2002 - cesnet

More documents

Recommendations

Info

Figure 16.4: Cisco–Linux measurement resultsThe graph clearly illustrates that the highest performance was reached with amodified kernel by RedHat. This kernel significantly differs from the standardkernel in some aspects (the kernel is obtained by applying 215 patches withthe total size of 35 MB). Unfortunately, we were unable to find out which of themodifications has the essential influence on the transfer speed increase. An importantpart of the RedHat kernel modifications is a set of patches by Alan Cox.That is why we also tested the standard kernel with these patches applied. Theresults were better than those of the standard kernel, though not as good as inthe case of the RedHat kernel.A detailed description of all measurements performed and our experience withthe Cisco SN 5428 device can be found in the CESNET technical report No. 15/2002.16.3 iSCSI SecurityiSCSI employs two independent security mechanisms, which complement eachother:• target–initiator authentication in the iSCSI link layer• data packets protection on the IP layer (IPSec)If the iSCSI implementation is to comply with the [SSC02] draft, both the targetand the initiator must support authentication. The existing security levels ofindividual iSCSI implementations can be characterized by several approaches.180 High-speed National Research Network and its New Applications 2002
16.3.1 No SecurityThe initiator is not authenticated and transferred data and commands are notencrypted in this mode. This approach can only be applied in situations wherepotential security risks are minimal and configuration flaws are not likely.16.3.2 Initiator–Target AuthenticationIn this mode, the target authenticates the initiator (or/and vice versa). This approachprevents unauthorized access to data spaces by faking the identity ofthe initiator (spoofing). After completing the authentication process, all othercommands and data are sent in an unencrypted form. This method can be usedonly if man-in-the-middle attacks, wiretapping, and modifications of data sentare excluded.The iSCSI draft (see [SSC02] and [ATW02]) assumes authentication forms inaccordance with table 16.4.KRB5SPKM1SPKM2SRPCHAPNoneKerberos V5Simple public-key generic security service (GSS),application programming interface (API) mechanismSimple public-key GSS API mechanismSecure Remote PasswordChallenge Handshake Authentication ProtocolNo authenticationTable 16.4: Available iSCSI authentication types16.3.3 Authentication and EncryptionWithin this solution, the authentication is secured using one of the previouslymentioned mechanisms and the data transfer security is maintained with theencryption on the IP level.From the viewpoint of the draft, a device is considered iSCSI-compatible if it hasthe IPSec support implemented. With respect to the demands for bandwidthand relating difficulties within the encryption, the draft permits the IPSec implementationin a front-end device. The pair of devices (iSCSI router and the IPSecdevice) is then considered to be a device complying with the draft requirements.None of the tested devices had the IPSec technology implemented.Linux: Authentication using a locally defined list of initiators, CHAP protocol.High-speed National Research Network and its New Applications 2002181
Page 1 and 2:
2002High-speed NationalResearch Net
Page 3 and 4:
Table of Contents1 Introduction 92
Page 5 and 6:
6.4.3 Support of Special Events. .
Page 7 and 8:
14.3 Cisco ICM Software . . . . . .
Page 9 and 10:
1 IntroductionThe report presented
Page 11 and 12:
2 Brief SummaryThe research plan ti
Page 13 and 14:
men. We designed the basic concept
Page 15 and 16:
2.4 Other ProjectsThe objective of
Page 17 and 18:
3 Operation of CESNET2During 2002,
Page 19 and 20:
Canarie622 MbpsESNET622 MbpsGÉANT/
Page 21 and 22:
central network core routers with t
Page 23 and 24:
The existing logical topology of mu
Page 25 and 26:
The logical core topology anticipat
Page 27 and 28:
Within the informative part, we req
Page 29 and 30:
3.6 Statistical Traffic Analysis3.6
Page 31 and 32:
Figure 3.8: Influence of time step
Page 33 and 34:
Praha-Plzeň, 2.5 GbpsPraha-Ústí
Page 35 and 36:
CESNET2-GÉANT, 1.2 Gbps (october)C
Page 37 and 38:
Part IStrategic Projects
Page 39 and 40:
4 Optical Networks and theirDevelop
Page 41 and 42:
US (TeraGrid with backbone 4 × 10
Page 43 and 44:
ApplicationMiddlewareHigh bandwidth
Page 45 and 46:
4.2.2 User InterfaceSubscribers (me
Page 47 and 48:
ers will move and that other types
Page 49 and 50:
GermanyCheb10 G34 MPlzeňGÉANT 622
Page 51 and 52:
It is also possible to implement th
Page 53 and 54:
Chemical Technology and PASNET, we
Page 55 and 56:
Manufacturerwww.accton.comwww.actio
Page 57 and 58:
particularly based on the fact that
Page 59 and 60:
0101 NRZlaserMach-ZendermodulatorED
Page 61 and 62:
Cisco ONS 15201boosterfiber 130 kmC
Page 63 and 64:
5 IP version 6Further expansion of
Page 65 and 66:
5.2.1 IPv6 Network TopologyFor the
Page 67 and 68:
Missing in this list are especially
Page 69 and 70:
5.2.7 Connecting End Site NetworksI
Page 71 and 72:
5.4 IPv6 User Services and Applicat
Page 73 and 74:
sible reprogramming of functions, a
Page 75 and 76:
IPBIpb_0HFEHfe_1SORSor_0LUPLup_0RQR
Page 77 and 78:
As regards our router on the PC pla
Page 79 and 80:
the activities of our project. In 2
Page 81 and 82:
6 Multimedia Transmissions6.1 Objec
Page 83 and 84:
scaling is considerably restricted;
Page 85 and 86:
Figure 6.1: Modified program for sh
Page 87 and 88:
6.3.5 Direct Support for Pilot Grou
Page 89 and 90:
programs which control the integrat
Page 91 and 92:
Figure 6.4: Example of broadcast fr
Page 93 and 94:
Figure 6.5: Set of tuners and serve
Page 95 and 96:
and transfer the solution to an ope
Page 97 and 98:
The actual computing capacity of Me
Page 99 and 100:
7.1.2 Information ServicesMetaCentr
Page 101 and 102:
Figure 7.1: Grid nodes for SC2002an
Page 103 and 104:
(December 2002). This was one of th
Page 105 and 106:
the use of 158 processors). When we
Page 107 and 108:
8 Voice Services in CESNET2The proj
Page 109 and 110:
Figure 8.1: Number of phone calls i
Page 111 and 112:
VoGWs of members involved in the pr
Page 113 and 114:
connection and compare the features
Page 115 and 116:
• Extensive possibilities for the
Page 117 and 118:
H.323 WorldSIP PhoneMS Messengerand
Page 119 and 120:
ation with students at the Strahov
Page 121 and 122:
9 Quality of Service in HighspeedNe
Page 123 and 124:
In addition, Juniper routers make u
Page 125 and 126:
We tried to divide the capacity of
Page 127 and 128:
low with respect to the capacity of
Page 129 and 130: Figure 9.10: Loss rate on Prague-Po
Page 131 and 132: sendingapplicationTCP senderseqackp
Page 133 and 134: Figure 9.13: Example of a course of
Page 135 and 136: Part IIInternational Projects
Page 137 and 138: 10 GÉANTSince 1996, CESNET has bee
Page 139 and 140: Figure 10.2: Utilization of individ
Page 141 and 142: 11 DataGridSince 2001, our research
Page 143 and 144: Therefore, we organized a meeting w
Page 145 and 146: 12 SCAMPISCAMPI (Scaleable Monitori
Page 147 and 148: 12.3.1 WP0 - Requirement AnalysisTh
Page 149 and 150: 1 6 12 18 24 30requirements analysi
Page 151 and 152: Part IIIOther Projects
Page 153 and 154: 13 Online Education Infrastructurea
Page 155 and 156: 13.1.2 Construction of a Teleinform
Page 157 and 158: with high-capacity disk memories co
Page 159 and 160: If the collaboration of individual
Page 161 and 162: ten, whereas items in the hyperlink
Page 163 and 164: Besides that, we processed some lec
Page 165 and 166: CallManager was designed using open
Page 167 and 168: tre, when we were forced to handle
Page 169 and 170: 15 Intelligent NetFlow AnalyserThe
Page 171 and 172: In the second half-year, we complet
Page 173 and 174: 15.4 ConclusionDuring 2002, our tea
Page 175 and 176: • data space consolidation (easy
Page 177 and 178: ecord size [kB] 256 512 1024 2048 4
Page 179: Figure 16.3: Nishan-Linux measureme
Page 183 and 184: vices. These features mainly involv
Page 185 and 186: Figure 17.1: www.cesnet.cz• We ha
Page 187 and 188: The meeting was broadcast live via
Page 189 and 190: Most of the problems connected with
Page 191 and 192: Standard manipulator (privileged us
Page 193 and 194: 19 Security of Local CESNET2Network
Page 195 and 196: Moreover, the program was complemen
Page 197 and 198: in the network of AV ČR Praha-Krč
Page 199 and 200: 19.5 Future Plans, Expected Further
Page 201 and 202: InternetNTPEthernetKPCPPSLabelPPSLa
Page 203 and 204: generated by the NTP server. Its ou
Page 205 and 206: 21 Platforms for Streaming andVideo
Page 207 and 208: streaming serverAAA (LDAPS) server1
Page 209 and 210: 21.5 Video Content CollaborationPla
Page 211 and 212: First of all, we had to define an a
Page 213 and 214: international-scale broadcast will
Page 215 and 216: Part IVConclusion and Annexes
Page 217 and 218: 23 ConclusionThe current developmen
Page 219 and 220: AList of connected institutionsA.1
Page 221 and 222: institutionconnection [Mbps]Institu
Page 223 and 224: Karásek Miroslav, Ing., DrSc. Czec
Page 225 and 226: Voral Pavel, Ing.Voříšek Martin,
Page 227 and 228: Burčík J.: Optické přepínání
Page 229 and 230: Veselá S.: Aktivity sdružení CES
Page 231 and 232:
Krsek M.: Platformy pro streaming m
Page 233 and 234:
Zatloukal K., Křivánek V.: Videok
Page 235 and 236:
Satrapa P.: Scavenger: Za Internet
show all

2002 - cesnet

Create successful ePaper yourself

Delete template?

Save as template?