Date post: | 15-Dec-2015 |
Category: |
Documents |
Upload: | brenden-coulson |
View: | 213 times |
Download: | 1 times |
Mohit Chamania, 16/06/2014
Architecting the Open Source PCEA Service Oriented Approach
© 2014 ADVA Optical Networking. All rights reserved. Confidential.22
Outline
• Identify the different frameworks and deployment scenarios for path computation functions
• Outline the requirements for an open-source PCE that can be employed in diverse network deployments
• Extend the open source PCE architecture to incorporate the same
© 2014 ADVA Optical Networking. All rights reserved. Confidential.33
• Vendors / Carriers • Control Plane (GMPLS) • Network Management Systems (NMS) • Network Hypervisors / Orchestrators (SDN)• ABNO architecture
• Infrastructure Providers • Cloud operators• Virtual Network Providers
• Organizations• Research GEANT, Internet2, GLIF• Large Enterprises
• Others
Applications Employing Path Computation
© 2014 ADVA Optical Networking. All rights reserved. Confidential.44
Applications Employing Path Computation
Vendors/Carriers
Technology Scale Requirements ProtocolsControl Plane 100s NEs Low latency
Low Processing overheadAccess control
Topology: OSPF, OSPF-TEPath as a sequence of hops/interfaces and labelsPCEP
NMS ~ 10000 NEs Authentication and Authorization (AA) (RADIUS / DIAMETER)Scalability with network size
Topology: MTNM, ITU-T, custom standardsPath as a TrailCustom APIs / PCEP
SDN N.A. Integration with different controllersPath definitions focused on NE configurations
Topology: Implementation specific representation Path as a sequence of cross connects PCEP and Others
© 2014 ADVA Optical Networking. All rights reserved. Confidential.55
• Control plane deployments• PCE instances integrated in network element controllers• Low processing overhead to reduce cost overheads• Fast computation (10’s of milliseconds) for services like restoration
Control Plane Deployments
Path Computation• Shortest Path
• Kth Shortest Path
• Constrained Shortest Path
Signaling• RSVP (reservations)
• RSVP-TE (tunnel LSP setup)
• GMPLS-RSVP (optical extensions)
Routing• OSPF (reachability)
• OSPF-TE (traffic engineering)
• GMPLS-OSPF (optical extensions)
© 2014 ADVA Optical Networking. All rights reserved. Confidential.66
SDN Deployments
© 2014 ADVA Optical Networking. All rights reserved. Confidential.77
Applications Employing Path Computation
Others
Technology Scale Requirements ProtocolsCloud / VNO Multi-domain
scopeLarge-user base (AA) with Web Auth Standards (OpenID, OAuth, SAML)Multi-view topology and path computation support
Control: OpenStack, Custom implementationsCoordination with other domain controllersCustom topology representation and multi-domain path computation
Research Networks
10s-100s of NEs Large user-base (AA) Custom authentication / Web Auth StandardsExperimentation with path computation algorithms
Topology: custom topology definitions Implementation specific path representation and computation APIs
© 2014 ADVA Optical Networking. All rights reserved. Confidential.88
• Protocol Support • Not all approaches will support PCEP• Support for pluggable protocol modules to ease integration
• Authentication and Authorization• Support for basic Access control• Authentication and Authorization proxy to access topology and path computation functions • Pluggable authentication modules to support different AA mechanisms
• Algorithm support and Scaling• Pluggable path computation functions to access network topology• Horizontal scaling to achieve efficiency in terms of number of requests• Low latency for specific demands (e.g. in wireless mesh networks, restoration computation)
• Topology (TED) • Multiple representations of topology may be required • Different mechanisms to update the topology • Topology visibility linked to access rights of the user
Requirements on PCE
© 2014 ADVA Optical Networking. All rights reserved. Confidential.99
• Open Source PCE implementation (www.opensourcepce.org)• First open-source PCE developed based on IETF standards• Designed for extensibility in terms of
• PCEP Protocol Extensions • Path Computation Algorithms• Path Computation State machines
• Features include asynchronous network I/O, passive state machines, topology updates, hierarchical and multi-layer PCE
• 18,000 lines of code
• Application in EU research projects • ONE for supporting coordinated multi-layer path computation • GEYSERS for joint computation of IT+Network resources• PACE which will pursue standardization, architecture and implementation
Open Source PCE
M. Chamania, M. Drogon, A. Jukan, "An Open-Source Path Computation Element (PCE) Emulator: Design, Implementation, and Performance," IEEE Journal of Lightwave Technology, vol.30, no.4, pp.414,426, Feb.15, 2012
© 2014 ADVA Optical Networking. All rights reserved. Confidential.1010
• Socket management, access control
• Asynchronous Network I/O
Open Source PCE ArchitectureM
od
ule
Man
ag
em
ent
Network Module
• PCEP Session Management (Session state machine)
• Message routing within the PCESession Module
• Thread Pools to perform path computation
• Integrated TED with topology update interfaces
Computation Module TED
© 2014 ADVA Optical Networking. All rights reserved. Confidential.1111
• Protocol Support • Not all approaches will support PCEP• Support for pluggable protocol modules to ease integration
• Authentication and Authorization• Support for basic Access control• Authentication and Authorization proxy to access topology and path computation functions • Pluggable authentication modules to support different AA mechanisms
• Algorithm support and Scaling• Pluggable path computation functions to access network topology• Horizontal scaling to achieve efficiency in terms of number of requests• Low latency for specific demands (e.g. in wireless mesh networks, restoration computation)
• Topology (TED) • Multiple representations of topology may be required • Different mechanisms to update the topology • Topology visibility linked to access rights of the user
Requirements on PCE
© 2014 ADVA Optical Networking. All rights reserved. Confidential.1212
• Pluggable protocol modules (PPM) to support multiple protocols
Service Oriented PCE architectureM
od
ule
Man
ag
em
ent
Network Module
Session Module
Computation Module TED
Session Module
PPM
Network Module
PCEP Session Management
© 2014 ADVA Optical Networking. All rights reserved. Confidential.1313
• PPMs are responsible for protocol specific features of path computation
• PPMs also implement access control features if any
Service Oriented PCE Architecture
Session Module
PPM
Network Module
PCEP Session Management
PPM PPM PPM
© 2014 ADVA Optical Networking. All rights reserved. Confidential.1414
• PPMs are responsible for protocol specific features of path computation
• PPMs also implement access control features if any
• Requests to session module are forwarded with • Path Request parameters• Topology view requested• Computation constraints
• Choice of algorithms• Computation latency
• Authorization credentials• Callback URI
Service Oriented PCE Architecture
PPM SM
Request for Path Computation
OK (Session ID)
Response (Session ID)
© 2014 ADVA Optical Networking. All rights reserved. Confidential.1515
• Protocol Support • Not all approaches will support PCEP• Support for pluggable protocol modules to ease integration
• Authentication and Authorization• Support for basic Access control• Authentication and Authorization proxy to access topology and path computation
functions • Pluggable authentication modules to support different AA mechanisms
• Algorithm support and Scaling• Pluggable path computation functions to access network topology• Horizontal scaling to achieve efficiency in terms of number of requests• Low latency for specific demands (e.g. in wireless mesh networks, restoration computation)
• Topology (TED) • Multiple representations of topology may be required • Different mechanisms to update the topology • Topology visibility linked to access rights of the user
Requirements on PCE
© 2014 ADVA Optical Networking. All rights reserved. Confidential.1616
• Aim to leverage existing mechanisms for AA
• Internal AA design build around the SAML/OAuth/OpenID approach• User – (Entity requesting the service)• Identity Provider – (AA service employed)• Service Provider – (PCE)
• Authentication and identity is managed by external entity• User identifies the authentication mechanism • PCE requests a authorization token from the Identity Provider• User authenticates with the identity provider to authorize the session• PCE uses the authorized token to access authorization functions
Authentication and Authorization Support
© 2014 ADVA Optical Networking. All rights reserved. Confidential.1717
Authentication and Authorization Support
User
PPMRequest • Auth Type• Credentials
(Optional)
Authentication Proxy
AM AM AM AM
Identity
Provider
Request Authorized Token
Request Authorized Token
Authorized Token
Authorized Token
Session Module
Request with Authorization Credentials
© 2014 ADVA Optical Networking. All rights reserved. Confidential.1818
• Authorization of token may involve communication between the user and the identity provider
• Removes the necessity of the user providing actual credentials (e.g. password) to the PCE
• Authorization credentials include the session token
Authentication and Authorization Support
User PCE IP
Request with Auth Type
Session Token request Application Credentials (key/secret)
Authorization OK
Session Token (key/secret)
Session Token (Key)
Authorize session (Session Token, user credentials)
© 2014 ADVA Optical Networking. All rights reserved. Confidential.1919
• Authorization profile stored in the identity provider or locally in the AM
• For authorization, Session Token is verified with the IP, and user roles are provided to authentication proxy
• Based on user roles, decisions on operations to be allowed is made by the session module
Authentication and Authorization Support
Session Module
AM
Identity
Provider
Authentication Proxy
Auth Credentials
Application Credentials Session
Token
User Roles
© 2014 ADVA Optical Networking. All rights reserved. Confidential.2020
• Protocol Support • Not all approaches will support PCEP• Support for pluggable protocol modules to ease integration
• Authentication and Authorization• Support for basic Access control• Authentication and Authorization proxy to access topology and path computation functions • Pluggable authentication modules to support different AA mechanisms
• Algorithm support and Scaling• Pluggable path computation functions to access network topology• Horizontal scaling to achieve efficiency in terms of number of requests• Low latency for specific demands (e.g. in wireless mesh networks, restoration
computation)
• Topology (TED) • Multiple representations of topology may be required • Different mechanisms to update the topology • Topology visibility linked to access rights of the user
Requirements on PCE
© 2014 ADVA Optical Networking. All rights reserved. Confidential.2121
• Computation module supporting a specific algorithm should be an autonomous process • Developed in any programming language• One or more processes spread across multiple machines for scaling
• HTTP based APIs for path computation request• Extensive support across multiple programming languages
• Message Queue architectures for managing forwarding of requests to corresponding computation modules
Algorithm Support and Scaling
© 2014 ADVA Optical Networking. All rights reserved. Confidential.2222
Message Queue Based Algorithm integration
Session Module
Message Queue
Computation Module
Computation Module
Multiple instances reading
from the same queue can enable
load balancing
© 2014 ADVA Optical Networking. All rights reserved. Confidential.2323
• Communication between the Session module and Computation module is asynchronous
• Message queues can also support publish/subscribe models, so multiple computation modules can receive the same request
• Useful in case latency demands drive the use of different algorithms computing the same request
Service Oriented PCE Architecture
SM MQ CM
Computation Request
Callback URI
Computation Request
Callback URI
Computation Response to URI
Request Received
© 2014 ADVA Optical Networking. All rights reserved. Confidential.2424
• Protocol Support • Not all approaches will support PCEP• Support for pluggable protocol modules to ease integration
• Authentication and Authorization• Support for basic Access control• Authentication and Authorization proxy to access topology and path computation functions • Pluggable authentication modules to support different AA mechanisms
• Algorithm support and Scaling• Pluggable path computation functions to access network topology• Horizontal scaling to achieve efficiency in terms of number of requests• Low latency for specific demands (e.g. in wireless mesh networks, restoration computation)
• Topology (TED) • Multiple representations of topology may be required • Different mechanisms to update the topology • Topology visibility linked to access rights of the user
Requirements on PCE
© 2014 ADVA Optical Networking. All rights reserved. Confidential.2525
• A single “view” of the topology is not sufficient for operating across different network environments
• The PCE topology database should be 1 (or more) “models” supporting different views, with corresponding APIs to manage export/update
Topology Management
PCE Topology
TEDGMPLS View
ITU-T View
MTNM View
Topology Update (Control plane)
Topology Request (NMS)
© 2014 ADVA Optical Networking. All rights reserved. Confidential.2626
• A single central database manages the complete topology
• Each computation module may maintain their own topology• Initialization using a snapshot from the topology database• Topology Database publishes updates (for each view)
Topology Management
PCE Topology
TEDGMPLS View
ITU-T View
MTNM View
Messa
ge Q
ueue
Computation Module
Computation Module
Computation Module
© 2014 ADVA Optical Networking. All rights reserved. Confidential.2727
• Topology views are also subject to authorization • Users may see limited parts of the topology only• Use of authorization credentials to determine what elements of
topology are visible to the user
• Computed paths can also be stored in the topology as an accessible resource• Necessary for features such as virtual tunnels, path-key for inter-
domain computation • Users can have limited view of the path (only endpoints and
properties) and use it for multi-domain path computation
Topology Management
© 2014 ADVA Optical Networking. All rights reserved. Confidential.2828
• Numerous standards and frameworks targeting different network deployments are going to co-exist
• Critical features identified for extending the open-source PCE• Topology Management and export• Authentication and Authorization capabilities• Algorithm extensibility
• Service oriented approach to open-source PCE• Cross-platform support • Employ mechanisms and architectures already in place• Reduce overhead for other contributors
Conclusions
Thank You
IMPORTANT NOTICE
The content of this presentation is strictly confidential. ADVA Optical Networking is the exclusive owner or licensee of the content, material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited.
The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA Optical Networking shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation.
Copyright © for the entire content of this presentation: ADVA Optical Networking.