MartelliEdoardo Martelli Communication Services / Engineering

IPv6 at CERN Update on Network status David Gutiérrez Co-autor: Edoardo MartelliEdoardo Martelli Communication Services / Engineering
IPv6 testing plans 25 Jan 2013. Short term – next 6 weeks Add sites to testbed – Glasgow (DPM storage end point) – Fix DESY – Others? Is GridFTP mesh.

IPv6 testing plans 25 Jan Short term – next 6 weeks Add sites to testbed – Glasgow (DPM storage end point) – Fix DESY – Others? Is GridFTP mesh.
News from the HEPiX IPv6 Working Group David Kelsey (STFC-RAL) HEPiX, Oxford 24 Mar 2015.

News from the HEPiX IPv6 Working Group David Kelsey (STFC-RAL) HEPiX, Oxford 24 Mar 2015.
Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:

Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:
Agenda Network Infrastructures LCG Architecture Management

Agenda Network Infrastructures LCG Architecture Management
HEPiX IPv6 Working Group David Kelsey (STFC-RAL, UK) 4 May 2011 HEPiX, GSI, Darmstadt david.kelsey at stfc.ac.uk.

HEPiX IPv6 Working Group David Kelsey (STFC-RAL, UK) 4 May 2011 HEPiX, GSI, Darmstadt david.kelsey at stfc.ac.uk.
HEPiX IPv6 Working Group David Kelsey (STFC-RAL) 1 July 2011 UK HEP Sysman meeting.

HEPiX IPv6 Working Group David Kelsey (STFC-RAL) 1 July 2011 UK HEP Sysman meeting.
The HEPiX IPv6 Working Group David Kelsey HEPiX, IHEP Beijing 17 Oct 2012.

The HEPiX IPv6 Working Group David Kelsey HEPiX, IHEP Beijing 17 Oct 2012.
FP6−2004−Infrastructures−6-SSA-026634 IPv6 and Grid Middleware: the EUChinaGRID experience Gabriella Paolini – GARR Valentino.

FP6−2004−Infrastructures−6-SSA IPv6 and Grid Middleware: the EUChinaGRID experience Gabriella Paolini – GARR Valentino.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks gLite IPv6 compliance project tests Further.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks gLite IPv6 compliance project tests Further.
News from the HEPiX IPv6 Working Group David Kelsey (STFC-RAL) WLCG GDB, CERN 8 July 2015.

News from the HEPiX IPv6 Working Group David Kelsey (STFC-RAL) WLCG GDB, CERN 8 July 2015.
News from the HEPiX IPv6 Working Group David Kelsey (STFC-RAL) GridPP35, Liverpool 11 Sep 2015.

News from the HEPiX IPv6 Working Group David Kelsey (STFC-RAL) GridPP35, Liverpool 11 Sep 2015.
The production deployment of IPv6 on WLCG David Kelsey (STFC-RAL) CHEP2015, OIST, Okinawa 16 Apr 2015.

The production deployment of IPv6 on WLCG David Kelsey (STFC-RAL) CHEP2015, OIST, Okinawa 16 Apr 2015.
The HEPiX IPv6 Working Group David Kelsey (STFC-RAL) HEPiX, Ann Arbor MI 30 Oct 2013.

The HEPiX IPv6 Working Group David Kelsey (STFC-RAL) HEPiX, Ann Arbor MI 30 Oct 2013.
The HEPiX IPv6 Working Group David Kelsey EGI TF, Prague 18 Sep 2012.

The HEPiX IPv6 Working Group David Kelsey EGI TF, Prague 18 Sep 2012.
FP6−2004−Infrastructures−6-SSA-026634 IPv6 in the EGEE Related Projects: the EUChinaGRID experience Gabriella Paolini – GARR.

FP6−2004−Infrastructures−6-SSA IPv6 in the EGEE Related Projects: the EUChinaGRID experience Gabriella Paolini – GARR.
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 EGI Report Mario Reale NGI IT / GARR HEPiX f2f meeting.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Report Mario Reale NGI IT / GARR HEPiX f2f meeting.
The HEPiX IPv6 Working Group David Kelsey WLCG GDB, CERN 14 Nov 2012.

The HEPiX IPv6 Working Group David Kelsey WLCG GDB, CERN 14 Nov 2012.
“From IPv4 to eternity”: the HEPiX IPv6 working group CHEP2012, New York 21 May 2012.

“From IPv4 to eternity”: the HEPiX IPv6 working group CHEP2012, New York 21 May 2012.

Similar presentations

Ads by Google