ITB - AI3
advertisement
ITB Status Report Spring AI3 Meeting 19-21 June 2003 Tokyo, Japan Observatorium Bosscha • One and the only star observatorium in South East Asia, currently run by Astronomy Dept, ITB • Stationed at Lembang, West Java, about 6 km North from Bandung • Website : http://www.bosscha.itb. ac.id Live Observation at Bosscha • The use of Internet Technology for (near) real-time sky object observation • Input – CCD camera attached to the telescope • Output – Live streaming video using RealPlayer – Periodic Image capture using Webcam Apps • Audience can watch live observation directly from their computer! Live Observation at Bosscha (cont’d) • Conducted at May 7th 2003, observing Mercury Transit (Mercury will pass through the sun, so looks visible from Earth) • Done with portable telescope, with CCD camera attached • CCD camera output is splitted in two direction by video splitter – For RealProducer, creating Streaming Media files – For Webcam apps (Durgem, http://durgem.sourceforge.net), creating periodic (30 sec) image capture Live Observation at Bosscha (cont’d) • Bosscha is connected to ITB using 802.11b Wireless Link • Audience can watch video stream and image capture in website http://bosschalive.ai3.itb.ac.id • Two video stream created : – 56 kbps for Internet audience – 384 kbps for ITB audience (LAN) Responses about Live Observation at Bosscha • Public Announcement about live observation was made in public mailing list and newspaper • Responses was high at websites : see http://stats.cnrglab.itb.ac.id/bosschalive.ai3.itb.ac.id/ Results • Cloudy weather makes hard to get good pictures of the Mercury Transit • Thanks to the Durgem, 15 picture out of 300 picture captures the Transit • Astronomers is very delighted about the results • Planned to do live observation in late August, observing Mars at Perihelion (nearest distance to Earth) Portable Telescope CCD Camera attached to the telescope Real Producer & Webcam Server Journalists came to the observation site Video Splitter Observation site, at the top of the roof http://bosscha-live.ai3.itb.ac.id Website and RealPlayer Image captured using CCD Camera Processed image by Bosscha Astronomer IPv6 @ ITB • Campus-wide IPv6 Deployment @ ITB • Dual-stack services – Email server – Web server – DNS server – FTP server – SSH and Telnet (remote login) Campus-wide IPv6 Deployment • Problem : – Campus Backbone is not IPv6-compliant • Cisco Catalyst 6500 Sup1A/MSFC1 • Cisco only released IPv6 on Sup2 and Sup720 • Solutions : – One PC router (IPv6 w/ Zebra routing daemon) on each Catalyst – Each router is connected via IPv6 tunnel – Router connects subnets on each Catalyst using VLAN trunk 802.1q Campus-wide IPv6 Deployment (cont’d) 802.1q Trunk Access VLAN on each IPv6 Subnet Catalyst 6000 ITB North Campus ne el n Tu l n Tun h Et ig G ink L 802.1q Trunk ITB1-v6-router 802.1q Trunk Tunnel GigEth Link ITB2-v6-router Catalyst 6000 ITB West Campus Access VLAN on each IPv6 Subnet ITB3-v6-router Catalyst 6000 Access VLAN on each IPv6 Subnet ITB South Campus Dual-stack Services • DNS server – ns1.itb.ac.id/ns2.itb.ac.id now resolve IPv6 address • Email server – MX.itb.ac.id has IPv6 address, with postfix (IPv6-patched) • Web server – ITB official website (http://www.itb.ac.id) has IPv6 address FTP Server > uname -a FreeBSD itb2-v6-router.itb.ac.id 4.7-RELEASE FreeBSD 4.7-RELEASE #0: Fri May 9 23:56:42 GMT 2003 admin@itb2-v6router.itb.ac.id:/usr/source/kame/freebsd4/sys/compile/itb2_v6_router-kame20030407-freebsd47 i386 > host -t AAAA fileserver.lapi.itb.ac.id fileserver.lapi.itb.ac.id has address 2001:200:830:11:2e0:18ff:fe8c:180a > ftp -6 fileserver.lapi.itb.ac.id Connected to fileserver.lapi.itb.ac.id. 220 fileserver.lapi.itb.ac.id FTP server (Version 6.00LS) ready. Name (fileserver.lapi.itb.ac.id:admin): dikshie 331 Password required for dikshie. Password: 230 User dikshie logged in. Remote system type is UNKNOWN. ftp> pwd 257 "/home/dikshie" is current directory. ftp> SSH (Remote Login) > uname -a FreeBSD ipv6.ppk.itb.ac.id 4.8-STABLE FreeBSD 4.8STABLE #1: Sun Apr 6 18:26:06 WIT 2003 dikshie@ipv6.ppk.itb.ac.id:/usr/obj/usr/src/sys/PPK i386 > ssh -6 dikshie@fileserver.lapi.itb.ac.id The authenticity of host 'fileserver.lapi.itb.ac.id (2001:200:830:11:2e0:18ff:fe8c:180a)' can't be established. DSA key fingerprint is 55:cb:3d:b8:cc:08:2d:44:a2:f2:9d:94:36:77:de:2a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'fileserver.lapi.itb.ac.id' (DSA) to the list of known hosts. Password: TELNET (Remote Login) > uname -a FreeBSD ipv6.ppk.itb.ac.id 4.8-STABLE FreeBSD 4.8STABLE #1: Sun Apr 6 18:26:06 WIT 2003 dikshie@ipv6.ppk.itb.ac.id:/usr/obj/usr/src/sys/PPK i386 > telnet -6 fileserver.lapi.itb.ac.id Trying 2001:200:830:11:2e0:18ff:fe8c:180a... Connected to fileserver.lapi.itb.ac.id. Escape character is '^]'. Trying SRA secure login: User (dikshie): Password: [ SRA accepts you ] SMTP (Incoming) Jun 16 21:36:27 ipv6 postfix/smtpd[355]: connect from mx2.itb.ac.id[2001:200:800:3000:202:44ff:fe35:2285] Jun 16 21:36:27 ipv6 postfix/smtpd[355]: 94A2620: client=mx2.itb.ac.id[2001:200:800:3000:202:44ff:fe35:2285] Jun 16 21:36:27 ipv6 postfix/cleanup[328]: 94A2620: messageid=<20030616143613.95944.qmail@web12604.mail.yahoo. com> Jun 16 21:36:27 ipv6 postfix/qmgr[327]: 94A2620: from=<bounce-isp-routing-396359@lists.isp-lists.com>, size=7908, nrcpt=1 (queue active) Jun 16 21:36:27 ipv6 postfix/smtpd[355]: disconnect from mx2.itb.ac.id[2001:200:800:3000:202:44ff:fe35:2285] Jun 16 21:36:27 ipv6 postfix/local[330]: 94A2620: to=<dikshie@ppk.itb.ac.id>, relay=local, delay=0, status=sent (delivered to command: IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #dikshie) SMTP (Outgoing) Jun 16 21:42:29 ipv6 postfix/pickup[326]: C8C2376: uid=1000 from=<dikshie@ppk.itb.ac.id> Jun 16 21:42:29 ipv6 postfix/cleanup[328]: C8C2376: message-id=<20030616144229.GA543@ppk.itb.ac.id> Jun 16 21:42:29 ipv6 postfix/qmgr[327]: C8C2376: from=<dikshie@ppk.itb.ac.id>, size=1046, nrcpt=1 (queue active) Jun 16 21:42:40 ipv6 postfix/smtp[535]: C8C2376: to=<dikshie@rootshell.be>, relay=mail.rootshell.be[3ffe:8100:200:1fff::25], delay=11, status=bounced (host mail.rootshell.be[3ffe:8100:200:1fff::25] said: 550 5.1.1 <dikshie@rootshell.be>... User unknown (in reply to RCPT TO command)) E-Mail Service Report By mailadm@itb.ac.id Network Map Recent Condition (1/2) • All MX-ITB are IPv6 compliant. • mx1.itb.ac.id – Pentium III-1000 MHz 128 MB RAM – Postfix 2.0.7 with tls+ipv6-1.13-pf-2.0.7.patch (migrated from qmail 1.03) – Apache 1.3.27 – mailman 2.1 (migrated from ezmlm) • mx2.itb.ac.id – AMD Duron 750 MHz 128 MB RAM – SMTP-auth using cyrus-sasl-1.5.24 – Postfix 2.0.7 with tls+ipv6-1.13-pf-2.0.7.patch Recent Condition (2/2) • mx3.itb.ac.id – Pentium III-500 MHz 128 MB RAM – Postfix 2.0.7 with tls+ipv6-1.13-pf-2.0.7.patch • mxout.itb.ac.id – Load balancing server using Cisco Catalyst 6500 (not IPv6 compliant) – Provide outgoing mail server for 167.205.0.0/16 Email Traffic/day on Mei 2003 350000 Email Traffic 300000 250000 200000 150000 100000 50000 e s d+ Bo u nc vi ru id e ts ou D ef er re nt se se nt Tr in s af id e ik 0 Top 10 Mailing List @itb.ac.id (by members) cdc-itb itb dokter dosen jobs cdc-hrdstar hindu-dharma sysop-l itb75 politeknik 4907 696 561 421 385 341 252 203 159 152 Email Filter Methods • Filtered by RBL – sbl.spamhaus.org (transfer zone) – relays.ordb.org • Filtered by regex – ftp://ftp.worldless.net/pub/postfix/ Known Problems • Mailman @ mx1.itb.ac.id – Queue file corrupt could make mailman stop sending email to the list members – Database file corrupt could make a mailinglist whole configuration lost. • Spamassasin implementation – Failed because of the lackness of resources (CPU+Memory) mx3.itb.ac.id crash within five minutes. Others • B/W usage http://netmon.cnrglab.itb.ac.id/site/summary?id=10 • Next : – Try using centralized database to maintain spam list – Try combining Postfix smtp-auth with sasl and ldap ITB Looking Glass • http://ken-arok.cnrg.itb.ac.id • Source code from : ftp://ftp.enterzone.net/looking-lass/CURRENT/ with little adjustment Domain Name Service Report dnsadm@itb.ac.id Recent Condition [1/2] DNS in ITB Network is handled by : • ns1.itb.ac.id IP Address : 167.205.23.1 202.249.24.65 2001:200:830:0:250:baff:fecb:9fcf Computer Specification : Processor : Intel Pentium 166 MHz 64 MB RAM FreeBSD 4.7-RELEASE BIND 8.4.1 IPv6 Support • ns2.itb.ac.id IP Address : 167.205.22.123 2001:200:830:1:200:21ff:fee0:6d2e Computer Specification : Processor : Intel Pentium 200 MHz 128 MB RAM FreeBSD 4.7-RELEASE BIND 9.2.2 IPv6 Support Recent Condition [2/2] • ns3.itb.ac.id IP Address : 167.205.48.253 Computer Specification : Processor : Intel Pentium III 730 MHz 128 MB RAM OS : FreeBSD 3.5-RELEASE Software : BIND 9.22 DNS Handling • ns1.itb.ac.id Handling transfer zone between itb.ac.id domain and The - Internet Organizing domain *.itb.ac.id name server delegation • ns2.itb.ac.id - Master & secondary name server for domain *.itb.ac.id - Master & secondary name server for 167.205.0.0/16 reversed • ns3.itb.ac.id - Master & secondary name server for domain *.itb.ac.id - Master & secondary name server for 167.205.0.0/16 reversed IPv6 DNS Server • ITB use AAAA addressing, not A6 addressing • ITB does not have its reverse for ipv6, [hopefully, we will get as soon as possible] • ITB use ip6.arpa addressing on reverse, not ip6.int • There are not specific domain for ipv6. if 1 server has ipv6, hostname has 2 ip (or more), ipv6 & ipv4 Load • Traffic in ns2.itb.ac.id • DNS traffic in ai3indonesiaether.itb.ac.id DNS traffic is shown in blue color, it’s not significant if it’s compared with other traffics Known Problems • ITB could not resolved some other domains. solution : DNS administrator in both domain (ITB domain and the troubled domain) would make zone transfer manually between ns1.itb.ac.id and their name server • Delegated name server down for a longtime, thus delegated domain disappeared from The Internet solution : ITB DNS Administrator would take off its delegation and use ns2/ns3 for primary name server of its domain
