An Hierarchical Policy-Based Architecture for Integrated

An Hierarchical An Hierarchical PolicyPolicy--BasedBasedArchitectureArchitecture for for IntegratedIntegrated

ManagementManagement of Grids and Networksof Grids and Networks

Ricardo NeisseRicardo NeisseEvandroEvandro Della Della VechiaVechia PereiraPereira

LisandroLisandro Zambenedetti GranvilleZambenedetti GranvilleMaria Janilce Bosquiroli AlmeidaMaria Janilce Bosquiroli Almeida

LianeLiane MargaridaMargarida RockenbachRockenbach TaroucoTarouco

Federal University of Rio Grande do Federal University of Rio Grande do SulSul

Ricardo Neisse Ricardo Neisse -- Policy 2004Policy 2004 Slide Slide 22 of 15of 15

OutlineOutline

IntroductionIntroductionGrids, networks and policiesGrids, networks and policiesHierarchical mapping architectureHierarchical mapping architectureSystem prototypeSystem prototypeConclusions and future workConclusions and future work


IntroductionIntroduction

Configuration of the underlying network to allow the Configuration of the underlying network to allow the grid operationgrid operationGrid resources distributed along several network Grid resources distributed along several network administrative domains: management problems?administrative domains: management problems?Network policies x Grid policiesNetwork policies x Grid policiesA system to generate network policies based on A system to generate network policies based on grid policiesgrid policies


Grid ManagementInfrastrucutre (Toolkit)

Grid ManagementInfrastrucutre (Toolkit)

Grids, networks and policiesGrids, networks and policies

Grid node(users and resources)

Grid node(users and resources)

GridAdministrator

GridAdministrator

Administrative domainAdministrative domain


Grids, networks and policiesGrids, networks and policies

Services

Resource(Cluster)

Networkinfrastructure

Grid administratorGrid administrator Web Services(SOAP/HTTP)Web Services(SOAP/HTTP)

Local network administratorLocal network administrator


Hierarchical policies and gridsHierarchical policies and grids

Grid management policies

Configuration actions into devices

Network management policies

Mapping defined by the network administrator

Policy deployment via PDPs

High abstraction

level


Grid policy examplesGrid policy examplesif (user == "if (user == "neisseneisse" and" and

startTimestartTime >= "11/25/2003 00:00:00" and>= "11/25/2003 00:00:00" andendTimeendTime <= "11/25/2003 23:59:59")<= "11/25/2003 23:59:59")

{{if (resource == "if (resource == "LabTecLabTec Cluster") {Cluster") {

allowAccessallowAccess = true;= true;login = login = gridusergriduser;;maxProcessingmaxProcessing = 50%;= 50%;networkQoSnetworkQoS = = remoteProccessControlremoteProccessControl;;

}}if (proxy == "if (proxy == "LabTecLabTec Cluster" andCluster" and

resource == "UFRGS Data Server")resource == "UFRGS Data Server"){{

allowAccessallowAccess = true;= true;maxAllowedStoragemaxAllowedStorage = 40GB;= 40GB;networkQoSnetworkQoS = = highThroughputDataIntensivehighThroughputDataIntensive;;

}}} }


Network policyrepository

Grid policyrepository

Rulerepository

Mapping architectureMapping architecture

NetworkNetworkadministratoradministrator

MappingEngine

MappingEngine

Grid policyeditor

Grid policyeditor

GridGridadministratoradministrator

HTTP/HTTPSHTTP/HTTPS

Mapping ruleeditor

Mapping ruleeditor

GridGrid policiespolicies

MappingMapping rulesrules

NetworkNetwork policiespolicies

GridToolkit

GridToolkit

NetworkNetwork domaindomain

GridGrid domaindomain

PDP

PEP PEP PEP

PDPIETF PBNMIETF PBNMarchitecturearchitecture


Mapping architectureMapping architectureif (srcResource.address/24 == 143.54.47.0/24 andif (srcResource.address/24 == 143.54.47.0/24 and

dstResource.address/24 != 143.54.47.0/24 anddstResource.address/24 != 143.54.47.0/24 anddstResource.portdstResource.port == 80 and == 80 and dstResource.protocoldstResource.protocol == TCP)== TCP)

{{p1 = new p1 = new NetworkPolicyNetworkPolicy();();p1.addCondition(startTime,">=",p1.addCondition(startTime,">=",schedule.startTimeschedule.startTime););p1.addCondition(endTime,"<=",p1.addCondition(endTime,"<=",schedule.endTimeschedule.endTime););p1.addCondition(srcAddress,"==",p1.addCondition(srcAddress,"==",srcResource.addresssrcResource.address););p1.addCondition(dstAddress,"==",p1.addCondition(dstAddress,"==",dstResource.addressdstResource.address););p1.addCondition(dstPort,"==",p1.addCondition(dstPort,"==",dstResource.portdstResource.port););p1.addCondition(dstProtocol,"==","p1.addCondition(dstProtocol,"==","tcptcp");");p1.addAction(DSCP,2);p1.addAction(DSCP,2);

p2 = new p2 = new NetworkPolicyNetworkPolicy();();p2.addCondition(startTime,">=",p2.addCondition(startTime,">=",schedule.startTimeschedule.startTime););p2.addCondition(endTime,"<=",p2.addCondition(endTime,"<=",schedule.endTimeschedule.endTime););p2.addCondition(DSCP,2);p2.addCondition(DSCP,2);p2.addAction(bandwith,requiredQoS.requiredBandwidth);p2.addAction(bandwith,requiredQoS.requiredBandwidth);

}}


Mapping architectureMapping architectureif (srcResource.address/24 == 143.54.47.0/24 andif (srcResource.address/24 == 143.54.47.0/24 and

dstResource.address/24 != 143.54.47.0/24 anddstResource.address/24 != 143.54.47.0/24 anddstResource.portdstResource.port == 80 and == 80 and dstResource.protocoldstResource.protocol == TCP)== TCP)

{{p1 = new p1 = new NetworkPolicyNetworkPolicy();();......inPEPsinPEPs = select pep= select pep

..within[srcResource.addresswithin[srcResource.address, 143.54.47.1], 143.54.47.1]

..direction["indirection["in"]"]from from device.type["DiffServDevicedevice.type["DiffServDevice"];"];

inPEPs[0].deployPolicy(p1);inPEPs[0].deployPolicy(p1);

p2 = new p2 = new NetworkPolicyNetworkPolicy();();......outPEPsoutPEPs= select pep= select pep

..within[srcResource.addresswithin[srcResource.address, 143.54.47.1], 143.54.47.1]

..direction["outdirection["out"]"]from from device.type["DiffServDevicedevice.type["DiffServDevice"];"];

outPEPs.deployPolicy(p2);outPEPs.deployPolicy(p2);}}


System prototypeSystem prototype


System prototypeSystem prototype

Ricardo Neisse Ricardo Neisse -- Policy 2004Policy 2004

System PrototypeSystem Prototype

FreeBSD ALTQ Routers Network domain

Grid domain

Networkadministrator

Gridadministrator

HTTP/HTTPS

Globus GT3 MDS (Web Service/XML)

QAME PBNM System (PHP)

PDP (Java)

Grid policyeditor

Mappingrule editor

Mapping Engine(PHP)

QAME

QAMEQAME

Network policyrepository (LDAP)

System files

Grid policyrepository (LDAP)


ConclusionsConclusions

Grid Grid policies: theypolicies: they are needed, but with network are needed, but with network policies policies integrationintegrationMappingMapping rules arerules are not easy to not easy to define, requires: define, requires: •• Preview agreement between grid and network Preview agreement between grid and network

administratoradministrator•• Good knowledge of the network and grid infrastructureGood knowledge of the network and grid infrastructure

Future workFuture work•• How to make the definition of mapping rules easier?How to make the definition of mapping rules easier?•• Bandwidth and performance evaluationBandwidth and performance evaluation•• Policy conflictsPolicy conflicts


Questions?Questions?

Contact information:Contact information:•• Ricardo NeisseRicardo Neisse•• Federal University of Rio Grande do Federal University of Rio Grande do SulSul•• EE--mail: mail: [email protected]@inf.ufrgs.br•• httphttp://://gerencia.inf.ufrgs.brgerencia.inf.ufrgs.br

Thanks for your attention!Thanks for your attention!

Date post:	03-Feb-2022
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

An Hierarchical Policy-Based Architecture for Integrated

Documents