PPT Slide - PPT 2.4 MB

31
The MANTICORE Project: Providing Users with a Logical IP Network Service Victor Reijs, HEAnet Eduard Grasa, Fundació i2cat MANTICORE Partners (self funded project)

description

 

Transcript of PPT Slide - PPT 2.4 MB

Page 1: PPT Slide - PPT 2.4 MB

The MANTICORE Project: Providing Users with a Logical IP Network Service

Victor Reijs, HEAnetEduard Grasa, Fundació i2cat

MANTICORE Partners (self funded project)

Page 2: PPT Slide - PPT 2.4 MB

Agenda

• The MANTICORE Project Vision

• MANTICORE Implementation

– The IaaS Framework (UCLP Evolution)

– User Roles

– Software Architecture

• How does it work: GUI preview

• DEMO at TNC 2008

• Future work: MANTICORE and RPSL

2

Page 3: PPT Slide - PPT 2.4 MB

MANTICORE project

• A Web Service based system that provides the User (NOC and/or end user) with the ability to define and configure of its own physical and/or logical IP network

• Project partners:– HEAnet, i2CAT, Juniper, NORDUnet,

RedIRIS

3

Page 4: PPT Slide - PPT 2.4 MB

Service specification

• Define the edge ports of the IP network

• Define the external Routing Service (policy)

• In case there are preferences on internal transport services, QoS: the internal Routing Service metric

• If available: IP address space

4

Page 5: PPT Slide - PPT 2.4 MB

The MANTICORE vision

Physical Router

Logical Router

Physical Link

User Site

Each user’s IP network is represented by a

different color

5

Other user’s IP Network or the

Internet

Logical Link

Page 6: PPT Slide - PPT 2.4 MB

Logical IP network

• Logical IP network should guarantee route integrity in contrast with point to point links/lightpath/lambdas

• Two Routing Services (RPSL):– internal routing (pure internal configuration

and making directly connected ports explicit)

– external routing (other networks, directly connected hosts and propagation of external routing info)

6

Page 7: PPT Slide - PPT 2.4 MB

RPSL defines Routing Services: examples

7

• Sample RPSL and configs arising from our demo layout– eBGP AS1->AS20– static AS1->AS10

router1.rediris.es

router4.rediris.es

router2.rediris.es

router3.rediris.es

router5.rediris.es

AREA 0

AS10AS20

ge-0/0/0

ge-0/0/0

ge-1/0/0

ge-1/0/0

ge-2/0/0 ge-2/0/0

ge-3/0/0

ge-3/0/0

ge-3/0/0

ge-3/0/0

192.168.0.1

192.168.0.2

192.168.1.1

192.168.1.2

192.168.2.2

192.168.2.1

192.168.20.1

192.168.20.2

192.168.10.1

192.168.10.2

AS1

eBGPlo0: 10.10.1.1/32

lo0: 10.10.1.3/32

lo0: 10.10.1.2/32

lo0: 10.10.10.4/32

lo0: 10.10.20.5/32

static

(network3)

(network2)

(network1)

Page 8: PPT Slide - PPT 2.4 MB

Sample RPSL: BGP to JUNOS

8

aut-num: AS1as-name: network1import: from AS20 # network3 action pref=100; accept AS20export: to AS20 # network3 announce AS1

route: 10.10.20.0/24descr: network3orgin: AS20mnt-by: [email protected]: [email protected]

20080520

protocols { bgp { export local-networks; group ebgp { type external; family inet { any; } neighbor 192.168.20.2 { peer-as 20; description "AS20"; export to-AS20; import from-AS20; } } }}policy-statement from-AS20 { term 1 { from { prefix-list AS20; } then accept };}policy-options AS20 { prefix-list AS20 { 10.10.20.0/24; }}

Page 9: PPT Slide - PPT 2.4 MB

Sample RPSL: Static route -> IOS-XR

9

aut-num: AS1as-name: network1import: protocol STATIC into BGP4 # network2 accept AS10

route: 10.10.10.0/24origin: AS10mnt-by: [email protected]: [email protected] 20080520inject: at 192.168.10.1 action next-hop=192.168.10.2; cost=10 upon static

ipv4 route 10.10.10.0 255.255.255.0 192.168.10.2 10!router bgp 1 address-family ipv4 unicast redistribute static route-policy local-statics!route-policy local-statics if destination in ( 10.10.10.0/24 ) pass endifend-policy

Page 10: PPT Slide - PPT 2.4 MB

The components

• The following components can be distinguished:– Router WS

A logical or physical device with logical/physical ports with

– Routing servicesAbility to route traffic according to certain rules, for internal entities (like Router WS) and external entities (like users or external networks)

– Lower layer WSProvide connectivity at layer 0, 1 and 2 between (user/router) ports

– IP network WSIntegrating the above services

10

Page 11: PPT Slide - PPT 2.4 MB

Agenda

• The MANTICORE Project Vision

• MANTICORE Implementation

– The IaaS Framework (UCLP Evolution)

– User Roles

– Software Architecture

• How does it work: GUI preview

• DEMO at TNC 2008

• Future work: MANTICORE and RPSL

11

Page 12: PPT Slide - PPT 2.4 MB

Infrastructure as a ServiceIaaS and Virtualization

• Virtualization consists of representing a physical device/substrate/datapath as a Software entity (P2V).– Initially started with PC virtualization (VMWare,

VirtualIron, VirtualPC)– Provides Isolation.

• IaaS is equivalent of SaaS for hardware devices.– Amazon and BlueLock pioneer the IaaS service by

renting hardware using proprietary solutions.– Users pay to use shared infrastructures.– Monthly fees or Pay per use.– Long term exchanged compared to on-demand services.– Users control/own the infrastructure.

12

Page 13: PPT Slide - PPT 2.4 MB

UCLP, Argia and the IaaS Framework• Two UCLP research programs were put in place by CANARIE to

provide a virtualization solution for optical networks starting in 2001– UCLP initial goal was to provide end to end paths across domains

(DataPath Virtualization)– UCLPv2 goals were to create reusable and configurable network

blocks (Hardware Partitioning Virtualization)

• UCLPv2 concepts are evolving into many different Physical to Virtual (P2V) products and R&D projects that are built on the IaaS Framework:– Argia -> Product for Optical Networks – Ether -> R&D for Ethernet and MPLS Networks – MANTICORE -> R&D for physical/logical IP Networks – GRIM -> R&D for Instruments and Sensors

RMC MANTICOREETHER

GRIM CHRONOS

13

Page 14: PPT Slide - PPT 2.4 MB

Infrastructure Resource Trading (I): Direct Export

User A

Provider 1

User B

Provider 2

User C

Resource List

Resource ListResource List

Resource List

14

Page 15: PPT Slide - PPT 2.4 MB

15

Infrastructure Resource Trading (II): Broker Sites

Page 16: PPT Slide - PPT 2.4 MB

IaaS Framework Resource Architecture

IaaS Engine (Driver Architecture)

Physical Devices

Transient Information

Resource Representations / Service Interfaces (Java)

Persistent Information

Persistance Layer

DBData Sources LDAPFile

System

WS-Messaging Engines (Axis2, CXF, MiniSOAP)

Web Application Support (MVC)

WS Interface(WS Resource)

CapabilityCapabilit

y

Applica

tion C

onta

iner

Secu

rity Fra

mew

ork

Business Logic

16

Page 17: PPT Slide - PPT 2.4 MB

MANTICORE Software Architecture

17

Router-WS Virtual Resource Services

Ethernet Resource WS

TDM Resource WS

. . .

IP Network

WS

GUI client(s)

RPSL may be used to let the GUI specify high level routing policies (internal as well as external) to the IP Network WS

Transforms the routing configuration abstract description in high level operations that will be invoked in the Router WS over one or more virtual resources

Represent the physical (ports) or logical interfaces (VLANs, TDM Channels) that users can access.

Transforms the high level operations over one or more virtual resources into specific commands that each particular routing device can understand

Netconf

Juniper device

Protocol X

Other vendor device

Protocol Y

Software router

User WorkspaceWS

Manage user accounts, get user credentials, authenticate

Page 18: PPT Slide - PPT 2.4 MB

First implementation limitations

• Only deal with Juniper routers using the Netconf JunOS XML API

• RPSL (will explain later) won’t be used as a means of describing abstract routing configurations (instead, a proprietary simple and limited representation will be used).

• WS-Security: WS Messages are not encrypted nor signed.

• The implementation is a proof of concept, not a complete solution: working prototypes of the services will be implemented, but some features and performance optimization will be left for future work

18

Page 19: PPT Slide - PPT 2.4 MB

Agenda

• The MANTICORE Project Vision

• MANTICORE Implementation

– The IaaS Framework (UCLP Evolution)

– User Roles

– Software Architecture

• How does it work: GUI preview

• DEMO at TNC 2008

• Future work: MANTICORE and RPSL

19

Page 20: PPT Slide - PPT 2.4 MB

Example deployment

• Two organizations:– NREN A: Physical Network Administrator. In this very simple

example it operates a network with one physical router.– i2CAT: Virtual Network Administrator. In this very simple

example it will request two logical routers to NREN A.

• MANTICORE Software deployment

20

NREN A Server:

- User Workspace WS- Ethernet Resource WS- IP Network WS- Router WS

i2cat Server:(optional)

- User Workspace WS- Ethernet Resource WS- IP Network WS

Page 21: PPT Slide - PPT 2.4 MB

• When NREN A first launches the GUI client, it must create a new physical network and add all the routers they want to manage to it.

NREN A discovers the physical router

21

Page 22: PPT Slide - PPT 2.4 MB

NREN A PN Admin creates logical routers

22

• NREN A admin creates some logical interfaces, two logical routers and assigns these logical interfaces to the logical routers.

• He also creates a logical tunnel between the two logical routers (new LT interfaces are created).

Page 23: PPT Slide - PPT 2.4 MB

Creation of virtual links and virtual interfaces

• NREN A PN Admin creates a resource list (list of resources that can be accessed by NREN A or a 3rd party).

• NREN A PN Admin creates virtual interfaces and virtual links (kind of proxy objects that represent the remotely configurable interfaces and links), and adds them to the resource list.

23

Page 24: PPT Slide - PPT 2.4 MB

Exporting resources

• NREN A PN Admin exports the resource list to i2cat (permissions are set on the resources so that i2cat’s users can access and modify the resources on the resource list).

• i2cat APN Admin, launches its GUI Client, logs into the server and downloads the resource list.

24

NREN A Server:i2cat Server:(optional)

Resource List

Page 25: PPT Slide - PPT 2.4 MB

i2cat’s IP Network

• i2cat APN Admin creates a new IP Network and adds the resources of the resource list to it.

25

• Now he can configure the IP parameters of the interfaces, configure IGPs, configure the peering, ...

Page 26: PPT Slide - PPT 2.4 MB

Agenda

• The MANTICORE Project Vision

• MANTICORE Implementation

– The IaaS Framework (UCLP Evolution)

– User Roles

– Software Architecture

• How does it work: GUI preview

• DEMO at TNC 2008

• Future work: MANTICORE and RPS

26

Page 27: PPT Slide - PPT 2.4 MB

TNC 2008 MANTICORE Demo

27

• During the Terena Networking Conference 2008 (Bruges, 19-22 May) at the Juniper booth, the following scenario is going to be demonstrated.

router1.rediris.es

router4.rediris.es

router2.rediris.es

router3.rediris.es

router5.rediris.es

AREA 0

AS10AS20

ge-0/0/0

ge-0/0/0

ge-1/0/0

ge-1/0/0

ge-2/0/0 ge-2/0/0

ge-3/0/0

ge-3/0/0

ge-3/0/0

ge-3/0/0

192.168.0.1

192.168.0.2

192.168.1.1

192.168.1.2

192.168.2.2

192.168.2.1

192.168.20.1

192.168.20.2

192.168.10.1

192.168.10.2

AS1

eBGPlo0: 10.10.1.1/32

lo0: 10.10.1.3/32

lo0: 10.10.1.2/32

lo0: 10.10.10.4/32

lo0: 10.10.20.5/32

static

Page 28: PPT Slide - PPT 2.4 MB

Agenda

• The MANTICORE Project Vision

• MANTICORE Implementation

– The IaaS Framework (UCLP Evolution)

– User Roles

– Software Architecture

• How does it work: GUI preview

• DEMO at TNC 2008

• Future work: MANTICORE and RPSL

28

Page 29: PPT Slide - PPT 2.4 MB

RPSL in MANTICORE• RPSL can be used as a means of describing the external routing policies as

well as the IGP configurations (with minor extensions).

• These RPSL descriptions can be taken as an input by the IP Network WS and then generate the high level operations to invoke at the Router WS (remember the architecture picture).

• Implementation status: RPSL RFCs (2622, RPSL and 4012, RPSLng) have been studied, and some preliminary RPSL descriptions for the MANTICORE use cases have been generated. Not implemented yet due to time constraints.

29

Router-WS Virtual Resource Services

Ethernet Resource WS

TDM Resource WS

. . .

IP Network

WS

GUI client(s)

RPSL may be used to let the GUI specify high level routing policies (internal as well as external) to the IP Network WS

Transforms the routing configuration abstract description in high level operations that will be invoked in the Router WS over one or more virtual resources

Represent the physical (ports) or logical interfaces (VLANs, TDM Channels) that users can access.

Transforms the high level operations over one or more virtual resources into specific commands that each particular routing device can understand

Netconf

Juniper device

Protocol X

Other vendor device

Protocol Y

Software router

User WorkspaceWS

Manage user accounts, get user credentials, authenticate

Page 30: PPT Slide - PPT 2.4 MB

More Future Work

• Integrate MANTICORE with the other IaaS Framework based network virtualization solutions:– With Argia, product for optical networks (TDM, WDM, Fibre).– With Ether, upcoming product for Ethernet and MPLS networks.

• Create drivers for other router vendors

• Add more features to the IP Network WS– Allow APN Admins and end users to create new logical

interfaces– Provide means of describing more complex routing policies – Other?

• Activities within the FEDERICA Project– Achieve interoperability with the IPsphere Framework

(framework for composing multi-stakeholder services)– Provide support for software routers

30

Page 31: PPT Slide - PPT 2.4 MB

Thanks for your attention! More information:

• MANTICORE:

– Victor Reijs, Network Development Manager, HEAnet

Limited ([email protected])

– Sergi Figuerola, Coordinator of the Network Technologies

Cluster, Fundacio i2cat ([email protected])

• IaaS Framework:

– Inocybe Technologies Inc. http://www.inocybe.ca

– IaaS Framework website: http://www.iaasframework.com

31