Presentation on theme: "NORDUnet Nordic infrastructure for Research & Education The OGF Network Services Interface Framework An Overview, Status, and Futures Presented to: OGF."— Presentation transcript:
NORDUnet Nordic infrastructure for Research & Education The OGF Network Services Interface Framework An Overview, Status, and Futures Presented to: OGF 35 June 17-19, 2012 Delft, NL Jerry Sobieski Director., Int’l Research Initiatives NORDUnet
Nordic infrastructure for Research & Education What is NSI? NSI := “Network Services Interface” It is intended to provide a single ubiquitous means for users, world wide, to dynamically manage network connection services. The OGF NSI standards work has generated two documents so far: – The NSI Framework document – describes the high level abstracted notions of the NSI environment – The NSI Connection Service Protocol – describes the functional primitives that control point to point connections through their lifecycle. This presentation will provide some technical details, current status, futures,…..And we’ll close with some thoughts about NSI relevance, the standards process, and how we gain momentum through OGF
NORDUnet Nordic infrastructure for Research & Education What is “NSI”” NSI is an architecture for inter-domain, automated, network connection provisioning. It defines an abstract model of a network “Connection” It specifies a very simple and generic multi-domain “Topology” model over which Connections are established It defines an automated “Network Service Agent” (NSA) that represent each service domain in the topology It defines a simple high level protocol between NSAs that manages a connection over its lifetime. Network A STP A.1 STP A.2 Network B STP B.1 STP B.2 Network C STP C.1 STP C.2 Connections Topology Network Service Agents NSA NSI Protocol Ingress “A” Egress Z” Transport Section Access
NORDUnet Nordic infrastructure for Research & Education Domain C Overview of NSI Architecture NSI protocol A E C D D E B A Requesting Agent (RA) Network Resource Manager Provider Agent (PA) NRM Network Services Interface NSA Network Services Agents NSA User’s NSI Requesting Agent (RA)
NORDUnet Nordic infrastructure for Research & Education Several other basic NSI objects include: – The Service Termination Point (STP) – The Service Demarcation Point (SDP) – The intra-domain Network Resource Manager (NRM) Basic NSI Objects (2) NRM NSA Network “Aruba” A C B “Service Termination Points” Network “Bonaire” D “Service Demarcation Point” E Network Resource Manager
NORDUnet Nordic infrastructure for Research & Education An “Inter-Domain” Model NSI Framework describes a high level functionality that occurs across and between network service domains – not inside those domains. – It leaves intra-domain technical details to local engineers and automated tools. The NSI Framework is technology agnostic. – It does not expect or require specific transport or switching technologies in the underlying infrastructure. – It leaves intra-domain technical details to local engineers and automated tools. It is secure by design; – Authentication and Authorization at two levels is performed at every domain boundary for every NSI service request. NSI is therefore well suited to multi-domain, multi- technology, and/or multi-layer network services.
NORDUnet Nordic infrastructure for Research & Education NSI Connection Service Protocol The NSI Connection Service (NSI-CS) is the first protocol defined under the NSI Framework NSI-CS Primitives: – Reserve, Provision, Release, Terminate, and Query. Supports both “chain” signaling and novel “tree” signaling Allows users to schedule connections in advance. Allows service providers to refine common service specifications without modifying the protocol standard itself.
NORDUnet Nordic infrastructure for Research & Education reserving provisioning releasing terminating released In-service scheduled NSI CS Protocol RA PA Resv.rq Resv.cf Prov.rq Prov.cf Rel.rq Rel.cf Term.rq Term.cf The CS protocol is a “request/response” protocol: – Requesting Agents issue primitive “requests” from RA to PA, – Provider Agents issue a corresponding “response” (confirmed or fail) from PA to RA. – Each NSA manages a state table associated with each Connections it has serviced. The CS protocol is designed to provide consistent life cycle state transitions for all NSI connections regardless of how they are segmented or processed across multiple networks
NORDUnet Nordic infrastructure for Research & Education NSI “Segmentation” It is the responsibility of each NSA to examine a Reservation Request and to choose a domain level path for the requested connection. …and then to decompose the path into a set of “segments” that can be either – a) delegated to other NSAs (e.g. to reserve a portion of the path across one or more foreign domains), or – b) delegated internally to the local NRM. Such path selection and segmentation can be performed recursively in two modes: – Conventional “Chain” provisioning in a sequential hop by hop fashion – Or a novel “Tree” process where the segments are reserved directly with downstream NSAs.
NORDUnet Nordic infrastructure for Research & Education NSI Connection Segmentation Ingress Service Termination Point “A” Egress Service Termination Point “J” Transport Access Ingress STP “K” Egress STP “Z” Transport Access Transport Segment 2 K Z A J Transport Segment 1 Access J==K A>J K>Z Access A>J STP A STP J STP K STP Z K>Z J==K “Bonaire” “Aruba” A B JK Y Z
NORDUnet Nordic infrastructure for Research & Education Connection Request Processing PA 1 2 3 4 5 6 123 4 5 6 RA PA A B C D M B C D A B C D Conventional hop-by-hop “Chain” model Novel “Tree” model allows user path selection A Z A Z A Z 1 2 3 4 5 6 Hybrid processing that mixes tree and chain allows for 3 rd party requests, federations of networks, etc.
NORDUnet Nordic infrastructure for Research & Education Tree model Chain model The NSI “Service Tree” 34 5 6 1 2 A B C D 7 8 Tree model Chain model The process of decomposition and segmentation defines the NSI “Service Tree” uRA – “ultimate Requesting Agent”, or user Aggregator NSAs – do PF and segmentation Leaf NSAs – Interface to local NRMs for actual data plane control.
NORDUnet Nordic infrastructure for Research & Education Putting it all together… RM NSA RM NSA Appl RA PA The user application
NORDUnet Nordic infrastructure for Research & Education NSI Road Map OGF NSI-CS version 1.1 is capped: – Basic Framework – Basic primitives – Security – Basic NSI Topology – Hard coded service definition – Web Service implementation The WSDL can be found at: http://code.google.com/p/ogf-nsi- project/source/checkout
NORDUnet Nordic infrastructure for Research & Education NSI Road Map NSI v2.0 feature set drafted at OGF34 Oxford Features to be refined at OGF35 Delft – Formal Authorization/Security Profile – NSI & NML topology convergence – Dynamic inter-domain topology discovery and update – Compact enumeration of STPs, SDPs, etc. – Common Service Definitions – Versioning – Simplified State Machine – Enhanced Error handling and state processing – More powerful Connection endpoint semantics – Control plane topology – Simplified Client (RA) requirements – Firewall/NAT interoperability – Uni-directional STPs/connections – ERO style route pinning
NORDUnet Nordic infrastructure for Research & Education NSI-CS Development Road Map OGF NSI-CS version 1.1 is in field test now in the Automated GOLE testbed Sep 2011: First NSI CS Interop Plugfest – GLIF 2011 Rio de Janeiro, BR Oct 2011: First NSI Transport Provisioning Future Internet Assembly 2011 Poznan, PL Nov 2011: Global NSI / AutoGOLE Demonstration Supercomputing 2011 Seattle, US OGF NSI-CS version 2.0 V2.0 Feature set identified: Mar 2012 – Draft NSI-CS v2.0 document target: Jul 2012 – V2.0 Alpha test/interop Oct 2012 OGF/GLIF Workshop, Chicago – V2.0 Beta testing/[alpha] production service demo: Nov 2012, SC2012 Salt Lake City – NSI-CS V2.1 / Errata document target: Dec 2012 – Production Service deployments: EoY 2012
NORDUnet Nordic infrastructure for Research & Education Field Testing NSI v1.1 Testing of NSI has proceeded in three stages: – Initial Lab testing by respective developers for self consistency and hardware functionality – “GLIF Plugfest” interoperability testing to prove inter-operability between implementations. Plugfest Rio – GLIF fall 2011 in Rio de Janiero Plugfest Windy City – GLIF fall 2012 in Chicago – Then field deployment in the GLIF Automated GOLE global fabric – NSI is being heavily and continually tested via the AutoGOLE testbed. This is good for protocol, good for applications to begin integration on a global basis, and good for NSI visibility beyond just OGF.
NORDUnet Nordic infrastructure for Research & Education The Automated GOLE Fabric USLHCnet PSNC JGN-X MANLAN NetherLight Cern UvA CzechLight KRLight AIST KDDI Labs StarLight ESnet Cal Tech GLORIAD GEANT ACE Nordunet The GLIF Automated GOLE Pilot was initiated in 2010 to provide a global fabric of Open Lightpath Exchanges for the specific purpose of maturing the dynamic provisioning software and services, demonstrating the value and viability of GOLEs to advanced network service models, and to develop a set of BCP for these services.
NORDUnet Nordic infrastructure for Research & Education Pionier.ets Poznan AutoBAHN StarLight.ets Chicago OpenNSA/Argia GEANT.ets Paris AutoBAHN NorthernLight.ets Copenhagen OpenNSA AIST.ets Tsukuba G-LAMBDA-A NSI Networks (“A”=Aggregator) NSI peerings (SDPs) unless otherwise indicated these are vlans 1780-1783 KRLight.ets Daejeon DynamicKL KDDI-Labs.ets Fujimino G-LAMBDA-K ACE KRLight JGN-X Pionier GEANT JGNX.ets Tokyo G-LAMBDA-K CzechLight.ets Prague OpenDRAC ESnet.ets Chicago OSCARS UvALight.ets University of Ams. OpenNSA CESNET GLORIAD.ets Chicago OpenNSA NetherLight.ets Amsterdam OpenDRAC US LHCnet NORDUnet + SURFnet A A A A A A A A A A A A A A A A GLORIAD A A WIX.ets Washington OpenNSA NSI Control plane peerings without data plane connections (in progress)
NORDUnet Nordic infrastructure for Research & Education Initial monitoring & visualization “Automated Earth” viz (Takatoshi Ikeda, KDDI-Labs) “NSI Monitor” viz (Tomohiro Kudoh, AIST)
NORDUnet Nordic infrastructure for Research & Education Pointers Visualization AIST Java status monitor: http://188.8.131.52:8070/monitor.jnlp http://184.108.40.206:8070/monitor.jnlp KDDI Labs Google earth plugin: http://kote-ps-1.ps.jgn- x.jp/ps/autoearth-nsi/http://kote-ps-1.ps.jgn- x.jp/ps/autoearth-nsi/ KDDI Labs Google earth kml: http://kote-ps-1.ps.jgn- x.jp/ps/autoearth-nsiAutoMAP.kmlhttp://kote-ps-1.ps.jgn- x.jp/ps/autoearth-nsiAutoMAP.kml
NORDUnet Nordic infrastructure for Research & Education Production NSI Services NSI v2.0 is targeted for production deployment: – NORDUnet plans a production NSI based service in CY2013-Q1 – SURFnet plans a production NSI based service in CY2013-Q1 – StarLight plans a production NSI based service in CY2013-Q1 – Pionier plans a production NSI based service in CY2013-Q1 – …the list is growing In parallel with protocol development, the NSI community are developing operations and administrative tools – NOC Query and manage local service segments – Logging and accounting – End to end performance verification and debugging tools NSI protocols are evolving and maturing very rapidly – now need to address service definitions and engineering plans Applications: NEXPRES – EVLBI (currently testing from OSO to JIVE) CO-Universe – HD video LHCONE – HEP (a proof of concept for GOLE architecture) Others in works (under the radar)…
NORDUnet Nordic infrastructure for Research & Education There have been a number of efforts over the last 15-20 years to make dynamic network connection oriented services an integral part of high performance networks: DRAGON, FENIUS, AutoBAHN, IDCP, UCLP, GLAMBDA, Frederica, OSCARS, DRAC, MANTICORE, Phosphorus, O-BGP, HOPI, … ITU Q931, Q2764 and ATM Forum Q-2931 signaling, G.709, ASON, IETF RSVP, RSVP-TE, and GMPLS signaling and routing protocols IEEE 802.3, 802.1Q,.1ad,.1ah, … MPLS*, ATM, SONET/SDH, MEF, Lambda switching,… These have all made progress, but none took root… Wide skepticism of non-IP services Many interesting but non-interoperable and incomplete service models. Not Invented Here syndrome Issues such as inter-domain topology management were “known to be” intractable AAI, end-to-end performance guarantees, scheduling, etc were poorly understood in a multi-domain, multi-service, heterogeneous environment. We’ve been here before…
NORDUnet Nordic infrastructure for Research & Education Why NSI? Why now? NSI does not try to boil the ocean (!) – Presents a simple inter-domain connection provisioning model, – It will grow incrementally in both global reach and sophistication over time… NSI takes a Global perspective to Connection Services - the service architecture must be scalable: – Automated agents perform the resource management – no man-in-the-middle of these processes – Inter-domain (multi-domain) approach is necessary for global reach – Must be secure to be globally viable in the 21 st century – Must respect local network autonomy – Must separate the protocols from technology to allow for wide diversity of infrastructure and longevity of the framework concepts
NORDUnet Nordic infrastructure for Research & Education NSI in a Virtual SDN world “Networks” still have two key components: – Switching & forwarding Nodes – e.g. routers and switches – And transport Links that connect the Nodes. In real world, every virtual network layer is constructed upon a virtual layer below it… – To assume otherwise is not realistic in current networks Software Defined Networking relies upon the basic nodes and links model as much as ever… NSI builds those links – Predictable, reliable transport performance between nodes – Common provisioning framework across domains enables global links between SDN nodes – NSI is a control plane tool - it coexists with and adapts to new data plane technologies. – NSI has addressed the reality of real world multi-domain network switching and forwarding technologies. (AAI, security and privacy, autonomy, heterogeneity of infrastructure, topology integration, etc.) NSI is complementary to and is an enabling tool for emerging technologies such as OpenFlow, GENI, etc.
NORDUnet Nordic infrastructure for Research & Education NSI represents an open and consensus driven approach to inter- domain provisioning of LightPath (Connection) services – It is an Open standard – anyone [who is well informed] can participate in the discussion/specification – Consensus standards create “buy-in” – i.e. when everyone has had a voice in its specification, and understands its inner workings, everyone is willing to adopt it and deploy it. The NSI Working Group has actively courted wide participation – We have invited key organizations to particiapte – We have tried to keep the broader community informed of progress – We have invested substantial effort into showing tangible progress and presenting high visibility demonstrations of the resulting OGF NSI standard NSI represents the best opportunity in 20+ years to see a single common control architecture deployed globally to provide network performance guarantees. – Wide scale deployment within the R&E community – Commercial adoption and Vendor support for the OGF NSI Standard Why is NSI different
NORDUnet Nordic infrastructure for Research & Education OGF NSI Working Group The OGF NSI WG is an Open working group This means if you have ideas you would like to see incorporated into the NSI framework and/or protocols, please get active in the process: Contact one of the active WG members and pick their brain Join the mailing list, lurk, read the literature, and get up to speed, then join the calls… Contribute – ask, comment, propose…help us sort thru the issues to achieve clarity within the group and consensus within the broader community