NORDUnet International Activities toward a Future Internet
Transcript of NORDUnet International Activities toward a Future Internet
NORDUnetNordic Infrastructure for Research & Education
NORDUnet International Activities toward a
Future Internet
Jerry SobieskiDirector, International Research InitiativesNORDUnet
Presented APAN 28July 23, 2009
Kuala Lumpur, ML
NORDUnetNordic infrastructure for Research & Education
What features do we need/expect in the Future Internet ?
• Virtualization• Generalized cyber-resource virtualization (apps, networks,..)• Separation of name/location (imbeded inteligence, mobility)
• Federation• Shared physical infrastructure (possible due to virtualization)• Decentralized/non-hierarchical organization
• Security and Reliability• Encrypted computing (virtual security domains)• Resiliency analysis and virtual mapping for robustness
• Hybrid Services• Layer2 services – automated integrated provisioning agents• Wireless sensor nets – particularly remote (polar) regions
NORDUnetNordic infrastructure for Research & Education
Thoughts, Observations, and Guesses
• FI will need to be highly dynamic - support heterogeneous and modular services
• IP Classic (Best Effort ) in addition to:• Hybrid services with hard QoS
• Layer2 and/or TDM services, • Lambdas,• VPNs
• Formalized service definitions and community based consensus engineering standards
• Modular & configurable services & protocols• {Reliable transport} + {encryption} +
{congestion control} + {rdma | {IPv4|v6|vn} } + • “Network” will integrate deeper into traditional
“inter-processor” communication
NORDUnetNordic infrastructure for Research & Education
• FI physical resources will be federated • Network topologies will be virtualized to leverage
shared physical infrastructure (not centrally owned or managed at every layer)
• Network operators will rely on automated agents to provision, monitor, secure virtual topologies that realize strategic relationships
• Networks will set up TE links • Affinity groups will provision ASNs• Automated agents will manage routing and
addressing and access
Thoughts, Observations, and Guesses
NORDUnetNordic infrastructure for Research & Education
Thoughts, Observations, and Guesses
• Future Internet will be virtualized• Strict 7-layer model will go by the wayside
(already?)• Network topologies will be virtual and dynamic• Notions of network service delivery points will not
directy correspond to physical network addresses• There will be no “One True Internet Protocol” – the
network will support hetergeneous protocols and inter-operability will be at a higher [virtual] layer… (yikes!)
• Virtualization will extend to all cyber-infrastructure requiring comprehensive integration of network and [traditionally] non-network resources
NORDUnetNordic infrastructure for Research & Education
Thoughts, Observations, and Guesses
• Make no mistake: Mobility will be a big nut to crack… but this is not one of NORDUnet’s primary focii…
• With exception of authentication and related access
• Wireless and mobile are not the same problem..• Wireless sensor nets will be challenging new
architectural features of FI• New tool for environmental science in harsh and
remote regions – polar regions of particular note for NORDUnet
• Ocean, atmospheric, meterlogical, space, ice sheets, geological, remote areas,…
• As well as densely populated areas• Micronets (nanobots..)
NORDUnetNordic infrastructure for Research & Education
• Future Internet functionality will necessarilly imbed more intelligence and services within the network
• Name/locator separation• Ex: content distribution networks• Intelligent CDN-like services will spool
information and replicate and migrate that information to where the consumers reside
• Application processes will decide when to move or replicate information, network processes will map UIDs to topological resource location specifics -> integrated intelligent services
Thoughts, Observations, and Guesses
NORDUnetNordic infrastructure for Research & Education
Current NORDUnet Activities
• Target technologies for Applied Research projects with collaborators in US, EU, and PacRim:• Federated and Virtualized experimental networks• Automated network configuration and IaaS/NaaS• Generalized Resource Mgmt Services Architecture
(application layer)• Resilient Networks • Data intensive [distributed]applications over hybrid
networks• Secure computing in untrusted cyber-environments
NORDUnetNordic infrastructure for Research & Education
Current NORDUnet Activities
• Near term activities:• US IRNC partnership(s)• EU FIRE – Experimental network architectures• US GENI – Global experimental infrastructure
• Hybrid Networking • OGF NSI-WG• NORDUnet DCN TestLab• North Atlantic Crossing (infrastructure enhancements)
• Exisiting efforts• GEANT3 tasks:
• SA2 – interdomain services, JRA1 – Hyrid/AutoBahn service
• MANTICORE II – Virtual networks and automated IP configurations• FENRIR – Internationally contributed experimental networking
resources and generalized resource management and control• CineGrid – Data intensive globaly distributed digital media
management and distribution
NORDUnetNordic infrastructure for Research & Education
Virtualization
• Separate the “application” function(s) from the underlying physical resources on which they run…• Ex: Virtual Hosting, VPNs, distributed file systems, cloud
computing,
• Problem: no common architecture that provides a unified and generalized cyber-resource service model
• Future Capabilities• Formalized specifications for application functionality
and resource requirements• Automated agents for maping application service
requirements to appropriate resource infrastructure• Separate service “locator” from the network address
NORDUnetNordic infrastructure for Research & Education Federated and Virtualized
Experimental Network Technologies
• FENRIR - Federated Experimental Network Resources for International Research
• A collaboration of national and international R&E organizations to create a pool of experimental network research facilities that have a global reach.
• Lead by Dr. Driss Benhaddou (University of Houston) and Jerry Sobieski (NORDUnet)
• Currently includes collaborators from AARnet, JGN2+, KREOnet & KOREN, Pacific Wave, TWAREN, SURFnet, PSNC, StarLight/ICAIR, MANLAN/NYSERnet, Northrup Grumman Corp., NORDUnet,
• Disucssion with RNP, and hopefully others will follow
NORDUnetNordic infrastructure for Research & Education
FENRIR Project
• Objectives:• FENRIR postulates a “generalized” dynamic cyber-
resources architecture that includes any type of • a) Harware resource: network, computation, storage,
visualization, instrument, or sensor related resource, and• b) functional software resources: ex: correlation
functions, information repositories, etc
• To develop and demonstrate an automated cyber-infrastructure services model in which global cyber-infrastructure can be quantized into dynamically allocatable units that can then be assembled under user control to create virtualized application specific cyber-environments.
NORDUnetNordic infrastructure for Research & Education 2009 FENRIR Participants
AARnet
NORDUnet
SYD
CPH
POZ
NYCLAX
STO
SURFnetHOU
AMS
PSNC
CHIMANLA
N
JGN2TOK
StarLight
Pacific Wave
iCAIRNYSERnet
Mar 5, 2009
WDC
NGC
TWAREN
TEI
KREOnet/KORENDAE
Univ. ofHouston
NORDUnetNordic infrastructure for Research & Education
FENRIR – the elevator speech
• FENRIR has two main components:• A pool of cyber-resources contributed by participants that span
the globe – the “experimental network resources”• A software development effort to automate the description,
advertisement, allocation, and use of those resources – the Generalized Resource Management System (GRMS) architecture.
• Key research issues:• How do you virtualize physical network and telecom
resources? • How do you virtualize distributed applications?• How do you formalize these concepts in order create a
comprehensive and extensible cyber-infrastructure services model?
• These issues include authorization, user control, privacy, scheduling, negotiation, and will enable/support studies such as resiliency planning, secure computing, and data intensive
NORDUnetNordic infrastructure for Research & Education FENRIR GRMS – Allocation Phase
ResourcesFormal Textual
DescriptionResource Computational_Node {
Characteristic Arch = Intel_Generic;Characteristic Mem = 4 GB;Characteristic Clock = 2.4 GHz;Characteristic Local_Storage = 100 GB;Resource_Mgr clusterman.sdsc.edu 2020;Instance “Node01” 128.8.120.01 2021;Instance “Node02” 128.8.120.02 2021;Instance “Node03” 128.8.120.03 2021;
}
Other Resource ManagersResource
Database3
21
Computational nodes
Storage facility
Instrument
Resource Database of all resources managed by this
resource manager
Resource Brokers
4
Resource Manager
5
NORDUnetNordic infrastructure for Research & Education GRMS – User perspective
3
2
1
Resource Brokers
4
Resource Manager
6
Application “Master” agent
User requests certain resources
Brokers contact owners to qualify request and provide pointers to resource owner (resource manager)*
Managers return tickets for reserverd resources
User confirms reservation with RM
User initializes and controls resource instance via resource interface protocol
Resource“Minion” agent
Resource Manager
Resource Instances
Resource Instances
Formalized Application Specificatio
n
5
NORDUnetNordic infrastructure for Research & Education
Experimental Networks
• What is an Experimental Network?• Can we construct a shared “instrument” (ala
LHC) that will serve network research • How should we design and build telecommunications
and networking facilities that enable a broad range of non-conventional (disruptive) ideas to be deployed and evaluated with realism at scale?
• What specific types of experiments will it support?• Ex: GENI, FENRIR, NETSE, FIRE, FEDERICA,…
• Virtualization, generalized cyber-infrastructure architecture, federation, dynamic provisioning, multi-layer abstractions, cross layer communication, modular protocols…
NORDUnetNordic infrastructure for Research & Education
Cloud Computing
• Over-hyped commercial services for small scale outsourcing…• Old notion within R&E community… • But what if recent cost reductions and practical technical
advances now enable CC to [finally] find a critical mass? • What are challenges?
• E.g. historically limited by network capacity, latency, and cost, and automated software engineering tools
• Dynamic, scalable, and autonomous allocation processes of resources become important (if not critical)
• How do we trust such cloud computing models? • How do we secure information in an untrusted environment?
(medical records, financial data, etc)• How do we secure the data analysis processes (proprietary
algorithms, code) ?
NORDUnetNordic infrastructure for Research & Education
Known (trusted) resources
Untrusted cloud resources pose a privacy and security risk
Secure Cloud Computing
• How can we trust an unknown cloud resource?• Can we be sure the information we distribute to cloud
resources will not be hijacked?• Can we be certain the algorithms we deploy to cloud
resources won’t be hijacked?
S
Known (trusted) Security perimeter
Encrypted (trusted) Transport
NORDUnetNordic infrastructure for Research & Education
Untrusted Cloud Resource
Encrypted (Secure) Cloud Computing
• A public virtual machine is installed on the cloud resource• Both the data and the algorithm are encrypted• And delivered to the untrusted resource for processing• The computation is performed in the encrypted space – and
encrypted result(s) are returned.• Results are unencrypted within the secure perimeter• No clear text information ever leaves the security
perimeter
S
Known (trusted) Security perimeter
VMFUNC
IN
OUT
#%$^&%
* VM!(&@#
#%$^&%
*
NORDUnetNordic infrastructure for Research & Education Resilient Networks
• “Katrina” is now a verb.• As in: “Our entire bay area operations got katrina’d by the
earthquake and subsequent tsunami and fires.”
• Recent Disasters:• Indian Ocean Tsunami• Pakistan Earthquake• Hurricane Katrina, Rita, Ike, …• Buncefield Refinery Fire (UK)• Baltimore Tunnel Train Fire (US)• 9/11 (US)• London Tube Bombing (UK)• ChengDu, China Earthquake (CN)
• Lesson: serious ^#% happens…• Not “if”,…but “when”.• Our FI virtualized infrastructure must be resilient in the face of
large, rolling, and sustained failure modes
NORDUnetNordic infrastructure for Research & Education
Resilient Networks- An example
Pre-Katrina Failure Mode
Radius
Post-KatrinaRadius
NORDUnetNordic infrastructure for Research & Education Resilient Networks
• Disaster Recovery (DR), Business Continuity (BC), and Cyber-Defense are no longer isolated notions that deal with a building fire, spot event, or isolated hacker.• Disaster radius is now measured in 100+ km• Event duration is considered to be weeks (sometimes longer)• Recovery Time Objectives (RTO) and Recovery Point
Objectives (RPO) are converging to zero impact. • As the event radius increases, customers, suppliers,
collaborators, etc *all* disperse their IT operations • Small radius events affect one or two adjacent application
resources but the overall infrastructure remains operational• Large radius events will knock out a large segments of the IT
infrastructure and other inter-organizational facilities• This will cause all affected organizations to revert to backup or
secondary facilities simultaneously • Result: Major and sudden shift in traffic loading on the network
affecting performance or even overwhelming normally underutilized telecommunications links.
NORDUnetNordic infrastructure for Research & Education Resilient Networks
• Research Agenda:• How can multi-institutional telecommunications relationships
be captured? What are the salient characteristics of such applications and/or services?
• How do you develop integrated failure mode resiliency planning?
• Integrate DR/COOP/BC across the entire supply chain• Integrate network protection and mitigation with “nodal” (data
center) resiliency/recovery planning• How should live applications deal with shifting network
characteristics? (e.g. database coherency)• How do resilient architectures affect network engineering,
capacity planning, prioritization, etc.
• How do we adapt virtualization of major infrastructure in order support resiliency? (ala GRMS)• Other topics will certainly become apparent as we pursue the
issues…
NORDUnetNordic infrastructure for Research & Education
Next Gen Information Repositories
• Building “knowledge” repositories – a crucial new challenge facing e-science• Globally distributed storage facilities that incorporate raw data,
processed information, analysis results, and• Authenticated sequences of inferences and models used to
construct this knowledgebase • Meta-Data management – provinence, tagging, etc.• Access – security & privacy – as governed by multi-national legal
requirements (policy enforced within a virtualized application space rather than strictly within national borders)
• Access – performance at a global scale• Multi-discipline – data integration• Exponential growth.
• How should Future Internet technologies enable, support, and enhance the management of information?
NORDUnetNordic infrastructure for Research & Education
Distributed Storage
• Novel approaches within a Future Internet virtualization framework:• Publish/subscribe architectures applied to
addressing and network control planes • Particularly interested in the overlap of UID/Locator
separation (Future Internet Hot Topic)• Tightly coupled data+authorization, i.e. can we
define a notion of <data> that is atomic and includes authorization policy?
• Network-based storage models for high speed real-time and near real-time content distribution applications• Simplified streaming HD/SHD video, E-VLBI
streams..
NORDUnetNordic infrastructure for Research & Education
2009 Activities
• Dynamic Circuits Hands On Workshop• Technical workshop covering architecture,
engineering design, configuration, and verification of dynamic circuit based services
• Covers GMPLS standards for intra-domain provisioning, and IDC software for inter-domain, best current practices, etc
• Jan 21 & 22, Copenhagen• May 13 & 14, Copenhagen• Perhaps others in APAN regions?
NORDUnetNordic infrastructure for Research & Education
NORDUnet DCN Test Lab
• Dynamic Circuits Networking Test Lab• Deploy the DCN/IDC softwre in an experimental
environment such that users can employ it, and the the Nordic O&E teams can develop BCPs for such services
IDC
VLSRSwitch element
STO
CPHHAM
NORDUnetDCN XFNordic NRENs
DCN XF
Other NRENs
NORDUnetNordic infrastructure for Research & Education
DCN Test Facility
• The NORDUnet DCN Test Facility is a distributed experimental facility:• Stockholm, Copenhagen, Hamburg• Allows other networks, participants to easily connect
or otherwise access and take advantage of it.
• The facilitity will be used to test and evaluate other dynamic circuit service models as well• E.g. DRAGON, AutoBahn, DRAC, UCLP, MANITCORE,
G-Lambda, etc.
• The NORDUnet DCN Test Facility will be important component of FENRIR.
NORDUnetNordic infrastructure for Research & Education
2009 Activities
• Ongoing Int’l meetings:• TERENA – Malaga, Spain - June ‘09• WRNP – Recife, Brazil – RNP workshop on hybrid networks and
experimental research networks• OGF – Research Triangle Park, US – Jun’09 • Korea- June 2009, Meetings with KREONET and KOREN
(Daejeon), Conference on Future Internet (Seoul)• Japan – June 2009 NICT + AIST• APAN 29 – Kuala Lumpur, Malyasia – Jul’09• GENI GEC5 – Seattle Jul’09• GLIF – Daejeon, KR – Oct’09• CANS – Beijing, CN – Nov’09 (tentative)• ACM-VISA conference, Barcelona, Spain – Aug’09• NORDUnet 09 – Copenhagen –Sep’09• Internet2 – San Antonio, US – Oct’09• Supercomputing – Portland, US, Nov 09
NORDUnetNordic infrastructure for Research & Education
Toward more robust and broad reaching goals…
Nuuk
London
Copenhagen
Amsterdam
New York
Halifax
St. John’s
Reykjavik
ReykjavikNORDUnet POPCanarie POPTransit POP
Chicago
CPH-REY (NORDUnet – 10 Gbit) REY-CAN (NORDUnet – 10 Gbit)CAN-NYC (Canarie – 10 Gbit)NYC–CPH – (NORDUnet – 10 Gbit)
Oslo
Stockholm
Helsinki
ICE-Link
NORDUnetNordic infrastructure for Research & Education
NORDUnet Washington Office
• NORDUnet now has office in Washington,DC.• Supports meetings, video conferencing, high
performance networking demonstrations, HD presentations, transient work space
• Next to US National Science Foundation
NORDUnetNordic infrastructure for Research & Education
The End
• Join us for the 25th NORDUnet ConferenceSept 16-18, 2009Copenhagen, DK
• Thank You!
• Jerry Sobieski• +1-301-346-1849• NORDUnet (Washington DC Office)