nlnog ring from a user perspective
play

NLNOG RING from a user perspective Bartek Gajda - PowerPoint PPT Presentation

NLNOG RING from a user perspective Bartek Gajda gajda@man.poznan.pl Source: Job Snijders https://ripe65.ripe.net/presentations/105-RIPE65_NLNOG_RING_Job_Snijders.pdf 2 Source: Job Snijders


  1. NLNOG RING from a user perspective Bartek Gajda gajda@man.poznan.pl

  2. Source: Job Snijders https://ripe65.ripe.net/presentations/105-RIPE65_NLNOG_RING_Job_Snijders.pdf 2

  3. Source: Job Snijders https://ripe65.ripe.net/presentations/105-RIPE65_NLNOG_RING_Job_Snijders.pdf 3

  4. NLNOG RING - Motivation  Debug network issues and troubleshoot ‘from the outside’  A point of view outside your network is absolutely essential  Seeing what others see is a useful thing with a variety of network problems Source: ring.nlnog.net 4

  5. NLNOG RING - Solution  Provide a streamlined way of cooperating  ”NLNOG RING” – simple essence:  You make a (virtual) machine available to the RING,  You gain access on all servers which are part of the project, hence the name “RING”.  Great example would be to launch a traceroute from 173 servers in different networks and quickly get the results instead of waiting till somebody has the time to run some tests for you. Source: ring.nlnog.net 5

  6. NLNOG RING – how to use it  CLI interface: ring scripts  ring-all – run commands on all servers  ring-ping – run comands from all servers  ring-trace - ICMP traceroutes from all servers allows to create graphs which visualise traceroutes from a number of ring sources  Distributed Smokeping  Web based statistics  A smokeping Master/Slave setup has been created to graph latency between all nodes thus graphing nodes in context of a torus.  BGP Looking glass  Web based on-line interface 6

  7. CLI interface  ring-ping [-6v] host poznan@poznan01:~$ ring-ping -v www.terena.org sidn01: 3.934 fnutt01: 25.511 a2binternet01: 2.007 melbourne01: 16.713 digiweb01: 17.661 … ring-ping www.terena.org connect: Network is unreachable www.terena.org - 173 servers: 44ms average www.terena.org - unreachable via: nlnetlabs01 ssh connection failed: atrato01 bahnhof01 bci01 digmia01 occaid01 solnet01 teamix0 7

  8. CLI interface  usage: ring-trace [-h] -a, --asn group by ASN instead of IP -c, --show-country show country codes for IP addresses -n RANDOM, pick a given number of hosts at random -b send output to a pastebin instead of saving it to file -B remove broken hops from output image -e exclude a specific host -i include this host -l {dot,neato,fdp,sfdp,twopi,circo}] layout style -o output filename -p pick top N and bottom N hosts based on hopcount -r try to resolve all addresses (WARNING: can take long!) -t {dot,gif,pdf,png,jpg,ps,svg} output filetype -T TIMEOUT -u username for SSH logins -U use UDP instead of ICMP ECHO -v -vv -x, remove IXP hops from traces -X, highlight IXP hops in output -4 | -6 destination 8

  9. CLI interface poznan@poznan01:~$ ring-trace -a -4 -b -B -n 5 www.terena.org ring-trace v1.6.1 - written by Teun Vink <teun@teun.tv> picked 5 hosts at random: imagine01 heanet01 solido01 claranet04 rootlu01 Performing ICMP traceroutes towards www.terena.org from 5 ring hosts, ssh-timeout is 10 seconds. Image uploaded to https://ring.nlnog.net/paste/p/1t1kmf13ocmuzj0 Done in 12.5 seconds. Or (Created file: trace-www.terena.org.jpg) 9

  10. CLI interface  ring-trace -c -B -n 10 www.terena.org 10

  11. Distributed Smokeping  AMP (AcIve Measurement Project)  Developed by WAND Network Research Group  http://amp.ring.nlnog.net/ • Ping • Historic Traceroutes • MTU testing • Jitter • loss, etc 11

  12. Distributed Smokeping 12

  13. Distributed Smokeping 13

  14. BGP looking glass 14

  15. BGP looking glass – BGP map 15

  16. NLNOG RING - Participation Open to everybody who meets the following requirements:  You are a network operator  The organisation you work for has BGP routers connected to the ”Default Free Zone” and maybe even IXP’s.  Your organisation has its own ASN, IPv4 and IPv6 prefix(es).  You have enable or configure rights on those routers.  You are involved in the networkers community.  You have permission from your organisation to become involved in the NLNOG RING. Source: ring.nlnog.net 16

  17. NLNOG RING – Hardware • Hardware requirements • Mandatory: – Clean Ubuntu 12.04 Precise Pangolin 64-bit (amd64/x86_64) Server Edition installation (no special packages are required except openssh-server) – 64 bit CPU – 1 globally reachable and unique statically configured IPv4 address – 1 globally reachable and unique statically configured IPv6 address – You are willing to give full sudo access to the Ring-Admins • The following suggestions are indicative: – 1 core or CPU – 20 gigabyte disk space – at least 512 megabyte RAM, but more is better – 10mbit NIC (more is fine) Source: ring.nlnog.net 17

  18. NLNOG RING – Management  All regular nodes (machines provided by organisations) are managed through a centralized puppet system.  Ring-Admins will take care of software and security updates, installation and user management.  The goal: make it as easy as possible for organisations  Not to worry about it afterwards.  Machine owners are allowed and encouraged to install software which they deem necessary to comply with the standards of their organisation, examples are: n2, backup programs or a snmp daemon. Source: ring.nlnog.net 18

  19. NLNOG RING – Participants PSNC joined in October 2012 https://ring.nlnog.net/participants/ 19

  20. NLNOG RING – Security considerations  A ‘zero tolerance’ policy  RING box – regarded as (your) enduser  Should be placed outside internal network  Separate VLAN etc. 20

  21. NLNOG RING – aditional information  Link to RIPE presentation pdf & video(!)  https://ripe65.ripe.net/programme/meeting-plan/plenary- agenda/#tues2 21

Recommend


More recommend