amres noc - tfnoc - athens · pdf fileicmynet.flowserver. it is used by amres noc/csirt team...

AMRES NOCBojan Jakovljević

8th TF-NOC meeting, Athens 2013.

Akademska mreža Srbijewww.amres.ac.rs

Who are we?

AMRES is National Research and Education Network of Serbia

Initial development of the AMRES network started in the early 90’s when first faculties of the University of Belgrade (UoB) were connected to the Belgrade University Computer Centre(UBCC) with links up to 128kb/s capacities

First connection from the UBCC to the Internet was established on 28th February 1996 with a capacity of 64kb/s

At the end of the 90’s the four largest Universities in Serbia were connected to each other with digital links (2Mb/s) and established the AMRES network

University of Belgrade

University of Novi Sad

University of Niš

University of Kragujevac

AMRES network - beginnings

From that time carriers of development and operations of the AMRES network have been CCs from these four universities

UoB (University of Belgrade) was a legal representative for the AMRES network and BUCC had the leading role in a coordination of all activities

Until 2007 development of AMRES network had been the result of joint activities between these four universities, the support of Ministry of Education and Science and through participation in various international projects in the region (SEEREN, SEEREN2) and some donations (Max Planck Institute for Physics Munich)

This model of work was retained until 2007 when the government launched an AMRES project.


AMRES project (2007 – 2010)

AMRES project was created with the aim to establish an organizational model of management, system operation and development of the AMRES network.

Technical work was organized through AMRES service centres - computing centers of Universities in Belgrade, Novi Sad, Nis and Kragujevac

Through the activities in the project it was established• Better integration among UCCs

• Procedures of operations are unified

• Definition of services are harmonized and became common for all users

• New services were developed

Results from the AMRES project were the basis for the foundation of AMRES institution – separate legal entity (2010-2011)


AMRES institution (2011 – current)

Obtaining legal status AMRES has become an institution responsible to build, develop and manage the national research and education computer network of the Republic of Serbia (AMRES network), like the NRENs in other countries.

Organization structure:

Managing board

Supervisory board

Office of the Director

Departments for infrastructure and infrastructure resources (5 engineers)

Departments for computers security (3 engineers)

Department for services and user support (4 engineers)


AMRES network

Internal network

~3800km of dark fiber optics, but only ~2000km are currently in use

The optics was leased for 15 years period through SEELight project

20 cities are connected currently (46 PoPs – inside institutions – no professional data-centers)

All dark fiber links are leased from one provider (Telekom Srbija)

~185 institution are connected (~95% dark fiber, ~4% SHDSL-2Mb/s or ADSL-16M/768k, %1 analog leased lines)

~200 000 end usersAkademska mreža Srbijewww.amres.ac.rs

AMRES network

Internal network

Pure IP/Ethernet network

No optical transmission system on links (neither DWDM nor CWDM)

Exceptions are links Novi Sad –Subotica (passive CWDM OADM), Belgrade – Niš (SDH system –Telekom Srbija – 155Mb/s)

For the links with distances more than 100km we use transceivers for 120km (32dB), 160km(37dB) or 200km(41dB)


AMRES network

External links

Primary link to GEANT network - 10Gb/s

Secondary (backup) path is CBF to HUNGARNET - 1Gb/s

CBF to SARNET (Regional R&E network in B&H – RepublikaSrpska) – 1Gb/s


AMRES network devices

Most of devices on core network are from Cisco vendor

Cisco 6509 in AMRES service centers (2xBUCC, 1xARMUNS, 1xJUNIS, 1xARMUK)

Cisco 3550, 3560, 3750 in other PoPs

Internet gateway device - Juniper MX 480

Access network devices – Cisco 2950, 2960, Juniper EX3200, EX2200, TCL and ZTE (on some PoPs inside UoB – donation from PRC)


AMRES services

Network and connectivity services:

IPv4 and IPv6 unicast, multicast

VPN service

DNS service

Network Support service – Network monitoring

IP & DNS Registration services:

IP-address allocation (RIPE LIR for IPv4, IPv6 etc.)

Domain name registration ( ac.rs, Cyrillic domain ак.срб)

Security services:

AMRES CSIRT: Computer Security Incident Response Team

Proxy service – 6x Cisco IronPort Web applainces, 1x managament applaince

Netflow monitoring tool

Authentication & "Mobility" services:

Identity management systems

Server Certificate Service – AMRES Registration Authority for TCS

EDUROAM


AMRES services

Hosting service

Webhosting

E-mail server hosting

DNS zone hosting

Media storage and streaming facilities:

Media portal

Streaming facilities (streaming server)

Network communication tools & conferencing

Videoconferencing service (MCU)

Gatekeeper service

Network computing resources

GRID computing (Co-ordination within NREN community, offering CPU)

E-Learning /e-research

Virtual Learning Environments (MOODLE)

Digital Repositories – KOBSON - Serbian Library Consortium for Coordinated Acquisition of international scientific journals


AMRES services

User interaction - knowledge dissemination

Consultancy and advise (for all provided services)

Training: workshops, seminars

Hold admin conferences

NREN publications: cookbooks/user manuals (through GN3activity CBP and other internal processes)

All services are provided with cooperation with AMRES service centers or some other institutions.


ICmyNet.IMSICmyNet.IMS - Networking Information andMonitoring System

Developed by the BUCC for the needs ofmonitoring AMRES network infrastructure andservices

Most important monitoring tool for the workof AMRES NOC

“Starting point” for AMRES networktroubleshooting

Networking information system

Hierarchically organised informationpresented by a tree

Information database for devices (inventorymanagement), institutions, IP addresses,administrative and technical contacts etc.

Monitoring system

Passive and active monitoring the networkstatus – status of devices, ports, links,services.

Performs visualisation of network (graphs,charts - MRTG), performance measurementand reporting (monitors, reports, events),failure notification (alerts, actions)


ICmyNet.IMS

Information database


ICmyNet.IMS

Graphs – topology information


ICmyNet.IMS

Alerts dashboard - current alerts (active alarms)


ICmyNet.IMS

SLA report – Service availability statistics


ICmyNet.Flow

ICmyNet.Flow is a tool for deep network traffic investigation, analysis and reporting.

It is based on NetFlow statistics, exported from network devices to ICmyNet.Flow server.

It is used by AMRES NOC/CSIRT team for monitoring AMRES network traffic structure, for correlation and checking of the abuse complaints and in a

process of resolution some issues or incidents in the network.


AMRES monitoring tools

ICmyNet.log, Splunk (free version), Ironport Sawmill

ICmyNet.dns

Zennos, iperf, NDT, scripts etc.


AMRES NOC organization

Evolve over the years

Distributed from beginning

Divided by geographic region

4 entities responsible for operation of the network

1 entity has a leader role in coordination of activities (UBcc > AMRES institution)

Currently: Centralize NOC with some distributed functions (regarding operation of services)


AMRES NOC

Network connectivity and services are not charged

Support service is based on best-effort principle, without any SLA


AMRES NOC organizational structure

NOC is organized in 3 level hierarchy

1st Level – AMRES Helpdesk (5 technicians)

24/7 support through work of UBCC operators

Responsible to receive and handle user requests and issues

Monitor alarms and events dashboard of monitoring tool and react on it

Communicate with service providers NOC regarding network outages

Inform customers regarding the network and service outages and estimated time of repair (if available)

Send Network SLA reports to customers

Maintain equipment inventory database

Support work of AMRES CSIRT team - Work on receiving and resolving security incidents – CSIRT operators

Most of the requests and issues are resolved at this level


AMRES NOC organizational structure

2nd Level - AMRES Network engineers (6)

Knowledge of network technology and basic knowledge of system administration

CCNA, JNCIA level of network knowledge

Every week we have “duty engineer”

Round-robin principle of change

Responsible for coordination activities inside 1st Level

Change and configuration management

3rd Level – service managers and engineers

Senior network engineers and system administrators responsible for design and operations of services

CCNP, JNCIP-SP level of network knowledge

>5 years experience in AMRES network and service environment

Engineers from AMRES and the all service centers


Front end

Our users are from universities, faculties, research institutes, high schools, collages, libraries, student’s dormitories, hospitals, academies etc.

Representative from these institutions (administrative and technical contacts) could contact our NOC and request any kind of service.

End users can’t contact us directly and must do that through the technical contacts from there institution except in some special situation when we work directly with them (some services, less knowledgeable admins)

AMRES does not have SLA with our institutions


NOC communication tools

To communicate with and keep track of users

Request Tracker (TTS), e-mail lists, phone calls, ICmyNet.IMS(Contacts database)

To communicate internally

Request Tracker (TTS), Instant messaging, regular and ad-hoc meetings, phone calls, e-mails

For communication outside AMRES NOC and for inter-NOC communication

Request Tracker (TTS), e-mails, phone calls


Documentation

We document physical and logical topologies, internal and external procedures, service technical designs, contacts etc.

Documentation is mostly created using Word, Excel and Visio tools and saved on a file server

For some services we use DokuWiki tool


Questions


amres noc - tfnoc - athens · pdf fileicmynet.flowserver. it is used by amres noc/csirt team...

Documents