NORDUnet
Nordic infrastructure for Research & Education
An Overview, Status, and Futures
Presented to:
OGF 35
June 17-19, 2012
Delft, NL
Jerry Sobieski
Director., Int’l Research Initiatives
NORDUnet

NORDUnet
Nordic infrastructure for Research & Education
• NSI := “Network Services Interface”
• It is intended to provide a single ubiquitous means for users, world wide, to dynamically manage network connection services.
• The OGF NSI standards work has generated two documents so far:
– The NSI Framework document – describes the high level abstracted notions of the NSI environment
– The NSI Connection Service Protocol – describes the functional primitives that control point to point connections through their lifecycle.
• This presentation will provide some technical details, current status, futures,…
• ..And we’ll close with some thoughts about NSI relevance, the standards process, and how we gain momentum through OGF

NORDUnet
Nordic infrastructure for Research & Education
• NSI is an architecture for inter-domain, automated, network connection provisioning.
• It defines an abstract model of a network “Connection”
• It specifies a very simple and generic multi-domain
“Topology” model over which Connections are established
• It defines an automated “Network Service Agent” (NSA) that represent each service domain in the topology
• It defines a simple high level protocol between NSAs that manages a connection over its lifetime.
Ingress
“A”
Access
Transport
Section
Egress
Z”
Access
Network Service
Agents
NS
A
STP
A.1
Network
Connections
A
STP
A.2
NSI Protocol
NS
A
STP
B.1
Network
B
STP
B.2
NS
A
STP
C.1
Network
STP
C.2
C
Topology

NORDUnet
Nordic infrastructure for Research & Education
Network Services Agents
NSA
Requesting
Agent (RA)
Network Services Interface
Provider
Agent (PA)
NSA
A
User’s NSI Requesting
Agent (RA)
B
NSI protocol
C
NRM
A D E
Network
Resource
Manager
D
Domain C
E

NORDUnet
Nordic infrastructure for Research & Education
• Several other basic NSI objects include:
– The Service Termination Point (STP)
– The Service Demarcation Point (SDP)
– The intra-domain Network Resource Manager (NRM)
“Service Termination
Points”
“Service Demarcation Point”
A
Network
C
“Aruba”
B D
Network
“Bonaire”
E
NSA
NSA
NRM
Network
Resource
Manager

NORDUnet
Nordic infrastructure for Research & Education
• NSI Framework describes a high level functionality that occurs across and between network service domains – not inside those domains.
– It leaves intra-domain technical details to local engineers and automated tools.
• The NSI Framework is technology agnostic.
– It does not expect or require specific transport or switching technologies in the underlying infrastructure.
– It leaves intra-domain technical details to local engineers and automated tools.
• It is secure by design;
– Authentication and Authorization at two levels is performed at every domain boundary for every NSI service request.
• NSI is therefore well suited to multi-domain, multitechnology, and/or multi-layer network services.

NORDUnet
Nordic infrastructure for Research & Education
• The NSI Connection Service (NSI-CS) is the first protocol defined under the NSI Framework
• NSI-CS Primitives:
–
• Supports both “chain” signaling and novel “tree” signaling
• Allows users to schedule connections in advance.
• Allows service providers to refine common service specifications without modifying the protocol standard itself.

NORDUnet
Nordic infrastructure for Research & Education
• The CS protocol is a “request/response” protocol:
– Requesting Agents issue primitive
“requests” from RA to PA,
– Provider Agents issue a corresponding “response”
(confirmed or fail) from PA to RA.
– Each NSA manages a state table associated with each Connections it has serviced.
• The CS protocol is designed to provide consistent life cycle state transitions for all NSI connections regardless of how they are segmented or processed across multiple networks reserving scheduled provisioning
In-service releasing released terminating
RA
Resv.rq
PA
Resv.cf
Prov.rq
Prov.cf
Rel.rq
Rel.cf
Term.rq
Term.cf

NORDUnet
Nordic infrastructure for Research & Education
• It is the responsibility of each NSA to examine a
Reservation Request and to choose a domain level path for the requested connection.
• …and then to decompose the path into a set of
“segments” that can be either
– a) delegated to other NSAs (e.g. to reserve a portion of the path across one or more foreign domains), or
– b) delegated internally to the local NRM.
• Such path selection and segmentation can be performed recursively in two modes:
– Conventional “Chain” provisioning in a sequential hop by hop fashion
– Or a novel “Tree” process where the segments are reserved directly with downstream NSAs.

NORDUnet
Nordic infrastructure for Research & Education
A
B
“Aruba”
J K
Z
“Bonaire”
Y
STP A
STP J STP K
Ingress
Service Termination Point
“A”
Egress
Service Termination Point
“J”
A>J
J==K
K>Z
Ingress STP
“K”
Egress STP
“Z”
Access
Transport
Access
A
Access
A>J
Transport
Segment 1
Access
J==K K>Z
J K
Z
Transport
Access
Transport
Segment 2
Access
STP Z

NORDUnet
Nordic infrastructure for Research & Education
Conventional hop-by-hop “Chain” model
RA
A
1
6
PA
B
2
5
PA
C
3
4
PA
D
A Z
Novel “Tree” model allows user path selection
A
6
B
1
2
3
C
4
5
D
A Z
A
B
5
2
M
1
C
6
3
4
D
Hybrid processing that mixes tree and chain allows for 3 rd party requests, federations of networks, etc.
Z

NORDUnet
Nordic infrastructure for Research & Education
The process of decomposition and segmentation defines the NSI “Service Tree”
A uRA – “ultimate Requesting Agent”, or user
1
Tree model
2
B
8
C D
Aggregator NSAs – do PF and segmentation
6
7 Chain model
5
Chain model
3 4
Leaf NSAs – Interface to local NRMs for actual data plane control.
Tree model

NORDUnet
Nordic infrastructure for Research & Education
The user application
RA
Appl
PA
NSA
NSA
RM
NSA
RM
NSA
RM

NORDUnet
Nordic infrastructure for Research & Education
•
–
–
–
–
–
–
• The WSDL can be found at: http://code.google.com/p/ogf-nsiproject/source/checkout

NORDUnet
Nordic infrastructure for Research & Education
– Formal
Authorization/Security
Profile
– NSI & NML topology convergence
– Dynamic inter-domain topology discovery and update
– Compact enumeration of
STPs, SDPs, etc.
– Common Service Definitions
– Versioning
– Simplified State Machine
– Enhanced Error handling and state processing
– More powerful Connection endpoint semantics
– Control plane topology
– Simplified Client (RA) requirements
– Firewall/NAT interoperability
– Uni-directional
STPs/connections
– ERO style route pinning

NORDUnet
Nordic infrastructure for Research & Education
• OGF NSI-CS version 1.1 is in field test now in the
Automated GOLE testbed
 Sep 2011: First NSI CS Interop Plugfest – GLIF 2011 Rio de Janeiro, BR
 Oct 2011: First NSI Transport Provisioning Future Internet Assembly 2011
Poznan, PL
 Nov 2011: Global NSI / AutoGOLE Demonstration Supercomputing 2011
Seattle, US
• OGF NSI-CS version 2.0
 V2.0 Feature set identified: Mar 2012
– Draft NSI-CS v2.0 document target: Jul 2012
– V2.0 Alpha test/interop Oct 2012 OGF/GLIF Workshop, Chicago
– V2.0 Beta testing/[alpha] production service demo: Nov 2012, SC2012 Salt
Lake City
– NSI-CS V2.1 / Errata document target: Dec 2012
– Production Service deployments: EoY 2012

NORDUnet
Nordic infrastructure for Research & Education
•
– OpenNSA – NORDUnet (Copenhagen, DK)
– OpenDRAC – SURFnet (Amsterdam, NL)
– G-LAMBDA-A - AIST (Tsukuba, JP)
– G-LAMBDA-K – KDDI Labs (Fujimino, JP)
– AutoBAHN – GEANT (Poznan, PL)
– DynamicKL – KISTI (Daejeon, KR)
– OSCARS is expected 2012-Q3/Q4
•
– Juniper / “JunOS” : L2 & MPLS provisioning - OpenNSA
– Brocade: L2 switching - AutoBAHN, OpenNSA
– Ciena (Nortel) SDH & L2 switching – OpenDRAC
– Dell L2: G-LAMBDA-A
– NTT optical: G-LAMBDA-A
– Force10: L2 switching – OpenNSA
– Argia: L2 Switching - OpenNSA
– Ciena NMS – DRAC (TBD)

NORDUnet
Nordic infrastructure for Research & Education
– Initial Lab testing by respective developers for self consistency and hardware functionality
– “GLIF Plugfest” interoperability testing to prove inter-operability between implementations.
• Plugfest Rio – GLIF fall 2011 in Rio de Janiero
• Plugfest Windy City – GLIF fall 2012 in Chicago
– Then field deployment in the GLIF Automated GOLE global fabric
– NSI is being heavily and continually tested via the
AutoGOLE testbed. This is good for protocol, good for applications to begin integration on a global basis, and good for NSI visibility beyond just OGF.

NORDUnet
Nordic infrastructure for Research & Education
KRLight
KDDI Labs
AIST
JGN-X
ESnet
Nordunet
GLORIAD
StarLight
MANLAN
ACE
NetherLight
USLHCnet
UvA
Cern
PSNC
GEANT
CzechLight
Cal Tech
The GLIF Automated GOLE Pilot was initiated in 2010 to provide a global fabric of Open Lightpath Exchanges for the specific purpose of maturing the dynamic provisioning software and services, demonstrating the value and viability of GOLEs to advanced network service models, and to develop a set of BCP for these services.

NORDUnet
Nordic infrastructure for Research & Education
KRLight.ets
Daejeon
DynamicKL
KDDI-Labs.ets
Fujimino
G-LAMBDA-K
JGNX.ets
Tokyo
G-LAMBDA-K
A
GLORIAD.ets
Chicago
OpenNSA
WIX.ets
Washington
OpenNSA
NorthernLight.ets
Copenhagen
OpenNSA
CzechLight.ets
Prague
OpenDRAC
A A
KRLight
GLORIAD
NORDUnet +
SURFnet
JGN-X
StarLight.ets
A
Chicago
OpenNSA/Argia
US LHCnet
ACE
NetherLight.ets
Amsterdam
OpenDRAC
A
CESNET
Pionier
A
Pionier.ets
Poznan
AutoBAHN
GEANT
A
AIST.ets
Tsukuba
G-LAMBDA-A
A A
ESnet.ets
Chicago
OSCARS
UvALight.ets
University of Ams.
OpenNSA
NSI Networks (“A”=Aggregator)
NSI peerings (SDPs) unless otherwise indicated these are vlans 1780-1783
NSI Control plane peerings without data plane connections (in progress)
GEANT.ets
Paris
AutoBAHN

NORDUnet
Nordic infrastructure for Research & Education
“Automated Earth” viz
(Takatoshi Ikeda, KDDI-Labs)
“NSI Monitor” viz
(Tomohiro Kudoh, AIST)

NORDUnet
Nordic infrastructure for Research & Education
• Visualization
• AIST Java status monitor: http://163.220.30.174:8070/monitor.jnlp
• KDDI Labs Google earth plugin: http://kote-ps-1.ps.jgnx.jp/ps/autoearth-nsi/
• KDDI Labs Google earth kml: http://kote-ps-1.ps.jgnx.jp/ps/autoearth-nsiAutoMAP.kml

NORDUnet
Nordic infrastructure for Research & Education
• NSI v2.0 is targeted for production deployment:
– NORDUnet plans a production NSI based service in CY2013-Q1
– SURFnet plans a production NSI based service in CY2013-Q1
– StarLight plans a production NSI based service in CY2013-Q1
– Pionier plans a production NSI based service in CY2013-Q1
– …the list is growing
• In parallel with protocol development, the NSI community are developing operations and administrative tools
– NOC Query and manage local service segments
– Logging and accounting
– End to end performance verification and debugging tools
• NSI protocols are evolving and maturing very rapidly – now need to address service definitions and engineering plans
• Applications:
• NEXPRES – EVLBI (currently testing from OSO to JIVE)
• CO-Universe – HD video
• LHCONE – HEP (a proof of concept for GOLE architecture)
• Others in works (under the radar)…

NORDUnet
Nordic infrastructure for Research & Education
• There have been a number of efforts over the last 15-20 years to make dynamic network connection oriented services an integral part of high performance networks:
• DRAGON, FENIUS, AutoBAHN, IDCP, UCLP, GLAMBDA, Frederica,
OSCARS, DRAC, MANTICORE, Phosphorus, O-BGP, HOPI, …
• ITU Q931, Q2764 and ATM Forum Q-2931 signaling, G.709, ASON,
• IETF RSVP, RSVP-TE, and GMPLS signaling and routing protocols
• IEEE 802.3, 802.1Q, .1ad, .1ah, …
• MPLS*, ATM, SONET/SDH, MEF, Lambda switching,…
• These have all made progress, but none took root…
• Wide skepticism of non-IP services
• Many interesting but non-interoperable and incomplete service models.
• Not Invented Here syndrome
• Issues such as inter-domain topology management were “known to be” intractable
• AAI, end-to-end performance guarantees, scheduling, etc were poorly understood in a multi-domain, multi-service, heterogeneous environment.

NORDUnet
Nordic infrastructure for Research & Education
• NSI does not try to boil the ocean (!)
– Presents a simple inter-domain connection provisioning model,
– It will grow incrementally in both global reach and sophistication over time…
• NSI takes a Global perspective to Connection Services the service architecture must be scalable:
– Automated agents perform the resource management – no man-in-the-middle of these processes
– Inter-domain (multi-domain) approach is necessary for global reach
– Must be secure to be globally viable in the 21 st century
– Must respect local network autonomy
– Must separate the protocols from technology to allow for wide diversity of infrastructure and longevity of the framework concepts

NORDUnet
Nordic infrastructure for Research & Education
• “Networks” still have two key components:
– Switching & forwarding Nodes – e.g. routers and switches
– And transport Links that connect the Nodes.
• In real world, every virtual network layer is constructed upon a virtual layer below it…
– To assume otherwise is not realistic in current networks
• Software Defined Networking relies upon the basic nodes and links model as much as ever…
• NSI builds those links
– Predictable, reliable transport performance between nodes
– Common provisioning framework across domains enables global links between SDN nodes
– NSI is a control plane tool - it coexists with and adapts to new data plane technologies.
– NSI has addressed the reality of real world multi-domain network switching and forwarding technologies. (AAI, security and privacy, autonomy, heterogeneity of infrastructure, topology integration, etc.)
• NSI is complementary to and is an enabling tool for emerging technologies such as OpenFlow, GENI, etc.

NORDUnet
Nordic infrastructure for Research & Education
• NSI represents an open and consensus driven approach to interdomain provisioning of LightPath (Connection) services
– It is an Open standard – anyone [who is well informed] can participate in the discussion/specification
– Consensus standards create “buy-in” – i.e. when everyone has had a voice in its specification, and understands its inner workings,
everyone is willing to adopt it and deploy it.
• The NSI Working Group has actively courted wide participation
– We have invited key organizations to particiapte
– We have tried to keep the broader community informed of progress
– We have invested substantial effort into showing tangible progress and presenting high visibility demonstrations of the resulting OGF NSI standard
• NSI represents the best opportunity in 20+ years to see a single common control architecture deployed globally to provide network performance guarantees.
– Wide scale deployment within the R&E community
– Commercial adoption and Vendor support for the OGF NSI Standard

NORDUnet
Nordic infrastructure for Research & Education
• The OGF NSI WG is an Open working group
• This means if you have ideas you would like to see incorporated into the NSI framework and/or protocols, please get active in the process:
• Contact one of the active WG members and pick their brain
• Join the mailing list, lurk, read the literature, and get up to speed, then join the calls…
• Contribute – ask, comment, propose…help us sort thru the issues to achieve clarity within the group and consensus within the broader community