Skip to content

Helmholtz Backbone Network

The networks of the individual Helmholtz centers are being interconnected on the basis of a high bandwidth network with mutual trust and increased overall security.

The backbone is an overlay of the DFN X-WiN, using the existing connections Helmholtz centres have via DFN. It is a virtual local area network, or VLAN, that is orchestrated by DFN in its so-called “Helmoltz VRF”, specific to HIFIS, with no link to the internet.

The following map shows the DFN glass fiber network and the current centres connected to the Helmholtz Backbone. Map of the Helmholtz centres connected to X-Win and the additional backbone network
Background map of Helmholtz centres taken from helmholtz.de.

Why do we need the backbone?

  1. Availability of resources: lower latency between centres.
  2. Protection of existing resources, for example shielding a sensitive resource in a Helmholtz centre from public HTTP requests.
  3. Simplified access, for example by-passing firewalls for connections between Helmholtz centres.

What are the use cases?

Two use cases are being developed in the frame of the Helmholtz Backbone:

  • Use case 1: Direct connection between private IP addresses of two different Helmholtz centres.

    This is typically a use case when a scientist is working in a satellite station of his institution in another centre and wants to access his home institution’s servers. This use case is currently being implemented to connect HZDR equipment at XFEL (via DESY) to the HZDR networks which are not normally accessible outside of HZDR’s local network.

  • Use case 2: Data transfers using WebFTS over the backbone.

    This use case is currently being investigated for sharing data between centres when the data itself should not be transferred through the internet. Like this, the transfers are conducted over a route that provides even higher security in addition to using a standard HTTPS connection. For more details on the transfer service provided by HIFIS, please visit this page.

Technical preparations

Centres with pre-existing BGP peering with DFN

Each centre has to configure its routing to the Backbone, and may decide to use dedicated hardware or not.

Kroki

Centres without existing BGP peering with DFN

Some centres don’t have an existing BGP peering with DFN. In this case, it is also possible to set a routing encapsulation or “GRE tunnel” from the Helmholtz institute to (e.g.) DESY and within this GRE tunnel configure a BGP peering. This is for example the case for UFZ which is currently connected to the Backbone via DESY.

Policies

Info

This chapter is under construction.

  • Definition of network prefixes
  • Definition of routing policies and firewall rules / ACLs
  • Firewall by-passing…
Autonomous System Numbers

A unique private AS number (Autonomous System Number or ASN) is assigned to each partner in the backbone using the following convention: 42 - 000 - <zip_code>

ASNs are used, e.g., for BGP peering via GRE tunnel. For a complete list of private ASNs in use in the backbone, please refer to the table of connected centres below.

BGP community value

Zip codes are also used as BGP community values in the frame of the backbone: <zip_code-A>:<zip_code-B> to connect from centre A to centre B.

Monitoring

Info

Upcoming: Proof of concept and testing for possible hardware and software issues.

Connected Helmholtz Centres

Last update: 2021-08-19

⏩ Scroll to the right to see details. ⏩

# Site AS number Announce v4 Announce v6 Node in VRF City (ZIP code) Bandwidth [Mbps] Zustimmung Dienstvereinbarung
1 AWI 4200027570 - - AWI Bremerhaven (27570) 2 x 1.500 yes
2 CISPA 4200066123 - - SAA Saarbrücken (66123) 2 x 1.500 no
3 DESY 4200022607 131.169.168.29/32
131.169.168.30/32
131.169.234.136/32
10.12.32.0/24
131.169.191.70/32
131.169.191.48/32
131.169.191.64/32
131.169.191.65/32
131.169.191.66/32
131.169.191.67/32
131.169.191.68/32
131.169.191.69/32
2001:638:700:10a8::1:1d/128
2001:638:700:10a8::1:1e/128
2001:638:700:10bf::1:46/128
2001:638:700:10bf::1:30/128
2001:638:700:10bf::1:40/128
2001:638:700:10bf::1:41/128
2001:638:700:10bf::1:42/128
2001:638:700:10bf::1:43/128
2001:638:700:10bf::1:44/128
2001:638:700:10bf::1:45/128
DES Hamburg (22607) 2 x 50.000 yes
4 DKFZ 4200069120 193.174.55.144/29 - - Heidelberg (69120) 2 x 5.000 yes
5 DLR 4200051147 - - - Köln (51147) 2 x 1.000 yes
6 DZNE 4200053127 - - - Bonn (53127) 2 x 5.000 yes
7 FZJ 4200052428 134.94.111.16/29 2001:638:404:6f10::/64 FZJ Jülich (52428) 2 x 100.000 Eigene Vereinbarung
8 GEOMAR 4200024148 - - KIE Kiel (24148) 2 x 500 yes
9 GSI 4200064291 - - GSI Darmstadt (64291) 2 x 3.000 yes
10 HZB 4200014109 - - - Berlin (14109) 2 x 1.000 yes
11 HZDR 4200001328 149.220.147.0/24 - - Dresden (01328) 2 x 3.000 yes
12 HZI 4200038124 193.175.67.8/29 - - Braunschweig (38124) 2 x 500 yes
13 UFZ 4200004318 141.65.1.9/32 2001:638:910:20ff::8bb:216/128 LEI/LAP Leipzig (04318) 2 x 3.000 yes
14 Hereon 4200021502 - - - Geesthacht (21502) 2 x 1.500 yes
15 HMGU 4200085764 - - - Neuherberg (85764) 2 x 3.000 yes
16 GFZ 4200014473 - - PEP Potsdam (14473) 2 x 1.000 yes
17 KIT 4200076131 141.3.248.0/21 2a00:1398:201::/48 KIT Karlsruhe (76131) 2 x 50.000 yes
18 MDC 4200013125 - - - Berlin (13125) 2 x 10.000 yes

⏩ Scroll to the right to see details. ⏩

Back to top