http://www.cesnet.cz/doc/techzpravy/ Overview of technical reports released by CESNET en http://www.cesnet.cz/doc/techzpravy/2011/bod-provisioning AUTHORS: M. Altmann, P. Nový, J. Radil. Bandwidth on Demand means different things to different people, especially in the networking area because the environment is heterogeneous and different aspects must be taken into account. In this paper we are focusing on provisioning systems in optical networks for research, education and scientific community, which means automated configuration of end to end circuits with dedicated capacity. http://www.cesnet.cz/doc/techzpravy/2011/cls-cl-ds-wss AUTHORS: J. Radil, M. Hůla, J. Vojtěch, P. Škoda, S. Šíma, J. Nejman, L. Altmannová. This technical reports deals with practical results of deployment of new advanced photonic devices from the CzechLight family of open photonic devices. The CzechLight Switch (CLS) and CzechLight Variable Multiplexers (CL VMUX) devices have been tested and deployed in the CESNET Experimental Facility and the CESNET2 production network before but not together with the CzechLight Dynamic Spectrum Wavelength Selective Switch (CL DS-WSS) device. CL DS-WSS can be used to change both amplitude and phase of optical signals and can be considered to be a programmable tuneable optical filter. http://www.cesnet.cz/doc/techzpravy/2011/orr AUTHORS: P. Vachek. The Team Cymru is a specialized Internet security research firm which generates and publishes its day-to-day reports on various Internet security issues. This CESNET Technical Report describes a simple system for receiving/downloading and processing the Team Cymru reports on Open Recursive DNS Resolvers by the CESNET ORR system and for sending appropriate reports to the CESNET member and customer network administrators. http://www.cesnet.cz/doc/techzpravy/2011/tests-100g AUTHORS: P. Škoda, J. Radil, J. Vojtěch, M. Hůla. The aim of this technical report is to list and discuss recent tests of coherent 100G system with DP-QPSK modulation. The report includes extensive laboratory experiments at fiber spools and also field tests in the live network of CESNET2. An interoperability of standard 10G NRZ systems and coherent systems is addressed together with concurrent transmission of special photonic services. Moreover 100G system was tested over single fiber bidirectional transmission links. http://www.cesnet.cz/doc/techzpravy/2011/40g-testing AUTHORS: P. Škoda, J. Radil. 40 Gb/s transmission systems are another step of 10 Gb/s systems in SDH/SONET data rates, although Ethernet made its way into this telco realm as 40GE but it is likely that 100GE will be more successful. Tests of a commercial non-coherent transmission 40 Gb/s system were performed with respect to possible deployment together with 10G sand 100G coherent transmission systems. Maximum transmission distance or sensitivity to nonlinear effects were evaluated. http://www.cesnet.cz/doc/techzpravy/2011/courseware-open-source-portal AUTHORS: J. Krupička. This report describes the implementation of our custom Java portal, scripting interface for managing portal structure and integration of Courseware. http://www.cesnet.cz/doc/techzpravy/2011/object-storage-openafs AUTHORS: M. Švamberg, L. Kejzlar. This Technical Report is a product of Project No. 293/2009 funded by the CESNET Development Fund, and gives a description of the testing environment, methodology and results. http://www.cesnet.cz/doc/techzpravy/2010/boinc AUTHORS: M. Krsek, I. Doležal. The text aims to attract the attention of those interested in starting their projects using Grid computing without deploying dedicated resources and to give them a hint to easily run the BOINC where original documentation is rather discouraging. Additionally it partially documents the use in a real world example. This technical report is in Czech. http://www.cesnet.cz/doc/techzpravy/2010/metacentrum-virtualization-use-cases AUTHORS: J. Sitera, M. Ruda, P. Holub, D. Antoš, L. Matyska. In this report, we study various use-cases related to the possibilities of virtual cluster deployment. First, a short summary of already implemented use-cases is provided, as well as current and/or planned development. The second part contains a more detailed description of two use-cases identified as most important for MetaCentrum day-to-day operations and selected for further development in 2010. http://www.cesnet.cz/doc/techzpravy/2010/hq-sound-streaming AUTHORS: M. Wimmer. This report sums up the development and operation of a streaming system we use to deliver live broadcasts of Czech Radio stations over the Internet. It discusses major goals addressed by the project throughout its duration. The essential concept of our streaming system involves processing and broadcasting audio streams compressed by Ogg Vorbis and FLAC compression formats. We have designed and implemented a universal streaming audio transcoder capable of receiving loss-less FLAC streams and generating multiple output streams with different formats and bitrates. We have also experimented with streaming multi-channel audio. We have always relied on free formats and software products available in Linux. http://www.cesnet.cz/doc/techzpravy/2010/torque AUTHORS: Š. Tóth, M. Ruda, L. Matyska. The Czech National Grid Infrastructure MetaCentrum has been using a central scheduler infrastructure for approximately the past 10 years. This facilitated simple administration and direct support for large jobs running across several geographical sites. The knowledge of complete state allowed the scheduler to provide high quality decision making incorporating features like fairshare. On the other hand, this central setup created a single point of failure issue and also reached its scalability limits. In this paper we describe our work towards a new distributed architecture that maintains high scheduling quality while solving most of the single server issues. Our new distributed architecture provides both local autonomy and high scheduling quality. Users can still submit jobs locally even when cross-site connectivity is lost. Individual schedulers work primary with their local server but still maintain global state, that allows them to mimic centralised scheduling features. The architecture still supports central accounting and fairshare across the entire grid. Implementation is based on the open-source Torque batch system, which replaced the previous commercial PBSPro central server installation. Torque provides a similar codebase as it has a common ancestor with PBSPro in OpenPBS. Torque therefore provides familiar interface for both users and developers. This technical report is an extended version of the paper published for the Cracow Grid Workshop 2010. http://www.cesnet.cz/doc/techzpravy/2010/clm-clsm AUTHORS: J. Radil, L. Altmannová, M. Hůla, J. Nejman, S. Šíma, P. Škoda, T. Uhlář, J. Vojtěch. This technical reports deals with practical results of testing and deployment of new advanced photonic devices from the CzechLight (CL) family of open photonic devices. CLM 2×16+16×2 is an optical switch with multicasting capabilities. Such a device can be used to multicast and distribute high speed optical signals like high definition (HD) video, 4k aka digital cinema or rather special signals like accurate time or frequency.  Other tested device is CLS/M which is an optical switch with multicasting, switching and monitoring capabilities, with variable ratios. http://www.cesnet.cz/doc/techzpravy/2010/cl-roadm-wss AUTHORS: J. Radil, L. Altmannová, M. Altmann, M. Hůla, J. Nejman, S. Šíma, P. Škoda, T. Uhlář, J. Vojtěch. This technical report deals with practical results of deployment of new advanced photonic devices from the CzechLight (CL) family of open photonic devices. CL ROADMs (Reconfigurable Optical Add/Drop Multiplexer) deployment will solve some issues on the single fibre link (bidirectional transmission over one fibre). The main goals are elimination both of optical signal noise propagation and backreflections, which are major issues of the single fibre transmission. The ROADM technology enables dynamic and flexible (touch-less) provisioning of new lambda services. A CL WSS (Wavelength Selective Switch) was tested and deployed in the CESNET EF to verify not only switching capabilities but also new SW enhancements and developments. Analysis of various technologies of WSSs/ROADMs is not in the scope of this technical report. http://www.cesnet.cz/doc/techzpravy/2010/impact-polarization AUTHORS: P. Škoda, J. Vojtěch. The cutting edge optical transmission technologies utilize signal phase to transmit data rather then signal amplitude. With polarization multiplexed technologies emerging on the horizon, we prepared tests to analyse an impact of changes in state of polarization on a 40Gbps DPSK transmission performance. We tested the 40Gbps DPSK transmission performance against fast 150μs state of polarization changes and fast scan of all polarization states. Although we found a 40Gbps DPSK system resilient to changes in polarization, the system sensitivity on chromatic dispersion implies careful planning of DPSK systems deployment. http://www.cesnet.cz/doc/techzpravy/2010/4k-packet-format AUTHORS: P. Holub, M. Liška. This report describes a packet format for low-latency transmissions of both uncompressed and compressed 4K video for UltraGrid platform. The goal of the format is to be generic enough to support also other types of video and audio stream, including high-definition video, 2K video and ultra-high-definition video. The packet format uses RTP headers to support legacy monitoring and analysis tools. http://www.cesnet.cz/doc/techzpravy/2010/100ge-study AUTHORS: Š. Friedl, J. Novotný, L. Lhotka. This technical report describes the evolution of the Ethernet standard from 10 Mb/s up to 100 Gb/s. The basic principles are explained and the architectures of different versions are compared. The newest standard of 40/100 Gb/s Ethernet is described in some detail. Finally, a proposal for a 40 Gb/s Ethernet implementation based on Xilinx FPGA is presented and discussed. http://www.cesnet.cz/doc/techzpravy/2010/shibboleth-privacy AUTHORS: I. Novakov. This report deals with several topics concerning user data privacy in Shibboleth Identity Provider. It describes the functionality of SAML name identifiers and their implementation in Shibboleth, explains attribute release policies configuration and brings some best practices about creating them. http://www.cesnet.cz/doc/techzpravy/2010/sserv AUTHORS: P. Vachek. The Shadowserver Foundation, an Internet security volunteer watchdog group, generates and publishes its day-to-day reports on malware, botnet activities, DDoS and electronic fraud. This technical report describes a simple system for receiving and processing the Shadowserver reports by the CESNET-CERTS SSERV system and for sending appropriate Security Incident Reports to the member and customer network administrators. http://www.cesnet.cz/doc/techzpravy/2010/hw-filter-ipv6 AUTHORS: T. Dedek, J. Kořenek. This technical report describes an extension of the classification algorithm in the NIFIC packet filtering engine that allows for filtering IPv6 traffic. The classification algorithm implemented in the NIFIC device uses the longest prefix match operation on the source and destination IP addresses. The existing LPM algorithms and architectures are able to achieve high throughput for the IPv4 protocol but they are not well suited for the IPv6 protocol because of their time complexity or high memory requirements. Therefore, we proposed a new algorithm for the longest prefix match based on a fast look-up operation using a hash function and the Tree Bitmap algorithm. The proposed algorithm was mapped to the hardware architecture and implemented as a pipeline of processing elements. The resulting hardware architecture is able to achieve the wire-speed throughput for 100 Gbps network. Moreover, the results show that our implementation of Hash LPM is able to achieve constant time complexity and use much less hardware resources than TCAM or the Tree Bitmap algorithm alone. http://www.cesnet.cz/doc/techzpravy/2010/bgp-design-optimization AUTHORS: V. Novák. The paper deals with the design and implementation of CESNET2 IP/MPLS backbone BGP routing topology and it's optimization. The current BGP routing design of CESNET2 backbone doesn't match the actual network architecture, topology and technology changes. This document will cover the main BGP protocol features (IPv4/IPv6 unicast and multicast families) currently operated by backbone routers. The main objectives are to improve CESNET2 network stability, iBGP protocol convergence time, simplify BGP configurations and increase network services availability for customer networks connected to CESNET2. http://www.cesnet.cz/doc/techzpravy/2010/sogo-calendar-server AUTHORS: M. Wimmer. This technical report documents the choice of a Calendar Server application suitable for use by the students and staff of a mid-sized university. It also gives an overview of the properties of the chosen solution and sums up experience gathered in operation. The selected SOGo free software solution manages calendars, tasks and contacts, integrating them with external e-mail systems and directory services. Together, these services form a fully-fledged groupware solution, which can be accessed through its own webmail interface or through any client that supports CalDAV or SyncML protocols, such as Mozilla Thunderbird, iCAL, PDA devices, etc. http://www.cesnet.cz/doc/techzpravy/2010/flowmon AUTHORS: M. Žádník, L. Polčák, O. Lengál, M. Elich, P. Kramoliš. In today's networks we can observe ever increasing complexity and variability of services. A primary service - constant network connectivity - is accompanied with demands on cost-effectiveness, robustness and sufficient bandwidth provisioning. Specific applications may further require a network to be loss-free, to guarantee required bandwidth or exhibit low delay with low jitter. In order to address these demands and requirements, measurements must be taken to render an account of current network status. The measurement result determines the scope for further improvement, e.g., routing optimization, bandwidth over-provisioning, anomaly mitigation and others. We propose to deploy FlowMon probe in order to extract relevant information about network traffic from high-speed links. FlowMon probe is based on a concept of flow measurement which provides aggregation of the traffic but keeps sufficient level of detail. http://www.cesnet.cz/doc/techzpravy/2010/traffic-among-cores AUTHORS: V. Puš, T. Dedek, T. Martínek. This technical report describes design, implementation and evaluation of a hardware-accelerated system for distribution of network traffic among processor cores. The workload associated with network packet processing is split into several parts of similar size, and each core performs the required operation only on certain part of network packets. Packets of one flow are always processed by the same core. Hardware acceleration is used to perform high-speed packet distribution. http://www.cesnet.cz/doc/techzpravy/2010/ipv6-copp AUTHORS: P. Adamec, J. Verich. This document describes the testing implementation of the Cisco's Control Plane Policing for IPv6 in CESNET2 network. It also includes other security recommendations. http://www.cesnet.cz/doc/techzpravy/2010/distrib-analysis-env AUTHORS: J. Kmuníček, L. Hejtmánek, J. Brezovský, V. Kaplan, T. Hnízdil, L. Matyska. This study is devoted to deployment of DIANE/Ganga framework for solving computational demands through utilization of pilot jobs approach. The DIANE/Ganga framework has been modified to fully support Czech NGI environment. Two distinct application areas – virtual molecular screening and radiative transfer analysis – have been selected as the use cases for demonstration of the applicability and usability of the implemented system. Here we describe the current MetaCentrum scheduling and jobs planning system and especially its latest modifications required to support user communities with their specific computational jobs demands that do not optimally fit into present MetaCentrum utilization. Adoption of automatic distributed analysis environment DIANE has been selected as the way how to support these new jobs types within MetaCentrum NGI through MetaCentrum. http://www.cesnet.cz/doc/techzpravy/2010/mpls-metacentrum AUTHORS: P. Šmrha, J. Verich. The paper deals with the design and implementation of MPLS Traffic Engineering (TE) and Fast Reroute (FRR) link and node protection in the CESNET2 backbone to optimize MetaCentrum traffic paths to use available bandwidth with high availability. MPLS-TE primary tunnels are defined by explicit path specifications to use otherwise underutilized but available network bandwidth. There are two sets of MPLS-TE primary tunnels: the first one for L2 VPLS traffic optimization among three MetaCentrum data centers (Prague, Brno and Pilsen) and the other one for L3 IPv4 traffic optimization among four MetaCentrum data centers (CESNET Prague, UK Prague, Brno and Pilsen). High availability of these MPLS-TE tunnels is ensured by automatically created next-hop and next-next-hop backup tunnels to be used by the Fast Reroute mechanism for link and node protection in tens of milliseconds with respect to Shared Risk Link Group (SRLG) dependencies. http://www.cesnet.cz/doc/techzpravy/2010/hamoc AUTHORS: P. Čeleda, R. Krejčí, J. Barienčík, M. Elich, V. Krmíček. This technical report describes the Hardware-Accelerated Monitoring Center (HAMOC) platform based on COMBOv2 card family. In our research effort we concentrate on how to use hardware acceleration with already available and well-known monitoring applications. A set of network monitoring tools was tuned and tested with COMBOv2 hardware adaptors to be able to proceed 10 Gb/s traffic at line rate. The HAMOC performance is evaluated and typical deployment use cases are shown. http://www.cesnet.cz/doc/techzpravy/2010/sip-penetration-test AUTHORS: F. Řezáč, M. Vozňák. The SIP server, as well as other servers providing services in exposed network, often becomes the aim of attacks. As the SIP server is considered to be the key component of SIP infrastructure, a level of security and robustness is necessary to know, to be able to face the prospective threats. This technical report deals with a system generating penetration tests, that have to check up the SIP server and test its vulnerability. The tests represent a group at once the most used and effective attacks nowadays, they enable to compose the analysis of security risks and to point out the weaknesses of the tested system. The report also includes the description of applications that are used for the tests generating. The system is designed as a modular web application, which enables an access without dependancy on operating system and adding next test modules. At the end, the results achieved in practical testing are summarized and next functions suitable for the future system extension are proposed. http://www.cesnet.cz/doc/techzpravy/2010/otrs-csirt-workflow AUTHORS: P. Kácha. CSIRTs (Computer Security Response Teams) are the natural response to the widespread internet threats. Many of them have grown of small, but focused groups of people, by streamlining and expansion of what they have been already doing as part of their IT administrative work. Formalisation of the procedures and workflows brings the need for specialised tools, helping with incident categorisation, sanitization and general workflow. Also, special nature of incoming report emails introduces a new issues to otherwise well-known spam and backscatter fighting methods. As well as low level know-how, important part of security team practices are also higher level statistical analyses for pinpointing potential threats and trends. This report documents approaches to these problems and describes their implementation as modifications and supportive applications for Open Ticket Request System (OTRS), as well as experience from usage in the real world medium-sized security team. http://www.cesnet.cz/doc/techzpravy/2010/virtual-mon-federica AUTHORS: V. Krmíček, P. Čeleda. In this technical report, we present a framework for virtual network monitoring, which was deployed in FEDERICA project (Federated E-infrastructure Dedicated to European Researchers Innovating in Computing network Architectures) . It uses a flow-based approach, which acquires NetFlow data from the FEDERICA network and processes it by the open-source collector NfSen . The NfSen collector doesn't provide a special tool for the monitoring of virtual networks. Especially we have no long-term statistics about the FEDERICA network accessible in real-time, a possibility to inspect the traffic with the respect of particular virtual networks or a possibility to generate regular report statistics. Therefore we have extended the NfSen collector by the set of tools supporting virtual network monitoring. These tools support real-time access to the long-term monitoring data and statistics, provides various types of reports and performs more detailed views of the virtual network traffic. http://www.cesnet.cz/doc/techzpravy/2010/request-tracker-shibboleth AUTHORS: P. Grolmus. Shibboleth is a software package produced by the Internet2 Consortium to enable Single Sign-on (SSO) authentication for users in an environment composed of multiple organizations. Splitting Shibboleth into two parts – the Identity Provider (IdP) and the Service Provider (SP) – allows for separation of responsibilities and their assignment to individual participants. Home IdPs collect information (attributes) on their own users, provide authentication services for those users, and send pre-determined sets of attributes to the SP. As indicated by its title, an SP provides a service; authorized access to that service is allowed to users based on attributes received from IdPs. Any Web application can be seen as an example of such a service. This Report explains how to integrate Shibboleth with frequently used multi-user application such as Request Tracker. http://www.cesnet.cz/doc/techzpravy/2010/supplementary-service-ip-telephony AUTHORS: J. Rudinský. Technical report introduces a method for implementation of Supplementary Services in IP telephony. The services were implemented by different types of Intelligent Network in Public Switched Telephone Network, however such a unified solution for IP telephony is missing. The report proposes, specifies and describes implementation of DDDS application for supplementary services provision in IP telephony. http://www.cesnet.cz/doc/techzpravy/2010/service-provider AUTHORS: P. Grolmus, I. Novakov. Shibboleth is a software package produced by the Internet2 Consortium to enable Single Sign-on (SSO) authentication for users in an environment composed of multiple organizations. Splitting Shibboleth into two parts – the Identity Provider (IdP) and the Service Provider (SP) – allows for separation of responsibilities and their assignment to individual participants. Home IdPs collect information (attributes) on their own users, provide authentication services for those users, and send pre-determined sets of attributes to the SP. As indicated by its title, an SP provides a service; authorized access to that service is allowed to users based on attributes received from IdPs. Any Web application can be seen as an example of such a service. This Report explains how to make service providers run in Linux. http://www.cesnet.cz/doc/techzpravy/2010/vmware-medical-images AUTHORS: K. Slavíček, M. Javorník. The main goal was to verify the VMware technology for applications that provide special services in the area of medical image data processing (reliable storage systems, supporting of the primary diagnostic processes, secure and reliable electronic exchange of medical image data and related information among healthcare and research institutions, effective development and usage of knowledge databases in this area, etc.). Two VMware servers (Cesnet main PoP in Prague and in Brno) were used in tests. Three different lines connecting these servers (EoMPLS tunnel, GE line across the Cesnet DWDM backbone and a legacy IP network sharing commodity IP traffic) were tested step by step. Selected applications from MeDiMed (Metropolitan Digital Imaging in Medicine) solution were employed in tests. The proposed solution should significantly increase the robustness of these applications without increasing of the complexity of the whole solution (one medical institution, regional solution, etc.). http://www.cesnet.cz/doc/techzpravy/2010/grouper-implem-uwb AUTHORS: J. Bořík, F. Dvořák, J. Krupička. In this project the Grouper system is utilised as an application provider data source. However, the Grouper system could be optimized for this purpose in university user community. As a part of the final solution this project handles interconnecting between Grouper system and Sun Java System Identity Manager. http://www.cesnet.cz/doc/techzpravy/2010/virtual-environment AUTHORS: R. Berka, Z. Trávníček, V. Havran, J. Bittner, J. Žára, P. Slavík, P. Borovský, J. Navrátil. Communication in general incorporates technologies with increasing number of communication modes (visual mode, audio mode, gestures etc.). Special applications are developed in the area of virtual reality, multimedia communications and others where combinations of audio, video, 3D data are sent between two (or more) distant users which can commonly interact with these data. A form of so exchanged information usually requires, among others, special forms of presentation. Thus stereoscopic and virtual reality visualization devices are used to present intricately structured information in multi-modal form. We describe implementation details of important components of whole communication chain containing video-grabber and special multichannel player with user-interactive interface in this report. We first show whole chain, then the video-grabber is described, the multichannel player is presented as next and finally we present ideas concerning remote interactions of user with a virtual world. The last part of this report is devoted to applications and future development activities. http://www.cesnet.cz/doc/techzpravy/2010/techrep2 AUTHORS: L. Lhotka. This technical report describes the second version of Techrep XML markup language which is primarily intended for preparing source text of technical reports published by CESNET. Techrep2 also serves as the common internal format to which all other formats (ODT, LaTeX, DocBook, reStructuredText and Techrep1) are translated before further processing. Techrep2 retains the simplicity of the original version but consolidates the markup language in several important ways. In particular, Techrep2 vocabulary now belongs to an XML namespace, which allows for combinations with other vocabularies in the future. Based on the experience with Techrep1, this version also introduces a limited number of new XML elements and attributes for frequently used text structures. http://www.cesnet.cz/doc/techzpravy/2009/ha-eduroam-radius-server AUTHORS: J. Tomášek. This document describes the national RADIUS proxy server of the Czech eduroam federation implemented as a high available cluster, consisting of two nodes housed in two geographically separated localities. The cluster acts as a single IP address to ease setup of the RADIUS servers at the side of the connected organisations. Switchover between active and passive node is done by Gratuitous ARP packet. The control and the monitoring of the cluster is done by the heartbeat daemon from the project Linux-HA. http://www.cesnet.cz/doc/techzpravy/2009/shibb-auth-adobe-connect-pro AUTHORS: I. Novakov. This technical report describes the technical process of implementing Shibboleth authentication for the Adobe Connect Pro application. It is designated for system administrators with practical experience with the Shibboleth Service Provider software. http://www.cesnet.cz/doc/techzpravy/2009/inter-cluster-scheduling AUTHORS: M. Ruda, Š. Tóth. For last ten years, scheduling of computational jobs across MetaCentrum (Czech national grid) was managed by one, central PBSPro installation. Reason for this decision was the possibility to schedule jobs between different clusters (spread across whole Czech Republic), with full understanding of complete situation of all clusters, with shared fair-share policy for users and with better support for large jobs, running across different clusters. Development effort was concentrated on improving stability of this setup (especially in case of instability of the national network connecting different clusters) and support for advanced scheduling methods and virtualization. Yet, with the growing number of clusters and processor, this setup is becoming problematic and may become single point of failure and scalability bottleneck. In this paper we study possibility of change MetaCentrum scheduling system to the system of less depended clusters, each maintained by separate server and scheduler, but still fulfilling original requirements on central accounting of jobs, fair share of computational resources across complete MetaCentrum and possibility to schedule large jobs or virtual clusters across such infrastructure. Because several of the reasons to choose PBSPro usage are also invalid in such setup (PBSPro was chosen for its better stability in such large setup and a better scheduling system supporting large number of jobs), we are also evaluating the possibility to switch scheduling system from PBSPro to open-source Torque system. Main features of PBSPro, used by MetaCentrum, are enlisted, together with discussion of state of such features in Torque, possible replacements and required development of missing features. http://www.cesnet.cz/doc/techzpravy/2009/security-voip-network-config AUTHORS: M. Petrovič. This Technical Report deals with fundamental security settings in networks to provide secure VoIP services. Example configurations of Cisco devices are included as well. http://www.cesnet.cz/doc/techzpravy/2009/manager-assistant-ip-phone-setup AUTHORS: M. Petrovič. This Technical Report discusses manager-assistant IP phone setup relying on Linksys IP phones. http://www.cesnet.cz/doc/techzpravy/2009/universal-transcoder-flac AUTHORS: M. Wimmer. It was our goal to design and implement a universal transcoder capable of real-time conversion of loss-less FLAC streams to other formats, making them available to other streaming servers or end-user clients. We have succeeded in implementing a system with an open, modular architecture, whose components may be freely combined or replaced with alternatives. This is very important, especially in the case of output stream producers, whose choice is not limited to a single encoding application. Any program capable of processing the input stream and generating output per specifications may be used as a producer. The implementation of the transcoder relies exclusively on free technologies. http://www.cesnet.cz/doc/techzpravy/2009/virtual-clusters-metacentrum AUTHORS: M. Ruda, Z. Šustr, J. Sitera, D. Antoš, L. Hejtmánek, P. Holub, M. Mulač. MetaCentrum, the Czech NGI, started to virtualize the infrastructure several years ago. The virtual nature of the resources, being integrated with the resource management system, is mostly hidden to end users. We are introducing a new public service virtual cluster which turns the virtualized infrastructure into end user service. Virtual cluster service provides an illusion of totally dedicated clusters running on a shared infrastructure under complete user control, including administrator access and user specified application environment. Virtual machines and clusters are handled in a way similar to ordinary computation jobs, planned for batch or interactive processing. We developed an extension to job scheduler PBSPro and new management tools to smoothly integrate virtual cluster service into production environment. Networking is a vital part of the service, where Czech NREN CESNET2 technology allows managing virtual cluster network without perceivable overhead. Virtual network is seen as a new resource. This report is an extended version of the paper called Virtual Clusters as a New Service of MetaCentrum, the Czech NGI , which was presented at CGW 2009. http://www.cesnet.cz/doc/techzpravy/2009/shibboleth-terracota AUTHORS: I. Novakov. The article describes how to deploy Shibboleth IdP in cluster environment using Terracotta for session replication.The text is suitable for skilled Shibboleth IdP administrators with general knowledge of Apache web server, Tomcat servlet container and networks in general. http://www.cesnet.cz/doc/techzpravy/2009/timestamp-module-flowmon AUTHORS: Tomáš Martínek, Martin Žádník. Precise timestamps assigned to individual packets play an important role for network traffic analysis and measurement of network infrastructure. Moreover, connection of precise timestamps with flow based analysis, allow us to measure quality of end to end and other QoS-oriented applications. This technical report describes a hardware module for precise timestamp generation dedicated for netflow monitoring probe FlowMon. It shows module hardware architecture, measurement of timestamp accuracy and discussion about possible use cases in flow based applications. http://www.cesnet.cz/doc/techzpravy/2009/ihdtv-implementation-ultragrid AUTHORS: Miloš Liška, Martin Beneš, Petr Holub. This report describes implementation of iHDTV video conferencing protocol for UltraGrid. In addition to the compatibility with the original iHDTV tool implementation of this protocol allows for splitting of the video stream and sending it through two different network interfaces. This allows to send a stream of uncompressed HDTV video, which requires 1.2 Gbps or 1.5 Gbps of available bandwidth, over a GE network infrastructure. http://www.cesnet.cz/doc/techzpravy/2009/security-risks-ip-telephony AUTHORS: Miroslav Vozňák, Filip Řezáč. This technical report deals with VoIP communication security and various techniques of VoIP attacks. We divided these threats in several categories according to their specific behaviour and their impact on the affected system. We also tried to find effective methods to prevent or mitigate these attacks. We focused our work on Spam over Internet Telephony (SPIT) as a real threat for the future. We have developed both a tool generating SPIT attacks and AntiSPIT tool defending communication systems against SPIT attacks. AntiSPIT represents an effective protection based on statistical blacklist and works without participation of the called party which is a significant advantage. http://www.cesnet.cz/doc/techzpravy/2009/rat-separate-record-playback AUTHORS: Tomáš Rebok, Martin Beneš, Milan Kabát. This technical report describes the modifications of the Robust Audio Tool (RAT) application, that allow its users to select separate recording and playback audio devices. These modifications have been driven especially by the requirement to support professional sound cards providing separate half-duplex recording and playback audio devices only, which the original RAT is not able to make use of. http://www.cesnet.cz/doc/techzpravy/2009/impact-ipsec-speech-quality AUTHORS: M. Vozňák, F. Řezáč. This technical report deals with an analysis of voice over secure communication links based on IPsec. The security increases an overhead, hence requires a change in a bandwidth allocation. We deal with issues such as its calculation and the impact of packet loss and delay on speech quality. Such basic information describing the transmission path is important to enable to estimate the overall speech quality. The achieved results should help in network design and optimizations, as network operators need to maintain certain levels of service quality. http://www.cesnet.cz/doc/techzpravy/2009/all-optical-wavelength-converter AUTHORS: P. Škoda, J. Vojtěch, M. Karásek, T. Uhlář, M. Hůla, S. Šíma, J. Radil. We present a working sample of a wavelength converter with an photonic multicast option. The key prototype component is the commercial module from CIP Technologies. The device utilizes wavelength conversion in the interferometric scheme through cross phase modulation in a semiconductor optical amplifier. We tested conversion efficiency at 10 Gbps speeds, 40 Gbps tests will continue. Basic setup, alignment and performance measurements are described too. http://www.cesnet.cz/doc/techzpravy/2009/cl-vmux-deployment AUTHORS: M. Hůla, J. Vojtěch, J. Radil. In this article we summarize properties of various technologies for VMUXes. We then describe our practical experience with the CL VMUX, which is based on the PLC technology. We also investigate behavior of CL VMUX device after power loss. http://www.cesnet.cz/doc/techzpravy/2009/access-control-distributed AUTHORS: D. Kouřil, M. Procházka. Although a lot authorization frameworks have emerged recently, they all tend all-or-nothing solutions and thus are hard to integrate with an existing infrastructure. The frameworks also often introduce new critical components, which are too complex and not robust enough, making the deployment and operation difficult. In this report we present an authorization infrastructure, which is simple and robust enough to be used in large distributed environment yet enabling to express and handle a reasonable range of access control policies. http://www.cesnet.cz/doc/techzpravy/2009/g3-extensions AUTHORS: T. Košňar. G3 system aims to be a set of complex tools designed for large scale and continuous network infrastructure measurement visualization and reporting. We focused on two areas of system development in 2009 - measurement capabilities of the G3 system especially in the area of virtual infrastructures monitoring and processing efficiency of G3 stand-alone automated visualization tool - the G3 system reporter. http://www.cesnet.cz/doc/techzpravy/2009/40g-channels-over-dwdm AUTHORS: V. Novák, K. Slavíček. This paper describes 40 Gbps communication channels tests over the current CESNET2 10 Gbps DWDM optical transport system between the main CESNET2 PoPs in Praha and Brno. These tests were performed with both ODB (1OC768-ITU/C, also known as Godzilla) and DPSK+ (1OC768-DPSK/C, also known as Godzilla+) modulations. There were several reasons for this experiment: - Verify the solution for possible deployment of 40 Gbps over the existing DWDM system. - Compare the performance of both solutions under different conditions. - Verify the 40-Gbps IPoDWDM technology. 40 Gbps communication channels have been tested on two possible optical paths between Praha and Brno PoPs, also called South and North paths. The basic 2-way fiber lines parameters are: - Southern path: length =299 km, OSNR=~15 dB, residual CD=153/153 ps/nm, average PMD=2.13 ps/km (for both fibers), mix of G.655/G.652 - Northern path: length =462 km, OSNR=~15 dB, residual CD=324/424 ps/nm, average PMD=2.13 ps/km (for both fibers), G.652 only. The PMD values were not measured for all used fibers, but all the values were estimated from CTP (Cisco Transport Planner) simulation. The Southern path was verified for 40-Gbps transmission by Cisco optical engineers in Monza. http://www.cesnet.cz/doc/techzpravy/2009/audio-transport-ultragrid AUTHORS: M. Liška, M. Beneš, P. Holub. This document describes implementation of real-time transmissions of high quality audio for the UltraGrid platform. We have opted for standards compatible implementation of audio transmissions in accordance with RFC 3190. Also, our goal was to preserve the multi-platform character of UltraGrid and allow for future enhancements of the audio subsystem in UltraGrid. Therefore we have based the implementation on the Portaudio library. http://www.cesnet.cz/doc/techzpravy/2009/flow-measurement-applications AUTHORS: M. Žádník. Modern networks are expected to provide wide range of application-oriented services. While some applications require a network to be loss-free, low delay with low jitter, others are fault tolerant and happily trade off quality for higher bandwidth. In order to measure these requirements and subsequently provide them, network nodes must be able to determine the application in traffic carried. Since flow measurement is usually utilized to gain information about the traffic mix, we propose to extend it with L7 decoder based on signature matching to identify the part of applications that are not covered by other methods, such as port lookup, fingerprinting and behavioral analysis. As an example, we compare signature matching and port lookup on a CESNET backbone link in order to motivate our future work on a hybrid application identification system based on a combination of several approaches. http://www.cesnet.cz/doc/techzpravy/2009/eduroam-overlap/ AUTHORS: J. Fürman. This paper describes one of the most problematic part of the eduroam network deployment in heterogeneous environment and its possible solution. The problem described in this paper may occur whenever two or more organizations providing the eduroam wireless network cover the same physical space and their radio networks overlap. This well known issue is also mentioned in the European roaming policy. The aim of this article is to describe the general technical solution - not to provide the detailed configuration procedure. This would be just a useless replication of manual pages. http://www.cesnet.cz/doc/techzpravy/2009/virtcloud-design/ AUTHORS: D. Antoš, L. Matyska, P. Holub, J. Sitera. Networking infrastructure is a vital part of virtual computer clusters. This report describes VirtCloud, a system for interconnecting virtual clusters in a state-wide network based on advanced features available in academic networks. The system supports dynamic creation of virtual clusters without the need of run-time administrative privileges on the backbone core network, encapsulation of the clusters, controlled access to external sources for cluster hosts, full user access to the clusters, and optional publishing of the clusters. The report describes architecture of the system, and prototype implementation in MetaCenter (Czech national Grid infrastructure) using Czech national research network CESNET2. Feasibility of the concept is evaluated through a series of measurements demonstrating that the network performance of the system is satisfactory.