Presentation is loading. Please wait.

Presentation is loading. Please wait.

Policy in GÉANT Guy Roberts, Tangui Coulouarn NSI meeting, NORDUnet Conference, Uppsala, 22 Sept 2014.

Published byBerenice White Modified over 8 years ago

Similar presentations

Presentation on theme: "Policy in GÉANT Guy Roberts, Tangui Coulouarn NSI meeting, NORDUnet Conference, Uppsala, 22 Sept 2014."— Presentation transcript:

1 Policy in GÉANT Guy Roberts, Tangui Coulouarn NSI meeting, NORDUnet Conference, Uppsala, 22 Sept 2014

2 2 Connect | Communicate | Collaborate AutoBAHN in GÉANT BoD NSI v2.0 is used between all AutoBAHN instances All AutoBAHN deployments in Europe operate identically (with the same code/modules) so that each instance can function as an RA, PA and simple Aggregator (AG). Simple AG means that it follows the CHAIN model: It is capable of sending the request to its own PA and the next PA on the reservation path. (full AG facing other regions?) AutoBAHN instances share NSI/NML topology via the AutoBAHN Topology Service. Centralized lookup service has an aggregated topology collected from local AutoBAHN instances. Once topology exchange mechanism in NSI is standardized this will be adopted.

3 3 Connect | Communicate | Collaborate AutoBAHN Path-finding Inter-domain path-finding is normally performed at the start domain (source based routing). AutoBAHN supports under-specified STPs in requests (port with a range of VLANs) to speed up reservation processing. Can also support requests from RAs with specified VLANs. AutoBAHN will honour ero’s in connection requests where possible. AutoBAHN portal allows users to include/exclude certain segments from path.

4 4 Connect | Communicate | Collaborate Policies: AA at end-points Transit traffic is accepted by default if a request comes from a trusted peering network (transitive trust). For authentication purposes AutoBAHN tracks the origin of the request, this includes both user and source domain. AA is performed at circuit end-points based on the policies of the local domain. GÉANT needs a service that works now – complex transit policy can be added later.

5 5 Connect | Communicate | Collaborate IP policy considerations in GÉANT The GÉANT backbone does not allow transit of commodity IP. Transit between two non-GÉANT NRENs requires special permission. In general all other forms of transit are allowed in the backbone for GÉANT NRENs: NREN -> NREN and NREN -> commercial content providers. IP policy is applied by an NREN adding the AS or IP prefix of an organization to their BGP configurations. Institutions should only connect via their local NRENs. Configuration of BGP simplified by the use of BGP peer groups BGP is considered to be quite a coarse instrument for applying policy. Cannot be used to apply fine policy adjustment such as policy based on flow characteristics. In no current need for similar policies in BoD service

6 6 Connect | Communicate | Collaborate www.geant.net www.twitter.com/GEANTnews | www.facebook.com/GEANTnetwork | www.youtube.com/GEANTtv Connect | Communicate | Collaborate Thank you!

Download ppt "Policy in GÉANT Guy Roberts, Tangui Coulouarn NSI meeting, NORDUnet Conference, Uppsala, 22 Sept 2014."

Similar presentations

© 2006 Open Grid Forum Network Services Interface Introduction to NSI Guy Roberts.

© 2006 Open Grid Forum Network Services Interface Introduction to NSI Guy Roberts.
NSI wg Architecture Elements John Vollbrecht Internet2.

NSI wg Architecture Elements John Vollbrecht Internet2.
© 2006 Open Grid Forum Network Service Interface in a Nut Shell GEC 19, Atlanta, GA Presenter: Chin Guok (ESnet) Contributors: Tomohiro Kudoh (AIST), John.

© 2006 Open Grid Forum Network Service Interface in a Nut Shell GEC 19, Atlanta, GA Presenter: Chin Guok (ESnet) Contributors: Tomohiro Kudoh (AIST), John.
NORDUnet Nordic infrastructure for Research & Education LHCONE “Point-to-Point Connection Service” Service Definition Jerry Sobieski.

NORDUnet Nordic infrastructure for Research & Education LHCONE “Point-to-Point Connection Service” Service Definition Jerry Sobieski.
BoD and MD-VPN service status in GÉANT SA3 – Network Service Delivery LHCOPN and LHCONE joint meeting – Pasadena (US) 3-4 December 2013 Brian Bach Mortensen/NORDUnet,

BoD and MD-VPN service status in GÉANT SA3 – Network Service Delivery LHCOPN and LHCONE joint meeting – Pasadena (US) 3-4 December 2013 Brian Bach Mortensen/NORDUnet,
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
The need for BGP AfNOG Workshops Philip Smith. “Keeping Local Traffic Local”

The need for BGP AfNOG Workshops Philip Smith. “Keeping Local Traffic Local”
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Exterior Gateway Protocols: EGP, BGP-4, CIDR Shivkumar Kalyanaraman Rensselaer Polytechnic Institute.

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Exterior Gateway Protocols: EGP, BGP-4, CIDR Shivkumar Kalyanaraman Rensselaer Polytechnic Institute.
1 Autonomous Systems An autonomous system is a region of the Internet that is administered by a single entity. Examples of autonomous regions are: UVA’s.

1 Autonomous Systems An autonomous system is a region of the Internet that is administered by a single entity. Examples of autonomous regions are: UVA’s.
Bandwidth on Demand Dave Wilson DW238-RIPE

Bandwidth on Demand Dave Wilson DW238-RIPE
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Understanding Active Directory

Understanding Active Directory
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
NOC Lessons Learned TEIN2 and CERNET Xing Li 2007-01-22.

NOC Lessons Learned TEIN2 and CERNET Xing Li
IPv6 activities in Greece Dimitrios Kalogeras, Ph.d.

IPv6 activities in Greece Dimitrios Kalogeras, Ph.d.
| www.geant.org BoD over GÉANT (& NRENs) for FIRE and GENI users GENI-FIRE Workshop Washington DC, 17th-18th Sept 2015 Michael Enrico CTO (GÉANT Association)

| BoD over GÉANT (& NRENs) for FIRE and GENI users GENI-FIRE Workshop Washington DC, 17th-18th Sept 2015 Michael Enrico CTO (GÉANT Association)
Router and Routing Basics

Router and Routing Basics
Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th - 6th April 2006.

Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th - 6th April 2006.
Architecting the Network Part 3 Geoff Huston Chief Scientist, Internet Telstra ISOC Workshop.

Architecting the Network Part 3 Geoff Huston Chief Scientist, Internet Telstra ISOC Workshop.

Similar presentations

Ads by Google