itb status report spring ai3 meeting 19-21 june 2003 tokyo, japan
Post on 27-Mar-2015
220 Views
Preview:
TRANSCRIPT
ITB Status Report
Spring AI3 Meeting
19-21 June 2003
Tokyo, Japan
Observatorium Bosscha
• One and the only star observatorium in South East Asia, currently run by Astronomy Dept, ITB
• Stationed at Lembang, West Java, about 6 km North from Bandung
• Website : http://www.bosscha.itb.ac.id
Live Observation at Bosscha
• The use of Internet Technology for (near) real-time sky object observation
• Input – CCD camera attached to the telescope
• Output– Live streaming video using RealPlayer– Periodic Image capture using Webcam Apps
• Audience can watch live observation directly from their computer!
Live Observation at Bosscha (cont’d)
• Conducted at May 7th 2003, observing Mercury Transit (Mercury will pass through the sun, so looks visible from Earth)
• Done with portable telescope, with CCD camera attached
• CCD camera output is splitted in two direction by video splitter– For RealProducer, creating Streaming Media files– For Webcam apps (Durgem,
http://durgem.sourceforge.net), creating periodic (30 sec) image capture
Live Observation at Bosscha (cont’d)
• Bosscha is connected to ITB using 802.11b Wireless Link
• Audience can watch video stream and image capture in website http://bosscha-live.ai3.itb.ac.id
• Two video stream created : – 56 kbps for Internet audience– 384 kbps for ITB audience (LAN)
Responses about Live Observation at Bosscha
• Public Announcement about live observation was made in public mailing list and newspaper
• Responses was high at websites : see http://stats.cnrglab.itb.ac.id/bosscha-live.ai3.itb.ac.id/
Results
• Cloudy weather makes hard to get good pictures of the Mercury Transit
• Thanks to the Durgem, 15 picture out of 300 picture captures the Transit
• Astronomers is very delighted about the results
• Planned to do live observation in late August, observing Mars at Perihelion (nearest distance to Earth)
Portable Telescope CCD Camera attached to the telescope
Real Producer & Webcam Server Video Splitter
Journalists came to the observation site Observation site, at the top of the roof
http://bosscha-live.ai3.itb.ac.id Website and RealPlayer
Image captured using CCD Camera Processed image by Bosscha Astronomer
IPv6 @ ITB
• Campus-wide IPv6 Deployment @ ITB
• Dual-stack services– Email server– Web server– DNS server– FTP server– SSH and Telnet (remote login)
Campus-wide IPv6 Deployment• Problem :
– Campus Backbone is not IPv6-compliant• Cisco Catalyst 6500 Sup1A/MSFC1• Cisco only released IPv6 on Sup2 and Sup720
• Solutions :– One PC router (IPv6 w/ Zebra routing
daemon) on each Catalyst– Each router is connected via IPv6 tunnel– Router connects subnets on each Catalyst
using VLAN trunk 802.1q
Campus-wide IPv6 Deployment (cont’d)
GigEthLink
ITB1-v6-router
ITB2-v6-router ITB3-v6-router
Catalyst 6000 Catalyst 6000
Catalyst 6000
ITBWest Campus
ITBNorth Campus
ITBSouth Campus
Tunnel
802.1q Trunk
802.1q Trunk
802.1q Trunk
Access VLAN on
each IPv6 Subnet
Access VLAN on
each IPv6 Subnet
Access VLAN on
each IPv6 Subnet
Dual-stack Services
• DNS server– ns1.itb.ac.id/ns2.itb.ac.id now resolve IPv6
address
• Email server– MX.itb.ac.id has IPv6 address, with postfix
(IPv6-patched)
• Web server– ITB official website (http://www.itb.ac.id) has
IPv6 address
> uname -aFreeBSD itb2-v6-router.itb.ac.id 4.7-RELEASE FreeBSD 4.7-RELEASE #0: Fri
May 9 23:56:42 GMT 2003 admin@itb2-v6-router.itb.ac.id:/usr/source/kame/freebsd4/sys/compile/itb2_v6_router-kame-20030407-freebsd47 i386
> host -t AAAA fileserver.lapi.itb.ac.idfileserver.lapi.itb.ac.id has address 2001:200:830:11:2e0:18ff:fe8c:180a> ftp -6 fileserver.lapi.itb.ac.idConnected to fileserver.lapi.itb.ac.id.220 fileserver.lapi.itb.ac.id FTP server (Version 6.00LS) ready.Name (fileserver.lapi.itb.ac.id:admin): dikshie331 Password required for dikshie.Password:230 User dikshie logged in.Remote system type is UNKNOWN.ftp> pwd257 "/home/dikshie" is current directory.ftp>
FTP Server
> uname -aFreeBSD ipv6.ppk.itb.ac.id 4.8-STABLE FreeBSD 4.8-
STABLE #1: Sun Apr 6 18:26:06 WIT 2003 dikshie@ipv6.ppk.itb.ac.id:/usr/obj/usr/src/sys/PPK i386
> ssh -6 dikshie@fileserver.lapi.itb.ac.idThe authenticity of host 'fileserver.lapi.itb.ac.id
(2001:200:830:11:2e0:18ff:fe8c:180a)' can't be established.
DSA key fingerprint is 55:cb:3d:b8:cc:08:2d:44:a2:f2:9d:94:36:77:de:2a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'fileserver.lapi.itb.ac.id' (DSA) to the list of known hosts.
Password:
SSH (Remote Login)
> uname -aFreeBSD ipv6.ppk.itb.ac.id 4.8-STABLE FreeBSD 4.8-
STABLE #1: Sun Apr 6 18:26:06 WIT 2003 dikshie@ipv6.ppk.itb.ac.id:/usr/obj/usr/src/sys/PPK i386
> telnet -6 fileserver.lapi.itb.ac.idTrying 2001:200:830:11:2e0:18ff:fe8c:180a...Connected to fileserver.lapi.itb.ac.id.Escape character is '^]'.Trying SRA secure login:User (dikshie):Password:[ SRA accepts you ]
TELNET (Remote Login)
Jun 16 21:36:27 ipv6 postfix/smtpd[355]: connect from mx2.itb.ac.id[2001:200:800:3000:202:44ff:fe35:2285]
Jun 16 21:36:27 ipv6 postfix/smtpd[355]: 94A2620: client=mx2.itb.ac.id[2001:200:800:3000:202:44ff:fe35:2285]
Jun 16 21:36:27 ipv6 postfix/cleanup[328]: 94A2620: message-id=<20030616143613.95944.qmail@web12604.mail.yahoo.com>
Jun 16 21:36:27 ipv6 postfix/qmgr[327]: 94A2620: from=<bounce-isp-routing-396359@lists.isp-lists.com>, size=7908, nrcpt=1 (queue active)
Jun 16 21:36:27 ipv6 postfix/smtpd[355]: disconnect from mx2.itb.ac.id[2001:200:800:3000:202:44ff:fe35:2285]
Jun 16 21:36:27 ipv6 postfix/local[330]: 94A2620: to=<dikshie@ppk.itb.ac.id>, relay=local, delay=0, status=sent (delivered to command: IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #dikshie)
SMTP (Incoming)
Jun 16 21:42:29 ipv6 postfix/pickup[326]: C8C2376: uid=1000 from=<dikshie@ppk.itb.ac.id>
Jun 16 21:42:29 ipv6 postfix/cleanup[328]: C8C2376: message-id=<20030616144229.GA543@ppk.itb.ac.id>
Jun 16 21:42:29 ipv6 postfix/qmgr[327]: C8C2376: from=<dikshie@ppk.itb.ac.id>, size=1046, nrcpt=1 (queue active)
Jun 16 21:42:40 ipv6 postfix/smtp[535]: C8C2376: to=<dikshie@rootshell.be>, relay=mail.rootshell.be[3ffe:8100:200:1fff::25], delay=11, status=bounced (host mail.rootshell.be[3ffe:8100:200:1fff::25] said: 550 5.1.1 <dikshie@rootshell.be>... User unknown (in reply to RCPT TO command))
SMTP (Outgoing)
E-Mail Service Report
By mailadm@itb.ac.id
Network Map
Recent Condition (1/2)
• All MX-ITB are IPv6 compliant.• mx1.itb.ac.id
– Pentium III-1000 MHz 128 MB RAM– Postfix 2.0.7 with tls+ipv6-1.13-pf-2.0.7.patch
(migrated from qmail 1.03)– Apache 1.3.27– mailman 2.1 (migrated from ezmlm)
• mx2.itb.ac.id– AMD Duron 750 MHz 128 MB RAM– SMTP-auth using cyrus-sasl-1.5.24– Postfix 2.0.7 with tls+ipv6-1.13-pf-2.0.7.patch
Recent Condition (2/2)
• mx3.itb.ac.id– Pentium III-500 MHz 128 MB RAM– Postfix 2.0.7 with tls+ipv6-1.13-pf-2.0.7.patch
• mxout.itb.ac.id– Load balancing server using Cisco Catalyst
6500 (not IPv6 compliant)– Provide outgoing mail server for
167.205.0.0/16
Email Traffic/day on Mei 2003Email Traffic
0
50000
100000
150000
200000
250000
300000
350000
Top 10 Mailing List @itb.ac.id (by members)
cdc-itb 4907
itb 696
dokter 561
dosen 421
jobs 385
cdc-hrdstar 341
hindu-dharma 252
sysop-l 203
itb75 159
politeknik 152
Email Filter Methods
• Filtered by RBL – sbl.spamhaus.org (transfer zone)– relays.ordb.org
• Filtered by regex– ftp://ftp.worldless.net/pub/postfix/
Known Problems
• Mailman @ mx1.itb.ac.id– Queue file corrupt could make mailman stop
sending email to the list members– Database file corrupt could make a mailinglist
whole configuration lost.
• Spamassasin implementation– Failed because of the lackness of resources
(CPU+Memory)
mx3.itb.ac.id crash within five minutes.
Others
• B/W usage http://netmon.cnrglab.itb.ac.id/site/summary?id=10
• Next :– Try using centralized database to maintain spam list– Try combining Postfix smtp-auth with sasl and ldap
ITB Looking Glass
• http://ken-arok.cnrg.itb.ac.id
• Source code from :
ftp://ftp.enterzone.net/looking-lass/CURRENT/ with little adjustment
Domain Name Service Report
dnsadm@itb.ac.id
Recent Condition [1/2]
DNS in ITB Network is handled by :• ns1.itb.ac.id
IP Address : 167.205.23.1202.249.24.652001:200:830:0:250:baff:fecb:9fcf
Computer Specification :Processor : Intel Pentium 166 MHz 64 MB RAMFreeBSD 4.7-RELEASEBIND 8.4.1IPv6 Support
• ns2.itb.ac.idIP Address : 167.205.22.123
2001:200:830:1:200:21ff:fee0:6d2eComputer Specification :Processor : Intel Pentium 200 MHz 128 MB RAMFreeBSD 4.7-RELEASEBIND 9.2.2IPv6 Support
Recent Condition [2/2]
• ns3.itb.ac.idIP Address : 167.205.48.253
Computer Specification :
Processor : Intel Pentium III 730 MHz 128 MB RAM
OS : FreeBSD 3.5-RELEASE
Software : BIND 9.22
DNS Handling
• ns1.itb.ac.id- Handling transfer zone between itb.ac.id domain and The
Internet- Organizing domain *.itb.ac.id name server delegation
• ns2.itb.ac.id- Master & secondary name server for domain *.itb.ac.id- Master & secondary name server for 167.205.0.0/16 reversed
• ns3.itb.ac.id- Master & secondary name server for domain *.itb.ac.id- Master & secondary name server for 167.205.0.0/16 reversed
IPv6 DNS Server
• ITB use AAAA addressing, not A6 addressing
• ITB does not have its reverse for ipv6, [hopefully, we will get as soon as possible]
• ITB use ip6.arpa addressing on reverse, not ip6.int
• There are not specific domain for ipv6. if 1 server has ipv6, hostname has 2 ip (or more), ipv6 & ipv4
Load
• Traffic in ns2.itb.ac.id
• DNS traffic in ai3-indonesia-ether.itb.ac.id
DNS traffic is shown in blue color, it’s not significant if it’s compared with other traffics
Known Problems
• ITB could not resolved some other domains.
solution : DNS administrator in both domain (ITB domain and the troubled domain) would make zone transfer manually between ns1.itb.ac.id and their name server
• Delegated name server down for a longtime, thus delegated domain disappeared from The Internet
solution : ITB DNS Administrator would take off its delegation and use ns2/ns3 for primary name server of
its domain
top related