ITB Status Report

1
ITB Status Report

• Spring AI3 Meeting
• 19-21 June 2003
• Tokyo, Japan

2
Observatorium Bosscha

• One and the only star observatorium in South East
  Asia, currently run by Astronomy Dept, ITB
• Stationed at Lembang, West Java, about 6 km North
  from Bandung
• Website http//www.bosscha.itb.ac.id

3
Live Observation at Bosscha

• The use of Internet Technology for (near)
  real-time sky object observation
• Input
• CCD camera attached to the telescope
• Output
• Live streaming video using RealPlayer
• Periodic Image capture using Webcam Apps
• Audience can watch live observation directly from
  their computer!

4
Live Observation at Bosscha (contd)

• Conducted at May 7th 2003, observing Mercury
  Transit (Mercury will pass through the sun, so
  looks visible from Earth)
• Done with portable telescope, with CCD camera
  attached
• CCD camera output is splitted in two direction by
  video splitter
• For RealProducer, creating Streaming Media files
• For Webcam apps (Durgem, http//durgem.sourceforge
  .net), creating periodic (30 sec) image capture

5
Live Observation at Bosscha (contd)

• Bosscha is connected to ITB using 802.11b
  Wireless Link
• Audience can watch video stream and image capture
  in website http//bosscha-live.ai3.itb.ac.id
• Two video stream created
• 56 kbps for Internet audience
• 384 kbps for ITB audience (LAN)

6
Responses about Live Observation at Bosscha

• Public Announcement about live observation was
  made in public mailing list and newspaper
• Responses was high at websites see
  http//stats.cnrglab.itb.ac.id/bosscha-live.ai3.it
  b.ac.id/

7
Results

• Cloudy weather makes hard to get good pictures of
  the Mercury Transit
• Thanks to the Durgem, 15 picture out of 300
  picture captures the Transit
• Astronomers is very delighted about the results
• Planned to do live observation in late August,
  observing Mars at Perihelion (nearest distance to
  Earth)

8
(No Transcript)
9
Portable Telescope
CCD Camera attached to the telescope
10
Real Producer Webcam Server
Video Splitter
Observation site, at the top of the roof
Journalists came to the observation site
11
http//bosscha-live.ai3.itb.ac.id Website and
RealPlayer
12
Image captured using CCD Camera
Processed image by Bosscha Astronomer
13
IPv6 _at_ ITB

• Campus-wide IPv6 Deployment _at_ ITB
• Dual-stack services
• Email server
• Web server
• DNS server
• FTP server
• SSH and Telnet (remote login)

14
Campus-wide IPv6 Deployment

• Problem
• Campus Backbone is not IPv6-compliant
• Cisco Catalyst 6500 Sup1A/MSFC1
• Cisco only released IPv6 on Sup2 and Sup720
• Solutions
• One PC router (IPv6 w/ Zebra routing daemon) on
  each Catalyst
• Each router is connected via IPv6 tunnel
• Router connects subnets on each Catalyst using
  VLAN trunk 802.1q

15
Campus-wide IPv6 Deployment (contd)
16
Dual-stack Services

• DNS server
• ns1.itb.ac.id/ns2.itb.ac.id now resolve IPv6
  address
• Email server
• MX.itb.ac.id has IPv6 address, with postfix
  (IPv6-patched)
• Web server
• ITB official website (http//www.itb.ac.id) has
  IPv6 address

17
(No Transcript)
18
(No Transcript)
19
FTP Server

• gt uname -a
• FreeBSD itb2-v6-router.itb.ac.id 4.7-RELEASE
  FreeBSD 4.7-RELEASE 0 Fri May 9 235642 GMT
  2003 admin_at_itb2-v6-router.itb.ac.id/usr/sourc
  e/kame/freebsd4/sys/compile/itb2_v6_router-kame-20
  030407-freebsd47 i386
• gt host -t AAAA fileserver.lapi.itb.ac.id
• fileserver.lapi.itb.ac.id has address
  2001200830112e018fffe8c180a
• gt ftp -6 fileserver.lapi.itb.ac.id
• Connected to fileserver.lapi.itb.ac.id.
• 220 fileserver.lapi.itb.ac.id FTP server (Version
  6.00LS) ready.
• Name (fileserver.lapi.itb.ac.idadmin) dikshie
• 331 Password required for dikshie.
• Password
• 230 User dikshie logged in.
• Remote system type is UNKNOWN.
• ftpgt pwd
• 257 "/home/dikshie" is current directory.
• ftpgt

20
SSH (Remote Login)

• gt uname -a
• FreeBSD ipv6.ppk.itb.ac.id 4.8-STABLE FreeBSD
  4.8-STABLE 1 Sun Apr 6 182606 WIT 2003
  dikshie_at_ipv6.ppk.itb.ac.id/usr/obj/usr/src/sys/PP
  K i386
• gt ssh -6 dikshie_at_fileserver.lapi.itb.ac.id
• The authenticity of host 'fileserver.lapi.itb.ac.i
  d (2001200830112e018fffe8c180a)' can't be
  established.
• DSA key fingerprint is 55cb3db8cc082d44a2
  f29d943677de2a.
• Are you sure you want to continue connecting
  (yes/no)? yes
• Warning Permanently added 'fileserver.lapi.itb.ac
  .id' (DSA) to the list of known hosts.
• Password

21
TELNET (Remote Login)

• gt uname -a
• FreeBSD ipv6.ppk.itb.ac.id 4.8-STABLE FreeBSD
  4.8-STABLE 1 Sun Apr 6 182606 WIT 2003
  dikshie_at_ipv6.ppk.itb.ac.id/usr/obj/usr/src/sys/PP
  K i386
• gt telnet -6 fileserver.lapi.itb.ac.id
• Trying 2001200830112e018fffe8c180a...
• Connected to fileserver.lapi.itb.ac.id.
• Escape character is ''.
• Trying SRA secure login
• User (dikshie)
• Password
• SRA accepts you

22
SMTP (Incoming)

• Jun 16 213627 ipv6 postfix/smtpd355 connect
  from mx2.itb.ac.id2001200800300020244fffe35
  2285
• Jun 16 213627 ipv6 postfix/smtpd355 94A2620
  clientmx2.itb.ac.id2001200800300020244fffe
  352285
• Jun 16 213627 ipv6 postfix/cleanup328
  94A2620 message-idlt20030616143613.95944.qmail_at_we
  b12604.mail.yahoo.comgt
• Jun 16 213627 ipv6 postfix/qmgr327 94A2620
  fromltbounce-isp-routing-396359_at_lists.isp-lists.co
  mgt, size7908, nrcpt1 (queue active)
• Jun 16 213627 ipv6 postfix/smtpd355
  disconnect from mx2.itb.ac.id2001200800300020
  244fffe352285
• Jun 16 213627 ipv6 postfix/local330 94A2620
  toltdikshie_at_ppk.itb.ac.idgt, relaylocal, delay0,
  statussent (delivered to command IFS' '
  exec /usr/bin/procmail -f- exit 75 dikshie)

23
SMTP (Outgoing)

• Jun 16 214229 ipv6 postfix/pickup326
  C8C2376 uid1000 fromltdikshie_at_ppk.itb.ac.idgt
• Jun 16 214229 ipv6 postfix/cleanup328
  C8C2376 message-idlt20030616144229.GA543_at_ppk.itb.
  ac.idgt
• Jun 16 214229 ipv6 postfix/qmgr327 C8C2376
  fromltdikshie_at_ppk.itb.ac.idgt, size1046, nrcpt1
  (queue active)
• Jun 16 214240 ipv6 postfix/smtp535 C8C2376
  toltdikshie_at_rootshell.begt, relaymail.rootshell.be
  3ffe81002001fff25, delay11,
  statusbounced (host mail.rootshell.be3ffe81002
  001fff25 said 550 5.1.1 ltdikshie_at_rootshell.be
  gt... User unknown (in reply to RCPT TO command))

24
E-Mail Service Report

• By mailadm_at_itb.ac.id

25
Network Map
26
Recent Condition (1/2)

• All MX-ITB are IPv6 compliant.
• mx1.itb.ac.id
• Pentium III-1000 MHz 128 MB RAM
• Postfix 2.0.7 with tlsipv6-1.13-pf-2.0.7.patch
  (migrated from qmail 1.03)
• Apache 1.3.27
• mailman 2.1 (migrated from ezmlm)
• mx2.itb.ac.id
• AMD Duron 750 MHz 128 MB RAM
• SMTP-auth using cyrus-sasl-1.5.24
• Postfix 2.0.7 with tlsipv6-1.13-pf-2.0.7.patch

27
Recent Condition (2/2)

• mx3.itb.ac.id
• Pentium III-500 MHz 128 MB RAM
• Postfix 2.0.7 with tlsipv6-1.13-pf-2.0.7.patch
• mxout.itb.ac.id
• Load balancing server using Cisco Catalyst 6500
  (not IPv6 compliant)
• Provide outgoing mail server for 167.205.0.0/16

28
Email Traffic/day on Mei 2003
29
Top 10 Mailing List _at_itb.ac.id (by members)
30
Email Filter Methods

• Filtered by RBL
• sbl.spamhaus.org (transfer zone)
• relays.ordb.org
• Filtered by regex
• ftp//ftp.worldless.net/pub/postfix/

31
Known Problems

• Mailman _at_ mx1.itb.ac.id
• Queue file corrupt could make mailman stop
  sending email to the list members
• Database file corrupt could make a mailinglist
  whole configuration lost.
• Spamassasin implementation
• Failed because of the lackness of resources
  (CPUMemory)
• mx3.itb.ac.id crash within five minutes.

32
Others

• B/W usage
• http//netmon.cnrglab.itb.ac.id/site/summary?id1
  0
• Next
• Try using centralized database to maintain spam
  list
• Try combining Postfix smtp-auth with sasl and
  ldap

33
ITB Looking Glass

• http//ken-arok.cnrg.itb.ac.id
• Source code from
• ftp//ftp.enterzone.net/looking-lass/CURRENT/
  with little adjustment

34
(No Transcript)
35
Domain Name Service Report

• dnsadm_at_itb.ac.id

36
Recent Condition 1/2

• DNS in ITB Network is handled by
• ns1.itb.ac.id
• IP Address 167.205.23.1
• 202.249.24.65
• 20012008300250bafffecb9fcf
• Computer Specification
• Processor Intel Pentium 166 MHz 64 MB RAM
• FreeBSD 4.7-RELEASE
• BIND 8.4.1
• IPv6 Support
• ns2.itb.ac.id
• IP Address 167.205.22.123
• 2001200830120021fffee06d2e
• Computer Specification
• Processor Intel Pentium 200 MHz 128 MB RAM
• FreeBSD 4.7-RELEASE
• BIND 9.2.2
• IPv6 Support

37
Recent Condition 2/2

• ns3.itb.ac.id
• IP Address 167.205.48.253
• Computer Specification
• Processor Intel Pentium III 730 MHz 128 MB
  RAM
• OS FreeBSD 3.5-RELEASE
• Software BIND 9.22

38
DNS Handling

• ns1.itb.ac.id
• - Handling transfer zone between itb.ac.id
  domain and The Internet
• - Organizing domain .itb.ac.id name server
  delegation
• ns2.itb.ac.id
• Master secondary name server for domain
  .itb.ac.id
• Master secondary name server for 167.205.0.0/16
  reversed
• ns3.itb.ac.id
• Master secondary name server for domain
  .itb.ac.id
• Master secondary name server for 167.205.0.0/16
  reversed

39
IPv6 DNS Server

• ITB use AAAA addressing, not A6 addressing
• ITB does not have its reverse for ipv6,
  hopefully, we will get as soon as possible
• ITB use ip6.arpa addressing on reverse, not
  ip6.int
• There are not specific domain for ipv6. if 1
  server has ipv6, hostname has 2 ip (or more),
  ipv6 ipv4

40
Load

• Traffic in ns2.itb.ac.id
• DNS traffic in ai3-indonesia-ether.itb.ac.id

DNS traffic is shown in blue color, its not
significant if its compared with other traffics
41
Known Problems

• ITB could not resolved some other domains.
• solution DNS administrator in both domain (ITB
  domain and the troubled domain) would make zone
  transfer manually between ns1.itb.ac.id and their
  name server
• Delegated name server down for a longtime, thus
  delegated domain disappeared from The Internet
• solution ITB DNS Administrator would take off
  its delegation and use ns2/ns3 for primary name
  server of
• its domain