Internet2 Advanced Network Services Today Dale Finkelson, Jon-Paul Herron, Paul Howell, George Loftus, John Moore, Chris Wilkinson Internet2
Internet2 Advanced Network Services Today Network Services Overview (George Loftus) International (Dale Finkelson) Network Security (Paul Howell) Network Operations (Jon-Paul Herron) Network Architecture (Chris Wilkinson) Research Support (John Moore) [ 2 ]
The Challenge 3000 2500 Internet2 Network Total PetaBytes Carried Per Year (Calendar Year) R² = 0.98706 2000 1500 1000 500 47.4 80.3 104. 120.6 265.1 351.9 575.4 694.5 1168.1 0 CY 08 CY 09 CY 10 CY 11 CY 12 CY 13 CY 14 CY 15 CY 16 Peta Bytes per year Expon. (Peta Bytes per year) [ 3 ]
Future-focused efforts to address this challenge Ecosystem-wide conversation about collaboration on solutions Examining current and emerging business models and services Two key principles in determining the future iteration of Internet2 infrastructure: Ecosystem-wide collaboration Agility and experimentation [ 4 ]
Collaboration, Agility, Experimentation Using pilots to learn quickly together Volumetric DDoS Mitigation Service Pilot (6-8 participants) Private Cloud (Azure, AWS, etc. ) Cloud Exchange Research Support Hybrid Cloud in support of research Leveraging existing campus & regional successes [ 5 ]
Internet2 Advanced Network Services Today How we are addressing the challenges today International (Dale Finkelson) Network Security (Paul Howell) Network Operations (Jon Paul Herron, Chris Wilkinson) Network Architecture (Chris Wilkinson) Research Support (John Moore) [ 6 ]
Internet2 Advanced Network Services Today Network Services Overview (George Loftus) International (Dale Finkelson) Network Security (Paul Howell) Network Operations (Jon-Paul Herron) Network Architecture (Chris Wilkinson) Research Support (John Moore) [ 7 ]
Atlantic Region The ANA (Advanced North Atlantic) project remains strong: Original 3 100G circuits Washington DC London Internet2 and Canarie New York Paris GEANT Amsterdam Montreal Nordunet and Surfnet Recent additions 100G New York London NEAAR a project at Indiana University funded by NSF [ 8 ]
Atlantic Region The 4 listed circuits are all fully diverse. There is also a cooperative agreement with Esnet to mutually back up each others capacity. Esnet currently has 340G of capacity. Since its inception there have been few or no instances where capacity is not available to the users. [ 9 ]
Pacific Region Internet2 and Singaren maintain a 100G connection from Los Angeles to Singapore. Internet2 and CERNET maintain a 10G connection to China. Overall Pacific connectivity is not as structured as the ANA. Lots of capacity. Work will continue on joint backup and sharing options. It would be ideal to see the type of arrangements we have across the Atlantic evolve in the Pacific region. Internet2 will continue to work with organizations like Singaren, Transpac, TEIN, AARnet and others for this. [ 10 ]
North America There is a dedicated 10G link to CUDI in Mexico from El Paso. Internet2 and Canarie in Canada are connected by 100G in several locations. [ 11 ]
Partial list of International Peers Asia-Pacific Area Network Australian Academic and Research Network CA*Net/CANARIE Cenit (Venezuela) CERNLight CERNLight China Educational and Research Network China Science and Technology Network Corporacion Universitaria para el Desarrollo de Internet (Mexico) Egyptian National STI Network GEANT-Delivery of Advanced Network Tech to Europe GEMnet (Mongolia) Japanese Gigabit Network KDDI Corporation King Abdulaziz City for Science and Technology Korea Advanced Research Network Korea Research Open Network 2 National Knowledge Network (India) National University of Singapore NORDUnet NTT Communications Global IP Network Qatar Foundation Network Qatar National Research & Education Network Rede Nacional de Ensino e Pesquisa (RNP) SINET SingAREN SURFnet Taiwan Advanced Research and Education Network TEIN The World Bank UAE Research and Education Network WIDE/NTTA http://www.internet2.edu/productsservices/advanced-networking/globalservices/international-peers/
Active Projects Internet2 continues to work with the University of Guam on getting them directly connected to Internet2. Continue to coordinate efforts with the University of Hawaii and AARnet and others. Internet2 continues to play a leading role in the activities of the GNA. Please attend those sessions for more information. Technical WG Session Wednesday 7:30 AM The Global Network: Evolving from an Architecture to an Infrastructure Wednesday 1:15 [ 13 ]
Internet2 Advanced Network Services Today Network Services Overview (George Loftus) International (Dale Finkelson) Network Security (Paul Howell) Network Operations (Jon-Paul Herron) Network Architecture (Chris Wilkinson) Research Support (John Moore) [ 14 ]
Network Security Mission Protect the Internet2 network from attack Approach Enable Internet2 leadership to proactively manage security risks that jeopardize the Internet2 network Working together with connectors/regionals and members to collectively protect the National Research and Education Networks Team Grover Browning, Nathan Miller, Karl Newell, Ryan Nobrega [ 15 ]
Security Program Maturity You are here [ 16 ]
Key Improvements for This Year Strategy Developed for Attack Detection and Mitigation DDoS Detection using Deepfield Defender DDoS Mitigation Cloud Scrubbing BGP Flowspec Real Time Black Hole Promote improved routing security within our community Improved network analytics Moving from Netflow v5 to IPFIX Updated version of Deepfield Cloud Intelligence Implementation of Secure Management Network Continue to improve security operations capabilities [ 17 ]
Security Operations Security risk assessment performed annually Security incident management procedure implemented and had an incident Vulnerability scanning of routers completed Quarterly review of our ACL s/filters. Of the 75 prefixes in our management filters, eliminated 52 prefixes, leaving 23 prefixes, most are /32 s Annual review of router access led to 27 accounts removed Annual badge review for physical access to co-location PoPs completed New physical access procedure being implemented Security awareness training for staff underway using Securing The Human Visible Network now uses an authentication wall Security analysis of syslog using splunk [ 18 ]
NTP reflection DoS attack from a misconfigured router xntpd[21521]: sendto(<target IP>): No route to host xntpd[21521]: too many recvbufs allocated (40) [ 19 ]
Internet2 Advanced Network Services Today Network Services Overview (George Loftus) International (Dale Finkelson) Network Security (Paul Howell) Network Operations (Jon-Paul Herron) Network Architecture (Chris Wilkinson) Research Support (John Moore) [ 20 ]
You know what we do Fix things in the network when they break Maintenance Answer questions and make changes people request Monitoring, measurement, and other operational systems for the Internet2 Network Projects for changes, new services, security enhancements, etc. [ 21 ]
How much of it do we do? In a typical month: 600 tickets, 9,000 ticket edit events 180 calls inbound 500 emails outbound, 10,000 inbound 28 off-hours calls to Internet2 NOC engineers 10 projects [ 22 ]
Some random interesting bits Response Rate: 8% [ 23 ]
Previous Focus Areas Improvements to Change Management, Incident Management Availability of Services Projects Lean/Kanban Network Re-architecture New connections/services Capacity Security [ 24 ]
Service Availability [ 25 ]
Future Focus Areas Unified Teams Targeted Notifications More Service Awareness Lean/Kanban round 2 [ 26 ]
Internet2 Advanced Network Services Today Network Services Overview (George Loftus) International (Dale Finkelson) Network Security (Paul Howell) Network Operations (Jon Paul Herron) Network Architecture (Chris Wilkinson) Research Support (John Moore) [ 27 ]
Meet Community Needs through a Strong Infrastructure Ecosystem Layer 2 & Layer 3 Platform People Software Infrastructure Portfolio Community Optical Platform Testbeds & Agility [ 28 ]
Meet Community Needs through Enabling Contribution and Collaboration Establish Unified Teams Cross-Organization (Internet2 and Indiana University GlobalNOC) Improve Collaboration / Communications Continue Implementation of Effective, Lightweight Processes Change Management Prioritization Project Management Augment Staffing and Training Engineering Project Management People Community Infrastructure Portfolio [ 29 ]
Meet Community Needs through Enabling Contribution and Collaboration Gather Requirements, Needs, Goals, and Impacts NTAC Community Leaders People Infrastructure Portfolio Community [ 30 ]
Meet Community Demand for Backbone and Peer Network Growth ALBA BOST STAR HART2 CHIC EQCH 300G 300G 200G 200G CLEV 300G NEWY1118TH NEWY32AOA 200G PITT 200G ASHB PHIL 300G INDI 200G 300G WASH CINC LOUI RALE CHAR 200G Layer 2 & Layer 3 Platform Community ATLA Infrastructure Portfolio Optical Platform [ 31 ]
Meet Community Demand for Network Stability & Enhancement of Experimental Activity MPLS Core Network Layer 2 Layer 3 OESS Development Security Optical Network Optimization & Study Layer 2 & Layer 3 Platform 200G and 400G Software Infrastructure Portfolio Community Testbed Support [ Testbeds 32 ] & Agility
Meet Community Demand for the Network Stability & Enhancement of Experimental Activity Q1 Q2 Q3 Q4 JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC DCI Testbed SDN Testbed Implement AL3S R&E VRF Enable Testbed Activities Layer 1, Layer 2, Layer 3 AL1S Optimization / Audit Phase 1 AL1S Optimization Phase 2 Deploy Foundation MPLS Community Migration AL3S -> MPLS OESS Testing Community Migration AL2S OF -> MPLS Layer 2 & Layer 3 Platform People OESS MPLS Enabled Implement AL3S TR-CPS, LHCONE VRFs OESS Feature Development Software Infrastructure Portfolio Community Optical Platform [ Testbeds 33 ] & Agility
Internet2 Advanced Network Services Today Network Services Overview (George Loftus) International (Dale Finkelson) Network Security (Paul Howell) Network Operations (Jon-Paul Herron) Network Architecture (Chris Wilkinson) Research Support (John Moore) [ 34 ]
Research Engagement Convening national-level community-driven initiative to help support campus cyberinfrastructure needs in a sustainable manner Program development underway guided by a stellar advisory group Reps from regionals, campuses, Open Science Grid, XSEDE, NSF Advisory Committee on CI, ACI-REF, Science Gateways Institute, ESNet, EDUCAUSE, etc. Topic areas under development National Research Platform (partnering with Pacific Research Platform) Campus research facilitation follow on to Broadening the Reach Big Data Grand Challenge seeking to partner with big data initiatives Tool integration started discussion between perfsonar and XDMOD [ 35 ]
Internet2 Advanced Network Services Today Dale Finkelson, Jon-Paul Herron, Paul Howell, George Loftus, John Moore, Chris Wilkinson Internet2 Subtitle (if any)