Date post: | 31-Mar-2015 |
Category: |
Documents |
Upload: | ryleigh-veale |
View: | 216 times |
Download: | 0 times |
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected]) 1
GEANT’s Advanced services
EUMEDCONNECT APM meeting
Paris 19th of March 2002
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected]) 2
Agenda
•Multicast Service
•IP premium Service
•CIP Service
•VPN service
•Security
•IPV6 test-bed
•Questions ?
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected]) 3
Multicast Service
•GEANT is a transit domain for Multicast traffic as well
•24 NRENs over 27 have explicitly asked for being enabled multicast
•Multicast coverage
•Fully enabled with the Research peerings
•13 NRENs are already connected
•www.dante.net/nep/GEANT-MULTICAST/
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected]) 4
Multicast Service• Access to the service
– Via the primary access to GÉANT– Via a GRE tunnel (currently nobody)– Support of PIM-SM v2 only
• Operational procedures (rolling out now)– Goal: fully supported service as Unicast.– Plus specific monitoring
• Troubleshooting – Extension of the trouble ticket systems to
multicast incidents
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
GÉANTPremium IP Service
• This service which is currently being piloted in GÉANT has the aim to provide international Virtual leased line based on Diffserv.
• The Premium IP service is an end-to-end service (University to University) crossing multiple administrative domains
• It is defined on the basis of the Diffserv Expedited Forwarding Per Hop behavior which is required to offer– Bandwidth, low loss, upper bounded delay and jitter
5
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
Premium IP:Virtual Leased Line service
UK
DE
NREN Janet
DFN
AS20965
GÉANT backbone
AS786
AS680
A
B
RegionalNetwork
RegionalNetwork
SE
FR•Premium IP packets are tagged with DSCP code =46•Rate Limitation is applied per aggregate on the NREN’s access, based on the total demanded bandwidth towards the destination.•Admission Control is made manually based on the Sum of bandwidth already booked on the destination access.
Rate limitation is applied on the NREN access
streams < 5 % of the BW access
6
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
Commodity IP Service
• The Commodity IP transit service provides transit to the general internet for the NRENs which requests it.
• GÉANT will be connected to Global Crossing and KPNQwest in eight locations– (Frankfurt, Geneva, Milan and Stockholm for
Global Crossing; London, Paris, Prague and Vienna for KPNQwest)
7
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
CIP usage and committed BW
GÉANTAS20965
Third party providerEuropean Distributed Access
Commodity Internet Access
Poland
NREN2
JANET
NREN4
UKSE
... ...
8
DSCP=32
XXXMbps
Rate limitation on NREN outgoing interface to the committed BW + WRED configured to drop preferentially BE in case of Congestion.
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
VPN Service
• The customers of the Managed Bandwidth Service from TEN-155 were using this service for the guaranteed BW and for the ability to have VPN layer 2 VPNs (ATM VPs or PVCs)
• Thus we are studying the possibility of provisioning of VPNs layer 2 with MPLS.
• In a first phase we’ll deliver layer 2 tunnels to NRENs access.
• We’ll be in production in May9
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
LSPs
Shared media access (up to STM16 POS)
DLCI Production traffic access
Dedicated accessSTMxx to STM16 POS
EncapsulationLayer2 <-> MPLS
NREN’s access router
GÉANT’s router
In the core
MPLS traffic
IPV4 traffic
DLCI Virtual Lab access
NREN B
NREN A NREN C
GÉANT backbone
Dedicated access (up to STM16 POS) NREN’s test router
Example of Virtual platform
10
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected]) 11
What is DANCERT?
• DANTE’s Computer Emergency Response Team
• Responsible for defining and implementing DANTE security policies
• Providing security alert and investigation assistance
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected]) 12
What does DANCERT cover?• Security of network elements on DANTE networks-
GEANT, GTREN, DWS• DoS, resource and service protection of DANTE networks
and those of NRN’s.– Proactively through rate limiting and anti-spoofing measures– Reactively through DoS tools applying filters and helping
report and investigate attacks.
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
What does DANCERT cover?
• Investigating new services and their subsequent security implications.• Assistance in investigating security incidents such as,
– Hacking– Port Scanning– Spam reports
13
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
DANCERT Contact Details
• [email protected]• [email protected]• [email protected]
14
EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé ([email protected])
FR
UK
IT
AT
DE
SE
GR
CH
NL
ColtDeutche TelekomTeliaTunneledNordic
• Native STM-1line to Greece under negotiation
• International IPv6 connectivity provided by partners including DANTE to NACSIS
Planned Y1 6NET topology
Testbed for activities using/supporting native IPv615