Internet2 Network: Convergence of Innovation, SDN, and Cloud
Computing Eric Boyd Senior Director of Strategic Projects
Slide 2
= Internet2 Mission University Corporation for Advanced
Internet Development
Slide 3
This is what we have been able to say for the last few years:
The 100G testbed of innovation for tomorrows Internet is available
nationwide, right now.
Slide 4
Abundant Bandwidth 100G, for now Network Programmability
Software Defined Networking (SDN) Network Virtualization Network
Function Virtualization (NFV) Friction-Free Science Science DMZ
Internet2 Community Innovation Story
Slide 5
Abundant Bandwidth 100G, for now Network Programmability
Software Defined Networking (SDN) Network Virtualization Network
Function Virtualization (NFV) Friction-Free Science Science DMZ
Internet2 Community Innovation Story
Slide 6
Slide 7
Abundant Bandwidth 100G, for now Network Programmability
Software Defined Networking (SDN) Network Virtualization Network
Function Virtualization (NFV) Friction-Free Science Science DMZ
Internet2 Community Innovation Story
Slide 8
Internet2 AL3S consists of Juniper MX-960s running as
conventional routers. Internet2 AL2S consists of a heterogenous
mixture of Brocade MLX-16s and Juniper MX-960s. All AL2S nodes run
in pure SDN mode. (For now, OpenFlow 1.0) Have run in production in
this fashion since October, 2012. On this substrate, the hierarchy
of Internet2 services are built. Software-Defined Networking
Substrate
Slide 9
Slide 10
Abundant Bandwidth 100G, for now Network Programmability
Software Defined Networking (SDN) Network Virtualization Network
Function Virtualization (NFV) Friction-Free Science Science DMZ
Internet2 Community Innovation Story
Slide 11
Slide 12
Network Virtualization on Internet2
Slide 13
Slide 14
Slide 15
Control a slice of the national network! Enable: Rapid
prototyping of advanced applications Rapid prototyping of new
network services Rapid advancement of network research
Slide 16
Network Virtualization: Puts members in control of (a slice of)
the network Change in paradigm: Turning the commons on its head
Private network capabilities with shared network costs Large scale
networking is normally about lowest common denominator Large scale
virtualized networking is about creating custom facilities Extend
the local domain into the national (eventually global) arena
Network Virtualization on Internet2
Slide 17
For most applications run in a campus environment, the
traditional routed Layer 3 infrastructure provided by the Internet2
Advanced Layer 3 Service (AL3S) provides all the needed
functionality and performance. For some applications, the ability
to run on a server in a campus environment or on a GENI Rack,
connected by a Layer 2 VLAN, should suffice. For a few advanced
applications, particularly in the network research arena, there is
a need to run their own controller on a virtual network. Network
Virtualization Use Case
Slide 18
Production Service Staging GENI wants to move to Stitching
v3.0, but Stitching 2.0 is in wide use Set up a slice, deploy a
second OESS, deploy new version of FOAM Stitching Aggregator When
its tested and ready, move to the production OESS stack Network
Research Network researcher has a better idea how to do networking
Set up a slice, deploy new network controller, write paper Service
Prototyping Look at alternatives to AL3S Implement a route server
that speaks OpenFlow on southbound interface with no routers Deploy
in a slice, begin peering with other domains Evaluate efficacy,
operational savings Over time transition to new service Use Case
Examples (1)
Slide 19
Private Networks Want something akin to Atlantic Wave, original
vision for LHCONE, or GENI Virtual Network Set up a distributed SDX
across multiple domains Network virtualization experiments are
already underway Prototyping IP over SDN solution (no routers!)
Prototyping cloud-based services Prototyping multi-domain virtual
networks DANCES Use Case Examples (2)
Slide 20
Vendors such as Brocade provide switches that implement
OpenFlow. Through close development partnerships, Internet2 can
deploy advanced technology. Internet2 and Indiana University have
developed a second-generation, open source hypervisor, called
Flowspace Firewall (FSFW). FSFW divvies up the available VLANs on a
network into VLAN ranges, known as slices. FSFW acts as a proxy
between one or more OpenFlow controllers and a set of switches
within a single administrative domain. FSFW only carries OpenFlow
commands from a controller to a switch (or the reverse) if the
command falls within the allocated range of VLANs for that
controller. FSFW acts as a resource protector, ensuring that no
controller overconsumes scarce resources such as the rate at which
OpenFlow rules can be fed to a switch or the number of OpenFlow
entries in the Flow Table. Technology enables Innovation in the
Internet2 Community Technology behind Network Virtualization
Slide 21
Slide 22
Slide 23
Backdrop: Internet2 operates a Layer 2 Service Campuses (e.g.
University of Utah) operate a Layer 2 Service Regional Networks
(e.g. MAX) operate a Layer 2 Service Exchange Points (e.g.
AMPATH/FIU) operate a Layer 2 Service Is there a way to create a
Multi-Domain Layer 2 Service? Common capabilities Willingness to
collaborate Willingness to contribute to a common project Maintain
local control Withdraw at any time Enable (illusion of) global
control Control remote administrative domains No change in
software, just configuration Prototype Multi-Domain Layer 2
Service
Slide 24
Slide 25
Slide 26
Slide 27
Slide 28
Slide 29
Slide 30
Slide 31
Slide 32
Slide 33
Slide 34
Slide 35
Slide 36
Multi-Domain Sample Network
Slide 37
Abundant Bandwidth 100G, for now Network Programmability
Software Defined Networking (SDN) Network Virtualization Network
Function Virtualization (NFV) Friction-Free Science Science DMZ
Internet2 Community Innovation Story
Slide 38
NFV is very popular with service providers Accelerate the
deployment of new services Replace proprietary, short-lived
hardware appliances Leverage VM technology to consolidate many
network equipment types onto industry standard high volume servers
What does that mean for the R&E community? Growing need for
network functions (VPN, DTN, Science DMZ, etc.) Similar arguments
to service providers How do we integrate NFVs into the R&E
ecosystem? Location? Provided by? Used by? Network Function
Virtualization