How to connect to LHCONE L3VPN

Preparing to connect

Get the physical connection

A TierX can connect to the LHCONE L3VPN via its preferred or closest LHCONE Provider. The type of connection, the router interface, the routing protocol and all the connection details have to be agreed with the LHCONE provider of choice.

LHCONE Providers

Operators Served region POPs Contact information
ASGC Asia Taipei, Hong Kong Mega-I, Starlight, AMS-IX noc@twgridNOSPAMPLEASE.org
CERNlight Europe/any Geneve (CH) extip@cernNOSPAMPLEASE.ch
CANARIE Canada   rsobie@uvicNOSPAMPLEASE.ca
ESnet US MANLAN, WIX, Starlight + other ESnet hubs trouble@esNOSPAMPLEASE.net
Geant Europe   Vincenzo.Capone@danteNOSPAMPLEASE.net
Internet2 US    
Netherlight      
Nordunet Nordics all Nordunet hubs noc@norduNOSPAMPLEASE.net

How to use the L3VPN connection

In order to connect to the L3VPN, a TierX site should have:

  • public IP addresses
  • a public ASN
  • a BGP capable router
Private ASes are not allowed in the LHCONE. If a site doesn't have a public AS, it may ask the VRF operator to announce the site address as belonging to the VRF's AS or any other AS dedicated for this purpose.

The LHCONE L3VPN transports LHC data traffic only. To do so:

  • TierX can announce only IP prefixes assigned to their WLCG servers according to the LHCONE AUP
  • Traffic must be symmetric: TierXs can send into the L3VPN only packets with IP source address in the announced address space. It's important to assure symmetry in order to avoid TCP traffic drops due to statefull firewalls (please refer to this presentation).

Validation of a new connection

TierX sites can validate their brand new connection to the LHCONE by tracing the path to IP addresses of the LHCONE perfSONAR probes. They are listed here: https://twiki.cern.ch/twiki/bin/view/LHCONE/SiteList (in the columns "LAT node" or "BW node" of the large table).

Operations

In case of connectivity issue, a TierX has to get in touch with the NOC of its Network Operator.

Terminology

  • ASN: Autonomous System Number
  • L3VPN or LHCONE-VRF: the full LHCONE VPN domain, made by the interconnections of all partecipating VRFs
  • TierX: WLCG Tier1/2/3 end site
  • VRF: LHCONE Layer3 VPN instance provided by a single Network Operator.

Attachments Attachments
Topic attachments
I AttachmentSorted ascending History Action Size Date Who Comment
PDFpdf LHCONEconnectionguide-1.2.pdf r1 manage 166.8 K 2016-09-27 - 16:49 MichaelOConnorExternal1 LHCONE Site Provisioning Guidelines V1.2
This topic: LHCONE > WebHome > LhcOneHowToConnect
Topic revision: r16 - 2016-09-27 - MichaelOConnorExternal1
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright &© 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback