Multi Domain Federation Experience and consideration onnext challenges

Mauro CampanellaGARR

FIRE – GENI collaboration workshop17-18 Sep 2015 Washington

Multidomain Service experienceSeen from a production network point of view (GÉANT and GARR), with the eye of a FIRE participant.

Effort on MD services in GÉANT started in the GN2 project about 10 years ago on:- Bandwidth on Demand (end to end multidomain

circuit provisioning). Excellent collaboration with Internet 2 and ESnet (which offer AL2S and OSCARS)

- perfSONAR (multidomain monitoring), an architecture based on distributed probes,an archive and a domain manager.

An effort still ongoing with I2. Used byresearch communities.

FIRE-GENI Washington 18 Sep 2015Mauro Campanella

2

Multidomain Service experienceWhat went well Separation of the intra and inter domain control

component Non proprietary reservation system with open

interfaces Independency from specific transmission

technology (SDH, Ethernet, Infiniband, ...) Creation of technology and control system SW

proxies (more than an API) Simple network description language Network abstraction (for BoD, path computation and

preferred topology exposure) Partially distributed intelligence (probes in

perfSONAR) Peer to peer model in BoD and the concept of

"supportive" domain FIRE-GENI Washington 18 Sep 2015Mauro Campanella

3

Multidomain Service experienceWhat made things difficult : Lack of standards (for BoD at that time) implying a

whole system had to be built Complex software development The quest for being too general in the solution Need for ad-hoc system installation and

maintenance, no simple support in network equipment (need proxies)

AAI and Security fully developed at a later stage perfSONAR was engineered on the hypothesis that

monitoring data collected in each domain can be stitched to provide a reliable end-to end measurement. Turned out a e2e measurements with (virtual) probes at each end are much simpler and effective.

FIRE-GENI Washington 18 Sep 2015Mauro Campanella

4

The ICT landscape evolution

- MPLS, BGP protocol extensions for multidomain transport, carrier grade

- IP (packets) and Ethernet are the standard data transport element (plus some Infiniband for data centers)

- Virtualization and orchestration are standard tools (Openstack)

- Software for everything

FIRE-GENI Washington 18 Sep 2015Mauro Campanella

5

Multidomain VPN service (MD VPN)GÉANT is deploying a circuit provisioning service based on the extension of BGP and MPLS for label carrying.

GÉANT has been configured as a "Carrier of Carriers", an interprovider VPN solution, built upon the following standards:

- RFC 3107, Carrying Label Information in BGP-4- RFC 4364, BGP/MPLS IP Virtual Private Networks (VPNs)- RFC 5601, Pseudowire (PW) Management Information

Base (MIB)- RFC 5603, Ethernet Pseudowire Management Information

Base- RFC 6368, Internal BGP as the Provider/Customer Edge

Protocol for BGP/MPLS IP Virtual Private Networks (VPNs).

Simple to configure for the domains, supported by all major HW vendors, 'all' types of VPNsFIRE-GENI Washington 18 Sep 2015

Mauro Campanella

6

Multidomain VPN service (MD VPN)

FIRE-GENI Washington 18 Sep 2015Mauro Campanella

7

L2 VPN

IP/MPLS, BGP are theenabling technologies

L3 VPN

ONOS demo at SIGCOMM (Aug 2015)

FIRE-GENI Washington 18 Sep 2015Mauro Campanella

8

MD challengesTrust and Identity, Policies, cost

- More sophisticated policies, cost definition and management, inside and between domains (including Identity, attributes, quotas).

- Develop more non web-based AAI- Balance between fine grained, on demand and

predefined 'trust' catch-all rules (even full trust, a 'flat fee' policy)

Software-ization- From technology protocols to sophisticated

rules/policies at all network layers (including Trust and Identity)

Cybersecurity - To be embedded in the rules/policies effort and

more (what o do in case of DDoS e.g.)FIRE-GENI Washington 18 Sep 2015

Mauro Campanella

9

MD challengesResource description language

- A further step towards a full ontology. The language should be simple, scriptable, contain AAI and cost hooks

Monitoring- Provider view versus User view, identification of

relationship between virtual and physical resources, identification of ownership

For commercial providers (network and clouds) the interest in developing multidomain services and

resource sharing is probably quite low. Just capacity brokering.

For Research and Education, an open, secure, inter domain communication (for services, resources,

information sharing,...) is key instead and probably for smart cities too.

FIRE-GENI Washington 18 Sep 2015Mauro Campanella

10