Inter-domain, SDN, SDX, and NDN (Named Data Networking)
advertisement
Inter-­‐domain, SDN, SDX, and NDN (Named Data Networking) CANS 2014 September 15, 2014 John Hicks, Internet2 jhicks@internet2.edu Overview • • • • Inter-­‐domain SDN SDX & Network VirtualizaOon NDN (Named Data Networking) OSCARS • OSCARS (On-­‐demand Secure Circuits and Advance ReservaOon System) • Developed by the Department of Energy’s high-­‐performance science network Esnet • Features – Guaranteed bandwidth scheduling and provisioning of network resources – Network technology agnosOc – Works on a next-­‐hop peering relaOonship OSCARS NSI • NSI (Network Services Interface) • NSI is designed to allow Grid, Cloud and other applicaOons to mange network connecOvity • The OGF NSI standards work has generated two documents so far: – The NSI Framework document – describes the high level abstracted noOons of the NSI environment – The NSI Connec0on Service Protocol – describes the funcOonal primiOves that control point to point connecOons through their lifecycle. – h\p://forge.gridforum.org/sf/go/doc16014?nav=1 What is NSI? • NSI is an architecture for inter-­‐domain, automated, network connecOon provisioning. – It defines an abstract model of a network “Connec&on” – It specifies a very simple and generic mulO-­‐domain “Topology” model over which ConnecOons are established – It defines an automated “Network Service Agent” (NSA) that represent each service domain in the topology – It defines a simple high level protocol between NSAs that manages a connecOon over its lifeOme. Ingress “A” Egress Z” NSI Protocol Network Service Agents NSA NSA Access Access Transport SecOon ConnecOons STP A.1 STP A.2 STP B.1 NSA STP B.2 STP C.1 STP C.2 Overview • • • • Inter-­‐domain SDN SDX & Network VirtualizaOon NDN (Named Data Networking) Internet2 Network Advanced Layer2 Services Topology Map Seattle June 2014 Portland Minneapolis Albany Boston Equinix Starlight Chicago Salt Lake City Sunnyvale Cleveland Denver New York Philadelphia Pittsburgh Ashburn Kansas City Washington D.C. Columbia Raleigh Los Angeles Tulsa Phoenix Charlotte Atlanta Tucson El Paso Dallas Jackson Baton Rouge Advanced Layer2 Service PoP Houston Jacksonville Internet2 Network Advanced Layer2 Services Connector Map June 2014 PWNGP PacWave TR-CPS SEAT Starlight CIC PORT NEREN XSEDE XSEDE 6 MINN OARnet MREN ESnet UIUC ESnet XSEDE UEN NOAA STAR NEWY CHIC PITT PSC SALT DENV KANS COLU4 Indiana Gigapop Internet2 PacWave TR-CPS 6 RALE UPENN WIX NOAA TUCS TR-CPS ELPA DALL TR-CPS SoX LEARN Clemson JACK UNM BATO HOUH FLR Exchange Points 10G Connector 100G RENCI ATLA JCSN Sun Corridor AL2S Brocade MLXe-16 TR-CPS CAAREN NIH CHAR CENIC HOUH MANLAN TULS PHOE AL2S Juniper MX960 PHIL ASHB WASH MARIA Smithsonian DALL NOX MAX Gigapop GPN XSEDE BOST MAGPI CLEV TR-CPS SUNN LOSA ALBA EQCH FLR OESS: Open Exchange Sofware Suite • Layer2 Circuit Provisioning • Features – – – – – Sub second intra-­‐domain provisioning Point to point and point to mulOpoint End user controlled provisioning portal Workgroup system for shared access control Email noOficaOons • License – Apache • Online DocumentaOon – Videos and presentaOons • h\ps://globalnoc.iu.edu/sdn/oess.html – DocumentaOon • h\ps://globalnoc.iu.edu/sdn/oess/using-­‐oess.html WG: Network Status Workgroup Examples • Connector – Indiana Gigapop – OneNet • Overlay – XSEDE – GENI EXP APP EXP APP OESS API OESS API OSCARS API EXP APP FOAM Internet2 Software Stack OESS API OpenFlow Switch OESS UI KEY Experimenter Code Sofware Architecture FOAM NSI API API OESS NSI OSCARS NOX OpenFlow OpenFlow OpenFlow OpenFlow Switch OpenFlow Switch OpenFlow Switch NSI IDCP Overview • • • • Inter-­‐domain SDN SDX & Network VirtualizaOon NDN (Named Data Networking) FlowSpace Firewall • OpenFlow 1.0 today • Simple VLAN Tag based flowspace firewall / proxy (non-­‐overlapping ranges) • Per slice total rule limits • Per slice per switch flow modificaOon rate limits • Built upon FloodLight • Designed for producOon use. • Developed by Internet2 with GlobalNOC Sofware Engineering Network VirtualizaOon: Working DefiniOon • From a customer perspecOve, what does the service offer and how it is uOlized? – The Network VirtualizaOon service/enhancement offers the ability to write a controller and control a slice of the naOonal Layer 2 infrastructure. – The customer uOlizes the service by operaOng their own “service” across the Internet2 service. • From an internal operator perspecOve, how is the service implemented? • Who is the target audience? – An instance of Flowspace Firewall sits between the Layer 2 switches and other controllers (including those used in producOon services like AL2S) – Advanced Networking Community • Network Researchers • Virtual OrganizaOons • InnovaOve ApplicaOon Developers • What are the goals for the service? – SupporOng network researchers – Deployment of private networks – Prototyping of new services I2 Production Service Internet2 Service Taxonomy Service User Implemented Using I2 Prototype Service LHCONE NET+ Dependencies XSEDE Connectors GENI Learning Switch ONOS ? GENI ? Layer 3 R&E IP and TR-CPS Services General Purpose VLAN Service - AL2S NVS (Network Virtualization Service) ESNET NOAA Virtualized Ethernet Switching Circuits and Wavelengths - AL1S External Provider Services I2-Run Service Specific Hardware SDN Controller Hypervisor Ethernet Switches Fiber & Optical Transport EXP APP EXP APP OESS API OESS API OSCARS API EXP APP FOAM Internet2 Software Stack OESS API OpenFlow Switch OESS UI KEY Experimenter Code Sofware Architecture FOAM NSI API API OESS NSI OSCARS NOX OpenFlow OpenFlow OpenFlow OpenFlow Switch OpenFlow Switch OpenFlow Switch NSI IDCP EXP APP OESS API OSCARS API NSI API EXP APP OESS API EXP APP FOAM API OESS API Experimenter Code OESS UI Internet2 Software Stack Exp OF App OpenFlow Switch Exp OF App KEY OpenFlow OESS FOAM FlowVisor OpenFlow NSI NOX OpenFlow OSCARS OpenFlow FlowSpaceFirewall OpenFlow OpenFlow OpenFlow OpenFlow Switch OpenFlow Switch OpenFlow Switch NSI IDCP Use Case Examples • ProducOon Service Staging – GENI wants to move to SOtching v3.0, but SOtching 2.0 is in wide use – Set up a slice, deploy a second OESS, deploy new version of FOAM SOtching Aggregator – When it’s tested and ready, move to the producOon OESS stack • Network Research • Service Prototyping – Network researcher has a be\er idea how to do networking – Set up a slice, deploy new network controller, write paper – – – – • Look at alternaOves to AL3S Implement a route server that speaks OpenFlow on southbound interface with no routers Deploy in a slice, begin peering with other domains Over Ome transiOon to new services Private Networks – Want something akin to AtlanOc Wave, original vision for LHCONE, or GENI Virtual Network – Set up a distributed SDX across mulOple domains SDX OESS Local VLAN Provisioning Service FlowSpaceFirewall Virtual Switch Physical switch SDX1 SDX OESS OESS Local VLAN Provisioning Service Local VLAN Provisioning Service FlowSpaceFirewall Virtual Switch Physical switch FlowSpaceFirewall Physical switch Local VLAN Provisioning Service FlowSpaceFirewall Virtual Switch Virtual Switch SDX1 OESS SDX2 Physical switch SDX3 SDX NSI NSI OESS OESS Virtual Switch Physical switch FlowSpaceFirewall Physical switch Local VLAN Provisioning Service FlowSpaceFirewall Virtual Switch Virtual Switch SDX1 OESS Local VLAN Provisioning Service Local VLAN Provisioning Service FlowSpaceFirewall NSI SDX2 Physical switch SDX3 Multi-Domain SDX Super SDX OESS Super SDX Super SDX OESS OESS Local VLAN Provisioning Service Local VLAN Provisioning Service FlowSpaceFirewall Virtual Switch Physical switch FlowSpaceFirewall Virtual Switch Virtual Switch Local VLAN Provisioning Service FlowSpaceFirewall Virtual Switch Virtual Switch Virtual Switch SDX1 OESS Physical switch SDX2 Physical switch SDX3 Multi-Domain SDX Super SDX OESS Super SDX Super SDX OESS OESS Local VLAN Provisioning Service Local VLAN Provisioning Service FlowSpaceFirewall FlowSpaceFirewall Virtual Switch Virtual Switch Virtual Switch Physical switch Virtual Switch Virtual Switch Virtual Switch Virtual Switch Physical switch Physical switch OESS Local VLAN Provisioning Service FlowSpaceFirewall Virtual Switch Virtual Switch Virtual Switch Physical switch SDX2 Physical switch SDX3 Multi-Domain SDX Super SDX GENI Controller Super SDX Super SDX OESS OESS Local VLAN Provisioning Service Local VLAN Provisioning Service FlowSpaceFirewall FlowSpaceFirewall Virtual Switch Virtual Switch Virtual Switch Physical switch Virtual Switch Virtual Switch Virtual Switch Virtual Switch Physical switch Physical switch OESS Local VLAN Provisioning Service FlowSpaceFirewall Virtual Switch Virtual Switch Virtual Switch Physical switch SDX2 Physical switch SDX3 OESS Multi-Domain SDX OESS OESS Super SDX FlowSpace Firewall Super SDX Super SDX OESS OESS Local VLAN Provisioning Service Local VLAN Provisioning Service FlowSpaceFirewall FlowSpaceFirewall Virtual Switch Virtual Switch Virtual Switch Physical switch Virtual Switch Virtual Switch Virtual Switch Virtual Switch Physical switch Physical switch OESS Local VLAN Provisioning Service FlowSpaceFirewall Virtual Switch Virtual Switch Virtual Switch Physical switch SDX2 Physical switch SDX3 Multi-Domain SDX OESS Super SDX Super SDX OESS Super SDX Super SDX Super SDX Super SDX OESS OESS Local VLAN Provisioning Service Local VLAN Provisioning Service FlowSpaceFirewall Virtual Switch Physical switch FlowSpaceFirewall Virtual Switch Virtual Switch Virtual Switch Local VLAN Provisioning Service FlowSpaceFirewall Virtual Switch Virtual Switch Virtual Switch OESS Virtual Switch Virtual Switch Virtual Switch Virtual Switch Virtual Switch Physical switch Physical switch Virtual Switch Virtual Switch Physical switch SDX2 Physical switch SDX3 Multi-Domain SDX NORDUnet Super SDX Super SDX Internet2 Super SDX Super SDX Super SDX Super SDX OESS OESS Local VLAN Provisioning Service Local VLAN Provisioning Service FlowSpaceFirewall Virtual Switch Physical switch FlowSpaceFirewall Virtual Switch Virtual Switch Virtual Switch Local VLAN Provisioning Service FlowSpaceFirewall Virtual Switch Virtual Switch Virtual Switch OESS Virtual Switch Virtual Switch Virtual Switch Virtual Switch Virtual Switch Physical switch Physical switch Virtual Switch Virtual Switch Physical switch SDX2 Physical switch SDX3 Overview • • • • Inter-­‐domain SDN SDX & Network VirtualizaOon NDN (Named Data Networking) What is Named Data Networking (NDN) • NDN is one of five projects funded by the NaOonal Science FoundaOon under the Future Internet Architecture program • NDN uses data instead of locaOon for route decisions and content delivery • All data object are named • The user asks the network for data instead of going to a locaOon to get data • AutomaOc cashing to opOmize bandwidth • NDN secures the content instead of the container NDN ConsorOum • UCLA, Washington University St. Louis, Univ. of Memphis, … were some the leaders to help to establish a Named Data Networking consorOum of UniversiOes and Technology leaders. • The NDN team is developing a new fundamental architecture to replace the Transmission Control Protocol/Internet Protocol (TCP/IP) suite, the underlying approach to all communicaOon over the Internet. • h\p://named-­‐data.net/project/ NDN testbed h\p://ndnmap.arl.wustl.edu/ NDN testbed (cont.) • Deployable now as a overlay (TCP/IP) network or layer2 transport • Testbed of 15 routers on Internet2/GENI • To parOcipate in the NDN testbed – Sofware router and C library implementaOon available for download – Client code available in C++, Python, Java, and Javascipt • h\p://named-­‐data.net/codebase/plaporm/ Thank You CANS 2014 September 15, 2014 John Hicks, Internet2 jhicks@internet2.edu
