DataTAG logo Member Area | Public Area
Member Area
Access restricted to DataTAG members and U.S. partners
 Work Packages
WP1
WP2
WP3
WP4
WP5
WP6
PTB
PMB

Rules and Guidelines for Using the DataTAG Testbed

Contents:

DataTAG Testbed

The DataTAG testbed is an international research facility shared by many researchers all over the world. It consists of:

  • a 2.5 Gbit/s link between Geneva (CERN) and Chicago (StarLight)
  • high-end PCs at CERN and Chicago (some are public, others are private)
  • network devices: Cisco routers, Extreme Network switches, etc.

For a more detailed description of this testbed, here are three network maps:

Support

Users who experience problems and new users who need to set up a new account should contact the support staff:

  • Europe-based users: Edoardo (CERN)
  • U.S.-based users: Sylvain (Caltech)

Public PCs vs. Private PCs

Public PCs are shared by many people, who use them either concurrently or sequentially. They are jointly managed by CERN and Caltech. The following PCs are public:

w01gva w01chi
w02gva w02chi
w03gva w03chi
w04gva w04chi
w05gva w05chi

Private PCs are dedicated to a single research institute:

  • w06gva and w06chi are dedicated to the FAST project at Caltech;
  • w20gva and w21gva are dedicated to INRIA.

Private PCs are managed independently of the public PCs.

Timezones

Public PCs and the 2.5 Gbit/s link are by default allotted to Europe-based users during the following time range:

8:00 am - 8:00 pm CET
11:00 pm - 11:00 am PST

Public PCs and the 2.5 Gbit/s link are by default allotted to U.S.-based users during the following time range:

11:00 am - 11:00 pm PST
8:00 pm - 8:00 am CET

As of January 13, 2003, all public PCs are rebooted at the end of each timezone, that is, twice per day. Upon reboot, time is synchronized via NTP on these PCs.

Default Pre-Allocation Scheme

Without making hard reservations, people can work on public PCs that are "allotted" to them as development machines during their timezones. They can safely assume that no one else will log into their machine and cause major disruption to it, e.g. reboot it. Other people can still log into their machine and put a light load onto it, but they know that the primary user for that PC may reboot it anytime.

During the European timezone, PCs are pre-allocated by default as follows :

  • w01gva & w01chi: Amsterdam
  • w02gva & w02chi: CERN
  • w03gva & w03chi: Manchester
  • w04gva & w04chi: UCL
  • w05gva & w05chi: Caltech

During the U.S. timezone, PCs are pre-allocated by default as follows :

  • w01gva & w01chi: SLAC
  • w02gva & w02chi: LBL
  • w03gva & w03chi: SLAC
  • w04gva & w04chi: Caltech
  • w05gva & w05chi: Caltech

Hard Reservations

While doing is M.S. thesis at CERN, Simon Leo developed a reservation application that enables users to make hard reservations for resources. These resources include the ten public PCs of the testbed (five on each side of the Atlantic) and the 2.5 Gbit/s link.

The purpose of hard reservations is to prevent other users from causing disruption and generating background noise traffic while you make measurements and gather data for writing scientific reports. It is not to perform mere development work, unless this work may cause severe disruption to others (e.g., you need to change QoS parameters on the Cisco routers, which may hang the routers as we have already experienced).

We recommend that users reserve resources for 4 hours in a row, with a maximum of 8 hours. This policy is not currently enforced.

The five public PCs at CERN and the five public PCs in Chicago are now controlled by the DataTAG reservation application. The different timezones are properly dealt with: in all GUIs, users see times expressed in their own timezones.

The following features have been implemented:

  • the GUI has been enhanced to look more like a calendar;
  • users need to authenticate themselves at the beginning of a session;
  • it is possible to reserve PCs for a group of people, and not simply one person;
  • reservations are stored in XML by the server;
  • the application checks that users do not make reservations outside their timezones;
  • users can now reserve some PCs without reserving the 2.5 Gbit/s link;
  • it is possible to modify existing reservations;
  • communication between the browser and the HTTP server is SSL encrypted (HTTPS).
  • Tomcat is bound to Apache on the HTTP server and we now use default port 80.

The following features may be implemented in future releases:

  • all PCs will be rebooted 5 minutes before the end of the reservation and the default kernel will be installed (postponed due to stability concerns);
  • users will have the possibility to have their reserved PCs automatically booted with the kernel of their choice (not just the default kernel) 5 minutes before their reserved time slot begins (postponed because the PCs have different lilo.conf files);
  • the default configuration of the Cisco 7606 and 7609 routers (at both ends of the 2.5 Gbit/s link) will be downloaded at the end of the reservation (postponed because we do not yet have "stable" configuration files for the Cisco routers);
  • via a GUI, users will be able to control the mirroring of a Cisco port onto another port, which allows to sniff traffic from another PC in a transparent manner (postponed because users have showed little interest in this so far).

SSH

Because the PCs of the DataTAG testbed are located outside firewalls, they are more exposed to attacks than others. The number of services available on these PCs is therefore kept to a strict minimum. In particular, telnet access is disabled. The only way to access these PCs is via ssh.

People who need to become root on a public PC first have to ssh under their user account, then do "ssh root@localhost".

Root Access

Several users have root access to public PCs because they need to perform privileged commands, e.g. debug a new kernel.

Rule: The fact that you have root access does not allow you to reconfigure anything you want on a public PC. People who abuse of the root account will no longer be allowed to use the testbed. If you need to alter boot scripts, root account settings, etc., please contact support staff.

Default Linux Kernel

On all the public PCs at CERN and StarLight, the default Linux kernel is 2.4.24dtg6. This is the vanilla 2.4.24 kernel with the following modifications:

  • SysKonnect device driver 6.21

Rule: The default Linux kernel must not be changed by users.

How to Use Another Linux Kernel

/sbin/lilo -R kernel

Rule: People who do not run the default kernel must use this command to use another kernel. Changing lilo.conf and making your own kernel the default on that machine is considered antisocial.

Problem with Intel Device Driver

The Intel e1000 device driver is not included in the Linux kernel 2.4.19 by default (it is in version 2.4.20). If a user puts in a new kernel based on 2.4.19 and forgets to include this driver, access through the FastEthernet is no longer possible. Since the FastEthernet cards are the administrative interfaces on all public PCs, this breaks all of our administration tools.

Rule:  People who install their own pre-2.4.20 kernel must include the Intel device driver.

If need be, Tom Kelly has made a patch available at:

http://www-lce.eng.cam.ac.uk/~ctk21/tmp/e1000-2.4.19-1.patch.gz

This page is maintained by J.P. Martin-Flatin, Technical Manager, DataTAG Project.

(last updated on 8 January 2004)

 


DataTAG is a project sponsored by the European Commission - EU Grant IST-2001-32459