Transcript Slide - PPT 2.4 MB

The MANTICORE Project: Providing Users
with a Logical IP Network Service
Victor Reijs, HEAnet
Eduard Grasa, Fundació i2cat
MANTICORE Partners (self funded project)
Agenda
• The MANTICORE Project Vision
• MANTICORE Implementation
– The IaaS Framework (UCLP Evolution)
– User Roles
– Software Architecture
• How does it work: GUI preview
• DEMO at TNC 2008
• Future work: MANTICORE and RPSL
2
MANTICORE project
• A Web Service based system that provides
the User (NOC and/or end user) with the
ability to define and configure of its own
physical and/or logical IP network
• Project partners:
– HEAnet, i2CAT, Juniper, NORDUnet, RedIRIS
3
Service specification
• Define the edge ports of the IP network
• Define the
(policy)
external
Routing
Service
• In case there are preferences on internal
transport services, QoS: the internal
Routing Service metric
• If available: IP address space
4
The MANTICORE vision
Physical Router
User Site
Logical Router
Physical Link
Logical Link
Each user’s IP network
is represented by a
different color
Other user’s IP
Network or the
Internet
5
Logical IP network
• Logical IP network should guarantee route
integrity
in contrast with point to point links/lightpath/lambdas
• Two Routing Services (RPSL):
– internal routing (pure internal configuration
and making directly connected ports explicit)
– external routing (other networks, directly
connected hosts and propagation of external
routing info)
6
RPSL defines Routing Services: examples
• Sample RPSL and configs arising from our demo layout
– eBGP AS1->AS20
– static AS1->AS10
lo0: 10.10.20.5/32
lo0: 10.10.10.4/32
AS10
(network2)
192.168.10.2
router4.rediris.es
static
eBGP
lo0: 10.10.1.1/32
ge-3/0/0
ge-3/0/0
lo0: 10.10.1.2/32
ge-3/0/0
192.168.1.1
ge-2/0/0
192.168.10.1
ge-3/0/0 192.168.20.2
router5.rediris.es
ge-2/0/0
192.168.20.1
192.168.1.2
ge-1/0/0
192.168.0.1
router1.rediris.es
ge-0/0/0 192.168.2.1
router2.rediris.es
ge-1/0/0
AS1
ge-0/0/0
AREA 0
(network1) router3.rediris.es lo0: 10.10.1.3/32
192.168.0.2
192.168.2.2
7
AS20
(network3)
Sample RPSL: BGP to JUNOS
aut-num:
as-name:
import:
export:
AS1
network1
from AS20
# network3
action pref=100;
accept AS20
to AS20
# network3
announce AS1
route:
10.10.20.0/24
descr:
network3
orgin:
AS20
mnt-by:
[email protected]
changed: [email protected]
20080520
8
protocols {
bgp {
export local-networks;
group ebgp {
type external;
family inet {
any;
}
neighbor 192.168.20.2 {
peer-as 20;
description "AS20";
export to-AS20;
import from-AS20;
}
}
}
}
policy-statement from-AS20 {
term 1 {
from {
prefix-list AS20;
}
then accept
};
}
policy-options AS20 {
prefix-list AS20 {
10.10.20.0/24;
}
}
Sample RPSL: Static route -> IOS-XR
aut-num:
as-name:
import:
AS1
network1
protocol STATIC into BGP4
accept AS10
route:
origin:
mnt-by:
changed:
inject:
10.10.10.0/24
AS10
[email protected]
[email protected] 20080520
at 192.168.10.1
action next-hop=192.168.10.2; cost=10
upon static
# network2
ipv4 route 10.10.10.0 255.255.255.0 192.168.10.2 10
!
router bgp 1
address-family ipv4 unicast
redistribute static route-policy local-statics
!
route-policy local-statics
if destination in ( 10.10.10.0/24 )
pass
endif
end-policy
9
The components
• The following components can be distinguished:
– Router WS
A logical or physical device with logical/physical ports with
– Routing services
Ability to route traffic according to certain rules, for
internal entities (like Router WS) and external entities (like
users or external networks)
– Lower layer WS
Provide connectivity at layer 0, 1 and 2 between
(user/router) ports
– IP network WS
Integrating the above services
10
Agenda
• The MANTICORE Project Vision
• MANTICORE Implementation
– The IaaS Framework (UCLP Evolution)
– User Roles
– Software Architecture
• How does it work: GUI preview
• DEMO at TNC 2008
• Future work: MANTICORE and RPSL
11
Infrastructure as a Service
IaaS and Virtualization
• Virtualization
consists
of
representing
a
physical
device/substrate/datapath as a Software entity (P2V).
– Initially started with PC virtualization (VMWare, VirtualIron,
VirtualPC)
– Provides Isolation.
• IaaS is equivalent of SaaS for hardware devices.
– Amazon and BlueLock pioneer the IaaS service by renting
hardware using proprietary solutions.
– Users pay to use shared infrastructures.
– Monthly fees or Pay per use.
– Long term exchanged compared to on-demand services.
– Users control/own the infrastructure.
12
UCLP, Argia and the IaaS Framework
• Two UCLP research programs were put in place by CANARIE to provide a
virtualization solution for optical networks starting in 2001
– UCLP initial goal was to provide end to end paths across domains (DataPath
Virtualization)
– UCLPv2 goals were to create reusable and configurable network blocks
(Hardware Partitioning Virtualization)
• UCLPv2 concepts are evolving into many different Physical to Virtual
(P2V) products and R&D projects that are built on the IaaS Framework:
–
–
–
–
Argia -> Product for Optical Networks
Ether -> R&D for Ethernet and MPLS Networks
MANTICORE -> R&D for physical/logical IP Networks
GRIM -> R&D for Instruments and Sensors
RMC
ETHER
GRIM
13
MANTICORE
CHRONOS
Infrastructure Resource Trading (I): Direct Export
User A
Resource List
Provider 2
Resource List
Resource List
Resource List
Provider 1
User C
User B
14
Infrastructure Resource Trading (II): Broker Sites
15
IaaS Framework Resource Architecture
WS Interface
Capability
(WS Resource)
(Axis2, CXF, MiniSOAP)
Resource Representations / Service Interfaces (Java)
Transient Information
Persistent Information
Business Logic
Persistance Layer
Data Sources
16
DB
LDAP
IaaS Engine
File
System
Security Framework
Web Application
Support (MVC)
Application Container
WS-Messaging Engines
Capability
(Driver Architecture)
Physical Devices
MANTICORE Software Architecture
Manage user accounts, get user
credentials, authenticate
RPSL may be used to let the GUI
specify high level routing policies
(internal as well as external) to the
IP Network WS
User Workspace
WS
GUI client(s)
IP Network
WS
Ethernet
Resource
WS
Transforms the high
level operations over
one or more virtual
resources into specific
commands that each
particular routing
device can understand
Router-WS
TDM
Resource
WS
...
Virtual Resource Services
Represent the physical (ports) or logical interfaces
(VLANs, TDM Channels) that users can access.
Netconf
Juniper device
17
Transforms the routing configuration abstract
description in high level operations that will be
invoked in the Router WS over one or more virtual
resources
Protocol X
Other vendor
device
Protocol Y
Software
router
First implementation limitations
• Only deal with Juniper routers using the Netconf JunOS XML
API
• RPSL (will explain later) won’t be used as a means of
describing abstract routing configurations (instead, a
proprietary simple and limited representation will be used).
• WS-Security: WS Messages are not encrypted nor signed.
• The implementation is a proof of concept, not a complete
solution: working prototypes of the services will be
implemented, but some features and performance
optimization will be left for future work
18
Agenda
• The MANTICORE Project Vision
• MANTICORE Implementation
– The IaaS Framework (UCLP Evolution)
– User Roles
– Software Architecture
• How does it work: GUI preview
• DEMO at TNC 2008
• Future work: MANTICORE and RPSL
19
Example deployment
• Two organizations:
– NREN A: Physical Network Administrator. In this very simple example
it operates a network with one physical router.
– i2CAT: Virtual Network Administrator. In this very simple example it
will request two logical routers to NREN A.
• MANTICORE Software deployment
NREN A Server:
- User Workspace WS
- Ethernet Resource WS
- IP Network WS
- Router WS
20
i2cat Server:
(optional)
- User Workspace WS
- Ethernet Resource WS
- IP Network WS
NREN A discovers the physical router
• When NREN A first
launches
the GUI
client, it must create a
new physical network
and add all the
routers they want to
manage to it.
21
NREN A PN Admin creates logical routers
• NREN A admin creates some
logical interfaces, two logical
routers and assigns these
logical interfaces to the logical
routers.
• He also creates a
logical tunnel between
the two logical routers
(new LT interfaces are
created).
22
Creation of virtual links and virtual interfaces
• NREN A PN Admin creates a resource list (list of resources
that can be accessed by NREN A or a 3rd party).
• NREN A PN Admin creates virtual interfaces and virtual links
(kind of proxy objects that represent the remotely
configurable interfaces and links), and adds them to the
resource list.
23
Exporting resources
• NREN A PN Admin exports the resource list to i2cat
(permissions are set on the resources so that i2cat’s users
can access and modify the resources on the resource list).
Resource List
NREN A Server:
i2cat Server:
(optional)
• i2cat APN Admin, launches its GUI Client, logs into the server
and downloads the resource list.
24
i2cat’s IP Network
• i2cat APN Admin creates a new IP Network and adds the
resources of the resource list to it.
• Now
he
can
configure the IP
parameters of the
interfaces, configure
IGPs, configure the
peering, ...
25
Agenda
• The MANTICORE Project Vision
• MANTICORE Implementation
– The IaaS Framework (UCLP Evolution)
– User Roles
– Software Architecture
• How does it work: GUI preview
• DEMO at TNC 2008
• Future work: MANTICORE and RPS
26
TNC 2008 MANTICORE Demo
• During the Terena Networking Conference 2008 (Bruges, 1922 May) at the Juniper booth, the following scenario is going
to be demonstrated.
lo0: 10.10.20.5/32
lo0: 10.10.10.4/32
AS10
192.168.10.2
router4.rediris.es
static
eBGP
lo0: 10.10.1.1/32
ge-3/0/0
ge-3/0/0
lo0: 10.10.1.2/32
ge-3/0/0
192.168.1.1
ge-2/0/0
192.168.10.1
ge-3/0/0 192.168.20.2
router5.rediris.es
192.168.20.1
ge-2/0/0
192.168.1.2
ge-1/0/0
ge-0/0/0 192.168.2.1
router2.rediris.es
ge-1/0/0
192.168.0.1
router1.rediris.es
AS1
AREA 0
192.168.0.2
ge-0/0/0
192.168.2.2
router3.rediris.es
27
lo0: 10.10.1.3/32
AS20
Agenda
• The MANTICORE Project Vision
• MANTICORE Implementation
– The IaaS Framework (UCLP Evolution)
– User Roles
– Software Architecture
• How does it work: GUI preview
• DEMO at TNC 2008
• Future work: MANTICORE and RPSL
28
RPSL in MANTICORE
RPSL may be used to let the GUI
• RPSL
can be used as a means of describing
the external
credentials, authenticate
specify high level routing policies
(internal as well as external) to the
routing
policies as well as the IGP configurationsUser(with
minor
IP Network WS
Workspace
WS
extensions).
GUI client(s)
Manage user accounts, get user
IP Network
Transforms the routing configuration abstract
description in high level operations that will be
invoked in the Router WS over one or more virtual
resources
• These RPSL
descriptions can be taken as an input by the IP
WS
Network WS and then generate the high level operations to
invoke at the Router WS (remember
theTDMarchitecture
Ethernet
Resource
...
Resource
picture).
WS
WS
Transforms the high
level operations over
one or more virtual
resources into specific
commands that each
particular routing
device can understand
Router-WS
Virtual Resource Services
• Implementation status: RPSL RFCsRepresent
(2622,
RPSL
the physical
(ports) and
or logical 4012,
interfaces
TDM Channels) that users can access.
RPSLng) have been studied, and (VLANs,
some
preliminary RPSL
Protocol
Y
Protocol X
Netconf
descriptions
for the MANTICORE use cases have been
generated. Not implemented yet due to time constraints.
Juniper device
29
Other vendor
device
Software
router
More Future Work
• Integrate MANTICORE with the other IaaS Framework based
network virtualization solutions:
– With Argia, product for optical networks (TDM, WDM, Fibre).
– With Ether, upcoming product for Ethernet and MPLS networks.
• Create drivers for other router vendors
• Add more features to the IP Network WS
– Allow APN Admins and end users to create new logical interfaces
– Provide means of describing more complex routing policies
– Other?
• Activities within the FEDERICA Project
– Achieve interoperability with the IPsphere Framework (framework for
composing multi-stakeholder services)
– Provide support for software routers
30
Thanks for your attention! More information:
• MANTICORE:
– Victor Reijs, Network Development Manager, HEAnet Limited
([email protected])
– Sergi Figuerola, Coordinator of the Network Technologies
Cluster, Fundacio i2cat ([email protected])
• IaaS Framework:
– Inocybe Technologies Inc. http://www.inocybe.ca
– IaaS Framework website: http://www.iaasframework.com
31