Stay up to date with things happening at MAGPI both on and off the network.
GÉANT recognises the continually growing need for security threat mitigation and for international and cross-discipline collaboration to support the research and education networking community in this work. A recent workshop about DDoS (distributed denial of service) mitigation, has sparked plans for international collaboration in this area.
More than 50 representatives of 24 organisations from around the world discussed a wide range of issues concerning DDoS and how to manage security processes for national research and education networking organisations (NRENs).
The two-day DDoS mitigation workshop was hosted by ACOnet at the University of Vienna on 10-11 November, and was initiated by several GÉANT community working groups: SIG-NOC (special interest group on network operation centres), SIG-ISM (information security management), TF-CSIRT (task force on computer security incident response teams) and TF-MSP (management of service portfolios). Each of these had seen the subject of DDoS mitigation arise within their group meetings and organised the workshop together in order to explore current DDoS mitigation solutions and identify goals for future service solutions and information sharing to support the NREN community and its customers.
Common issues raised during the workshop included the need for well-developed business case documents for DDoS mitigation, as the value of this generally expensive service is often not seen until an attack takes place. Another important point was the potential for joint procurement of mitigation services. Attendees also agreed that work on open-source and homegrown solutions is necessary to ensure that NRENs can have access to affordable approaches to the DDoS mitigation problem. A closed discussion list has been created to follow up on the meeting.
A Growing Concern
DDoS is a type of denial of service (Denial of Service) attack, in which networks or systems are flooded with useless traffic by attackers in an attempt to make a service unusable or to force an organisation to take a service out of use. The distributed nature of DoS means that multiple source addresses can participate in the attack, which makes it difficult to identify and mitigate the effects. Although DDoS attacks on universities and other educational institutions are currently not very common, it is a growing concern.
The majority of attacks in the research and education environment are simple OSI/ISO Layer 2-4 attacks, mostly initiated by students. 'Black-holing' is the easiest solution, but this cuts customers off the network completely. More sophisticated 'traffic washing' can be used against complex Layer 4-7 attacks, but this technique is not widely used.
The biggest impact of a DDoS attack would be if the NRENs’ upstream connectivity went down. As GÉANT provides ever more peering services, NRENs are increasingly looking to GÉANT to serve as their upstream provider. Firewall-on-demand and a three-step filtering architecture helps GÉANT to mitigate attacks in the pan-European backbone network.
The DDoS workshop forms part of the growing security support provided through GÉANT, joining the recent highly successful WISE workshop, the well-established SIG-ISM and TF-CSIRT groups, and services such as the Trusted Certificate Service, Trusted Introducer and TRANSITS training. This growing focus on collaborative approaches to security echoes developments happening across internet initiatives, as described by ISOC in the 2015 whitepaper Collaborative Security, An approach to tackling Internet Security issues.
As part of its response to Big Data challenges facing every research institution, Temple University recently upgraded to MAGPI’s 10 Gigabit per second link to Internet2. This is an increase in off-campus network capacity by a factor of 20 for Temple’s research community and will permit very large data transfers to collaborators and funding agencies in the U.S. and around the world.
Larry Brandolph, Associate Vice President and Chief Information Security Officer, was largely responsible for making the decision to accommodate the university’s growth in data-intensive research by increasing Temple’s connectivity to the global networks focused solely on research and education.
Using high-speed electronics tied directly to research laboratories, Temple will move enormous amounts of data directly from collection sites to high-performance computing analysis sites, whether on campus or on the other side of the world. Known as the “Science DeMilitarized Zone”, or DMZ, faster data transfers means more productivity in the analysis process and less time waiting.
“We continue to make strides in providing a high-speed science DMZ,” Brandolph said about Temple’s efforts to support their scientific community. “MAGPI allows Temple University to do that with many external colleges, universities and research facilities.”
Temple University is a public institution in Philadelphia that is making tremendous strides in virtually every area of academia. Not only has Temple moved up in the U.S. News and World Report: Best Colleges rankings, but the amount of funded research is also on the rise. This is a noteworthy accomplishment given the increased competition from other institutions and the static amount of dollars available for grant awards.
In addition to the merit of the scientific application itself, a grant submission involving extremely large data sets is also reviewed for the primary investigator’s ability to manage the flow of information; from the point of collection, to the analysis site, to collaborators, to an archiving facility, and after publication, to a publicly accessible storage facility where the data can be used for other research. Where this data flow was once measured in GigaBytes, TeraBytes are not uncommon, and PetaBytes will soon be the norm. Temple is now well positioned to move large amounts of data in a timely and productive fashion, giving its researchers the ability to apply for new and larger research grants.
“Access to high-speed information technology is integral to many research endeavors, and I’m excited about Temple’s technology enhancements to support our scholars,” said Dr. Michele M. Masucci, Vice President of Research Administration. “MAGPI helps support not only the highest-quality research but also promotes collaboration and continued growth in our research efforts.”
For more information on Temple University’s research applications, please contact Brandon Lausch at email@example.com or 215-204-6533.
For more information about the regional optical research and education network, MAGPI, please contact Greg Palmer at firstname.lastname@example.org.
Click to download and print this article. ( PDF)
Read more about Steve from this MAGPI release. ( PDF)
MAGPI has had a strong relationship with the UbuntuNet Alliance since their visit to Philadelphia in 2005. As both research and educational collaborations continue to grow in sub-Saharan Africa, the partnership has resulted in the ability to work closely to resolve IT challenges for our members. We wish them well with the next EC/GEANT initiative.
– Greg Palmer, MAGPI Executive Director
This article was reprinted with the permission of the UbuntuNet Alliance. Originally published: VOLUME. 8, ISSUE 4: August 2015, read more at: http://www.ubuntunet.net/august2015#article3
UbuntuNet Alliance, one of the coordinators of the soon to be signed European Union funded AfricaConnect2 project, which aims to expand connectivity across the African continent, is already rolling up its sleeves in readiness for the rolling out of the project.
On 4-5 August 2015, the Alliance held a Price and Costing Model Workshop in Lilongwe, Malawi where among other objectives, participants sought to review the current cost and pricing strategy of the Alliance as well as determine how much NREN members will contribute for participation in AfricaConnect2.
Under the project, UbuntuNet Alliance, as a beneficiary is required to contribute 25 percent of the €10m needed for connectivity of Cluster 1:Eastern and Southern Africa cluster, which the Alliance will coordinate.
NREN members contributed $280,000.00 for participation in the initial AfricaConnect project which run for four years from May 2011 to May 2015, to help the Alliance meet its 20 percentage contribution towards the €14.75m project.
The Cost and Pricing Workshop was attended by UbuntuNet Alliance CEO Dr. Pascal Hoba, his predecessor Eng. Dr. Tusu Tusubira, the Alliance’s Strategic Business Consultant Dr. Duncan Martin, ZAMREN CEO Bonny Khunga, his RENU counterpart Isaac Kasana, the Alliance’s Technical Manager Joe Kimaili, Finance and Administration Manager Tiwonge Banda and Accountant Beatrice Ng’ambi.
During the workshop participants hinted on maintaining low connectivity costs and increased bandwidth for NREN members.
The workshop agreed that a standard amount of contribution which NREN members will be required to pay for participation in the project will be officially revealed at a formal NREN CEO’s meeting.
The installation and turn-up date for the Juniper MX480 will be Tuesday, July 7.
This cutover will move the Internet2 and commodity Internet connections from the MX80 to the MX480.
MAGPI will confirm this date by providing a formal notice of an outage and the cutover by email.
Recently each Member received an email notice prior to the transition from the M320 to the MX80.
You will receive the same type of notice on Tuesday, June 30, one-week prior to the cutover.
A final notice will be sent on Monday, July 6 as a reminder. We will be using the MAGPI maintenance window for this work;
6AM to 9AM.
The process of moving connections to the new 10G ports will begin once the MX 480 is operational. Each Member will receive an email with information and details for their individual connections and a selection of dates & time for the cutover. We will work with each Member to accommodate a day and time that is convenient for the work and will cause the least network disruption. We would like to begin scheduling the individual cutover next with the actual work starting on July 8th. We would like to use Tuesdays, Wednesdays and Thursdays for cutovers, avoiding Mondays and Fridays for obvious reasons.
Please let us know if the proposed installation date of July 7 would cause a problem for you or your network activity. As mentioned earlier we will begin to schedule the individual cutovers during the week of July 22. If you have a scheduling preference for the work on your individual connection please let us know.
For our member who use the optical transport services from Philadelphia to Princeton please note:
MAGPI has sufficient 10G channels in the existing RS4200 chassis to provide the Members who are using the fiber optic transport service and who have upgraded their Internet2 access to 10G connections to deliver the service over the fiber using the RS4200 once the installation of the MX480 is complete.
We reported in the last project update the new Ciena optical hardware was approved and the orders were placed with Ciena.
On Friday, June 12, we had a planning meeting with Ciena and the engineers from Penn’s Information Systems and Computing (ISC).
At the meeting we developed a milestone deployment plan. The dates are tentative and it is as follows:
- • A site survey of the four locations housing the Ciena hardware will be conducted between Wednesday, June 24 and Friday, June 26.
- • The hardware will be shipped to each site by Tuesday, June 30.
- • The installation of the hardware is tentatively scheduled for the first week in August 2015.