perfSONAR WG Meeting (06FMM) Jeff W. Boote Martin Swany Internet2 6 Dec 2006

Overview motivations/overview NMWG Schema Overview (Martin Swany) Discovery (Martin Swany) AuthN/Z Current Status Open Discussion

Vision: Performance Information is … Available People can find it (Discovery) “Community of trust” allows access across administrative domain boundaries (AA) Ubiquitous Widely deployed (Paths of interest covered) Reliable (Consistently configured correctly) Valuable Actionable (Analysis suggests course of action) Automatable (Applications act on data)

Getting There: Build & Empower the Community Decouple the Problem Space: Analysis and Visualization Performance Data Sharing Performance Data Generation Grow the Footprint: Clean APIs and protocols between each layer Widespread deployment of measurement infrastructure Widespread deployment of common performance measurement tools This is our ‘strategic’ look at the problem

Result: No more mystery … Increase network awareness Set user expectations accurately Reduce diagnostic costs Performance problems noticed early Performance problems addressed efficiently Network engineers can see & act outside their turf Transform application design Incorporate network intuition into application behavior

perfSONAR Overview What: Measurement infrastructure for exchanging data under development How: Webservices network performance framework Network measurement tools Network measurement archives Distributed scheduling/authorization Multi-domain policy Common language (GGF NMWG Schema) Where: Deployed / to be deployed across: Network Backbones (Abilene, ESNet, GÉANT) Regional Networks (NRENs, RONs, Gigapops) Universities When: First product release happened summer ‘06

perfSONAR: What is it? Service Oriented Architecture (discovery, AuthN/Z, federation…) Base schema (NMWG) to allow any performance data type with a defined extensibility

perfSONAR: Services (1) Lookup Service Allows the client to discover the existing services and other LS services. Dynamic: services registration themselves to the LS and mention their capabilities, they can also leave or be removed if a service gets down. AuthN/Z Service Internet2 MAT, GN2-JRA5 (eduGAIN) Authorization functionality for the framework Users can have several roles, the authorisation is done based on the user role. Trust relationships defined between users affiliated with different administrative domains. The services register themselves to the LS and mention their capabilities. They can also leave or be removed from a LS if a service gets down (keepalives).

perfSONAR Services (2) Transformation Service Topology Service Transform the data (aggregation, concatenation, correlation, translation, etc). Topology Service Make the network topology information available to the framework. Find the closest MP, provide topology information for visualisation tools Resource protector Arbitrate the consumption of limited resources between multiple services.

Inter-domain perfSonar example interaction Useful graph Client Token MA Here is who I am, I’d like to access MA B Here is who I am, I’d like to access MA A a,b,c : Network A, MA A, AA A Token MB Where Link utilisation along - Path a,b,c? AA A Here you go Get Link utilisation a,b,c Get link utilisation c,d,e,f AA B Here you go a,b,c: Network A – LS A, c,d,e,f : Network B, MA B, AA B Where Link utilisation along - Path a,b,c,d,e,f? LS A LS B MA B MA A a b f e c d Network A Network B

Overview motivations/overview NMWG Schema Overview (Martin Swany) Discovery (Martin Swany) AuthN/Z Current Status Open Discussion

perfSONAR: Core Team Status Update First production release of Java Sample Implementation (July 06) Includes: Single domain LS solution RRD MA Other closely integrated implementations/applications: BWCTL MP perfSONAR UI

perfSONAR: authN/Z plans perfSONAR(JRA-1)/JRA-5 sub-group Group tasked with determining how to leverage JRA-5 authentication system (eduGAIN) in perfSONAR infrastructure Jeff Boote (Internet2) Diego Lopez (RedIRIS) Maurizio Molina (Dante) Andreas Solberg (Uninett)

AuthN/AuthZ Background Designed with Federated authentication in mind AS becomes a ‘proxy’ for Authorization requests

JRA-5 provided authentication “interface” eduGAIN: Background JRA-5 provided authentication “interface” Provides “bridging” to other authentication systems Shibboleth PAPI Others… Designed mostly with web-browser interaction in mind

Current Auth Status Group has come to general consensus on how this should work

perfSONAR: Trust relationship entities Client idP (identity provider) pSR (perfSONAR resource “service”) AS (perfSONAR AS service) HLS (Home Location Service)

Automated Client Interaction

Normal User Interaction

Overview motivations/overview NMWG Schema Overview (Martin Swany) Discovery (Martin Swany) AuthN/Z Current Status Open Discussion

perfSONAR: Current Developments MPs SSH/Telnet (Looking Glass) ABW (bandwidth packet capture cards) BWCTL NMS (SDH status) SNMP Command line (OWAMP, Ping, Traceroute) MAs RRD SQL TopS BWCTL Hades (owd, jitter, owp) Flow replicaton (CARNet) Hybrid MP/MA Link Status Visualization Clients CNM perfSONAR UI Visual perfsonar Looking glass MPs SSH/Telnet (Looking Glass) – Belnet – Stijn Verstichel ABW (bandwidth packet capture cards) – Cesnet – Sven Ubik BWCTL – DFN – Verena Venus NMS (SDH status) – DANTE – Loukik Kudarimoti SNMP – DANTE – Loukik Kudarimoti Command line – RNP/Internet2 – Fausto Vetter/Jeff Boote OWAMP Ping Traceroute MAs RRD – PSNC – Roman Laplacz SQL – PSNC – Roman Laplacz TopS – RedIRIS – Ulisses Alonso Hades (owd, jitter, owpl) – DFN – Verena Venus Flow replicator Visualisation Clients CNM – DFN – Andreas Hanemann, David Schimtz perfsonarUI – ISTF – Vedrin Jeliazkov, Nina Jeliazkova visualperfsonar (traceroute base) – Carnet – Igor Velimirovic Looking glass (making use of the SSH/telnet MP) – Stijn Verstichel