ppt - Terena

Download Report

Transcript ppt - Terena

EARNEST Workshop,
Amsterdam, 8 May 2007
Results from the EARNEST
Technical Study
Licia Florio, TERENA
[email protected]
The EARNEST Foresight Study
2006 - 2007
Agenda
• Technical study
– Lower layers preliminary results
– Middleware preliminary results
• More details on this part of the
study
The EARNEST Foresight Study
2006 - 2007
Technical Study
• Transmission technologies
– Equipment evolution, next-generation standards, transmission
protocols & fibre provisioning.
• Operations and performance
– End-to-end performance, network management (optical & IP),
VPN provisioning & PERT.
• Control plane technologies
– Switching & routing matrices (optical & IP), multicasting, IPvX,
QoS provisioning.
• Middleware (new element)
– Authentication and authorisation infrastructures, identity
federations and related technologies, mobility, support for
network infrastructure, virtual organisations.
The EARNEST Foresight Study
2006 - 2007
Technical Study Panel
• Lower layers:
– Lars Fischer (Nordunet) – Transmission
– John Graham (Indiana University) - Transmission
Otto Kreiter (DANTE) - Transmission
– Gigi Karmous-Edwards (MCNC) - Control Plane (Optical)
– Alexander Gall (SWITCH) - Control Plane (IP routing)
– Stig Venaas (Uninett) - Control Plane (Multicast)
– Dimitra Simeonidou (University of Essex) – Operations &
Performance (Optical)
– Luca Deri (University of Pisa/Netikos) - Operations &
Performance (IP)
– Simon Leinen (SWITCH) - Operations & Performance (IP)
• Middleware:
– Diego Lopez (RedIRIS) - Middleware
– Milan Sova (CESNET) - Middleware
– Klaas Wierenga (SURFnet) - Middleware (Mobility)
The EARNEST Foresight Study
2006 - 2007
Lower Layers First Results
The EARNEST Foresight Study
2006 - 2007
Disclaimer
1. This part of the study was conducted by my colleague,
Kevin Meynell
> [email protected]
2. Study conducted via interviews with some major vendors:
> So far only router & ethernet switching vendors
interviewed.
> Some results could different after talking to the network
operators
The EARNEST Foresight Study
2006 - 2007
Lower Layer First Results
• Currently only a few OC-768 (40 Gbps) customers,
mostly in oil and gas industries
• Reluctance to upgrade transport network to support
40 Gbps, as expensive (x20 the cost of 4 x 10 GE)
and seen as interim step before higher speed
standards.
• SUN seem to move away from 40Gbps
• Running into problems with n x 10 Gbps, due to link
aggregation and load-balancing performance.
• Cisco, Juniper and Force10 pushing for 100 Gigabit
Ethernet standard.
– 100 GE standard expected by 2009, with
implementations by 2010.
– Copper standard for 100 GE being considered.
The EARNEST Foresight Study
2006 - 2007
Lower Layers First Results
• Routing scalability becoming problematic (again)
– Huge rise in number of hosts, fragmentation of
service provider hierarchy, and amount of traffic.
– Global routing table now >200,000 entries, which
is causing memory and processing problems (0.5-1
GB memory required).
– Other reasons – more multihoming, traffic
engineering, plus IPv6.
– Proposed to split IP addresses into identifiers and
locators. [Possible implications for AAA as well]
•
Improvements to TCP for sustained high-bandwidth
transmissions
•
Juniper pushing (G)MPLS, but Cisco less interested
The EARNEST Foresight Study
2006 - 2007
Middleware First Results
The EARNEST Foresight Study
2006 - 2007
Why a middleware substudy?
• It is not just the current ‘buzzword’ :-)
• NRENs mission broader:
– Not only network provisioning, but also services
provisioning
• NRENs more involved in middleware
developments/deployment over the last years
– Federations, eduroam, Grid
– TERENA EuroCAMPs
• GEANT2/JRA5 working to create a European
middleware framework
– All NRENs are moving in the same direction
– Not all NRENs move at the same pace
• EARNEST will look at how middleware technologies
are expected to evolve in the next couple of years
The EARNEST Foresight Study
2006 - 2007
What is Identity Management?
• Identity Management = IdM =
– Giving each user an electronic identity
– Set of technologies and policies to
control users’ access to resources
The EARNEST Foresight Study
2006 - 2007
IdM Life Cycle
Res1
The EARNEST Foresight Study
2006 - 2007
IdM Life Cycle
basicAuthN
Res1
The EARNEST Foresight Study
2006 - 2007
IdM Life Cycle
Res1
Res2
basicAuthN
The EARNEST Foresight Study
2006 - 2007
IdM Life Cycle
Res1
Res2
basicAuthN
Res1
SSO
The EARNEST Foresight Study
2006 - 2007
Res2
IdM Life Cycle
Res1
Res1
Res2
SSO
basicAuthN
Resources…
Resources…
Resources…
The EARNEST Foresight Study
2006 - 2007
Res2
IdM Life Cycle
Res1
Res1
Res2
SSO
basicAuthN
Resources…
Resources…
Resources…
F
e
d
e
r
a
t
i
o
n
The EARNEST Foresight Study
2006 - 2007
Res2
IdM Life Cycle
Res1
Res1
Res2
SSO
basicAuthN
Resources…
Resources…
Resources…
F
e
d
e
r
a
t
i
o
n
The EARNEST Foresight Study
2006 - 2007
Res2
Key Federation Technology
• SAML, in particular SAML2.0
–Security Assertion Markup
Language
The EARNEST Foresight Study
2006 - 2007
IdM in the European higher
education
•
•
•
In Europe different technologies used for higher education
federations:
– Liberty Alliance (ID-FF)
• Norway
– Shibboleth (SAML-based)
• UK, Switzerland, Finland,
• Under development: Denmark, Italy, Germany
– PAPI
• Spain
– A-Select
• The Netherlands
In US:
– Mainly Shibboleth
Many IdM solutions
– Interoperability one of the key factors
• SAML (2.0) the way to go
The EARNEST Foresight Study
2006 - 2007
Identity Federation Model
Trust
Identity Provider
Service Provider
SAML request
SAML response
redirect
The EARNEST Foresight Study
2006 - 2007
IdM from the vendors perspective
• Identity Management is definitely a big area of
interest for vendors
• Different approaches for SSO:
– Identity Federations: Liberty Alliance and SUN
– User centric Identity model
• Fairly new concept
• Implemented by Microsoft and OpenID
– Abstract identity framework (Higgins, IBM)
• Close to the usercentric identity
• Some alliances between vendors
• Probably to compete/cooperate with
Microsoft
• Trust is a big concern for vendors
– The user centric approach seems to
guarantee more privacy to the users
The EARNEST Foresight Study
2006 - 2007
User Centric Identity Model
•
User = Identity provider
– Resource request for user identity information is handled
by the user
– Users decide which credentials and other personal
information to present to the resource
• In the same way users choose which credit card to use
for payment
Service Provider
3
2
Identity
Provider
The EARNEST Foresight Study
2006 - 2007
1
Middleware Sub-Study Preliminary
Findings
• IBM and Microsoft seem to be working on the
same track
• OpenId has announced cooperation with
Microsoft
– It seems like something will appear on the
market in the next ~6 months
• Shibboleth developers are also talking to
Microsoft
• It is likely that there will be two major tracks:
– User-centric identity model
– SAML2-based IdM federations
• How will these two approaches evolve?
The EARNEST Foresight Study
2006 - 2007
Middleware Sub-Study
Preliminary Findings
• Grid
– Sufficient interest from vendors in what is
happening in the ‘Grid space’
• The new user-centric model might fit Grid
requirements, but no concrete plans in this
direction
• Middleware to support lightpaths
– Middleware can be used, for instance, to create
lightpaths
– Different lightpaths for different users
The EARNEST Foresight Study
2006 - 2007
Conclusions
• Some interviews to be finalised on the
control-plane and performances side
• A report will contain all the findings on the
technical study
– Initial report is expected to be available
in July 2007
The EARNEST Foresight Study
2006 - 2007