Menu
Home » Science DMZ » Network Components
Science DMZ

Science DMZ: Network Components

When building a Science DMZ, it is important to use networking equipment (routers and switches) that is capable of supporting the level of performance needed for high-speed data transfers. It is vitally important that the equipment which makes up the Science DMZ does not cause packet loss for traffic permitted by policy.

The following are important considerations when choosing a router or switch for a Science DMZ. This list is not exhaustive, but these are common concerns:

  • Make sure your routers and switches have enough buffer space to handle "fan-in" issues, and are configured to use this buffer space.  A presentation summarizing recent testing by ESnet and LBNL staff describes the effect of different interface buffer sizes on packet loss behavior. See also this paper for additional information. 
  • Be wary of routers and switches that are oversubscribed (oversubscription describes a limitation where the device has less internal capacity than the capacity of the external interfaces). Oversubscribed devices can be the source of packet loss which is circumstance-dependent (e.g. dependent on traffic flows which have nothing to do with the DTN experiencing the packet loss). Oversubscription can occur between ports on one line card, between the line card and the backplane, within the backplane, when more than a certain number of ports are in use, or in other circumstances. Discuss this with your vendor's sales engineer in as much detail as is required. If the vendor can't (or won't) provide the information, consider another vendor. If you are considering the purchase of an oversubscribed device, make sure you understand the implications.
  • Deploying devices with deep buffers deep into an "enterprise" environment can cause use case mismatches between the research traffic needs and that of traditional users.  Too much buffer can increase the RTT from whatever it was to that plus the time to drain the buffer. If every switch or router along a path has e.g. 200 mS of buffer and TCP attempts to fill them, the loaded RTT will increase dramatically.
  • Science DMZ requirements have a tendency to increase the average cost of a device.  Thus pushing the Science DMZ to the network demarcation means having to buy/upgrade/maintain fewer devices as you approach the leaves.  This reduces cost, simplifies design, and ensures that the enterprise and research use cases can live in harmony.  
  • Look for devices that have flexible and performant ACL (Access Control List) support to eliminate the need for stateful firewalls that will slow down the DTN hosts

 See this page for guidelines on how to manage routing in a Science DMZ environment.