More Like this

1. Network Capabilities for the HL-LHC Era

   https://doi.org/10.1051/epjconf/202024507051  

   Babik, Marian ; McKee, Shawn ( January 2020 , EPJ Web of Conferences)

   Doglioni, C. ; Kim, D. ; Stewart, G.A. ; Silvestris, L. ; Jackson, P. ; Kamleh, W. (Ed.)

   High Energy Physics (HEP) experiments rely on the networks as one of the critical parts of their infrastructure both within the participating laboratories and sites as well as globally to interconnect the sites, data centres and experiments instrumentation. Network virtualisation and programmable networks are two key enablers that facilitate agile, fast and more economical network infrastructures as well as service development, deployment and provisioning. Adoption of these technologies by HEP sites and experiments will allow them to design more scalable and robust networks while decreasing the overall cost and improving the effectiveness of the resource utilization. The primary challenge wemore »currently face is ensuring that WLCG and its constituent collaborations will have the networking capabilities required to most effectively exploit LHC data for the lifetime of the LHC. In this paper we provide a high level summary of the HEPiX NFV Working Group report that explored some of the novel network capabilities that could potentially be deployment in time for HL-LHC.« less
2. TRACER (TRACe route ExploRer): A tool to explore OSG/WLCG network route topologies

   https://doi.org/10.1142/S0217751X21300052  

   Tretyakov, Evgeniy ; Artamonov, Alexey ; Grigorieva, Maria ; Klimentov, Alexei ; McKee, Shawn ; Vukotic, Ilija ( February 2021 , International Journal of Modern Physics A)

   The experiments at the Large Hadron Collider (LHC) rely upon a complex distributed computing infrastructure (WLCG) consisting of hundreds of individual sites worldwide at universities and national laboratories, providing about half a billion computing job slots and an exabyte of storage interconnected through high speed networks. Wide Area Networking (WAN) is one of the three pillars (together with computational resources and storage) of LHC computing. More than 5 PB/day are transferred between WLCG sites. Monitoring is one of the crucial components of WAN and experiments operations. In the past years all experiments have invested significant effort to improve monitoring and integratemore »networking information with data management and workload management systems. All WLCG sites are equipped with perfSONAR servers to collect a wide range of network metrics. We will present the latest development to provide the 3D force directed graph visualization for data collected by perfSONAR. The visualization package allows site admins, network engineers, scientists and network researchers to better understand the topology of our Research and Education networks and it provides the ability to identify nonreliable or/and nonoptimal network paths, such as those with routing loops or rapidly changing routes.« less
3. Understanding Container Network Interface Plugins: Design Considerations and Performance

   https://doi.org/10.1109/LANMAN49260.2020.9153266  

   Qi, Shixiong ; Kulkarni, Sameer G ; Ramakrishnan, K. K. ( July 2020 , 26th {IEEE} International Symposium on Local and Metropolitan Area Networks, {LANMAN} 2020, Orlando, FL, USA, July 13-15, 2020)

   Kubernetes, an open-source container orchestration platform, has been widely adopted by cloud service providers (CSPs) for its advantages in simplifying container deployment, scalability and scheduling. Networking is one of the central components of Kubernetes, providing connectivity between different pods (group of containers) both within the same host and across hosts. To bootstrap Kubernetes networking, the Container Network Interface (CNI) provides a unified interface for the interaction between container runtimes. There are several CNI implementations, available as open-source ‘CNI plugins’. While they differ in functionality and performance, it is a challenge for a cloud provider to differentiate and choose the appropriatemore »plugin for their environment. In this paper, we compare the various open source CNI plugins available from the community, qualitatively and through detailed quantitative measurements. With our experimental evaluation, we analyze the overheads and bottlenecks for each CNI plugin, as a result of the network model it implements, interaction with the host network protocol stack and the network policies implemented in iptables rules. The choice of the CNI plugin may also be based on whether intra-host or inter-host communication dominates.« less
4. Denial of Service Detection & Mitigation Scheme using Responsive Autonomic Virtual Networks (RAvN)

   https://doi.org/10.1109/MILCOM47813.2019.9020809  

   Starke, Allen ; Nie, Zixiang ; Hodges, Morgan ; Baker, Corey ; McNair, Janise ( November 2019 , 2019-2019 IEEE Military Communications Conference (MILCOM))

   In this paper, we propose a responsive autonomic and data-driven adaptive virtual networking framework (RAvN) to detect and mitigate anomalous network behavior. The proposed detection scheme detects both low rate and high rate denial of service (DoS) attacks using (1) a new Centroid-based clustering technique, (2) a proposed Intragroup variance technique for data features within network traffic (C.Intra) and (3) a multivariate Gaussian distribution model fitted to the constant changes in the IP addresses of the network. RAvN integrates the adaptive reconfigurable features of a popular SDN platform (open networking operating system (ONOS)); the network performance statistics provided by trafficmore »monitoring tools (such as T-shark or sflow-RT); and the analytics and decision-making tools provided by new and current machine learning techniques. The decision making and execution components generate adaptive policy updates (i.e. anomalous mitigation solutions) on-the-fly to the ONOS SDN controller for updating network configurations and flows. In addition, we compare our anomaly detection schemes for detecting low rate and high rate DoS attacks versus a commonly used unsupervised machine learning technique, Kmeans. Kmeans recorded 72.38% accuracy, while the multivariate clustering and the Intra-group variance methods recorded 80.54% and 96.13% accuracy respectively, a significant performance improvement.« less
5. SLATE and the Mobility of Capability

   Gardner, R ; Breen, J ; Bryant, L ; McKee, S ( October 2017 , Science Gateways 2017)

   SLATE (Services Layer at the Edge) is a new project that, when complete, will implement “cyberinfrastructure as code” by augmenting the canonical Science DMZ pattern with a generic, programmable, secure and trusted underlayment platform. This platform will host advanced container-centric services needed for higher-level capabilities such as data transfer nodes, software and data caches, workflow services and science gateway components. SLATE will use best-of-breed data center virtualization components, and where available, software defined networking, to enable distributed automation of deployment and service lifecycle management tasks by domain experts. As such it will simplify creation of scalable platforms that connect researchmore »teams, institutions and resources to accelerate science while reducing operational costs and development cycle times. Since SLATE will be designed to require only commodity components for its functional layers, its potential for building distributed systems should extend across all data center types and scales, thus enabling creation of ubiquitous, science-driven cyberinfrastructure. By providing automation and programmatic interfaces to distributed HPC backends and other cyberinfrastructure resources, SLATE will amplify the reach of science gateways and therefore the domain communities they support.« less