Results from the EARNEST Technical Study

Similar documents
Technical Sub-Study Areas

New trends in Identity Management

National R&E Networks: Engines for innovation in research

Unfortunately it was not possible to have people from GRID, so the scenario described in this reports is not complete.

AA Developers Meeting

JRA5: Roaming and Authorisation

TERENA, the NRENs, GÉANT & promoting Campus Best Practice

Project Vision and Mission

Integrating Federations in the International Grid Trust Fabric

GN2 JRA5: Roaming and Authorisation - recent results

Introduction to FEDERICA

FEDERICA Federated E-infrastructure Dedicated to European Researchers Innovating in Computing network Architectures

Solving End-to-End connectivity with GMPLS

Optical Networking Activities in NetherLight

The adoption of cloud services

SURFnet network developments 10th E-VLBI workshop 15 Nov Wouter Huisman SURFnet

GN2 JRA5: Roaming and Authorisation

The AAF - Supporting Greener Collaboration

GN3 PROJECT. Karel Vietsch, TERENA GN3/NA3/T4 Campuses Best Practice meeting, Trondheim, May connect communicate collaborate

Greek Research and Technology Network. Authentication & Authorization Infrastructure. Faidon Liambotis. grnet

eduroam und andere Themen in GN2-JRA5

Victoriano Giralt welcomed the participants on behalf of the University of Malaga. Introduction and ECAM announcement (Diego Lopez)

Network Virtualization for Future Internet Research

GÉANT : e-infrastructure connectivity for the data deluge

Introducing Shibboleth. Sebastian Rieger

The New Infrastructure Virtualization Paradigm, What Does it Mean for Campus?

PoS(11th EVN Symposium)112

IPv6 Deployment in European National Research and Education Networks (NRENs)

Abilene: An Internet2 Backbone Network

Functional Requirements for Grid Oriented Optical Networks

GÉANT Open Service Description. High Performance Interconnectivity to Support Advanced Research

Future Internet Experiments over National Research & Education Networks: The Use Cases of FEDERICA & NOVI over European NRENs - GÉANT

Introduction to Identity Management Systems

Mobility Workshop TERENA, Amsterdam March 06, Meeting report by: Licia FLORIO, TERENA March 12, Participants List

Federated E-infrastructure Dedicated to European Researchers Innovating in Computing network Architectures

GÉANT Support for Research Within and Beyond Europe

GÉANT: Supporting R&E Collaboration

education federation CUC 2005, Dubrovnik High-quality Internet for higher education and research

RESEARCH NETWORKS & THEIR ROLE IN e-infrastructures

ORCID UPDATE. JISC Workshop, 16 June 2017

AutoBAHN Provisioning guaranteed capacity circuits across networks

TERENA TF-ECS Activity 2 Overview of national activities and deployments

Connectivity Services, Autobahn and New Services

GÉANT perspective of Virtual Networks and Implementation

Next Generation Broadband Networks

IST MUPBED: Multi-Partner European Test Network for Research Networking

Wireless access for Oxford University Staff on Oxfordshire NHS sites

The JANET Certificate Service

Next-Generation Identity Federations. Andreas Åkre Solberg

Liberty Alliance Project

GLIF, the Global Lambda Integrated Facility. Kees Neggers Managing Director SURFnet. CCIRN 4 June 2005, Poznan, Poland

An introduction to SURFnet. Bram Peeters Head of Network Services

The 6net project An IPv6 testbed for the European Community Gunter Van de Velde, Cisco Systems

Brent Sweeny GRNOC at Indiana University APAN 32 (Delhi), 25 August 2011

University of Amsterdam

GN3 Plus NA3-T3 Greening of ICT Services. Andrew Mackarel GN3+ NA3 T3 15th September 2014 Workshop Budapest

TF-EMC2 Meeting March Florence, Italy

Minutes of the 25th TF-Mobility & Network Middleware Meeting

GÉANT and other projects Update

Grid Computing Security

A Welcome to Federated Identity Nate Klingenstein, Internet2, USA. Prepared for the Matsuyama University, December 2013

1. Publishable Summary

VLBI Participation in Next Generation Network Development

GÉANT Lambda Service Description. Dedicated full wavelengths up to 100Gbps for exceptionally demanding network requirements

Dynamic Optical Networking via Overlay Control of Static Lightpaths

Deliverable reference number: D.4.1. AAA Architectures for multi-domain optical networking scenario's

Integrating Identity Management Aspirations and Issues

EU Phosphorus Project Harmony. (on

evlbi Research in the European VLBI Network Steve Parsley, JIVE

WELCOME TO GLIF Technical Working Group Summer 2015 meeting. Prague, Czech Republic September 2015

Introduction to eduroam

Developing The Case for NRENs. (A BIT MORE) revised 08-October-2008

NBASE-T and Machine Vision: A Winning Combination for the Imaging Market

Multi Domain Service Architecture for Heterogonous Networks A view from GÉANT 3 - SA2: Task 1

TCP and BBR. Geoff Huston APNIC

D Demonstration of integrated BoD testing and validation

Integrating User Identity Management Systems with the Host Identity Protocol

e-infrastructures in FP7 INFO DAY - Paris

TERENA TASK FORCE ON NEXT GENERATION NETWORKING

Lightpath support in LANs. Ronald van der Pol

Report of the TERENA Technical Advisory Council Zagreb Monday 19 May 2003

Service Sharing at NORDUnet

Options for Joining edugain. Lukas Hämmerle, SWITCH DARIAH Workshop, Köln 18 October 2013

EUMETSAT EXPERIENCE WITH MULTICAST ACROSS GÉANT

Multi Protocol Label Switching

Collaborative Technologies and Enterprise Middleware:

Goal. TeraGrid. Challenges. Federated Login to TeraGrid

EUMEDCONNECT3 and European R&E Developments

IST ATRIUM. A testbed of terabit IP routers running MPLS over DWDM. TF-NGN meeting

Digital (Virtual) Identities in Daidalos and beyond. Amardeo Sarma NEC Laboratories Europe

Extending Services with Federated Identity Management

Federated access to e-infrastructures worldwide

MPLS Multi-Protocol Label Switching

DARIAH-AAI. DASISH AAI Meeting. Nijmegen, March 9th,

Interconnected NRENs in Europe & GÉANT: Mission & Governance Issues

We are also organizational home of the Internet Engineering Task Force (IETF), the premier Internet standards-setting body.

SRA A Strategic Research Agenda for Future Network Technologies

NORDUnet GN3. Next Generation Network in Europe. Click to edit Master subtitle style. Lars Fischer SUNET TREFFpunkt

IP Future Technology. Hank Nussbacher IBM Israel January 1996

Internet2 and IPv6: A Status Update

Transcription:

EARNEST Workshop, Amsterdam, 8 May 2007 Results from the EARNEST Technical Study Licia Florio, TERENA florio@terena.org

Agenda Technical study Lower layers preliminary results Middleware preliminary results More details on this part of the study

Technical Study Transmission technologies Equipment evolution, next-generation standards, transmission protocols & fibre provisioning. Operations and performance End-to-end performance, network management (optical & IP), VPN provisioning & PERT. Control plane technologies Switching & routing matrices (optical & IP), multicasting, IPvX, QoS provisioning. Middleware (new element) Authentication and authorisation infrastructures, identity federations and related technologies, mobility, support for network infrastructure, virtual organisations.

Technical Study Panel Lower layers: Lars Fischer (Nordunet) Transmission John Graham (Indiana University) - Transmission Otto Kreiter (DANTE) - Transmission Gigi Karmous-Edwards (MCNC) - Control Plane (Optical) Alexander Gall (SWITCH) - Control Plane (IP routing) Stig Venaas (Uninett) - Control Plane (Multicast) Dimitra Simeonidou (University of Essex) Operations & Performance (Optical) Luca Deri (University of Pisa/Netikos) - Operations & Performance (IP) Simon Leinen (SWITCH) - Operations & Performance (IP) Middleware: Diego Lopez (RedIRIS) - Middleware Milan Sova (CESNET) - Middleware Klaas Wierenga (SURFnet) - Middleware (Mobility)

Lower Layers First Results

Disclaimer 1. This part of the study was conducted by my colleague, Kevin Meynell > meynell@terena.org 2. Study conducted via interviews with some major vendors: > So far only router & ethernet switching vendors interviewed. > Some results could different after talking to the network operators

Lower Layer First Results Currently only a few OC-768 (40 Gbps) customers, mostly in oil and gas industries Reluctance to upgrade transport network to support 40 Gbps, as expensive (x20 the cost of 4 x 10 GE) and seen as interim step before higher speed standards. SUN seem to move away from 40Gbps Running into problems with n x 10 Gbps, due to link aggregation and load-balancing performance. Cisco, Juniper and Force10 pushing for 100 Gigabit Ethernet standard. 100 GE standard expected by 2009, with implementations by 2010. Copper standard for 100 GE being considered.

Lower Layers First Results Routing scalability becoming problematic (again) Huge rise in number of hosts, fragmentation of service provider hierarchy, and amount of traffic. Global routing table now >200,000 entries, which is causing memory and processing problems (0.5-1 GB memory required). Other reasons more multihoming, traffic engineering, plus IPv6. Proposed to split IP addresses into identifiers and locators. [Possible implications for AAA as well] Improvements to TCP for sustained high-bandwidth transmissions Juniper pushing (G)MPLS, but Cisco less interested

Middleware First Results

Why a middleware substudy? It is not just the current buzzword :-) NRENs mission broader: Not only network provisioning, but also services provisioning NRENs more involved in middleware developments/deployment over the last years Federations, eduroam, Grid TERENA EuroCAMPs GEANT2/JRA5 working to create a European middleware framework All NRENs are moving in the same direction Not all NRENs move at the same pace EARNEST will look at how middleware technologies are expected to evolve in the next couple of years

What is Identity Management? Identity Management = IdM = Giving each user an electronic identity Set of technologies and policies to control users access to resources

IdM Life Cycle Res1

IdM Life Cycle basicauthn Res1

IdM Life Cycle Res1 Res2 basicauthn

IdM Life Cycle Res1 Res2 basicauthn Res1 SSO Res2

IdM Life Cycle Res1 basicauthn Res2 SSO Res1 Res2 Resources Resources Resources

IdM Life Cycle Res1 basicauthn Res2 SSO Res1 Res2 Resources Resources Resources F e d e r a t i o n

IdM Life Cycle Res1 basicauthn Res2 SSO Res1 Res2 Resources Resources Resources F e d e r a t i o n

Key Federation Technology SAML, in particular SAML2.0 Security Assertion Markup Language

IdM in the European higher education In Europe different technologies used for higher education federations: Liberty Alliance (ID-FF) Norway Shibboleth (SAML-based) UK, Switzerland, Finland, Under development: Denmark, Italy, Germany PAPI Spain A-Select The Netherlands In US: Mainly Shibboleth Many IdM solutions Interoperability one of the key factors SAML (2.0) the way to go

Identity Federation Model Trust Identity Provider Service Provider SAML request SAML response redirect

IdM from the vendors perspective Identity Management is definitely a big area of interest for vendors Different approaches for SSO: Identity Federations: Liberty Alliance and SUN User centric Identity model Fairly new concept Implemented by Microsoft and OpenID Abstract identity framework (Higgins, IBM) Close to the usercentric identity Some alliances between vendors Probably to compete/cooperate with Microsoft Trust is a big concern for vendors The user centric approach seems to guarantee more privacy to the users

User Centric Identity Model User = Identity provider Resource request for user identity information is handled by the user Users decide which credentials and other personal information to present to the resource In the same way users choose which credit card to use for payment Service Provider 3 2 1 Identity Provider

Middleware Sub-Study Preliminary Findings IBM and Microsoft seem to be working on the same track OpenId has announced cooperation with Microsoft It seems like something will appear on the market in the next ~6 months Shibboleth developers are also talking to Microsoft It is likely that there will be two major tracks: User-centric identity model SAML2-based IdM federations How will these two approaches evolve?

Middleware Sub-Study Preliminary Findings Grid Sufficient interest from vendors in what is happening in the Grid space The new user-centric model might fit Grid requirements, but no concrete plans in this direction Middleware to support lightpaths Middleware can be used, for instance, to create lightpaths Different lightpaths for different users

Conclusions Some interviews to be finalised on the control-plane and performances side A report will contain all the findings on the technical study Initial report is expected to be available in July 2007

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback