unroutable LHCONE traffic

26 Mar 2021, 10:00
30m
Conf. Room 2 (ASGC)

Conf. Room 2

ASGC

Oral Presentation Network, Security, Infrastructure & Operations Network, Security, Infrastructure & Operations Session

Speaker

Mr Bruno Hoeft (Karlsruhe Institute of Technology)

Description

This talk explores the methods and results confirming the baseline assumption that LHCONE traffic is science traffic. The LHCONE (LHC Open Network Environment) is a network conceived to support globally distributed collaborative science. The LHCONE connects thousands of researchers to LHC data sets at hundreds of universities and labs performing analysis within the global collaboration.  It is “Open” to all levels of the LHC as well as a short list of approved non-LHC science collaborations. It is distinct from the smaller, tightly integrated and private LHCOPN (Optical Private Network) network which is strictly for “Tier 1” compute centers and used in support of the engineered workflow for LHC data processing, distribution and storage of the baseline datasets. LHCONE satisfies the need for a high performance global data transfer network of networks supporting scientific analysis at universities and science labs.

**Science traffic separation is the hard part**
The separation of science flows from non-science flows, an essential first step in traffic engineering high performance science networks. Before resources or preference can be applied to more effectively move science data, it is essential to identify and separate the science from non-science traffic. This talk explores the methods and results in detecting traffic in the LHCONE network that does not comply with the Appropriate Use Policy established by the global LHC collaboration.

**LHCONE hosts are high performance**
Through integration of the Science DMZ network model and collaborative software platforms. The data transfer nodes connected to LHCONE are high performing data movers placed on the network edge/Science DMZ and secured precisely according to the applications they support and the purpose they serve.

**LHCONE is at risk of unauthorized use**
Unauthorized use of LHCONE places both the network and the sites using it at risk. The risk takes two forms:- Science flows mixing with non-science flows- Unauthorized traffic being dropped inside LHCONE

**Identifying unauthorized traffic**
An EDUgain authenticated portal displaying unauthorized usage will be demonstrated. Since LHCONE is growing and changing quite frequently the underlying database will get collaborative maintained and administered.

Primary author

Mr Bruno Hoeft (Karlsruhe Institute of Technology)

Presentation materials