1. Performance Update Eric L. Boyd Director of Performance Architecture and Technologies Internet2

2. Eric L. Boyd2 Vision: Performance Information is … Available People can find it (Discovery) “Community of trust” allows access across administrative domain boundaries (AA) Ubiquitous Widely deployed (Paths of interest covered) Reliable (Consistently configured correctly) Valuable Actionable (Analysis suggests course of action) Automatable (Applications act on data)

3. Eric L. Boyd3 Getting There: Build & Empower the Community Decouple the Problem Space: Analysis and Visualization Performance Data Sharing Performance Data Generation Grow the Footprint: Clean APIs between each layer Widespread deployment of measurement infrastructure Widespread deployment of common performance measurement tools

4. Eric L. Boyd4 Result: No more mystery … Increase network awareness Set user expectations accurately Reduce diagnostic costs Performance problems noticed early Performance problems addressed efficiently Network engineers can see & act outside their turf Transform application design Incorporate network intuition into application behavior

5. Eric L. Boyd5 BWCTL (Bandwidth Controller) What is it? A resource allocation and scheduling daemon for arbitration of iperf tests Typical Solution Run “iperf” or similar tool on two endpoints and hosts on intermediate paths Typical road blocks Need permissions on all systems involved Need to coordinate testing with others Need to run software on both sides with specified test parameters

6. Eric L. Boyd6 BWCTL: 3-Party Flow Diagram

7. Eric L. Boyd7 NDT: Network Diagnostic Tool Web100 enhanced server handles testing and diagnostic services Java based and command line clients allows testing from any client (local or remote) Performance and configuration faults reported back to client Drill-down functions provide more details & error reporting capabilities Grant from NIH/NLM to explore duplex mismatch detection

8. Eric L. Boyd8 NDT Flow Diagram Client Web Browser Java Applet NDT - Server Web Server Testing Engine Child Test Engine Spawn child Well Known NDT Server Web Request Redirect msg Web Page Request Web page response Test Request Control Channel Specific test channels

9. Eric L. Boyd9 OWAMP: One-Way Active Measurement Protocol What is it? Measures one-way latency: 1-way ping Control connection used to broker test request based upon policy restrictions and available resources. (Bandwidth/disk limits) Specification http://tools.ietf.org/wg/ippm/draft-ietf-ippm- owdp/draft-ietf-ippm-owdp-14.txt

10. Eric L. Boyd10 OWAMP Flow Diagram

11. Eric L. Boyd11 Thrulay Overview Network capacity and delay tester Same class of tools as iperf, netperf, nettest, nuttcp, ttcp, etc. Unique features not found in other tools: TCP: measures round-trip delay along with goodput UDP: measures: One-way delay, with quantiles Packet loss Packet duplication Reordering UDP: ability to send precisely positioned true Poisson streams (microsecond errors in sending times) Human and machine-readable (ready to be fed to gnuplot)

12. Eric L. Boyd12 Thrulay Update New release v0.8 Tests with multiple TCP streams Set DSCP (a.k.a. first 6 bits of the TOS byte) Report MTU and/or MSS (whichever the OS makes available) More UDP statistics: duplication, reordering, quantiles of delay SPARC/Solaris support Mac OS X support IPv6 support Non-busy-waiting UDP mode (less precise, but can run more concurrent tests) Documentation: manual pages have been added Basic client authorization based on IP address Integration of TSC timekeeping projects for faster and more precise timestamping

13. Eric L. Boyd13 Bulk Transport Build a library / tool for bulk transport that does not require kernel level modifications yet achieves the performance of such VFER library Congestion control hooks Implements loss-based congestion control Working on delay-based version File transfer utility An initial version demoed

14. Eric L. Boyd14 How can you use them? Tools are open source, supported, well- documented BWCTL/Iperf, OWAMP, NDT are deployed across Abilene backbone and at many partners You can: See ongoing measurement results at the Abilene Observatory Test to/from the Abilene backbone

15. Eric L. Boyd15 Network Performance Measurement Workshops Example Course Materials: http://e2epi.internet2.edu/npw/presentations.html Goals: Grow installed base of BWCTL/Iperf, OWAMP, and NDT at GigaPoP and regional campuses. http://e2epi.internet2.edu/pipes/pmp/pmp-dir.html Begin integration into IT support processes. Create an installed base for perfSONAR deployment. Give each participant tool-specific cookbooks.

16. Eric L. Boyd16 Network Performance Measurement Workshop Locations and Dates Completed SOX / GaTech (03/05) CENIC / UCLA (06/05) JT – Vancouver (07/05) OARNet / OSU (09/05) MAGPI / FMM (09/05) MAX / College Park (12/05) APAN (01/06) JT - Albuquerque (02/06) MERIT (02/06) Columbia / NYSERNet (04/06) Planned University of Virginia (04/06) Under Consideration Wisconsin, Alaska, …

17. Eric L. Boyd17 Additional Outreach National Library of Medicine Presentation on end-user tools at NLM- centric Network Performance Monitoring Pilot-project Workshop (March 2006) New World Symphony Presentation on end-user tools at NWS Master Class Workshop (January 2006) On-going dialog on end-user needs

18. Eric L. Boyd18 Collaboration Working Groups Bulk Transport (transport.internet2.edu) GGF Network Measurement (nmwg.internet2.edu) perfSONAR (www.perfsonar.net) Funded Research “Bridging the Gap” (NSF) Network Measurement for International Connections Google Summer of Code 2005 very successful 2006 planned

19. Eric L. Boyd19 perfSONAR Overview What: Measurement infrastructure for exchanging data under development How: Webservices network performance framework Network measurement tools Network measurement archives Distributed scheduling/authorization Multi-domain policy Common language (GGF NMWG Schema) Where: Deployed / to be deployed across: Network Backbones (Abilene, ESNet, GÉANT) Regional Networks (NRENs, RONs, Gigapops) Universities When: First product release early summer ‘06

20. Eric L. Boyd20 perfSONAR Credits perfSONAR is a joint effort: ESnet Fermilab GÉANT2 JRA1 Internet2 RNP Internet2 includes: University of Delaware Georgia Tech Internet2 staff GÉANT2 JRA1 includes: Arnes Belnet Carnet Cesnet DANTE DFN FCCN GRNet ISTF PSNC Nordunet (Uninett) Renater RedIRIS Surfnet SWITCH

21. Eric L. Boyd21 How can you use it? perfSONAR Link Utilization and Capacity data available from Abilene, ESnet, GÉANT (prototype) Build your own components to integrate into open source framework

22. Eric L. Boyd22 perfSONAR: Project Activity Meter 1-2 conf calls/week 1 new service/month (accelerating) 3-4 development workshops/year 3-4 paper submissions/year

23. Eric L. Boyd23 perfSONAR: System Description Domains represented by a set of services Each domain can deploy services important to the domain Analysis clients interact with service across multiple domains

24. Eric L. Boyd24 perfSONAR: Services (1) Lookup Service Allows the client to discover the existing services and other LS services. Dynamic: services registration themselves to the LS and mention their capabilities, they can also leave or be removed if a service gets down. AuthN/Z Service Internet2 MAT, GN2-JRA5 (eduGAIN) Authorization functionality for the framework Users can have several roles, the authorisation is done based on the user role. Trust relationships defined between users affiliated with different administrative domains.

25. Eric L. Boyd25 perfSONAR Services (2) Transformation Service Transform the data (aggregation, concatenation, correlation, translation, etc). Topology Service Make the network topology information available to the framework. Find the closest MP, provide topology information for visualisation tools Resource protector Arbitrate the consumption of limited resources between multiple services.

26. Eric L. Boyd26 Here is who I am, I’d like to access MA B Where Link utilisation along - Path a,b,c,d,e,f? a,b,c: Network A – LS A, c,d,e,f : Network B, MA B, AA B Inter-domain perfSonar example interaction Client Network ANetwork B LS ALS B MA A MA B AA A AA B ab cd e f Where Link utilisation along - Path a,b,c? a,b,c : Network A, MA A, AA A Token MB Here is who I am, I’d like to access MA A Get link utilisation c,d,e,f Here you go Token MA Get Link utilisation a,b,c Here you go Useful graph

27. Eric L. Boyd27 perfSONAR: Status Update Production release of base package expected by June (code freeze next week) Will include: Single domain LS solution RRD MA (no AS) Additional services and client applications supporting this version will soon follow: BWCTL MP perfSONAR UI

28. Eric L. Boyd28 perfSONAR: Hot Topics Multi-domain hierarchical LS AuthN/Z development plan with JRA-5 (eduGAIN) SSH MP (LookingGlass) service Topology Services L2 specific MA service

29. Eric L. Boyd29 perfSONAR: Current Developments MPs SSH/Telnet (Looking Glass) ABW (bandwidth packet capture cards) BWCTL NMS (SDH status) SNMP Command line (OWAMP, Ping, Traceroute) MAs RRD SQL TopS BWCTL Hades (owd, jitter, owpl) Flow replicator Visualization Clients CNM perfSONAR UI Visual perfsonar Looking glass

30. Eric L. Boyd30 Questions?

31. Eric L. Boyd31 perfSONAR: authN/Z plans perfSONAR(JRA-1)/JRA-5 sub-group Group tasked with determining how to leverage JRA-5 authentication system (eduGAIN) in perfSONAR infrastructure Jeff Boote (Internet2) Diego Lopez (RedIRIS) Maurizio Molina (Dante) Andreas Solberg (Uninett)

32. Eric L. Boyd32 perfSONAR: Background Designed with Federated authentication in mind AS becomes a ‘proxy’ for Authorization requests

33. Eric L. Boyd33 eduGAIN: Background JRA-5 provided authentication “interface” Provides “bridging” to other authentication systems Shibboleth PAPI Others… Designed mostly with web-browser interaction in mind

34. Eric L. Boyd34 Current Status Group has come to general consensus on how this should work Paper is currently underway describing interaction of perfSONAR with eduGAIN API

35. Eric L. Boyd35 perfSONAR: Trust relationship entities Client idP (identity provider) pSR (perfSONAR resource “service”) AS (perfSONAR AS service) HLS (Home Location Service)

36. Eric L. Boyd36 Automated Client Interaction

37. Eric L. Boyd37 Normal User Interaction

38. Eric L. Boyd38 Implications for JRA-5 Future extensibility for multiple X.509 root CA certificates Non-web profile for authN attribute request Current identity provider servers (attribute stores) may need to hold attributes for non-human clients Others???

39. Eric L. Boyd39 Implications for JRA-1 AS has slightly different role Clients never directly interact with AS AS is effectively a ‘proxy’ between services and the eduGAIN ‘bridging elements’ Attribute requests from services to RP’s and from RP’s to AS need to be made in a ‘boolean’ fashion to protect the privacy of clients Automated clients MUST have X.509 client certificates

40. Eric L. Boyd40 Questions/Concerns Let us know if you would like a copy of the ‘document’ when it is complete Please feel free to send further questions/comments to Maurizio and Jeff boote@internet2.edu maurizio.molina@dante.org.uk

41. Eric L. Boyd41

42. Eric L. Boyd42 Deployment Network Performance Workshops Hands-on tool deployment training GigaPoP/campus involvement 250+ participants/11 Workshops Global Deployments Infrastructure (GÉANT2, RNP, Internet2, & ESnet) Individual Tools (e2epi.internet2.edu/pipes/pmp/pmp- dir.html)

43. Eric L. Boyd43 Performance Tools (1) OWAMP: One-Way Active Measurement Protocol One-way Delay BWCTL: Bandwidth Control Wraps NLANR / DAST-created Iperf Measures throughput

44. Eric L. Boyd44 Performance Tools (2) NDT: Network Diagnostic Tool Diagnoses common performance problems between a server and your laptop Downloaded java applet from the web runs the tests Thrulay Network capacity and delay tester TCP: measures round-trip delay along with goodput UDP: measures: one-way delay, with quantiles; packet loss; packet duplication; reordering