GEANT`s Advanced services
Download
Report
Transcript GEANT`s Advanced services
GEANT’s Advanced services
EUMEDCONNECT APM meeting
Paris 19th of March 2002
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
1
Agenda
•Multicast Service
•IP premium Service
•CIP Service
•VPN service
•Security
•IPV6 test-bed
•Questions ?
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
2
Multicast Service
•GEANT is a transit domain for Multicast
traffic as well
•24 NRENs over 27 have explicitly asked for
being enabled multicast
•Multicast coverage
•Fully enabled with the Research peerings
•13 NRENs are already connected
•www.dante.net/nep/GEANT-MULTICAST/
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
3
Multicast Service
• Access to the service
– Via the primary access to GÉANT
– Via a GRE tunnel (currently nobody)
– Support of PIM-SM v2 only
• Operational procedures (rolling out now)
– Goal: fully supported service as Unicast.
– Plus specific monitoring
• Troubleshooting
– Extension of the trouble ticket systems to
multicast incidents
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
4
GÉANT
Premium IP Service
• This service which is currently being piloted in
GÉANT has the aim to provide international Virtual
leased line based on Diffserv.
• The Premium IP service is an end-to-end service
(University to University) crossing multiple
administrative domains
• It is defined on the basis of the Diffserv Expedited
Forwarding Per Hop behavior which is required to
offer
– Bandwidth, low loss, upper bounded delay and jitter
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
5
Premium IP:Virtual Leased Line service
NREN Janet
AS786
UK
AS20965
Regional
Network
A
SE
Rate limitation is applied
on the NREN access
DE
GÉANT backbone
streams < 5 %
of the BW access
FR
•Premium IP packets are tagged with DSCP code =46
•Rate Limitation is applied per aggregate on the NREN’s
access, based on the total demanded bandwidth towards the
B
destination.
•Admission Control is made manually based on the Sum of
bandwidth already booked on the destination access.
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
DFN
AS680
Regional
Network
6
Commodity IP Service
• The Commodity IP transit service provides
transit to the general internet for the NRENs
which requests it.
• GÉANT will be connected to Global
Crossing and KPNQwest in eight locations
– (Frankfurt, Geneva, Milan and Stockholm for
Global Crossing; London, Paris, Prague and
Vienna for KPNQwest)
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
7
CIP usage and committed BW
Rate limitation on NREN outgoing interface to the committed BW
+ WRED configured to drop preferentially BE in case of Congestion.
Poland
NREN2
XXXMbps
SE
UK
GÉANT
AS20965
...
JANET
NREN4
...
DSCP=32
Third party provider
European Distributed Access
Commodity Internet Access
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
8
VPN Service
• The customers of the Managed Bandwidth
Service from TEN-155 were using this
service for the guaranteed BW and for the
ability to have VPN layer 2 VPNs (ATM
VPs or PVCs)
• Thus we are studying the possibility of
provisioning of VPNs layer 2 with MPLS.
• In a first phase we’ll deliver layer 2 tunnels
to NRENs access.
• We’ll be in production in May
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
9
Example of Virtual platform
In the core
MPLS traffic
GÉANT backbone
IPV4 traffic
Encapsulation
Layer2 <-> MPLS
LSPs
NREN A
NREN C
Dedicated access
STMxx to STM16 POS
DLCI Virtual Lab access
DLCI Production traffic access
Shared media access
(up to STM16 POS)
Dedicated access
(up to STM16 POS)
GÉANT’s router
NREN B
NREN’s access router
NREN’s test router
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
10
What is DANCERT?
• DANTE’s Computer Emergency Response Team
• Responsible for defining and implementing DANTE
security policies
• Providing security alert and investigation assistance
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
11
What does DANCERT cover?
• Security of network elements on DANTE networksGEANT, GTREN, DWS
• DoS, resource and service protection of DANTE
networks and those of NRN’s.
– Proactively through rate limiting and anti-spoofing
measures
– Reactively through DoS tools applying filters and
helping report and investigate attacks.
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
12
What does DANCERT cover?
• Investigating new services and their subsequent
security implications.
• Assistance in investigating security incidents such
as,
– Hacking
– Port Scanning
– Spam reports
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
13
DANCERT Contact Details
• [email protected]
• [email protected]
• [email protected]
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
14
Planned Y1 6NET topology
• Native STM-1line
to Greece under
negotiation
• International IPv6
connectivity
provided by
partners including
DANTE to
NACSIS
SE
UK
NL
DE
FR
AT
CH
IT
GR
Colt
Deutche Telekom
Telia
Tunneled
Nordic
Testbed for activities using/supporting native IPv6
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
15
Questions ?
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
16