The Science Demilitarized Zone (Science DMZ) is a network environment optimized for scientific applications. A Science DMZ provides an environment mostly free from competing traffic flows and complex security middleware such as firewalls or intrusion detection systems that often impede data transfer performance. The Science DMZ model provides a reference set of network design patterns, tuned hosts and protocol stacks dedicated to large data transfers and streamlined security postures that significantly improve data transfer performance, accelerating scientific collaborations and discovery. Over the past decade, many universities and organizations have adopted this model for their research computing. Despite becoming increasingly popular, there is a lack of quantitative studies comparing such a specialized network to conventional production networks regarding network characteristics and data transfer performance. We strive to answer the following research questions in this study: Does a Science DMZ exhibit significantly different behavior than a general-purpose campus network? Does it improve application performance compared to such general-purpose networks? Through a two-year-long quantitative network measurement study, we find that a Science DMZ exhibits lower latency, higher throughput, and lower jitter behaviors. However, we also see several non-intuitive results. For example, a DMZ may take a longer route to external destinations and experience higher latency than the campus network. While the DMZ model benefits researchers, the benefits are not automatic - careful network tuning based on specific use cases is required to realize the full potential of such infrastructure.

翻译：科学隔离区（Science DMZ）是一种为科学应用优化的网络环境。科学隔离区提供了一个基本不受竞争流量干扰的环境，并避免了防火墙或入侵检测系统等通常阻碍数据传输性能的复杂安全中间件。科学隔离区模型提供了一套参考性的网络设计模式、针对大规模数据传输优化的主机与协议栈，以及简化的安全策略，从而显著提升数据传输性能，加速科学合作与发现。过去十年间，许多大学和机构已在其科研计算中采用该模型。尽管日益普及，但针对此类专用网络与传统生产网络在网络特性和数据传输性能方面的定量比较研究仍较为缺乏。本研究致力于回答以下研究问题：科学隔离区是否表现出与通用校园网络显著不同的行为？与这类通用网络相比，它是否能提升应用性能？通过一项为期两年的定量网络测量研究，我们发现科学隔离区表现出更低的延迟、更高的吞吐量和更低的抖动特性。然而，我们也观察到若干反直觉的结果。例如，隔离区可能采用更长的路由到达外部目标，并经历比校园网络更高的延迟。虽然隔离区模型使研究人员受益，但这种益处并非自动实现——需要基于具体用例进行细致的网络调优，才能充分发挥此类基础设施的潜力。