20070717-lehman-et-all
Download
Report
Transcript 20070717-lehman-et-all
Hybrid Network Control Plane Interoperation
Between Internet2 and ESnet
ESCC/Internet2 Joint Techs Summer Meeting
July 16, 2007
Fermi Lab
Batavia, Illinois
Tom Lehman
Information Sciences Institute East, University of Southern California
Chin Guok
Network Engineering Services Group, ESnet
Andy Lake, John Vollbrecht
University Corporation for Advanced Internet Development, Internet2
DOE
Office of Science
DRAGON
Hybrid MLN
Hybrid Networks
Heterogeneous By Nature
• Hybrid networks are extremely heterogeneous at
several levels
• DataPlane can be constructed from
• router based Multiprotocol Label Switching (MPLS)
tunnels
• Ethernet VLAN based Circuits
• Synchronous Optical Network / Synchronous Digital
Hierarchy (SONET/SDH) circuits
• Wavelength Division Multiplexing (WDM) connections
• Combinations of the above
Hybrid Networks
Heterogeneous By Nature
• Control Planes can be based on
• Multiprotocol Label Switching (MPLS)
• Generalized Multiprotocol Label Switching
(GMPLS)
• Web Services
• Management Systems
• Combinations of the above
• Client (user) services or attachment points
could be
•
•
•
•
Ethernet
SONET
IP Router
InfiniBand
Hybrid Networks
Web Service Control Plane Interfaces
IDC
Inter-Domain
Controller (IDC)
WS UNI
WS E-NNI
WS E-NNI
WS I-NNI IF
Management
System
WS I-NNI IF
(I-NNI)
GMPLS
(I-NNI)
IDC
WS I-NNI IF
MPLS
(I-NNI)
WS UNI
SONET/TDM
(Dataplane)
Ethernet/L2SC
(Dataplane)
Router(MPLS)/PSC
(Dataplane)
• Web Services provides a mechanism to deal with
heterogeneous control planes
• inspired by the standards bodies work on control plane protocols,
but not just recreating that work at the web service level
• Better described as using control plane techniques to develop a
“service plane”
Hybrid Networks
Web Service Control Plane Interfaces
• Four Primary Web Services Areas:
• Topology Exchange, Resource Scheduling, Signaling, User Request
Hybrid Networks
Control Plane Architecture
• The benefits offered by Web Services include
• standardized mechanisms for user authentication and policy
management
• flexible features for interfacing with a diverse set of I-NNI
mechanisms
• Allows focus on several issues that current control plane work
has not addressed in a robust manner:
• scalability, stability, security, flexible application of policy, AAA,
scheduling
• Will still allow for peering domains with compatible non
web service E-NNI (i.e. GMPLS based) to utilize that
as desired
• a domain might peer with one domain at GMPLS level, and
another at the Web Service level
Web Service based E-NNI
Three Main Components
• Routing
• Topology Exchange
• Domain Abstraction
• Varying levels of dynamic information
• Resource Scheduling
• Multi-Domain path computation techniques
• Resource identification, reservation, confirmation
• Signaling
• path setup, service instantiation
Web Service Based Multi-Domain
Provisioning – Collaborative Effort
• Architecture and Web Services Design
effort is a collaborative effort between:
• Internet2
• ESnet
• DANTE (GEANT, Autobahn)
• Also collaborating with University of
Amsterdam on Token based RSVP
signaling and topology exchange
Internet2 and ESnet
Implementation Goals and Methods
• Goal
• Dynamically provision layer 2 circuits between
Internet2 network and ESnet/SDN
• Methods
• Use existing control plane software where
appropriate
• Provide multidomain AAA architecture for
message exchanges
• Exchange topology information
• Coordinate the scheduling of resources
• Signal circuit setup between domains
Control Plane Software
• OSCARS (Web Service)
• Started by ESnet, merged with Internet2’s
BRUW project in 2006
• Web service architecture, interfaces to lower
level network specific provisioning systems
• Vendor based MPLS L2VPN (Martini Draft)
• Internet2 DCS/HOPI
• DRAGON (NSF funded project in development
by USC/ISI EAST and MAX)
• Uses GMPLS protocols to build layer 2 circuits
OSCARS Architecture
Customer Site
External Peer
End-Host
Application
Resource
Manager
Web-Services Interface
(Signed SOAP Messages)
User
Link
Reservations
Bandwidth
Scheduler
Web-User
Interface
I-NNI
Policy
Authentication
Authorization
OSCARS
Resource
Manager
Path Setup
(MPLS)
Path Setup
(GMPLS)
Topology
OSCARS
• Web Services
• Source host, destination host, bandwidth,
start time, end time
• “Book-ahead” scheduling
• Multidomain AAA architecture using
X.509 certificates
• Uses traceroute for path calculation
• Each domain configures MPLS tunnels
on Juniper routers at requested time
DRAGON
• Virtual Label Switched Router(VLSR)
• PC based control plane software
• Manages and provisions various network
equipment such as ethernet switches,
SDH/SONET
• Signaling with RSVP packets
• Network Aware Resource Broker
(NARB)
• Stores topology in OSPF-TE database
• Performs inter/intradomain path calculation
• Exchanges interdomain topology
OSCARS-DRAGON Integration
AAA and Security
• OSCARS AAA
• SSL Encryption
• Authentication
• X.509 Certificates
• User to Domain
• Domain to Domain
• Web Service Security by OASIS
• SAML assertions about end-user (future)
• Authorization
• OSCARS attribute based system
Topology Exchange
• XML topology schema
• Developed by DICE
• Domain, Node, Port, Link hierarchy
• Namespace extension to the
NMWG/PerfSonar Topology Schema
• Interdomain exchanges between
OSCARS servers via web services
• Topology storage flexible
• NARB, XMDR, static file
• Path Computation by NARB or other
component that uses topology data
Resource Scheduling
• OSCARS web service message
• Source port, destination port, bandwidth,
start time, end time
• Optional parameters such as VLAN tag
• Generates information important to later
signaling
• Global-ID, secure token
• Stored in OSCARS reservation
database
Signaling
• XML signaling
• OSCARS receives XML signaling message
• Contacts VLSR to initiate path setup
• Could also talk to Juniper router or other device
• RSVP signaling
• User signals VLSR directly
• Token-based signaling developed by
University of Amsterdam’s Phosphorous
project
• Token, Global Reservation ID
Timelines and Future Work
• Timeline
• Hope to have test release by end of
Summer 2007
• Official release in Fall 2007
• Future Work
• Continue collaboration with international
partners
• Explore use of federated identity software
such as Shibboleth
Questions/Comments?
•
•
•
•
Tom Lehman ([email protected])
Chin Guok ([email protected])
Andy Lake ([email protected])
John Vollbrecht ([email protected])