Jeronimo Bezerra Florida Interna1onal University
Internet2 Global Summit 2015 April 27th
Network Testbeds at AmLight: Eight Months Later
Describing AmLight Distributed Academic Exchange Point composed by 4 x 10G links arranged in two topologies : • SDN ring: Miami-‐Brazil-‐Chile-‐Miami
– 20 Gbps of total capacity – Full Openflow 1.0 and network virtualiza1on
support – By Aug: + 100Gbps link between Miami and
Brazil
• MPLS ring: Miami-‐Brazil-‐Miami – 20 Gbps of total capacity – Layer 2 support
• Mutual redundancy
140 Gbps
2
Network Testbeds at AmLight SDN (1/2)
Network Testbeds offered through Network Slices: • Network Slices:
• Defined by a set of Interfaces and VLANs • Each Slice has its own Openflow Controller • Different Topologies Available
• How does AmLight support slices? • Internet2 Flow Space Firewall (FSF) is being used to create slices • FSF talks OpenFlow 1.0 to controller and network devices • Provides isola\on between slices • Filters OpenFlow messages based on Interfaces and VLANs • Support filters: # of flows inserted and flows inserted per second. • Supports a high # of parallel slices
3
Describing AmLight SDN (2/2)
4
NSI
AmLight’sNRENs
FIBRESDN-IPONOS
SouthernLightAmpath2
Virtualization/Slices (FlowSpace Firewall)
Ampath1Andes1
Phys
ical
Lay
erSo
uthb
ound
API
:O
penF
low
1.0
Nor
thbo
und:
Use
rs’ A
PIs
NOX
IDCP
Other NRENs
NOX
OpenNSA
OESS
OSCARS
OESS
Andes2
Univ.Twente
ONOS Internet2
Other Testbeds
Programmability @ AmLight SDN
OpenFlow (currently 1.0) • Dedicated slices/Dedicated VLAN
range • Different virtual topologies available • Layer 2 and 3 matches • Low level configura\on
NSI v2 – Network Service Interface • High level abstrac\on for layer 2 mul\-‐domain
provisioning • No need to know the topology and physical
devices/configura\ons • Layer 2 circuit provided as a service: easier to
isolate from produc\on traffic
Two possible interfaces to use AmLight SDN offered to users and researchers:
5
Who is using AmLight SDN? Current Testbeds (1/2)
• Interconnec1ng Testbed’s Islands with OpenFlow – In partnership with RNP, a FIBRE testbed island was installed at AMPATH – More than 300 VLANs required between islands (hard to provision) – AmLight SDN slicing capability in use to interconnect islands na\vely
• NSI tes1ng deployment – AmLight uses OpenNSA for NSI inter-‐domain communica\on – OpenNSA is a soeware agent of NSI protocol developed by Nordu.Net – OpenNSA doesn’t support Openflow as backend for network configura\on – AmLight has developed their own backend to integrate with the SDN network – As this code and the NSI protocol are new, a separated slice was created to avoid
impact to the produc\on traffic – Using the real network but in a dedicated slice with no impact for produc\on
6
Who is using AmLight SDN? Current Testbeds (2/2)
• Tes1ng new controllers and applica1ons in a separated slice – New controllers and applica\ons can be easily added for tests (ONOS, Vyaia, etc.) – Two orchestrators in place at the same \me with no overlapping
• OpenFlow Sta1s1cs Valida1on – PhD study at the University of Twente, The Netherlands – OpenFlow Sta\s\cs showed bad values coming from some OpenFlow switches – A partnership was created to evaluate AmLight switches – The work is all being done remotely – Fundamental for load-‐balancing applica\ons in the future (big data applica\ons)
• Demonstra1ons – Internet2 Mul\-‐Domain Slices (Oct 2014 I2 Tech Exchange Mee\ng)
• How mul\ple slices from different networks could look like one single slice? • We showed this was possible and easy to manage
– Internet2 Inter-‐Domain IP connec\ons (Apr 2015 I2 Global Summit) • How to interconnect SDN islands using IP?
7
Process to Add a Slice at AmLight
• Testbeds and produc2on traffic share the same network infrastructure!
• A process was created to handle slice requests: 1. User requests a slice through any channel (e-‐mail, phone, talk, etc.); 2. User provides info about his expecta\ons and requirements; 3. AmLight provides a slice and servers in the tes2ng environment for evalua\on:
a. User’s Applica\on is tested with the same produc\on devices and FSFW b. Joint work between AmLight Engineers and User
4. Once is “safe”, both AmLight and User will manage the applica\on in the produc\on network: a. Risky but less manpower required
8
Eight Months Later: Lessons Learned
Researchers expecta\ons:
9
AmLight possibili\es:
Main Challenge Today is to Balance Expecta1ons! We should avoid more obstacles to researchers!
Each new Network Testbed is a new challenge: new apps, new methodology and always complex!
“Need” full access to everything! Requires a lot of singulari\es:
Untagged VLANs, Reac\ve Openflow Mode, Specific Ac\ons, Specific Matches, Direct Access to the Openflow devices, …
It’s a Shared Environment! Complexity involved for “big” changes:
Proac\ve Mode, Untagged VLAN, etc.
Future Challenges
• How to scale and support high # of parallel network testbeds?
• How to manage testbeds in a produc\on network?
• While we learning, new testbeds need to be implemented: SDX
• How to migrate network devices between OF versions?
10
FIBRE & AmLight SDN: Use Case
11