Mohit Chamania, 16/06/2014 Architecting the Open Source PCE A Service Oriented Approach
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 22 Outline Identify the different frameworks and deployment scenarios for path computation functions Outline the requirements for an open-source PCE that can be employed in diverse network deployments Extend the open source PCE architecture to incorporate the same
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 33 Vendors / Carriers Control Plane (GMPLS) Network Management Systems (NMS) Network Hypervisors / Orchestrators (SDN) ABNO architecture Infrastructure Providers Cloud operators Virtual Network Providers Organizations Research GEANT, Internet2, GLIF Large Enterprises Others Applications Employing Path Computation
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 44 Applications Employing Path Computation Vendors/Carriers TechnologyScaleRequirementsProtocols Control Plane100s NEsLow latency Low Processing overhead Access control Topology: OSPF, OSPF-TE Path as a sequence of hops/interfaces and labels PCEP NMS~ NEsAuthentication and Authorization (AA) (RADIUS / DIAMETER) Scalability with network size Topology: MTNM, ITU-T, custom standards Path as a Trail Custom APIs / PCEP SDNN.A.Integration with different controllers Path definitions focused on NE configurations Topology: Implementation specific representation Path as a sequence of cross connects PCEP and Others
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 55 Control plane deployments PCE instances integrated in network element controllers Low processing overhead to reduce cost overheads Fast computation (10’s of milliseconds) for services like restoration Control Plane Deployments Path Computation Shortest Path K th Shortest Path Constrained Shortest Path Signaling RSVP (reservations) RSVP-TE (tunnel LSP setup) GMPLS-RSVP (optical extensions) Routing OSPF (reachability) OSPF-TE (traffic engineering) GMPLS-OSPF (optical extensions)
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 66 SDN Deployments
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 77 Applications Employing Path Computation Others TechnologyScaleRequirementsProtocols Cloud / VNOMulti-domain scope Large-user base (AA) with Web Auth Standards (OpenID, OAuth, SAML) Multi-view topology and path computation support Control: OpenStack, Custom implementations Coordination with other domain controllers Custom topology representation and multi-domain path computation Research Networks 10s-100s of NEsLarge user-base (AA) Custom authentication / Web Auth Standards Experimentation with path computation algorithms Topology: custom topology definitions Implementation specific path representation and computation APIs
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 88 Protocol Support Not all approaches will support PCEP Support for pluggable protocol modules to ease integration Authentication and Authorization Support for basic Access control Authentication and Authorization proxy to access topology and path computation functions Pluggable authentication modules to support different AA mechanisms Algorithm support and Scaling Pluggable path computation functions to access network topology Horizontal scaling to achieve efficiency in terms of number of requests Low latency for specific demands (e.g. in wireless mesh networks, restoration computation) Topology (TED) Multiple representations of topology may be required Different mechanisms to update the topology Topology visibility linked to access rights of the user Requirements on PCE
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 99 Open Source PCE implementation ( First open-source PCE developed based on IETF standards Designed for extensibility in terms of PCEP Protocol Extensions Path Computation Algorithms Path Computation State machines Features include asynchronous network I/O, passive state machines, topology updates, hierarchical and multi-layer PCE 18,000 lines of code Application in EU research projects ONE for supporting coordinated multi-layer path computation GEYSERS for joint computation of IT+Network resources PACE which will pursue standardization, architecture and implementation Open Source PCE M. Chamania, M. Drogon, A. Jukan, "An Open-Source Path Computation Element (PCE) Emulator: Design, Implementation, and Performance," IEEE Journal of Lightwave Technology, vol.30, no.4, pp.414,426, Feb.15, 2012
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 10 Socket management, access control Asynchronous Network I/O Open Source PCE Architecture Module Management Network Module PCEP Session Management (Session state machine) Message routing within the PCE Session Module Thread Pools to perform path computation Integrated TED with topology update interfaces Computation Module TED
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 11 Protocol Support Not all approaches will support PCEP Support for pluggable protocol modules to ease integration Authentication and Authorization Support for basic Access control Authentication and Authorization proxy to access topology and path computation functions Pluggable authentication modules to support different AA mechanisms Algorithm support and Scaling Pluggable path computation functions to access network topology Horizontal scaling to achieve efficiency in terms of number of requests Low latency for specific demands (e.g. in wireless mesh networks, restoration computation) Topology (TED) Multiple representations of topology may be required Different mechanisms to update the topology Topology visibility linked to access rights of the user Requirements on PCE
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 12 Pluggable protocol modules (PPM) to support multiple protocols Service Oriented PCE architecture Module Management Network Module Session Module Computation Module TED Session Module PPM Network Module PCEP Session Management
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 13 PPMs are responsible for protocol specific features of path computation PPMs also implement access control features if any Service Oriented PCE Architecture Session Module PPM Network Module PCEP Session Management PPM
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 14 PPMs are responsible for protocol specific features of path computation PPMs also implement access control features if any Requests to session module are forwarded with Path Request parameters Topology view requested Computation constraints Choice of algorithms Computation latency Authorization credentials Callback URI Service Oriented PCE Architecture PPMSM Request for Path ComputationOK (Session ID)Response (Session ID)
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 15 Protocol Support Not all approaches will support PCEP Support for pluggable protocol modules to ease integration Authentication and Authorization Support for basic Access control Authentication and Authorization proxy to access topology and path computation functions Pluggable authentication modules to support different AA mechanisms Algorithm support and Scaling Pluggable path computation functions to access network topology Horizontal scaling to achieve efficiency in terms of number of requests Low latency for specific demands (e.g. in wireless mesh networks, restoration computation) Topology (TED) Multiple representations of topology may be required Different mechanisms to update the topology Topology visibility linked to access rights of the user Requirements on PCE
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 16 Aim to leverage existing mechanisms for AA Internal AA design build around the SAML/OAuth/OpenID approach User – (Entity requesting the service) Identity Provider – (AA service employed) Service Provider – (PCE) Authentication and identity is managed by external entity User identifies the authentication mechanism PCE requests a authorization token from the Identity Provider User authenticates with the identity provider to authorize the session PCE uses the authorized token to access authorization functions Authentication and Authorization Support
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 17 Authentication and Authorization Support User PPM Request Auth Type Credentials (Optional) Authentication Proxy AM Identity Provider Identity Provider Request Authorized Token Authorized Token Session Module Request with Authorization Credentials
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 18 Authorization of token may involve communication between the user and the identity provider Removes the necessity of the user providing actual credentials (e.g. password) to the PCE Authorization credentials include the session token Authentication and Authorization Support User PCE IP Request with Auth Type Session Token request Application Credentials (key/secret) Authorization OK Session Token (key/secret) Session Token (Key) Authorize session (Session Token, user credentials)
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 19 Authorization profile stored in the identity provider or locally in the AM For authorization, Session Token is verified with the IP, and user roles are provided to authentication proxy Based on user roles, decisions on operations to be allowed is made by the session module Authentication and Authorization Support Session Module AM Identity Provider Identity Provider Authentication Proxy Auth Credentials Application Credentials Session Token User Roles
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 20 Protocol Support Not all approaches will support PCEP Support for pluggable protocol modules to ease integration Authentication and Authorization Support for basic Access control Authentication and Authorization proxy to access topology and path computation functions Pluggable authentication modules to support different AA mechanisms Algorithm support and Scaling Pluggable path computation functions to access network topology Horizontal scaling to achieve efficiency in terms of number of requests Low latency for specific demands (e.g. in wireless mesh networks, restoration computation) Topology (TED) Multiple representations of topology may be required Different mechanisms to update the topology Topology visibility linked to access rights of the user Requirements on PCE
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 21 Computation module supporting a specific algorithm should be an autonomous process Developed in any programming language One or more processes spread across multiple machines for scaling HTTP based APIs for path computation request Extensive support across multiple programming languages Message Queue architectures for managing forwarding of requests to corresponding computation modules Algorithm Support and Scaling
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 22 Message Queue Based Algorithm integration Session Module Message Queue Computation Module Multiple instances reading from the same queue can enable load balancing
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 23 Communication between the Session module and Computation module is asynchronous Message queues can also support publish/subscribe models, so multiple computation modules can receive the same request Useful in case latency demands drive the use of different algorithms computing the same request Service Oriented PCE Architecture SM MQ CM Computation Request Callback URI Computation Request Callback URI Computation Response to URI Request Received
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 24 Protocol Support Not all approaches will support PCEP Support for pluggable protocol modules to ease integration Authentication and Authorization Support for basic Access control Authentication and Authorization proxy to access topology and path computation functions Pluggable authentication modules to support different AA mechanisms Algorithm support and Scaling Pluggable path computation functions to access network topology Horizontal scaling to achieve efficiency in terms of number of requests Low latency for specific demands (e.g. in wireless mesh networks, restoration computation) Topology (TED) Multiple representations of topology may be required Different mechanisms to update the topology Topology visibility linked to access rights of the user Requirements on PCE
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 25 A single “view” of the topology is not sufficient for operating across different network environments The PCE topology database should be 1 (or more) “models” supporting different views, with corresponding APIs to manage export/update Topology Management PCE Topology TED GMPLS View ITU-T View MTNM View Topology Update (Control plane) Topology Request (NMS)
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 26 A single central database manages the complete topology Each computation module may maintain their own topology Initialization using a snapshot from the topology database Topology Database publishes updates (for each view) Topology Management PCE Topology TED GMPLS View ITU-T View MTNM View Message Queue Computation Module
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 27 Topology views are also subject to authorization Users may see limited parts of the topology only Use of authorization credentials to determine what elements of topology are visible to the user Computed paths can also be stored in the topology as an accessible resource Necessary for features such as virtual tunnels, path-key for inter- domain computation Users can have limited view of the path (only endpoints and properties) and use it for multi-domain path computation Topology Management
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 28 Numerous standards and frameworks targeting different network deployments are going to co-exist Critical features identified for extending the open-source PCE Topology Management and export Authentication and Authorization capabilities Algorithm extensibility Service oriented approach to open-source PCE Cross-platform support Employ mechanisms and architectures already in place Reduce overhead for other contributors Conclusions
Thank You IMPORTANT NOTICE The content of this presentation is strictly confidential. ADVA Optical Networking is the exclusive owner or licensee of the content, material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited. The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA Optical Networking shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation. Copyright © for the entire content of this presentation: ADVA Optical Networking.
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 30 NMS Deployments Centralized with high scalability requirements (~10,000 NEs) Support for a diverse range of network infrastructure Topology and Path representations MTNM, ITU-T, custom representations Vendor Supported Deployment Scenarios
© 2014 ADVA Optical Networking. All rights reserved. Confidential. 31 ODU2E OCH OMS OTU2E OTS