Duke University SDN Approaches and Uses GENI CIO Workshop – July 12, 2012.

Duke University

SDN Approaches and UsesGENI CIO Workshop – July 12, 2012

Duke Network – Current State• Duke’s existing infrastructure has a great deal

of flexibility– Campus core is 20Gbps today (40Gbps soon)– External connectivity is 20Gbps today– Extensive wireless (~3200 802.11n APs) + Wired– Utilizes MPLS/VRF (VPN Routing and Forwarding)

technologies throughout the campus (multi bldg depts, etc)

• More than 65 VPNs operating today, from PCI to e-PHI• Custom firewalls can be deployed for any VRF

– IPS/IDS operating at network Interchange Layer• Inspects traffic in/out of Duke and VRF-to-VRF

Duke Network – Current OperationMCNC

(Commodity + I-2/NLR)

Campus“Backbone”

InterchangeLayer

DukeSharedCluster

ResourcePhysics

Department

Institute for

Genome Sciences &

Policy

Duke Network – Current OperationMCNC

(Commodity + I-2/NLR)

Campus“Backbone”

InterchangeLayer

DukeSharedCluster

ResourcePhysics

Department

CurrentCross-domain

Data Flow

Institute for

Genome Sciences &

Policy

Duke Network – Limitations• VRFs (VPNs) are configured by central IT– We’d like to give scientists more control and

flexibility to create their own private VPNs with their collaborators on the campus network

• IPS/IDS can add latency and complexity– We’d like known (safe) transmissions on campus

to proceed without exhaustive security checks• External “big data” collaborations are the norm– We’d like to enable faster transmissions + more

flexibility to access resources (cycles, storage) outside of Duke (without clogging the core network)

Duke Network – SDN Approach• Leverage existing enterprise infrastructure and

provide a bridge mechanism to enable SDN at the “edge” and take advantage of VRF capabilities where SDN is not yet deployed (in the “core”)– Retain the “rock solid” nature of the production

network, WITHOUT creating a totally separate and independent physical research network

• Extend Exo-GENI access via SDN capabilities• Enable “regular traffic” routes + “HOV/express”

routes with planned points of ingress/egress– Enable scientists to opt-in to SDN connectivity as well

as Exo-GENI capability

Give scientists easy access to virtual slices (network, computation, storage) whether at Duke or beyond

Duke Network – Current OperationMCNC

(Commodity + I-2/NLR)

Campus“Backbone”

InterchangeLayer

DukeSharedCluster

ResourcePhysics

Department

Institute for

Genome Sciences &

Policy

Duke CS – Exo-Geni Research

RENCI’s BreakableExperimental

Network (BEN)

SDN Enabled Only for ExoGENI Research Project in CS, with Direct Connection by-passing Duke

Network

Duke Network – Future OperationMCNC

(Commodity + I-2/NLR)

Campus“Backbone”

InterchangeLayer

DukeSharedCluster

ResourcePhysics

Department

Institute for

Genome Sciences &

Policy

Duke CS – Exo-Geni Research

RENCI’s BreakableExperimental

Network (BEN)

SDN Capability Added to Edge Sites with Know Use Cases:

Physics (DYNES and big data transfers externally), IGSP

(research with ePHI implications)

Duke Network – Future OperationMCNC

(Commodity + I-2/NLR)

Campus“Backbone”

InterchangeLayer

DukeSharedCluster

ResourcePhysics

Department

Institute for

Genome Sciences &

Policy

Duke CS – Exo-Geni Research

RENCI’s BreakableExperimental

Network (BEN)

FutureCross-domain

Data Flow: SDN-Mediated

+ Prepositioned-VRFs to Enable Shortest

Path, bypass Interchange

Pre-positionedVRF Segment

Prepositioned VRFs

• Prepositioned VRFs can be used to connect an SDN edge endpoint with know collaboration sites in the core (non-SDN) network

– Traffic routes around campus interchange layer• Avoids IPS/IDS checks – faster transmission of “big data”

for researchers• Point-to-point routes mean less traffic in the “core” -

benefits other university users

– Benefit to the SDN users: potentially higher bandwidth, lower latency paths

Expressway Links

• Med-/Long-term SDN connections between known (frequently accessed) end-points

– Establishes direct traffic routes • Benefits are even greater than prepositioned VRF

(even more direct), but less scalable since SDN required on both sides and fiber capacity needed between end-points

– Enables ExoGENI experimentation and access to compute, storage and network “slices” beyond Duke to other SDN-enabled sites & ExoGENI racks

Duke Network – Future OperationMCNC

(Commodity + I-2/NLR)

Campus“Backbone”

InterchangeLayer

DukeSharedCluster

ResourcePhysics

Department

Institute for

Genome Sciences &

Policy

Duke CS – Exo-Geni Research

RENCI’s BreakableExperimental

Network (BEN)

FutureExternal

Data Flow: SDN-Mediated“Expressway”

Links: Enable Layer2 Transport and

ExoGENI Resource Access

I-2/ION

External Data Flow

• SDN-enabled edge points can connect through a (pre-established) set of VPNs in the campus core (Layer 3) to reach external destinations

• Where Expressway Links exist and connect to ExoGENI, SDN-enabled edge points can connect via BEN-ExoGENI (Layer 2) to reach external destinations