Looking in EARNEST for future directions in European Research and Education Networking APAN 26 6 August 2008, Queenstown, New Zealand

Slide 2 › Part of EU-funded GN2 (G É ANT2) project involving 35 NRENs. ›Aims to identify trends, developments, and to make recommendations for future research and education networks. ›Seven sub-studies: ›Organisational and Governance issues ›Economic issues (move to dark fibre, and provision of new services) › Researchers ’ needs (what type of network and services are required?) › Other users ’ needs (e.g. schools, healthcare, arts & humanities) ›Geographic issues (examining and quantifying digital divide) ›Campus issues (infrastructure, services, expertise and collaboration) ›Technical issues (transmission, control plane & routing, network virtualisation, operations and performance, middleware) EARNEST Background

Slide 3 Methodology & Caveats ›Technical panel with expertise in specific areas advised on important or emerging technologies. ›Interviews with key personnel from 11 vendors, 3 research institutes, and a number of NRENs. ›Technological briefings and research papers also used. ›Primary goal was to investigate technologies applicable to NRENs, although attempts to address other types of network as well. ›R&E networks often have different requirements to telco and ISP sectors, and usually have fewer legacy issues. › Focused on four (later five) general areas …

Slide 4 Transmission Technology Findings

Slide 5 Ethernet or SDH? ›No obvious path for SDH beyond OC-768 (40 Gbps), and likely to become legacy technology in coming years. ›All manufacturers developing 40 and/or 100 Gigabit Ethernet because of cost advantages, and because packet-based services are increasingly prevalent. ›Was initially expected that 100 GE would be next standard, but this is proving to be technically difficult. ›Not expected before ›Initially likely to be 4 x 25 Gbps. ›40 GE may be interim solution, and offered at 40% of cost of OC-768.

Slide 6 Ethernet Enhancements ›Ethernet scalability initially addressed with IEEE 802.1Q and 802.1ad. ›PBB (IEEE 802.1ah) aims to greatly increase number of customer networks, and defines protocols for connecting provider-bridged networks. ›Carrier-grade OAM&P and virtual circuit functionality is also currently being added: ›PBBTE (802.1Qay) will support point-to-point circuits over Ethernet. ›CFM (802.1ag) will support hop-by-hop detection, isolation of connectivity problems ›Shortest-Path Bridging (IEEE 802.1aq) being developed as alternative to Spanning Tree for loop-free forwarding. TERENA-NGN-WS-01.pdf

Slide 7 DWDM Systems ›Trade-off between number of wavelengths, faster line rates and longer reaches due to CD, PMD, XPM and FWM. ›New modulation techniques (e.g. DP-QPSK) are becoming practical and promise longer reaches at 40 Gbps+ speeds, whilst minimising need for EDCM. ›Most manufacturers focusing on 50 GHz spacing for DWDM channels (i.e. ~80 channels per fibre). This has been found to provide optimal performance with respect to faster line rates and longer reaches. ›Tunable lasers, VOAs, EDCMs, multi-degree ROADM technology, and PIC-based OEOs promise easier-to-facilitate (and potentially cheaper) DWDM systems. Also make meshed optical networks possible.

Slide 8 DWDM Systems ›Questions to ponder: ›There was a lot of hype about DWDM five years ago, but actually how important is this to NRENs? ›Dark fibre is increasingly available to NRENs, but few fully exploit DWDM possibilities. ›Why is the take-up of DWDM by NRENs so slow? › Is being ‘ faster ’ or ‘ fatter ’ more important to NRENs?

Slide 9 Control Plane & Routing Findings

Slide 10 IP Routing ›Routing scalability becoming problematic (again). ›Global routing table now >230,000 entries, which generates around 400,000 BGP updates per day. ›Concern that growth is starting to outstrip router chipset and memory developments, but more specifically the cost of provisioning these. › IPv6 doesn ’ t help as end-users unwilling to use provider- assigned addresses, or renumber when changing service providers. ›Not immediate cause for concern, but IAB/IETF looking for efficiencies. ›Multihoming and traffic engineering should be possible. ›Addresses should be provider-independent ›Proposals based on splitting IP addresses into unique identifier (EID) and provider-dependent locator (RLOC).

Slide 11 IPv6 ›Core IPv6 specifications and related protocols largely completed some years ago. ›Most NRENs already support IPv6 in dual-stack systems, but also tend to have more IPv4 address space. ›Some router and user equipment still has limited support. ›Still limited support in most campuses. ›New predictions suggest IPv4 address space could be exhausted in 3-5 years. ›Regional Internet Registries discussing rationing measures.

Slide 12 Network Virtualisation Findings

Slide 13 Network Virtualisation ›Virtualisation concepts starting to be used across all networking layers. ›Basic virtualisation already implemented in certain modern routers to enable upgrades and troubleshooting of specific interfaces, and programmable features. ›NRENs (e.g. CANARIE, CESNET) pioneered customer- empowered network concept, where resources on NREN- provisioned infrastructure can be managed by customers to build logical networks. ›Deployment of UCLP, DRAC and similar technologies are first step towards full network virtualisation. ›Need for technology agnostic infrastructure, although most users still want IP connectivity as part of service.

Slide 14 Network Virtualisation ›MANTICORE and FEDERICA projects aim to develop network virtualisation to allow disruptive technologies to be tested over production infrastructure. ›US-based GENI initiative extends concept to wireless and sensor networks as well. ›EARNEST study revealed there was little knowledge in wider R&E community about virtualisation initiatives, but lot of potential interest. ›TERENA NGN Workshop (06/11/07) had session on network virtualisation/customer-empowered networks. ›Generated much discussion. ›Support for information exchange and coordination activity (e.g. task force). ›Need a better term to describe all this though!

Slide 15 Operations & Performance Findings

Slide 16 Layer 0-2 Management ›NRENs have traditionally only managed Layer 3 and above, so have limited experience at the optical level (WDM systems and/or SDH). ›Limited tools for managing Network Layers 0-2, and expensive. ›Although some R&E developments such as TL1 Toolkit and NDL. ›Management of Layers 0-2 is currently labour intensive and relies heavily on documentation. ›NRENs have not really made extensive use of WDM systems to-date, and the management of much so-called dark fibre is often outsourced. ›Is this something to investigate further?

Slide 17 Overprovisioning vs QoS ›Core networks likely to continue to be overprovisioned as bandwidth is (relatively) cheap. ›Some edge networks do need to undertake traffic engineering though, so QoS transparency should be supported. ›Increasing availability of dark fibre allows R&E networks to operate hybrid networks, enabling dedicated links to be provisioned for demanding customers using C/DWDM. ›Should encourage innovation through network neutrality, subject to traffic engineering requirements.

Slide 18 End-to-End Connectivity ›Most end-to-end performance issues are due to problems at customer sites. › Middleboxes such firewalls, NATs, rate shapers, caches and other ‘ black box ’ solutions are responsible for many of these problems. ›This is due to instrinic architecture, misconfigurations, or simply intentional behaviour. ›They encourage workarounds that circumvent what the box is trying to achieve in the first place. ›Consider improving network transparency, either through protocol support, or moving functionality closer to end-hosts. ›Filtering and firewalling should also be weighed against reduction in innovation capabilities within research environment. ›Buggy or sub-optimally tuned software also responsible for some problems (e.g. TCP stacks for large file transfers). ›Consider evolution of PERT concept.

Slide 19 Middleware Findings

Slide 20 ›Identity federations are solution for supporting user access to remote services. ›Most NRENs have identity federation or are establishing one. Others should plan to do so within next couple of years. ›NRENs are natural candidates for supporting technical organisation within their countries, as well as representing national federations. ›User-centric identity (e.g. OpenId) management also growing, and abstract identity framework also being worked on. NRENs should monitor developments. ›Already integrations of identity federation and OpenId Identity Federations

Slide 21 Interoperability ›Inter-operability of identity federation happening: ›SAML 2.0 is today choice for exchanging identity data for web-based applications. ›All the identity federations technologies are SAML2.0-compatible or they migrating to be SAML2.0-compatible. ›Schemas such as eduPerson or SCHAC becoming more important to facilitate inter-operability. ›In order to be able to handle different AAIs it is recommended that NRENs support multiple trust infrastructures: ›X.509 certificates used quite a lot. ›SAML signed tokens, coming up. ›It is recommended that NRENs try to minimise number necessary (e.g. by reusing existing PKIs). ›Still open issue: No well established standard for communicating identity data to applications. ›NRENs should be proactive about this (possible task force?)

Slide 22 Further Information ›EARNEST Reports › ›TERENA NGN Workshops › ›Thanks to: Alcatel-Lucent, Calient, Ciena, Cisco, DTU-COM, DANTE, Extreme Networks, Force10, i2CAT, IBM, Juniper, Liberty Alliance, MERLIN Project, Nortel, Sun Microsystems & SxIP plus the Advisory Panellists