Community Connection Service for escience. Ronald van der Pol, SURFnet TNC May 2014

Similar documents
Multi-Domain VPN service, a seamless infrastructure for Regional Network, NRENs and GEANT

LARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF

Spirent TestCenter EVPN and PBB-EVPN AppNote

Virtual Subnet (VS): A Scalable Data Center Interconnection Solution

BESS work on control planes for DC overlay networks A short overview

Ethernet VPN (EVPN) and Provider Backbone Bridging-EVPN: Next Generation Solutions for MPLS-based Ethernet Services. Introduction and Application Note

Table of Contents 1 Multicast VPN Configuration 1-1

Huawei CloudEngine Series. VXLAN Technology White Paper. Issue 06 Date HUAWEI TECHNOLOGIES CO., LTD.

GÉANT L3VPN Service Description. Multi-point, VPN services for NRENs

Abstractions and Open APIs in Networking

Multi-site Datacenter Network Infrastructures

Implementing IEEE 802.1ah Provider Backbone Bridge

Lab 1: Static MPLS LSP-RTX4-RTX1 LSP-RTX1-RTX4 LSP-RTX3-RTX2 LSP-RTX2-RTX3

IP Fabric Reference Architecture

EVPN Multicast. Disha Chopra

L2 MPLS VPN (VPLS) Technology White Paper

Internet Engineering Task Force (IETF) ISSN: A. Sajassi Cisco J. Uttaro AT&T May 2018

Computer Network Architectures and Multimedia. Guy Leduc. Chapter 2 MPLS networks. Chapter 2: MPLS

RBRIDGES/TRILL. Donald Eastlake 3 rd Stellar Switches AND IS-IS.

Configuring Virtual Private LAN Services

Alcatel-Lucent 4A Alcatel-Lucent Services Architecture.

Virtual Subnet : A L3VPN-based Subnet Extension Solution for Cloud Data Center Interconnect

Configure Virtual LANs in Layer 2 VPNs

Contents. EVPN overview 1

Introduction to Segment Routing

EXTREME VALIDATED DESIGN. Network Virtualization in IP Fabric with BGP EVPN

MPLS design. Massimiliano Sbaraglia

Hierarchical Fabric Designs The Journey to Multisite. Lukas Krattiger Principal Engineer September 2017

TRILL Transparent Transport over MPLS

Configuring Routed Pseudowire and VPLS

Module 11b MPLS VPLS Configuration Lab (LDP Manual)

Network Virtualization in IP Fabric with BGP EVPN

Data Center Configuration. 1. Configuring VXLAN

HPE FlexFabric 5940 Switch Series

Provisioning Overlay Networks

MPLS VPN over mgre. Finding Feature Information. Last Updated: November 1, 2012

Configuring VPLS. VPLS overview. Operation of VPLS. Basic VPLS concepts

Deploy VPLS. APNIC Technical Workshop October 23 to 25, Selangor, Malaysia Hosted by:

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Configuring multicast VPN

Layer 2 VPN (L2VPN) Service Model L2SM Working Group

Vendor: Cisco. Exam Code: Exam Name: CCIE Routing and Switching Written v5.0. Version: Demo

Interdomain VPLS and deployment experiences

Virtual Private Networks Advanced Technologies

Provisioning Overlay Networks

H3C S6520XE-HI Switch Series

Cisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003

LISP Locator/ID Separation Protocol

ENTERPRISE MPLS. Kireeti Kompella

Multicast overview. Introduction to multicast. Information transmission techniques. Unicast

Location ID Separation Protocol. Gregory Johnson -

MPLS over GRE. Finding Feature Information. Prerequisites for MPLS VPN L3VPN over GRE

Configuration and Management of Networks. Pedro Amaral

Enterprise. Nexus 1000V. L2/L3 Fabric WAN/PE. Customer VRF. MPLS Backbone. Service Provider Data Center-1 Customer VRF WAN/PE OTV OTV.

Securizarea Calculatoarelor și a Rețelelor 32. Tehnologia MPLS VPN

MPLS MPLS. Basically: 9 March 2018 AN. Multi-Protocol Label Switching. A bit of history. Multi-Protocol Label Switching.

MPLS. 9 March 2018 AN

EXAM - 4A Alcatel-Lucent Virtual Private Routed Networks. Buy Full Product.

Network Configuration Example

Configuring VXLAN EVPN Multi-Site

Operation Manual MPLS VLL. Table of Contents

Implementing VXLAN in DataCenter

Configuring VXLAN EVPN Multi-Site

Extreme Networks How to Build Scalable and Resilient Fabric Networks

Cisco. Maintaining Cisco Service Provider VPNs and MPLS Networks (MSPVM)

MPLS опорни мрежи MPLS core networks

Core of Multicast VPNs: Rationale for Using mldp in the MVPN Core

Internet Engineering Task Force (IETF) Request for Comments: N. Bitar Nokia R. Shekhar. Juniper. J. Uttaro AT&T W. Henderickx Nokia March 2018

MPLS VPN. 5 ian 2010

Virtual Subnet : A L3VPN-based Subnet Extension Solution draft-xu-l3vpn-virtual-subnet-01

DCI. DataCenter Interconnection / Infrastructure. Arnaud Fenioux

Introduction to External Connectivity

Implementing MPLS Layer 3 VPNs

Secure Extension of L3 VPN s over IP-Based Wide Area Networks

Configure Multipoint Layer 2 Services

EVPN Routing Policy. EVPN Routing Policy

Multipoint Bridged Ethernet Using MPLS Virtual Private LAN Services

Multicast overview. Introduction to multicast. Information transmission techniques. Unicast

Network Design with latest VPN Technologies

Ethernet VPN (EVPN) in Data Center

Unicast Forwarding. Unicast. Unicast Forwarding Flows Overview. Intra Subnet Forwarding (Bridging) Unicast, on page 1

Configuring Ethernet Virtual Connections on the Cisco ASR 1000 Series Router

Configuring Virtual Private LAN Service (VPLS) and VPLS BGP-Based Autodiscovery

Software Defined Networking & OpenFlow

Monitoring MPLS Services

Implementing MPLS VPNs over IP Tunnels

Intended status: Standards Track. Cisco Systems October 22, 2018

Implementing VXLAN. Prerequisites for implementing VXLANs. Information about Implementing VXLAN

Introduction. Network Architecture Requirements of Data Centers in the Cloud Computing Era

H3C S7500E-X Switch Series

OpenFlow Ronald van der Pol

Cloud Data Center Architecture Guide

"Charting the Course...

Configuring MPLS L2VPN

Configuring MPLS L2VPN

Carrier Ethernet Evolution

Network Myths and Mysteries. Radia Perlman Intel Labs

Overview. Overview. OTV Fundamentals. OTV Terms. This chapter provides an overview for Overlay Transport Virtualization (OTV) on Cisco NX-OS devices.

Configure L2VPN Autodiscovery and Signaling

PREREQUISITES TARGET AUDIENCE. Length Days: 5

Transcription:

Community Connection Service for escience Ronald van der Pol, SURFnet TNC 2014 20 May 2014

Project Overview! GN3plus Open Call Project (CoCo)! October 2013 March 2015 (18 months)! Partners: SURFnet (NL) & TNO (NL)! Budget EUR 216K (50/50 split)! 16.4 person months (50/50 split)! Five work packages:! WP1: use cases & market demand! WP2: architecture, design & development! WP3: experimental validation! WP4: dissimination! WP5: project management 2

Community Connection (CoCo) Service! Goal of CoCo service:! On-demand virtual private multi-domain, multipoint L2/L3 network instances! Interconnect laptops, VMs, storage, instruments, escience resources! Each escience community group can easily setup their own private CoCo instance via web portal! Based on OpenFlow programmable network infrastructure 3

CoCo Instance 4

Use Cases Workshop! Workshop for Dutch escience researchers! Held in Utrecht on 21 January 2014! 15 participants! Goal was twofold:! Get input for CoCo requirements by defining use cases! Get in contact with potential test users 5

Use Cases Workshop Results Results from workshop: CoCo service! Desired service characteristics (some out-of-scope)! Applications of CoCo service Shared Electron Microscope Affordable Point- to- Multipoint Reusability Scalable On- demand User initiated High Bandwidth BigData DNA sequencing as a Service Next use case steps: Refine the two high-level use cases in cooperation with use case owners In refinement (and next use case workshop) specific attention on: feasibility and effort needed by network administrators to install CoCo agent authentication and confidentiality requirements 6

CoCo Multi-domain Architecture web portal control plane CoCo agent a1 web portal CoCo agent a4 CoCo agent a2 web portal CoCo agent a3 web portal customer c3 data plane domain d4 domain d1 domain d3 domain d2 customer c1 customer c2 7

CoCo Control Plane! Control plane consists of federated CoCo agents! Each domain runs its own CoCo agent, based on OpenDaylight! CoCo agents exchange information East-West about:! CoCo end nodes (used in web portal for CoCo candidates list)! CoCo instances identifiers (associated MPLS labels, etc)! Addresses used at end nodes (e.g. IP prefixes)! User and group authentication and policy parameters! CoCo agent configures forwarding entries in OpenFlow switches via Southbound OpenFlow protocol 8

CoCo Data Plane! MPLS based forwarding in the core! Outer MPLS label used to forward to destination PE switch.! Inner MPLS label identifies CoCo instance.! Shortest Path Forwarding between two PEs (primary & backup)! MPLS encapsulation and decapsulation done at PE! At PE the customer traffic is aggregated onto MPLS paths! All traffic between two PE switches aggregated 9

CoCo Forwarding Plane OF CE PE P PE customer c3 domain d3 PE OF CE PE P PE PE P PE CE VPN customer c1 domain d1 domain d2 customer c2 10

Customer Connection Models! OpenVPN based connection! Target users: laptops! User installs OpenVPN client on laptop! User connects with CoCo OpenVPN server! OpenFlow based connection! Target users: servers, instruments, etc.! Campus network administrator installs OpenFlow switch at escience group! escience resources (servers, instruments, etc) connect to the OpenFlow switch! Campus network administrator configures 1 dedicated VLAN to carry CoCo traffic between OpenFlow switch and Customer Edge (CE) switch! Campus network administrator installs CoCo stub agent and sets up CoCo agent control plane peering relation with NREN 11

CoCo Customer Connection stub CoCo agent CoCo agent OF CE PE P PE customer provider 12

Edge Encapsulation & Decapsulation! Each PE has L2/L3 addresses behind it! On ingress encapsulate traffic destined for those L2/L3 addresses with MPLS label that gets forwarded to that PE! On egress pop the MPLS label and forward to CE! L3 addresses are IPv4/IPv6 prefixes (aggregation and scalable)! L2 addresses (MAC addresses) are a flat address space! Special attention needed for scalability 13

L3 VPN Service! Each site has it own IPv4/IPv6 prefixes! Each site runs its own address assignment mechanism (DHCP, SLAAC, etc)! This has proven scalability over multiple domains (internet)! CoCo infrastructure is based on OpenFlow switches! No next hop MAC address rewrite at each hop! Need a way to forward to the correct destination MAC address at final hop! Either use fake router MAC address at ingress and rewrite destination MAC address at egress! Or use destination MAC address of final IP hop already at ingress 14

L2 VPN Service! MAC address are a flat user space! No aggregation, special needs for scalability! Three challenges:! MAC learning! Address assignment! Broadcast, Unknown unicast & Multicast (BUM) traffic handling 15

L2 VPN Addressing Challenges! MAC learning:! Need to learn L2 addresses used at all sites ESADI draft-ietf-trill-directory-assist-mechanisms-00 EVPN MP-BGP! Option: insert forwarding entries for active L2 addresses only! Address assignment! MAC and IP addresses must be unique within multi-domain CoCo instance (VMs usually get generated MAC address)! Either centralised database or inter-domain negotiation! BUM handling! Implement multicast (e.g. full mesh like VPLS). Too much traffic?! Forward BUM traffic to controller and handle in controller (e.g. proxy ARP). For all multicast protocols? 16

Summary! The CoCo objectives are welcomed by escience workshop participants! CoCo only satisfies part of the requests! Scalability by MPLS encap/decap and MPLS forwarding in the core! BGP peering model to exchange information and policy between domains! Scalability easy for L3 addressing! Scalability harder to do for L2 addressing 17

Next Steps! Implement single domain CoCo prototype (Q3 2014)! Using SURFnet OpenFlow testbed! Core network services based on OpenDaylight! Test plan and testing/verification (Q2/Q3 2014)! Involve end users and campus network managers! Followup on use cases workshop (Q3 2014)! Enhance prototype to multiple domains (Q3/Q4 2014) 18

Related Work! VPLS (used in IP exchange points)! EVPN (being standardized in IETF L2VPN)! BGP/MPLS VPN (used in GÉANT MDVPN) 19

Thank you! www.geant.net www.twitter.com/geantnews www.facebook.com/geantnetwork www.youtube.com/geanttv 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback