ITB Status Report

Spring AI3 Meeting

19-21 June 2003

Tokyo, Japan

Observatorium Bosscha

• One and the only star observatorium in South East Asia, currently run by Astronomy Dept, ITB

• Stationed at Lembang, West Java, about 6 km North from Bandung

• Website : http://www.bosscha.itb.ac.id

Live Observation at Bosscha

• The use of Internet Technology for (near) real-time sky object observation

• Input – CCD camera attached to the telescope

• Output– Live streaming video using RealPlayer– Periodic Image capture using Webcam Apps

• Audience can watch live observation directly from their computer!

Live Observation at Bosscha (cont’d)

• Conducted at May 7th 2003, observing Mercury Transit (Mercury will pass through the sun, so looks visible from Earth)

• Done with portable telescope, with CCD camera attached

• CCD camera output is splitted in two direction by video splitter– For RealProducer, creating Streaming Media files– For Webcam apps (Durgem,

http://durgem.sourceforge.net), creating periodic (30 sec) image capture

Live Observation at Bosscha (cont’d)

• Bosscha is connected to ITB using 802.11b Wireless Link

• Audience can watch video stream and image capture in website http://bosscha-live.ai3.itb.ac.id

• Two video stream created : – 56 kbps for Internet audience– 384 kbps for ITB audience (LAN)

Responses about Live Observation at Bosscha

• Public Announcement about live observation was made in public mailing list and newspaper

• Responses was high at websites : see http://stats.cnrglab.itb.ac.id/bosscha-live.ai3.itb.ac.id/

Results

• Cloudy weather makes hard to get good pictures of the Mercury Transit

• Thanks to the Durgem, 15 picture out of 300 picture captures the Transit

• Astronomers is very delighted about the results

• Planned to do live observation in late August, observing Mars at Perihelion (nearest distance to Earth)

Portable Telescope CCD Camera attached to the telescope

Real Producer & Webcam Server Video Splitter

Journalists came to the observation site Observation site, at the top of the roof

http://bosscha-live.ai3.itb.ac.id Website and RealPlayer

Image captured using CCD Camera Processed image by Bosscha Astronomer

IPv6 @ ITB

• Campus-wide IPv6 Deployment @ ITB

• Dual-stack services– Email server– Web server– DNS server– FTP server– SSH and Telnet (remote login)

Campus-wide IPv6 Deployment• Problem :

– Campus Backbone is not IPv6-compliant• Cisco Catalyst 6500 Sup1A/MSFC1• Cisco only released IPv6 on Sup2 and Sup720

• Solutions :– One PC router (IPv6 w/ Zebra routing

daemon) on each Catalyst– Each router is connected via IPv6 tunnel– Router connects subnets on each Catalyst

using VLAN trunk 802.1q

Campus-wide IPv6 Deployment (cont’d)

GigEthLink

ITB1-v6-router

ITB2-v6-router ITB3-v6-router

Catalyst 6000 Catalyst 6000

Catalyst 6000

ITBWest Campus

ITBNorth Campus

ITBSouth Campus

Tunnel

802.1q Trunk

802.1q Trunk

802.1q Trunk

Access VLAN on

each IPv6 Subnet

Access VLAN on

each IPv6 Subnet

Access VLAN on

each IPv6 Subnet

Dual-stack Services

• DNS server– ns1.itb.ac.id/ns2.itb.ac.id now resolve IPv6

address

• Email server– MX.itb.ac.id has IPv6 address, with postfix

(IPv6-patched)

• Web server– ITB official website (http://www.itb.ac.id) has

IPv6 address

> uname -aFreeBSD itb2-v6-router.itb.ac.id 4.7-RELEASE FreeBSD 4.7-RELEASE #0: Fri

May 9 23:56:42 GMT 2003 admin@itb2-v6-router.itb.ac.id:/usr/source/kame/freebsd4/sys/compile/itb2_v6_router-kame-20030407-freebsd47 i386

> host -t AAAA fileserver.lapi.itb.ac.idfileserver.lapi.itb.ac.id has address 2001:200:830:11:2e0:18ff:fe8c:180a> ftp -6 fileserver.lapi.itb.ac.idConnected to fileserver.lapi.itb.ac.id.220 fileserver.lapi.itb.ac.id FTP server (Version 6.00LS) ready.Name (fileserver.lapi.itb.ac.id:admin): dikshie331 Password required for dikshie.Password:230 User dikshie logged in.Remote system type is UNKNOWN.ftp> pwd257 "/home/dikshie" is current directory.ftp>

FTP Server

> uname -aFreeBSD ipv6.ppk.itb.ac.id 4.8-STABLE FreeBSD 4.8-

STABLE #1: Sun Apr 6 18:26:06 WIT 2003 dikshie@ipv6.ppk.itb.ac.id:/usr/obj/usr/src/sys/PPK i386

> ssh -6 dikshie@fileserver.lapi.itb.ac.idThe authenticity of host 'fileserver.lapi.itb.ac.id

(2001:200:830:11:2e0:18ff:fe8c:180a)' can't be established.

DSA key fingerprint is 55:cb:3d:b8:cc:08:2d:44:a2:f2:9d:94:36:77:de:2a.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'fileserver.lapi.itb.ac.id' (DSA) to the list of known hosts.

Password:

SSH (Remote Login)

> uname -aFreeBSD ipv6.ppk.itb.ac.id 4.8-STABLE FreeBSD 4.8-

STABLE #1: Sun Apr 6 18:26:06 WIT 2003 dikshie@ipv6.ppk.itb.ac.id:/usr/obj/usr/src/sys/PPK i386

> telnet -6 fileserver.lapi.itb.ac.idTrying 2001:200:830:11:2e0:18ff:fe8c:180a...Connected to fileserver.lapi.itb.ac.id.Escape character is '^]'.Trying SRA secure login:User (dikshie):Password:[ SRA accepts you ]

TELNET (Remote Login)

Jun 16 21:36:27 ipv6 postfix/smtpd[355]: connect from mx2.itb.ac.id[2001:200:800:3000:202:44ff:fe35:2285]

Jun 16 21:36:27 ipv6 postfix/smtpd[355]: 94A2620: client=mx2.itb.ac.id[2001:200:800:3000:202:44ff:fe35:2285]

Jun 16 21:36:27 ipv6 postfix/cleanup[328]: 94A2620: message-id=<20030616143613.95944.qmail@web12604.mail.yahoo.com>

Jun 16 21:36:27 ipv6 postfix/qmgr[327]: 94A2620: from=<bounce-isp-routing-396359@lists.isp-lists.com>, size=7908, nrcpt=1 (queue active)

Jun 16 21:36:27 ipv6 postfix/smtpd[355]: disconnect from mx2.itb.ac.id[2001:200:800:3000:202:44ff:fe35:2285]

Jun 16 21:36:27 ipv6 postfix/local[330]: 94A2620: to=<dikshie@ppk.itb.ac.id>, relay=local, delay=0, status=sent (delivered to command: IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #dikshie)

SMTP (Incoming)

Jun 16 21:42:29 ipv6 postfix/pickup[326]: C8C2376: uid=1000 from=<dikshie@ppk.itb.ac.id>

Jun 16 21:42:29 ipv6 postfix/cleanup[328]: C8C2376: message-id=<20030616144229.GA543@ppk.itb.ac.id>

Jun 16 21:42:29 ipv6 postfix/qmgr[327]: C8C2376: from=<dikshie@ppk.itb.ac.id>, size=1046, nrcpt=1 (queue active)

Jun 16 21:42:40 ipv6 postfix/smtp[535]: C8C2376: to=<dikshie@rootshell.be>, relay=mail.rootshell.be[3ffe:8100:200:1fff::25], delay=11, status=bounced (host mail.rootshell.be[3ffe:8100:200:1fff::25] said: 550 5.1.1 <dikshie@rootshell.be>... User unknown (in reply to RCPT TO command))

SMTP (Outgoing)

E-Mail Service Report

By mailadm@itb.ac.id

Network Map

Recent Condition (1/2)

• All MX-ITB are IPv6 compliant.• mx1.itb.ac.id

– Pentium III-1000 MHz 128 MB RAM– Postfix 2.0.7 with tls+ipv6-1.13-pf-2.0.7.patch

(migrated from qmail 1.03)– Apache 1.3.27– mailman 2.1 (migrated from ezmlm)

• mx2.itb.ac.id– AMD Duron 750 MHz 128 MB RAM– SMTP-auth using cyrus-sasl-1.5.24– Postfix 2.0.7 with tls+ipv6-1.13-pf-2.0.7.patch

Recent Condition (2/2)

• mx3.itb.ac.id– Pentium III-500 MHz 128 MB RAM– Postfix 2.0.7 with tls+ipv6-1.13-pf-2.0.7.patch

• mxout.itb.ac.id– Load balancing server using Cisco Catalyst

6500 (not IPv6 compliant)– Provide outgoing mail server for

167.205.0.0/16

Email Traffic/day on Mei 2003Email Traffic

0

50000

100000

150000

200000

250000

300000

350000

Top 10 Mailing List @itb.ac.id (by members)

cdc-itb 4907

itb 696

dokter 561

dosen 421

jobs 385

cdc-hrdstar 341

hindu-dharma 252

sysop-l 203

itb75 159

politeknik 152

Email Filter Methods

• Filtered by RBL – sbl.spamhaus.org (transfer zone)– relays.ordb.org

• Filtered by regex– ftp://ftp.worldless.net/pub/postfix/

Known Problems

• Mailman @ mx1.itb.ac.id– Queue file corrupt could make mailman stop

sending email to the list members– Database file corrupt could make a mailinglist

whole configuration lost.

• Spamassasin implementation– Failed because of the lackness of resources

(CPU+Memory)

mx3.itb.ac.id crash within five minutes.

Others

• B/W usage http://netmon.cnrglab.itb.ac.id/site/summary?id=10

• Next :– Try using centralized database to maintain spam list– Try combining Postfix smtp-auth with sasl and ldap

ITB Looking Glass

• http://ken-arok.cnrg.itb.ac.id

• Source code from :

ftp://ftp.enterzone.net/looking-lass/CURRENT/ with little adjustment

Domain Name Service Report

dnsadm@itb.ac.id

Recent Condition [1/2]

DNS in ITB Network is handled by :• ns1.itb.ac.id

IP Address : 167.205.23.1202.249.24.652001:200:830:0:250:baff:fecb:9fcf

Computer Specification :Processor : Intel Pentium 166 MHz 64 MB RAMFreeBSD 4.7-RELEASEBIND 8.4.1IPv6 Support

• ns2.itb.ac.idIP Address : 167.205.22.123

2001:200:830:1:200:21ff:fee0:6d2eComputer Specification :Processor : Intel Pentium 200 MHz 128 MB RAMFreeBSD 4.7-RELEASEBIND 9.2.2IPv6 Support

Recent Condition [2/2]

• ns3.itb.ac.idIP Address : 167.205.48.253

Computer Specification :

Processor : Intel Pentium III 730 MHz 128 MB RAM

OS : FreeBSD 3.5-RELEASE

Software : BIND 9.22

DNS Handling

• ns1.itb.ac.id- Handling transfer zone between itb.ac.id domain and The

Internet- Organizing domain *.itb.ac.id name server delegation

• ns2.itb.ac.id- Master & secondary name server for domain *.itb.ac.id- Master & secondary name server for 167.205.0.0/16 reversed

• ns3.itb.ac.id- Master & secondary name server for domain *.itb.ac.id- Master & secondary name server for 167.205.0.0/16 reversed

IPv6 DNS Server

• ITB use AAAA addressing, not A6 addressing

• ITB does not have its reverse for ipv6, [hopefully, we will get as soon as possible]

• ITB use ip6.arpa addressing on reverse, not ip6.int

• There are not specific domain for ipv6. if 1 server has ipv6, hostname has 2 ip (or more), ipv6 & ipv4

Load

• Traffic in ns2.itb.ac.id

• DNS traffic in ai3-indonesia-ether.itb.ac.id

DNS traffic is shown in blue color, it’s not significant if it’s compared with other traffics

Known Problems

• ITB could not resolved some other domains.

solution : DNS administrator in both domain (ITB domain and the troubled domain) would make zone transfer manually between ns1.itb.ac.id and their name server

• Delegated name server down for a longtime, thus delegated domain disappeared from The Internet

solution : ITB DNS Administrator would take off its delegation and use ns2/ns3 for primary name server of

its domain