LHCOPN & LHCONE Network View Joe Metzger Network Engineering, ESnet LHC Workshop CERN February 10th, 2014.

Slides:



Advertisements
Similar presentations
The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.
Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.
Ethernet and switches selected topics 1. Agenda Scaling ethernet infrastructure VLANs 2.
1 Chin Guok ESnet Network Engineer David Robertson DSD Computer Software Engineer Lawrence Berkeley National Laboratory.
Dynamically Provisioned Networks as a Substrate for Science David Foster CERN.
Trial of the Infinera PXM Guy Roberts, Mian Usman.
1 GENI: Global Environment for Network Innovations Jennifer Rexford On behalf of Allison Mankin (NSF)
The Six Centripetal Forces for Successful Global Software Telecommunication Infrastructure Collaborative Technology.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 4: Frame Mode MPLS Implementation.
2 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
1 Networking Basics: A Review Carey Williamson iCORE Professor Department of Computer Science University of Calgary.
ESnet On-demand Secure Circuits and Advance Reservation System (OSCARS) Chin Guok Network Engineering Group Thomas Ndousse Visit February Energy.
Abstraction and Control of Transport Networks (ACTN) BoF
Presentation Title Subtitle Author Copyright © 2002 OPNET Technologies, Inc. TM Introduction to IP and Routing.
Connect. Communicate. Collaborate Place your organisation logo in this area End-to-End Coordination Unit Toby Rodwell, Network Engineer, DANTE TNLC, 28.
1 October 20-24, 2014 Georgian Technical University PhD Zaza Tsiramua Head of computer network management center of GTU South-Caucasus Grid.
Circuit Services - IPTV Christian Todorov Internet2 Fall Member Meeting October 9, 2007.
Virtual LAN Design Switches also have enabled the creation of Virtual LANs (VLANs). VLANs provide greater opportunities to manage the flow of traffic on.
Lecture 8 Page 1 Advanced Network Security Review of Networking Basics: Internet Architecture, Routing, and Naming Advanced Network Security Peter Reiher.
NORDUnet NORDUnet The Fibre Generation Lars Fischer CTO NORDUnet.
| BoD over GÉANT (& NRENs) for FIRE and GENI users GENI-FIRE Workshop Washington DC, 17th-18th Sept 2015 Michael Enrico CTO (GÉANT Association)
Architecting the Network Part 3 Geoff Huston Chief Scientist, Internet Telstra ISOC Workshop.
Commercial Peering Service Community Attribute Use in Internet2 CPS Caren Litvanyi lead network engineer peering team Internet2 NOC GigaPoP Geeks BOF January.
1 Second ATLAS-South Caucasus Software / Computing Workshop & Tutorial October 24, 2012 Georgian Technical University PhD Zaza Tsiramua Head of computer.
1 Measuring Circuit Based Networks Joint Techs Feb Joe Metzger
Thoughts on Future LHCOPN Some ideas Artur Barczyk, Vancouver, 31/08/09.
Sub-ip - 1 Blurring the Lines Between Circuits and Protocols: Plans to Re-Organize Sub-IP Technologies in the IETF Scott Bradner Harvard University.
LHC Open Network Environment LHCONE David Foster CERN IT LCG OB 30th September
Connect communicate collaborate GÉANT3 Services Connectivity and Monitoring Services by and for NRENs Ann Harding, SWITCH TNC 2010.
Peering Concepts and Definitions Terminology and Related Jargon.
1 Network Measurement Summary ESCC, Feb Joe Metzger ESnet Engineering Group Lawrence Berkeley National Laboratory.
Routing integrity in a world of Bandwidth on Demand Dave Wilson DW238-RIPE
From the Transatlantic Networking Workshop to the DAM Jamboree to the LHCOPN Meeting (Geneva-Amsterdam-Barcelona) David Foster CERN-IT.
Introduction & Vision. Introduction MANTICORE provides a software implementation and tools for providing and managing routers and IP networks as services.
NORDUnet Nordic Infrastructure for Research & Education Workshop Introduction - Finding the Match Lars Fischer LHCONE Workshop CERN, December 2012.
Adoption and Use of Electronic Medical Records (in Federally Qualified Health Centers) and Supporting an ASP Community Care Network of Virginia, Inc.
Campus Network Best Practices: Introduction and NREN Models Dale Smith University of Oregon/NSRC This document is a result of work by the.
Omniran IEEE 802 Scope of OmniRAN Date: Authors: NameAffiliationPhone Max RiegelNSN
LHCONE Point-to-Point Circuit Experiment Authentication and Authorization Model Discussion LHCONE meeting, Rome April 28-29, 2014 W. Johnston, Senior Scientist.
Connect communicate collaborate LHCONE Diagnostic & Monitoring Infrastructure Richard Hughes-Jones DANTE Delivery of Advanced Network Technology to Europe.
Point-to-point Architecture topics for discussion Remote I/O as a data access scenario Remote I/O is a scenario that, for the first time, puts the WAN.
PerfSONAR JET/LSN Demo Joe Metzger, Network Engineer ESnet Network Engineering Group JET Meeting, Aug 17, 2010.
Dynamic Network Services In Internet2 John Vollbrecht /Dec. 4, 2006 Fall Members Meeting.
9 th November 2005David Foster CERN IT-CS 1 LHCC Review WAN Status David Foster Networks and Communications Systems Group Leader.
NORDUnet Nordic Infrastructure for Research & Education Report of the CERN LHCONE Workshop May 2013 Lars Fischer LHCONE Meeting Paris, June 2013.
LHCONE Monitoring Thoughts June 14 th, LHCOPN/LHCONE Meeting Jason Zurawski – Research Liaison.
Strawman LHCONE Point to Point Experiment Plan LHCONE meeting Paris, June 17-18, 2013.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks LHCOPN Operational model: Roles and functions.
A Strawman for Merging LHCOPN and LHCONE infrastructure LHCOPN + LHCONE Meeting Washington, DC, Jan. 31, 2013 W. E. Johnston and Chin Guok.
DICE Diagnostic Service Joe Metzger Joint Techs Measurement Working Group January
Networks ∙ Services ∙ People Mian Usman TNC15, Porto GÉANT IP Layer 17 th June 2015 IP Network Architect, GÉANT.
ESnet’s Use of OpenFlow To Facilitate Science Data Mobility Chin Guok Inder Monga, and Eric Pouyoul OGF 36 OpenFlow Workshop Chicago, Il Oct 8, 2012.
MPLS Introduction How MPLS Works ?? MPLS - The Motivation MPLS Application MPLS Advantages Conclusion.
100GE Upgrades at FNAL Phil DeMar; Andrey Bobyshev CHEP 2015 April 14, 2015.
Javier Orellana EGEE-JRA4 Coordinator CERN March 2004 EGEE is proposed as a project funded by the European Union under contract IST Network.
Connect. Communicate. Collaborate Place your organisation logo in this area End-to-End Coordination Unit Marian Garcia, Operations Manager, DANTE LHC Meeting,
1 Network Measurement Challenges LHC E2E Network Research Meeting October 25 th 2006 Joe Metzger Version 1.1.
“Your application performance is only as good as your network” (4)
T0-T1 Networking Meeting 16th June Meeting
Multi-layer software defined networking in GÉANT
FiberCo/WaveCo Update
Dynamic Network Services In Internet2
Vocabulary Prototype: A preliminary sketch of an idea or model for something new. It’s the original drawing from which something real might be built or.
SLR, SLS and SLA issues Afrodite Sevasti SA2 participant
Networking for the Future of Science
Architecting the Network Part 3
Vocabulary Prototype: A preliminary sketch of an idea or model for something new. It’s the original drawing from which something real might be built or.
K. Schauerhammer, K. Ullmann (DFN)
Internet Interconnection
Networking Basics: A Review
Presentation transcript:

LHCOPN & LHCONE Network View Joe Metzger Network Engineering, ESnet LHC Workshop CERN February 10th, 2014

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science LHCOPN & LHCONE Review Lets take a step back and agree on what we have before trying to figure out what needs are not met, and how things might be changed. Evaluation Criteria Key Attributes Network Resources Relationships Roles and Responsibilities Attributes of Overlay Networks Understanding the LHC Networks & Networking Services LHCOPN LHCONE

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science Key Attributes Mission & Purpose Why does it exist? Who does it serve? What does it do? Governance & AUP How are the rules established? How are violations of the rules handled? Security Assertions Is it an open or closed network? What risks does this pose? How are they handled?

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science Network Resources 1 Raw materials - Fiber, transponders (optical-electrical coders that plug into optical wave division multiplexers), lit circuits (fiber connected to optical multiplexers and the intervening optical amplifiers), switches (e.g. G.709, Ethernet), routers Managed Systems - Optical Networks (lit fiber connected to Ciena, Alcatel, Infinera, etc. optical-electrical systems) - MPLS Networks (virtual circuit mechanism for IP networks) Note: I will be referring to Network Service Providers as NSPs in this talk. This would include ESnet, I2, GEANT, NRENS, etc

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science Network Resources 2 Managed Services - Point to Point Circuits (now most commonly an Ethernet circuit) - Multipoint Layer2 Ethernet Circuits - Routed services (Layer 3 / IP) - Timescale of service lifetime A continuum between »sub-second (unachievable in almost all situations) »very long term (commitment to provide service exceeds expected life of the underlying resources) - Security Services - Diagnostic & Debugging Services - Measurement Services

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science Roles User Entity that consumes network services from a provider. Provider Provider delivers a network service to the user. Customer The entity that pays for network services. Some users are customers. Other users have 3 rd party customers who pay for them. Keep in mind that somebody is paying for every network resource being used. It is critical that the services we develop and deploy align with the LHC centers, NSPs and funding agencies business models, otherwise they become unwieldy or unstable.

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science NSP Relationships Peering A symmetric relationship where 2 entities are providing network services to each other, and using the network services provided by the other for mutual benefit. E,g, when networks exchange traffic Often informal and frequently done without contracts. Transit : An asymmetric relationship where one entity provides services between 2 (or more) other entities. Usually managed via formal business contracts. - E,g, when one network carries traffic for another through it’s infrastructure Usually managed via formal business contracts

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science Peering vs Transit Peering & Transit Image taken from arstechnica article: “ How the ‘Net works: in an introduction to peering and transit ” ures/2008/09/peering- and-transit/ This is a useful article to read if you are not familiar with NSP business & economic models.

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science Responsibilities Network Operations Responsibilities NOC operations including fault isolation and repair Ticketing system operations Network monitoring Capacity planning AUP definition & enforcement Troubleshooting soft network failures Security - Security of the network infrastructure - Security of the data transiting the network etc

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science LHCOPN

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science LHCOPN Mission: Support Tier 0 to Tier 1 data transfers Other Tier 1 to Tier 1 transfers. Governance & AUP Tier 1 participation in “OPN” required by TDR. repository/Technical_Documents/TDR/LCG_TDR_v1_04.pdf Security Assertions Formally defined in: Actually quite weak. Link services provided by the NSPs Routing & management services provided by the Tier 0 & Tier 1.

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science LHCOPN – Resources Resources - NSPs are providing point-to-point Layer2 circuits Circuits are provided following the typical business relationships in the NSPs region Some circuits are ‘virtual circuits’ provided on to of NREN networks. Other circuits are ‘physical circuits’ purchased from Telcos. - LHC Centers built a virtual routed network out of the circuits. In most cases the LHCOPN is dedicated capacity which the LHC community is directly funding.

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science LHCOPN - Relationships Relationships - LHC centers are providing Network Services to each other CERN is providing un-restricted transit Some centers are providing limited transit Some LHC centers are peering - NSPs Providing services to their usual users & customers Responsibilities - NSPs support individual link operations & management - LHC Sites are responsible for network management including operations, monitoring, troubleshooting, capacity planning, security management, AUP enforcement, etc.

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science LHCOPN Protocol Stack

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science LHCOPN Protocol Stack LHC center demark is at the link layer. Details below this are hidden. LHC center are building a network out of a set of links, and are responsible for managing Network Layer and above. NSPs build the links on top of their underlying MPLS, SONET/SDH, OTN, optical, fiber, or other type of network.

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science LHCONE VRF

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science LHCONE VRF Disclaimer: There are several docs that describe what we thought we wanted to build over the last couple years, but nothing that accurately describes what we currently have. This is my understanding. Other view points are perfectly reasonable. Mission - A private overlay internet (or set of networks) dedicated to moving data between LHC Tier 1, Tier 2 and Tier 3 centers. - It segregates LHC traffic from general R&E traffic so that it can be managed independently in ways that benefit both the LHC and NSP communities. Governance & AUP - A community project driven by rough consensus. - Most community members agree that traffic carried by LHCONE should be restricted to LHC related traffic, or traffic between LHC related subnets. But some sites make no effort to restrict the traffic across LHCONE to LHC related subnets or traffic. Security Assertions - No final or authoritative AUP document for LHCONE-VRF could be found. - Some useful info in the following:

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science LHCONE VRF Resources NSPs provide the network including core links and routers as a virtual overlay on their regular infrastructure. Resource provisioning is done across different parts of LHCONE using different models: - Critical: Some organizations are doing careful planning and acquiring necessary resources and making them available via the LHCONE to meet their users needs. - Incidental: Some organizations are treating LHCONE as a way to make ‘found’ resources available to the LHC community. - Unreliable or Unnecessary: Some organizations plan to meet their LHC Tier 2 & 3 needs using standard R&E networking services. Most LHCONE-VRF infrastructure is shared and is covered by regular networking fees.

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science LHCONE VRF – Relationships Relationships - NSPs are providing network services to their typical users following standard business relationships in their regions - NSPs have peering or transit relationships with each other, usually following the well established peering and transit relationships in use for their general R&E traffic. - LHC Centers are strictly users of the services, and are mostly consuming services from their normal upstream provider. Responsibilities - NSPs have their standard suite of responsibilities including network operations: monitoring, troubleshooting, capacity planning, security management, etc. - Customers are responsible for adhering to the AUP (if defined).

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science LHCONE VRF Protocol Stack

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science LHCONE VRF Protocol Stack NSP are providing a full network service to LHC centers, not a set of links.

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science Joe’s Opinions LHCOPN vs LHCONE LHCOPN and LHCONE are both are overlay networks built on top of the same pool of underlying NSP resources. LHCOPN is a virtual private network built and managed by LHC sites. LHCONE is a virtual private network built and managed by the NSP community. Future Directions Maintain the LHC investment in networking capacity (LHCOPN) at the current scale. Or to rephrase: Don’t shrink the pool of resources available to LHC right now. Maintain the LHCOPN network, if the mechanism it provides for priority or guaranteed traffic are able to be used effectively by the experiments. Develop methods to shift network resources between LHCOPN and LHCONE as needed to best meet user demands. Tighten up the LHCONE VRF definition & AUP. Point to points circuits outside the LHCOPN should be considered part of LHCONE. Probably best used to pull ‘found’ resources into production paths. (ie ANA-100 LHCONE experiment)

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science The End

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science Challenge using dynamic point-to-point circuits in LHC The obvious thing is to take info from the workflow manager, and use it to request changes at the link layer between NSPs. This combines all of the challenges of crossing multiple domains with all the challenges of violating every layer in the protocol stack. The obvious thing is to take info from the workflow manager, and use it to request changes at the link layer between NSPs. This combines all of the challenges of crossing multiple domains with all the challenges of violating every layer in the protocol stack.

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science Idea for a possible way forward The ANA-100G LHCONE integration experiment is doing some interesting work: Turning up and down bandwidth between LHCONE instances Adjusting routing between LHCONE instances Developing measurement philosophy and plans for measuring impact on LHC end users Could we build on this work, and try to figure out how to use dynamic circuits to provision ‘found’ or temporarily available resources into the LHCONE VRF?

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science Advantages Breaks the requirement for coordinated lock-step planning and development between the NSP and LHC software development groups. The NSP circuit development teams already contain, or have easy access to the right ‘application level’ experts (BGP routing). Constrains the scope of the work to the NSP’s who are involved in developing and deploying dynamic circuits. Could establish a framework for NSPs, and other entities to easily contribute network resources to the LHC community.