Hi John
Tim and I ran a 'Campus network engineering for data-intensive science
workshop' in October 2016, details here
https://www.jisc.ac.uk/events/campus-network-engineering-for-data-intensive-science-workshop-19-oct-2016
The slides from network engineers at Imperial and Cambridge are probably
the most relevant.
We have also written a document which seeks to help set expectations for
what the network can deliver:
https://community.jisc.ac.uk/groups/janet-end-end-performance-initiative/document/network-expectations-data-intensive-science
Hope these help.
Duncan
On 26/01/2018 16:06, Martin Bly wrote:
> Hi John,
>
> From the filtering the traffic point of view, we have two routes into/out of the Tier1 from/to the JANET border routers: 1) via the firewall to the site switch core and then on to us on the Tier1 Routers, and 2) via the bypass which comes from the border routers direct to the OPNR (router). The latter takes the data traffic to/from the storage servers in the OPN subnet and the rest goes through the firewall. Thus two separate (different ip address) gateways for the traffic to leave by. (There's a third router but let's not go there, not relevant to the Tier1).
>
> The important bit is that the OPNR filters ports on the inbound bypass route - it passes only the traffic on the ports we want (ipv4 and ipv6). Hardly seems to trouble the stacked S4810s that do it. No dedicated firewall to get in the way and given the less than stellar performance of the site firewall atm, just as well. Not sure whether that sort of approach might be doable for you.
>
> As to traffic congestion, if it's truly the firewall generating the problem for you *and* everyone else, bypass it. If it's actual volume of traffic from the whole university, then they 'need a bigger boat.' ;-)
>
> Martin.
>
|