IPv6 Security Babik, M; Chudoba, J; Dewhurst, A ...
Journal of physics. Conference series,
10/2017, Volume:
898, Issue:
10
Journal Article
Peer reviewed
Open access
IPv4 network addresses are running out and the deployment of IPv6 networking in many places is now well underway. Following the work of the HEPiX IPv6 Working Group, a growing number of sites in the ...Worldwide Large Hadron Collider Computing Grid (WLCG) are deploying dual-stack IPv6/IPv4 services. The aim of this is to support the use of IPv6-only clients, i.e. worker nodes, virtual machines or containers. The IPv6 networking protocols while they do contain features aimed at improving security also bring new challenges for operational IT security. The lack of maturity of IPv6 implementations together with the increased complexity of some of the protocol standards raise many new issues for operational security teams. The HEPiX IPv6 Working Group is producing guidance on best practices in this area. This paper considers some of the security concerns for WLCG in an IPv6 world and presents the HEPiX IPv6 working group guidance for the system administrators who manage IT services on the WLCG distributed infrastructure, for their related site security and networking teams and for developers and software engineers working on WLCG applications.
The fraction of Internet traffic carried over IPv6 continues to grow rapidly. IPv6 support from network hardware vendors and carriers is pervasive and becoming mature. A network infrastructure ...upgrade often offers sites an excellent window of opportunity to configure and enable IPv6. There is a significant overhead when setting up and maintaining dual-stack machines, so where possible sites would like to upgrade their services directly to IPv6 only. In doing so, they are also expediting the transition process towards its desired completion. While the LHC experiments accept there is a need to move to IPv6, it is currently not directly affecting their work. Sites are unwilling to upgrade if they will be unable to run LHC experiment workflows. This has resulted in a very slow uptake of IPv6 from WLCG sites. For several years the HEPiX IPv6 Working Group has been testing a range of WLCG services to ensure they are IPv6 compliant. Several sites are now running many of their services as dual-stack. The working group, driven by the requirements of the LHC VOs to be able to use IPv6-only opportunistic resources, continues to encourage wider deployment of dual-stack services to make the use of such IPv6-only clients viable. This paper presents the working group's plan and progress so far to allow sites to deploy IPv6-only CPU resources. This includes making experiment central services dual-stack as well as a number of storage services. The monitoring, accounting and information services that are used by jobs also need to be upgraded. Finally the VO testing that has taken place on hosts connected via IPv6-only is reported.
The production deployment of IPv6 on WLCG Bernier, J; Campana, S; Chadwick, K ...
Journal of physics. Conference series,
01/2015, Volume:
664, Issue:
5
Journal Article
Peer reviewed
Open access
The world is rapidly running out of IPv4 addresses; the number of IPv6 end systems connected to the internet is increasing; WLCG and the LHC experiments may soon have access to worker nodes and/or ...virtual machines (VMs) possessing only an IPv6 routable address. The HEPiX IPv6 Working Group has been investigating, testing and planning for dual-stack services on WLCG for several years. Following feedback from our working group, many of the storage technologies in use on WLCG have recently been made IPv6-capable. This paper presents the IPv6 requirements, tests and plans of the LHC experiments together with the tests performed on the group's IPv6 test-bed. This is primarily aimed at IPv6-only worker nodes or VMs accessing several different implementations of a global dual-stack federated storage service. Finally the plans for deployment of production dual-stack WLCG services are presented.
The HEPiX (http://www.hepix.org) IPv6 Working Group has been investigating the many issues which feed into the decision on the timetable for the use of IPv6 (http://www.ietf.org/rfc/rfc2460.txt) ...networking protocols in High Energy Physics (HEP) Computing, in particular in the Worldwide Large Hadron Collider (LHC) Computing Grid (WLCG). RIPE NCC, the European Regional Internet Registry (RIR), ran out ofIPv4 addresses in September 2012. The North and South America RIRs are expected to run out soon. In recent months it has become more clear that some WLCG sites, including CERN, are running short of IPv4 address space, now without the possibility of applying for more. This has increased the urgency for the switch-on of dual-stack IPv4/IPv6 on all outward facing WLCG services to allow for the eventual support of IPv6-only clients. The activities of the group include the analysis and testing of the readiness for IPv6 and the performance of many required components, including the applications, middleware, management and monitoring tools essential for HEP computing. Many WLCG Tier 1/2 sites are participants in the group's distributed IPv6 testbed and the major LHC experiment collaborations are engaged in the testing. We are constructing a group web/wiki which will contain useful information on the IPv6 readiness of the various software components and a knowledge base (http://hepix-ipv6.web.cern.ch/knowledge-base). This paper describes the work done by the working group and its future plans.
The ZEUS expert system project has entered its final development stage. The full system implementation will be extended to cover all of the crucial aspects of the on-line experiment, i.e slow ...control, data acquisition performance, data quality monitoring and run control. To extend the scope of the previous version of the system OO methodology has been applied to the system design. New efficient data processing algorithms have been developed and a commercial real-time expert system shell has been used in the implementation. These issues are discussed in this paper.
ZEX : an expert system for Zeus BEHRENS, U; FLASINSKI, M; HAGGE, L ...
IEEE Transactions on Nuclear Science (Institute of Electrical and Electronics Engineers); (United States),
02/1994, Volume:
41, Issue:
1
Conference Proceeding, Journal Article
Peer reviewed
ZEX is an expert system which is designed to support operation of ZEUS experiment. It is based on performance monitoring and offers diagnostic capabilities and instructions on how to proceed running ...the experiment. System architecture and implementation methods are discussed. A prototype version of the expert system, ZEX-P has been implemented successfully and is operating since the beginning of 1993. Experience gained in the design and implementation of ZEX-P and first results are reported.
This paper presents measurements of D{sup *{+-}} production in deep inelastic scattering from collisions between 27.5 GeV positrons and 820 GeV protons. The data have been taken with the ZEUS ...detector at HERA. The decay channel D{sup *+} {yields} (D{sup 0} {yields} K{sup -}{pi}{sup +}){pi}{sup +} (+c.c) has been used in the study. The e{sup +}p cross section for inclusive D{sup *{+-}} production with 5 <Q{sup 2} < 100 GeV{sup 2}> and y < 0.7 is 5.3 {+-} 1.0 {+-} 0.8 nb in the kinematic region 1.3 < p{sub T}(D{sup *{+-}}) < 9.0 GeV and |{eta}(D{sup *{+-}})| < 1.5. Differential cross sections as functions of p{sub T}(D{sup *{+-}}), {eta}(D{sup *{+-}}), W and Q{sup 2} are compared with next-to-leading order QCD calculations based on the photon-gluon fusion production mechanism. After an extrapolation of the cross section to the full kinematic region in p{sub T}(D{sup *{+-}}) and {eta}(D{sup *{+-}}), the charm contribution F{sub 2}{sup c}{bar c}(x, Q{sup 2}) to the proton structure function is determined for Bjorken x between 2 x 10{sup -4} and 5 x 10{sup -3}.
Full text
Available for:
IJS, IMTLJ, KILJ, KISLJ, NUK, SBCE, SBJE, UL, UM, UPCLJ, UPUK
The production of φ mesons in the reaction
e
+
p →
e
+
φp (
gf →
K
+
K
−) at a median
Q
2 of 10
−4 GeV
2 h been studied with the ZEUS detector at HERA. The differential φ photoproduction cross ...section
dσ
dt
has an exponential shape and has been determined in the kinematic range 0.1 < |
t| < 0.5 GeV
2 and 60 <
W < 80 GeV. An integrated cross sect
σ
γp→
φp
= 0.96±0.19
−0.18
+0.21
μb has been obtained by extrapolating to
t = 0. When compared to lower energy data the results show a weak energy dependence of both
σ
γp→
φp
and the slope of the
t distribution. The φ decay angular distributions are consistent with
s-channel helicity conservation. From lower energies to HERA energies, the features of φ photoproduction are compatible with those of a soft diffractive process.
Full text
Available for:
IJS, IMTLJ, KILJ, KISLJ, NUK, SBCE, SBJE, UL, UM, UPCLJ, UPUK
Dijet cross sections are presented using photoproduction data obtained with the ZEUS detector during 1994. These measurements represent an extension of previous results, as the higher statistics ...allow cross sections to be measured at higher jet transverse energy (Eτjet). Jets are identified in the hadronic final state using three different algorithms, and the cross sections compared to complete next-to-leading order QCD calculations. Agreement with these calculations is seen for the pseudorapidity dependence of the direct photon events with ETjet > 6 GeV and of the resolved photon events with Etjet > 11 GeV. Calculated cross sections for resolved photon processes with 6 GeV < ETjet < 11 GeV lie below the data.
Full text
Available for:
EMUNI, FIS, FZAB, GEOZS, GIS, IJS, IMTLJ, KILJ, KISLJ, MFDPS, NUK, OBVAL, OILJ, PNG, SAZU, SBCE, SBJE, SBMB, SBNM, UKNU, UL, UM, UPUK, VKSCE, ZAGLJ
This paper reports the cross section measurements for the process ep → e J/ψ p for
Q
2 < 4 GeV
2 at
s
= 296
GeV, based on an integrated luminosity of about 0.5 pb
−1, using the ZEUS detector. The J/ψ ...was detected in its e
+e
− and
μ
+
μ
− decay modes. The photoproduction cross section was measured to be 52
−12
+7 ± 10 nb at an average γp centre of mass energy of 67 GeV and 71
−20
+13±12 nb at 114 GeV. The significant rise of the cross section compared to lower energy measurements is not in agreement with VDM models, but can be described by QCD inspired models if a rise in the gluon momentum density at low
x in the proton is assumed.
Full text
Available for:
IJS, IMTLJ, KILJ, KISLJ, NUK, SBCE, SBJE, UL, UM, UPCLJ, UPUK
PDF
