Hybrid MLN DOE Office of Science DRAGON Hybrid Network Control Plane Interoperation Between Internet2 and ESnet Tom Lehman Information Sciences Institute.

Hybrid MLNDOE

Office of Science DRAGON

Hybrid Network Control Plane Interoperation Between Internet2 and ESnet

Tom LehmanInformation Sciences Institute East, University of Southern California

Chin GuokNetwork Engineering Services Group, ESnet

Andy Lake, John VollbrechtUniversity Corporation for Advanced Internet Development, Internet2

ESCC/Internet2 Joint Techs Summer Meeting

July 16, 2007

Fermi Lab

Batavia, Illinois

Hybrid NetworksHeterogeneous By Nature

• Hybrid networks are extremely heterogeneous at several levels

• DataPlane can be constructed from• router based Multiprotocol Label Switching (MPLS)

tunnels• Ethernet VLAN based Circuits• Synchronous Optical Network / Synchronous Digital

Hierarchy (SONET/SDH) circuits• Wavelength Division Multiplexing (WDM) connections• Combinations of the above

Hybrid NetworksHeterogeneous By Nature

• Control Planes can be based on• Multiprotocol Label Switching (MPLS)• Generalized Multiprotocol Label Switching (GMPLS)• Web Services• Management Systems• Combinations of the above

• Client (user) services or attachment points could be• Ethernet• SONET• IP Router• InfiniBand

Hybrid NetworksWeb Service Control Plane Interfaces

• Web Services provides a mechanism to deal with heterogeneous control planes• inspired by the standards bodies work on control plane protocols,

but not just recreating that work at the web service level • Better described as using control plane techniques to develop a

“service plane”

Ethernet/L2SC(Dataplane)

SONET/TDM(Dataplane)

Router(MPLS)/PSC(Dataplane)

GMPLS(I-NNI)

MPLS(I-NNI)

Management System(I-NNI)

Inter-Domain Controller (IDC)

WS E-NNIWS E-NNI

WS UNI WS UNI

IDC

IDCWS I-NNI IF

WS I-NNI IF WS I-NNI IF

Hybrid NetworksWeb Service Control Plane Interfaces

• Four Primary Web Services Areas: • Topology Exchange, Resource Scheduling, Signaling, User Request

Hybrid NetworksControl Plane Architecture

• The benefits offered by Web Services include• standardized mechanisms for user authentication and policy

management• flexible features for interfacing with a diverse set of I-NNI

mechanisms• Allows focus on several issues that current control plane work

has not addressed in a robust manner:• scalability, stability, security, flexible application of policy, AAA,

scheduling

• Will still allow for peering domains with compatible non web service E-NNI (i.e. GMPLS based) to utilize that as desired• a domain might peer with one domain at GMPLS level, and

another at the Web Service level

Web Service based E-NNIThree Main Components

• Routing• Topology Exchange• Domain Abstraction• Varying levels of dynamic information

• Resource Scheduling• Multi-Domain path computation techniques• Resource identification, reservation, confirmation

• Signaling• path setup, service instantiation

Web Service Based Multi-Domain Provisioning – Collaborative Effort

• Architecture and Web Services Design effort is a collaborative effort between:• Internet2• ESnet• DANTE (GEANT, Autobahn)

• Also collaborating with University of Amsterdam on Token based RSVP signaling and topology exchange

Internet2 and ESnetImplementation Goals and Methods• Goal • Dynamically provision layer 2 circuits between Internet2

network and ESnet/SDN

• Methods• Use existing control plane software where appropriate• Provide multidomain AAA architecture for message

exchanges• Exchange topology information• Coordinate the scheduling of resources• Signal circuit setup between domains

Control Plane Software

• OSCARS (Web Service)• Started by ESnet, merged with Internet2’s

BRUW project in 2006• Web service architecture, interfaces to lower

level network specific provisioning systems• Vendor based MPLS L2VPN (Martini Draft)

• Internet2 DCS/HOPI• DRAGON (NSF funded project in development

by USC/ISI EAST and MAX)• Uses GMPLS protocols to build layer 2 circuits

OSCARS Architecture

End-HostApplication

User

Topology

LinkReservations

Policy

Web-UserInterface

Path Setup(MPLS)

BandwidthScheduler

AuthenticationAuthorization

Path Setup(GMPLS)

OSCARSResourceManager

ResourceManager

Customer Site External Peer

Web-Services Interface(Signed SOAP Messages)

I-NNI

OSCARS• Web Services• Source host, destination host, bandwidth, start

time, end time

• “Book-ahead” scheduling• Multidomain AAA architecture using X.509

certificates• Uses traceroute for path calculation• Each domain configures MPLS tunnels on

Juniper routers at requested time

DRAGON

• Virtual Label Switched Router(VLSR)• PC based control plane software• Manages and provisions various network

equipment such as ethernet switches, SDH/SONET • Signaling with RSVP packets

• Network Aware Resource Broker (NARB)• Stores topology in OSPF-TE database• Performs inter/intradomain path calculation• Exchanges interdomain topology

OSCARS-DRAGON Integration

AAA and Security

• OSCARS AAA• SSL Encryption• Authentication• X.509 Certificates• User to Domain• Domain to Domain

• Web Service Security by OASIS• SAML assertions about end-user (future)

• Authorization• OSCARS attribute based system

Topology Exchange

• XML topology schema• Developed by DICE• Domain, Node, Port, Link hierarchy• Namespace extension to the

NMWG/PerfSonar Topology Schema

• Interdomain exchanges between OSCARS servers via web services

• Topology storage flexible• NARB, XMDR, static file

• Path Computation by NARB or other component that uses topology data

Resource Scheduling

• OSCARS web service message• Source port, destination port, bandwidth,

start time, end time• Optional parameters such as VLAN tag

• Generates information important to later signaling• Global-ID, secure token

• Stored in OSCARS reservation database

Signaling

• XML signaling• OSCARS receives XML signaling message• Contacts VLSR to initiate path setup• Could also talk to Juniper router or other device

• RSVP signaling• User signals VLSR directly• Token-based signaling developed by University

of Amsterdam’s Phosphorous project• Token, Global Reservation ID

Timelines and Future Work

• Timeline• Hope to have test release by end of Summer

2007• Official release in Fall 2007

• Future Work• Continue collaboration with international

partners• Explore use of federated identity software such

as Shibboleth

Questions/Comments?

• Tom Lehman ([email protected])

• Chin Guok ([email protected])

• Andy Lake ([email protected])

• John Vollbrecht ([email protected])