The UniNet Express Lane Services

Transcription

1 The UniNet Express Lane Services Assoc. Prof. Vara Varavithya and Peeranon Wattanapong KMUTNB 1

2 Contents Introduction Problems Motivation Body of Knowledge Contributions Software-Defined Networks Research DMZ Grid Security Infrastructure!2

3 Express Lane Services The objectives Architecture Process Operation Performance Contents Development on Research DMZ REST APIs Globus GridFTP Data Transfer Nodes with 10 Gbps Bandwidth GSI-enabled ExLane services via SDN packets Conclusions Future work!3

4 Problems Overlay Network Traditional Network Site A Big Data Site B!4

5 Motivation User Requirements: high bandwidth, low latency Research and Education Network (RENs): UniNet in Thailand Provide crucial infrastructure for conducting high quality research and education Several network techniques exists Resource reservations, dedicated networks, overlay networks and virtual networks!5

6 Body of Knowledge National Research and Education Networks (e.g. ESnet, Internet2, APAN, TEIN4) Today s Internet Infrastructures in campus Thai REN (UniNet) services MPLS, L2-VPN (VPLS), L3-VPN Science DMZ Research DMZ Software-Defined Network NetFPGA 1G!6

7 Body of Knowledge Express Lane services Usage Policy Web Application Testbeds Grid Security Infrastructure Proxy Credential (Certificate + Private key) Public Key Cryptography MyProxy!7

8 Contributions REST APIs on Express Lane services Globus GridFTP service on Express Lane services Data Transfer Nodes with 10 Gbps Bandwidth GSI-enabled ExLane services with SDN packets!8

9 Software-Defined Networks: Concepts Directly programmable Control plane Agile: dynamically adjust network-wide traffic flow Centrally managed OpenFlow Programmatically configured Open standards-based and vendor-neutral Data plane 9

10 Software-Defined Networks: Concepts Proactive application Internal application External events Proactive application REST calls OSGi App App App Controller ODL / MD-SAL Device External application Reactive application Controller App App App External events Proactive application Packet listener Actions flows OSGi REST calls Device ODL / MD-SAL 10

11 Research DMZ Border Router Enterprise Border Router/Firewall WAN perfsonar High-bandwidth to/from WAN Dedicated path for virtual circuit traffic Site/Campus Access to Science DMZ resources Science DMZ Switch/Router Site / Campus LAN High performance Data Transfer Node With high-speed storage Per-service Security policy control points!11 Site / Campus LAN perfsonar

12 Research DMZ campus UniNet DMZ Application Server SDNCtr_Node campus campus UniNet_L2VPN_X to UniNet_L2VPN_X to UniNet uninet_dmz SDN_Node Internal VLAN campus campus uninet_intra_dmz Research DMZ Concept!12

13 Grid Security Infrastructure Credential Certificate + Private Key Certificate Authority: SimpleCA Subject: Peeranon Wattanapong Issuer s name (CA): SimpleCA Issuer s Signature Owner s public key MyProxy Access Obtain Certificate Store Proxy Retrieve Proxy User Grid Certificate Authority User MyProxy Server!13 User Access

14 Express Lane Services Provide high speed on-demand service for REN institutes using SDN and L2-VPN Implemented on UniNet: an overlay network for REN Provide requesting services via website Support REST APIs Performance monitoring: perfsonar!14

15 The Objectives Enabling researchers from different institutes to collaborate Transferring data from desk-to-desk at high data rate Flexibility in management Facilitate to request service 15

16 Express Lane Services: Architecture Globus-GridFTP Globus-GRAM5 User Local Network User Globus-GSI Myproxy-server Ubuntu Globus Server DMZ Firewall SDN SW SDN Overlay Network UniNet RYU Controller RYU Controller Python 2.7 Ubuntu Openflow 1.0 protocol Openflow-Switch.bit NetFPGA Fedora 13 ExpressLane Service SDN SW Firewall Globus-GridFTP Globus-GRAM5 DMZ Myproxy Ubuntu Globus Client User Local Network Globus Service ExpressLane App Nagios XI Node Mailer Node JS MySQL Ubuntu User!16

17 Express Lane Services: Architecture RMUTSB Research DMZ BSE Research DMZ RMUTT RMUTT Research DMZ 77 km DTN DTN RMUTSB 12 km 26 km DTN BSE 9 km 3 km PYT1 PYT1 Research DMZ DTN SLA PYT2 450 km KKU SLA Research DMZ PYT2 Research DMZ KKU Research DMZ DTN DTN DTN Geographically distributed of 7 Sites installation!17

18 Express Lane Services: Process Operation END_TIME START_TIME DST_IP SRC_MAC DST_MAC SRC_IP Request END_TIME START_TIME DST_IP SRC_MAC DST_MAC SRC_IP Write END_TIME START_TIME DST_IP SRC_MAC DST_MAC SRC_IP Read Database Application Server Approved Service Table Active Service Table OpenFlow Switch BSE OpenFlow Switch PYT1 OpenFlow Switch PYT2 OpenFlow Switch SLA OpenFlow Switch RMUTSB OpenFlow Switch RMUTT OpenFlow Switch KKU RYU Controller DST_IP SRC_IP Accept!18

19 Express Lane Services: User Interface!19

20 Time (ms) On-service testing using ping and iperf Testing between SLA and KKU nodes Duration: 8-12 AM Express Lane Services: Request Service SLA - KKU [Start_Time - End_Time] User A: [08 AM - 12 AM] Unreachable Unreachable 04 AM 08 AM 12 AM 02 PM Performance Throughput (Mbps) Request Service SLA - KKU [Start_Time - End_Time] User A: [08 AM - 12 AM] 04 AM 08 AM 12 AM 02 PM!20

21 Express Lane Services: Performance Transfer 10 GB file using SFTP Average bandwidth about 300 Mbps Bandwidth (Mbps) PYT1 PYT2 BSE SLA RMUTT RMUTSB KKU PYT1 PYT2 BSE SLA RMUTT RMUTSB KKU!21

22 Development on Research DMZ: REST APIs 22

23 Development on Research DMZ: REST APIs [1] Profiles [3] Node Status [4] User Services All [5] User Services State [6] User Services History [7] Services Requested User Management [2] Reset Password [10] User Request List [11] User Request Accept [12] User Edit [13] User Delete [8] Services Approved Service Management REST APIs [14] User All List [9] Services Activated [15] User Access Logs [17] Access REST Logs [16] User Sign Up [18] Services Add [19] Services Edit [20] Services Delete Globus Service [22] Globus Add Service [23] Globus My Requested [24] Globus History Logs [21] Services Accept 23

24 Development on Research DMZ: Globus GridFTP BSE Node UniNet MPLS Service RMUTSB Node Globus Server Globus Client 24

25 Globus GridFTP: User Interface!25

26 Globus GridFTP: Performance Testing Using FTP, SFTP and GridFTP Single-port GridFTP Bandwidth (Mbps) FTP SFTP GridFTP 1 GB 10 GB 100 GB File Size!26

27 Development on Research DMZ: DTN with 10 Gbps Bandwidth Traffic Shaper Firewall Edge Router UniNet MPLS Services Edge Router Firewall Traffic Shaper Main Switch Computer Center BSE Faculty of Engineering Main Switch Computer Center RMUTT Department of Computer Engineering 27

28 DTN with 10 Gbps Bandwidth: Campus Internal Connectivity LC FC FC FC FC ST LC SC Computer Center bldg. 84 Faculty of Engineering bldg. 81 Computer Center BSE UniNet s Router SC FC ST FC FC LC UniNet s Router Computer Center RMUTT Department of Computer Engineering Host@RMUTT 28

29 DTN with 10 Gbps Bandwidth: Performance Testing ต อตรง ต อผ านเคร อข าย UniNet 29

30 DTN with 10 Gbps Bandwidth: Performance Testing 30

31 DTN with 10 Gbps Bandwidth: Performance Testing 31

32 DTN with 10 Gbps Bandwidth: Performance Testing 32

33 Development on Research DMZ: GSI-enabled ExLane services via SDN packets RYU Controller OFS 1 OFS 2 Host 1 Retrieve Proxy Retrieve Proxy Host 2 33 MyProxy Server

34 GSI-enabled ExLane services via SDN packets: Tri-Key Packet Encryption Command myproxy-logon -s elephant.globus.org Return a proxy certificate, private key and rest of cert. C1 C2 E PVH1 [ Host 1 Host 2 Start Time End Time Time Stamp [ [ E PVProxy Host 1 Host 2 Start Time End Time Time Stamp Public key 1 Public key 2 Public key Ctr [ C3

35 GSI-enabled ExLane services via SDN packets: Tri-Key Tunnel Packet Header C1 C2 C3 Proxy Certificate Access Certificate GSI Certificate Time Session Life Time

36 GSI-enabled ExLane services via SDN packets: Argus Argus Authorization Service Renders consistent authorization decisions for distributed services (e.g., user interfaces, portals, computing elements, storage elements) Based on the XACML standard Uses authorization policies To allowed or denied a user to perform an action

37 GSI-enabled ExLane services Argus Authorization Service via SDN packets: Argus X perform action Y on resource Z Attribute-based system pepcli --pepd! --resourceid " --actionid " -- certchain CERT_PATH ID Datatype Value subject-id string peeranon org string KMUTNB affiliation string student vo string CU, KU ID Datatype Value action-id string submit-job pilot-job boolean FALSE executable string /usr/bin/myexec duration integer 10

38 GSI-enabled ExLane services via SDN packets: Software Architecture UDP Server.py UDP Client.py RYU Controller MyProxyClient Mininet Python 2.7 Myproxy-server XTERM XTERM Ubuntu Centos 6.8 Host 1 Host 2 RYU MyProxy Controller Server 38

39 GSI-enabled ExLane services via SDN packets: Process Operation 3 RYU Controller OFS 1 4 OFS Host 1 Retrieve Proxy 1 Retrieve Proxy Host 2 MyProxy Server 39

40 GSI-enabled ExLane services via SDN packets: Functional Testing 40

41 GSI-enabled ExLane services via SDN packets: Functional Testing 41

42 GSI-enabled ExLane services via SDN packets: Functional Testing 42

43 Conclusions KKU RMUTT Research DMZ Express Lane services provide premium network BSE Research DMZ Research DMZ services for researchers in a certain period of time DTN RMUTSB Research DMZ 900 Mbps DTN DTN 7 nodes deployment in the UniNet UniNet MPLS Services DTN PYT1 Research DMZ Desk-to-Desk data transferring can achieve up to DTN SLA Research DMZ PYT2 Research DMZ UniNet can launch this service to the research community DTN!43 DTN

44 Future Work RMUTT Research DMZ KKU Research DMZ BSE Research DMZ Improve core functions for more efficiency and stability DTN Create more services for RENs DTN DTN Variety communication access using REST APIs RMUTSB Research DMZ DTN SLA Research DMZ UniNet MPLS Services Experiment more the research DMZ testbed Integrate Tri-Key Cert. and Argus with SDN Publish to the research community PYT2 Research DMZ PYT1 Research DMZ DTN DTN!44 DTN

45 Question & Answer!45

46 Thank you for your attention.!46