Routing Policies
This page intends to briefly document routing policies and specialtiesRouting Matrix
Preferred primary path: OPN for LHCOPN connectivity; 1 for LHCONE connectivity; No for connectivity outside LHCOPNE/ONE| From \\ To | CA-T | CH-C | DE-K | ES-P | FR-I | IT-C | KR-K | NDGF | NLT1 | RRCK | RRCJ | TW-A | UK-R | US-F | US-B |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| CA-TRIUMF | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | n/a | 1 | |
| CH-CERN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | |
| DE-KIT | OPN | OPN | OPN | 1 | 1 | OPN | OPN | OPN | OPN | OPN | OPN | OPN | 1 | OPN | |
| ES-PIC | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | |
| FR-CCIN2P3 | OPN | OPN | 1 | OPN | 1 | OPN | OPN | OPN | OPN | OPN | OPN | OPN | 1 | OPN | |
| IT-INFN-CNAF | OPN | OPN | 1 | OPN | 1 | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | |
| KR-KISTI | No | OPN | 1 | 1 | 1 | 1 | 1 | 1 | OPN | No | 1 | No | 1 | 1 | |
| NDGF | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | |
| NL-T1 | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | |
| RRC-KI-T1 | OPN | ||||||||||||||
| RRC-JINR-T1 | OPN | ||||||||||||||
| TW-ASGC | OPN | OPN | OPN | OPN | OPN | OPN | 1 | OPN | OPN | OPN | OPN | OPN | 1 | 1 | |
| UK-T1-RAL | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | OPN | |
| US-FNAL-CMS | OPN | OPN | 1 | OPN | 1 | OPN | OPN | OPN | OPN | OPN | OPN | 1 | OPN | 1 | |
| US-T1-BNL | 1 | OPN | OPN | OPN | OPN | OPN | 1 | OPN | OPN | OPN | 1 | 1 | OPN | 1 |
Routing notes
CA-TRIUMF- Prefixes within the LHCOPN are filtered by a BGP inbound prefix list and we only accept selected subset of prefixes from CERN (T0 / T1s).
- Prefixes within LHCONE are not filtered.
- LHCONE is used for the LHCOPN backup T0 / T1, no inbound filers are used.
- The last resource circuit is the Optical Regional Advanced Network (ORAN), no inbound filers are used.
- Due to the geographical location TRIUMF - BNL traffic uses LHCONE connection, so we are peering with the US-T1-BNL over LHCONE link. Also, we accept the US-T1-BNL routes from LHC-OPN link for backup purpose.
- All received prefixes are re-announced to Tier1s, according to BGP communities defined here
- All received prefixes are tagged with a BGP community as "LHCOPN received prefix" to avoid to re-announce them to LHCONE
- NtR
- NtR
- NtR
- To exchange with T0 we use direct link to CH-CERN, backup is through DE-KIT.
- To exchange with T1s we use LHCOPN, except with DE-KIT and FR-IN2P3 whose traffic goes through LHCONE.
- Prefixes within the LHCOPN are filtered by a BGP inbound prefix list and we only accept selected subset of prefixes from CERN (T0/T1s) and RRC-KIAE.
- Backup for the LHCOPN (Daejeon-CERN), LHCONE VRF Peering with CERN at Amsterdam is established.
- All prefixes are accepted across LHCONE
- Last resort path is via general IP routing path with GEANT, Internet2, TEIN, etc, over KREONet2 International circuit (Daejeon- Chicago 100Gbps, Daejeon-Seattle 10Gbps, Chicago-Amsterdam 10Gbps, Daejeon-Hong Kong 10Gbps)
- NDGF is peering with:
- CH-CERN (AS513, 4x10Gbit/s) OPN
- NL-T1 (AS1126, 10Gbit/s) OPN
- NORDUnet (AS2603, 40Gbit/s) IP-Transit, default route
- LHCONE NORDUnet (AS2603, 40Gbit/s) LHCONE
- NtR
- NtR
- NtR
- To exchange with T0, ASGC uses direct link to CH-CERN, the backup path is established in StarLight
- To exchange with T1s, ASGCs use LHCOPN, except with US-FNAL, US-BNL and KR-KISTI whose traffic goes through LHCONE. Direct peering with NL-T1.
- NtR
- CERN-CH T0 CMS traffic preferred over LHCOPN.
- Only CMS related T1 site prefixes are accepted across LHCOPN. All prefixes are accepted across LHCONE.
- PBR is used within the USCMS T1 to steer only CMS related site prefixes across LHCOPN/LHCONE.
- Last resort path is via general Internet connectivity with ESnet.
- Routing CMS T1 traffic across LHCOPN by agreement. Preferring LHCONE for CMS T1 traffic by agreement.
- Prefixes within the LHCOPN are filtered by a BGP inbound prefix-list and we only accept a select subset of prefixes from CERN (T0/T1s).
- Prefixes within LHCONE are not filtered.
- The last resort circuit is our general Internet connection with ESnet. All WAN circuits (LHCONE/OPN) are terminated on our Network Perimeter.
OLD NOTES
May be outdated. Please check and move the relevant ones to the list above| Site | Routing policies |
|---|---|
| CA-TRIUMF | We accept only the LHC-OPN routes from the CH-CERN over the one and five Gbit/s light paths to CERN. On the peering with the US-T1-BNL we accept the US-T1-BNL prefixes related to the ATLAS and also accepting the LHC-OPN routes from the CH-CERN. On peering with the NL-T1 we accept prefixes from SARA. |
| DE-KIT | All prefixes within the LHCOPN (T0 & T1s) are accepted To exchange data with T0 the direct link LHCOPN to CH-CERN is prefered. The backup link is LHCONE and General Purpose Internet (GPI). For Tier-1 to Tier-1 traffic to ○ FR-CCIN2P3, ○ IT-INFN-CNAF; ○ FNAL LHCONE is prefered All other T1s traffic is preferably carried through LHCOPN (CH-CERN) The last resort "Internet backup" is allowed to carry any LHCOPN prefixes (T0 & T1s). |
| ES-PIC | All prefixes within the LHCOPN (T0 & T1s) in the BGP peering of the 10GE link are accepted by our Cisco6500. To exchange with T0 we use primary 10GE direct link to CH-CERN. There's also a 1GE PIC-CERN link where all CERN prefixes are accepted and whole PIC is announced via BGP in a 10GE Nokia-Checkpoint firewall; this link is used as backup for the T0 when the primary 10GE link is not available. The Internet is used as secondary backup option for the T0 and primary backup for T1s traffic, the Internet BGP peering takes place at the Nokia-Checkpoint firewall too. |
| FR-CCIN2P3 | We accept all prefixes within the LHCOPN (T0 & T1s) and we re-annouce prefixes from CH-CERN and DE-KIT. To exchange with T0 we use direct link to CH-CERN, backup is through DE-KIT. To exchange with T1s: - Traffic with DE-KIT, NL-T1 and IT-INFN-CNAF is by default using T1-T1 link GRIDKA-IN2P3-LHCOPN-001 - For all other T1s traffic is going through CH-CERN , but all prefixes are allowed through DE-KIT in case of primary link failure. Our last resort internet backup is allowed to carry any LHCOPN prefixes (T0 & T1s). |
| NL-T1 | NL-T1 is peering with: - CH-CERN (AS513, via direct T0-T1 link, 10Gbit/s) - NDGF (AS30590, via direct T1-T1 link, 10 Gbit/s) - DE-KIT (AS34878, via direct T1-T1 link, 10 Gbit/s) - TW-ASGC (AS24167,via direct T1-T1 link, 2x1 Gbit/s) - CA-Triumf (AS36391, via direct T1-T1link, 1 Gbit/s) - US-FNAL-CMS (AS3152, via direct T1-T1link, 1 Gbit/s) - Nikhef (AS1104, direct internal NL-T1 link, 10 Gbit/s) On the peering with CH-CERN we accept everyting and announce everyting except prefixes we receive directly from TW-ASGC, CA-TRIUMF and US-FNAL-CMS (all via direct T1-T1 links), however we do announce any backup route to those sites. This based on route leaking between different VRF's On the peering with NDGF we accept everyting and announce everyting except prefixes we receive directly from TW-ASGC, CA-TRIUMF, US-FNAL-CMS (all via direct T1-T1 links) and IT-INFN-CNAF (via DE-KIT), however we do announce any backup route to those sites. This is based on a combination of route leaking between different VRF's and AS-PATH filtering On the peering with DE-KIT we accept everyting and announce everyting except prefixes we receive directly from TW-ASGC and CA-TRIUMF (all via direct T1-T1 links), however we do announce any backup route to those sites, in addition we do announce US-FNAL prefixes. This is based on route leaking between different VRF's On the peering with TW-ASGC we accept TW-ASGC prefixes (AS-PATH filtering) and announce NL-T1 prefixes (prefix filtering) On the peering with US-FNAL-CMS we accept US-FNAL-CMS prefixes (AS-PATH filtering) and announce NL-T1 (prefix filtering) and DE-KIT prefixes (AS-PATH filtering) On the peering with CA-TRIUMF we accept CA-TRIUMF prefixes (AS-PATH filtering) and announce NL-T1 prefixes (prefix filtering). On the peering with Nikhef we accept Nikhef prefixes (AS-PATH filtering) and announce all LHCOPN prefixes except the NL-T1 perfSONAR prefix. AS-PATH filtering means: accepting prefixes which begin with AS# of peer (prepending possible). Prefix filtering means: prefix filter for prefixes advertised to peer. |
| UK-T1-RAL | General packet filtering is in place outbound on the border router. Any LHCOPN monitoring is able to look inwards to the LHCOPN, i.e. in the direction of CERN, but not into the RAL site network. |
| US-FNAL-CMS | PBR inbound/outbound between USCMS FNAL subnets and accepted LHCOPN prefixes. Acceptance of prefixes across LHCOPN by agreement - USCMS FNAL prefixes filtered using the LHCOPN BGP communities. Prefixes accepted and USCMS FNAL prefixes advertised across direct peerings by agreement. |
| RRC-KI-T1 | Currently we receive and accept all announcements via CERN for AS 43, 137, 513, 789, 1162, 17579, 24167, 34878, 36391, 39590, 43115, 43475, 61339. Our routes aren't reannounced from CERN to FNAL, since we have no response from this Tier-1 yet. All new Tier-1 sites are kindly requested to announce community 513:59624 (do not announce to AS 59624) to CERN until we will tune our ACLs to accept and announce our prefixes towards new Tier-1 centres to facilitate symmetric routing. Notice for new peerings at noc@computingNOSPAMPLEASE.kiae.ru will be much appreciated. |
Topic revision: r70 - 2022-03-17 - EdoardoMARTELLI
- LHCOPN Web
- LHCOPN Web Home
- Changes
- Index
- Search
- ABATBEA
- ACPP
- ADCgroup
- AEGIS
- AfricaMap
- AgileInfrastructure
- ALICE
- AliceEbyE
- AliceSPD
- AliceSSD
- AliceTOF
- AliFemto
- ALPHA
- Altair
- ArdaGrid
- ASACUSA
- AthenaFCalTBAna
- Atlas
- AtlasLBNL
- AXIALPET
- CAE
- CALICE
- CDS
- CENF
- CERNSearch
- CLIC
- Cloud
- CloudServices
- CMS
- Controls
- CTA
- CvmFS
- DB
- DefaultWeb
- DESgroup
- DPHEP
- DM-LHC
- DSSGroup
- EGEE
- EgeePtf
- ELFms
- EMI
- ETICS
- FIOgroup
- FlukaTeam
- Frontier
- Gaudi
- GeneratorServices
- GuidesInfo
- HardwareLabs
- HCC
- HEPIX
- ILCBDSColl
- ILCTPC
- IMWG
- Inspire
- IPv6
- IT
- ItCommTeam
- ITCoord
- ITdeptTechForum
- ITDRP
- ITGT
- ITSDC
- LAr
- LCG
- LCGAAWorkbook
- Leade
- LHCAccess
- LHCAtHome
- LHCb
- LHCgas
- LHCONE
- LHCOPN
- LinuxSupport
- Main
- Medipix
- Messaging
- MPGD
- NA49
- NA61
- NA62
- NTOF
- Openlab
- PDBService
- Persistency
- PESgroup
- Plugins
- PSAccess
- PSBUpgrade
- R2Eproject
- RCTF
- RD42
- RFCond12
- RFLowLevel
- ROXIE
- Sandbox
- SocialActivities
- SPI
- SRMDev
- SSM
- Student
- SuperComputing
- Support
- SwfCatalogue
- TMVA
- TOTEM
- TWiki
- UNOSAT
- Virtualization
- VOBox
- WITCH
- XTCA
 |
|
Copyright &© 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback