Lambdas and Your Campus BoF: Some Introductory Comments Internet2/ESNet Joint Techs Minneapolis, 12:30, February 13, 2007 Joe St Sauver, Ph.D.

Slides:

Advertisements

Similar presentations

1/17/20141 Leveraging Cloudbursting To Drive Down IT Costs Eric Burgener Senior Vice President, Product Marketing March 9, 2010.

Advertisements

Ethernet Switch Features Important to EtherNet/IP

Proposed Storage Area Network Facilities For Discussion.

Security BoF: What Are The Community's Open Questions? Joe St Sauver, Ph.D. or Manager, Internet2 Nationwide Security.

NENA Development Conference | October 2014 | Orlando, Florida Local PSAP IP Network Infrastructure and NG9-1-1 Michael Smith, DSS Nate Wilcox, Emergicom.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Introduction to IPv4 Introduction to Networks.

RETHINK BACKUP & ARCHIVE. 2 Backup and Archive are Top IT Priorities Which of the following would you consider to be your org’s most important IT priorities.

Welcome! Academics and Events in One Database: How publishing event data from a single source can enhance communication, minimize risk and assist in disaster.

FNAL Site Perspective on LHCOPN & LHCONE Future Directions Phil DeMar (FNAL) February 10, 2014.

DNSSEC Workshop Planning BOF Internet2/ESNet Joint Techs College Station TX, Feb 2-4, 2009 Joe St Sauver, Ph.D. Manager, Internet2 Security Programs

Multicast Fundamentals n The communication ways of the hosts n IP multicast n Application level multicast.

Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

1 Disk Based Disaster Recovery & Data Replication Solutions Gavin Cole Storage Consultant SEE.

Designing Online Communities: If We Build it, Will They Come? Yvonne Clark Instructional Designer Penn State University.

Disaster Planning and Recovery BOF Internet2 Member Meeting, Chicago 11:45AM, December 4th, 2006 Room CC24C.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Standards Certification Education & Training Publishing Conferences & Exhibits 13 February 2007 PHY / MAC Task Group Network / Transport Presentation This.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

Salsa-DR BOF Internet2 Member Meeting San Antonio Texas Joe St Sauver, Ph.D. or

1© Copyright 2015 EMC Corporation. All rights reserved. SDN INTELLIGENT NETWORKING IMPLICATIONS FOR END-TO-END INTERNETWORKING Simone Mangiante Senior.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

1 Secure Zero Configuration in a Ubiquitous Computing Environment Shenglan Hu and Chris J. Mitchell Information Security Group Royal Holloway, University.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

John Graham – STRATEGIC Information Group Steve Lamb - QAD Disaster Recovery Planning MMUG Spring 2013 March 19, 2013 Cleveland, OH 03/19/2013MMUG Cleveland.

PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.

1 Content Distribution Networks. 2 Replication Issues Request distribution: how to transparently distribute requests for content among replication servers.

Data Communications and Networking

1 Wide Area Network. 2 What is a WAN? A wide area network (WAN ) is a data communications network that covers a relatively broad geographic area and that.

Disaster Recovery as a Cloud Service Chao Liu SUNY Buffalo Computer Science.

Presentation Title Subtitle Author Copyright © 2002 OPNET Technologies, Inc. TM Introduction to IP and Routing.

1 October 20-24, 2014 Georgian Technical University PhD Zaza Tsiramua Head of computer network management center of GTU South-Caucasus Grid.

Virtual LAN Design Switches also have enabled the creation of Virtual LANs (VLANs). VLANs provide greater opportunities to manage the flow of traffic on.

Hosted by iSCSI: The New Storage Interconnect on the “Block”? Sean P. Derrington Consultant, Enterprise Storage and Servers Appergy, Inc

Lecture 8 Page 1 Advanced Network Security Review of Networking Basics: Internet Architecture, Routing, and Naming Advanced Network Security Peter Reiher.

Welcome to the Consumer Centered Family Consultation “Beyond the 1 st CCFC” Webinar PART 1 Hosted by: The Family Institute for Education, Practice & Research.

ISA 562 Internet Security Theory & Practice

Electronic Commerce & Marketing. What is E-Commerce? Business communications and transactions over networks and through computers, specifically –The buying.

Lecture 4 Transport Network and Flows. Mobility, Space and Place Transport is the vector by which movement and mobility is facilitated. It represents.

Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Introduction – Part II.

©2006 Merge eMed. All Rights Reserved. Energize Your Workflow 2006 User Group Meeting May 7-9, 2006 Disaster Recovery Michael Leonard.

SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.

1 Second ATLAS-South Caucasus Software / Computing Workshop & Tutorial October 24, 2012 Georgian Technical University PhD Zaza Tsiramua Head of computer.

The University of Bolton School of Games Computing & Creative Technologies LCT2516 Network Architecture CCNA Exploration LAN Switching and Wireless Chapter.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.

Erik Radius Manager Network Services SURFnet, The Netherlands Joint Techs Workshop Columbus, OH - July 20, 2004 GigaPort Next Generation Network & SURFnet6.

Casualty Actuarial Society ERM for the CAS. Centennial Goal The CAS will be recognized globally as a leading resource in educating casualty actuaries.

Understanding the basics of networking Welcome to the jungle!

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Network Design Concepts Designing and Supporting Computer Networks.

1 MPLS: Progress in the IETF Yakov Rekhter

(Slide set by Norvald Stol/Steinar Bjørnstad

Local Area Networks: Monil Adhikari. Primary Function of a LAN File serving – large storage disk drive acts as a central storage repository Print serving.

Brocade Flow Optimizer

Internet Protocol Storage Area Networks (IP SAN)

Company LOGO Network Architecture By Dr. Shadi Masadeh 1.

© 2007 EMC Corporation. All rights reserved. Internet Protocol Storage Area Networks (IP SAN) Module 3.4.

IS3220 Information Technology Infrastructure Security

SWE 214 (071) Chapter 12: Brainstorming and Idea Reduction Slide 1 Chapter 12: Brainstorming and Idea Reduction.

1 EIT 4.1 Thinking Different: Data Centers and IoT Chris Crosby, CEO, Compass Datacenters.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.

Jordan Population and Housing Census 2015

Planning for Application Recovery

Virtual Private Networks

Lab A: Planning an Installation

Virtual Private Networks

Server Upgrade HA/DR Integration

Wide Area Network.

CCNET Managed Services

An Update on Multihoming in IPv6 Report on IETF Activity

How to deliver a Microsoft Cloud Workshop

Presentation transcript:

Lambdas and Your Campus BoF: Some Introductory Comments Internet2/ESNet Joint Techs Minneapolis, 12:30, February 13, 2007 Joe St Sauver, Ph.D.

2 Thanks For Joining Us Today for This BoF! Let’s begin by going around the room, and having everyone briefly introduce themselves. Please give your name, and the name of the institution you’re with. I’d also encourage you to sign in on the sheet that’s going around (be sure to indicate if you’d like to be added to a “Lambdas and Your Campus” mailing list). I’ll then show a few introductory slides to get things started Finally we’ll open things up for the rest of this session’s time slot so that attendees can share what they’re thinking about when it comes to lambdas and your campuses.

3 Why Is Joe Leading This BoF? At the Fall 2005 (Philadelphia) I2 Member Meeting I presented a talk entitled, “Thinking About Lambda Based Network Architectures and Your Applications,” (or.pdf) I’m active with a number of I2 working groups or activities which are interested in network architecture issues and security issues. Lambdas are coming, and we believe there’s interest in discussing how they will impact your campuses (e.g., see Kevin Miller’s excellent talk “Using Lambdas Without Bypass” from earlier this morning). Campus-level issues, in particular, were intended to be a special subject focus for this meeting. No one else volunteered to do this BoF, so you get me. :-) In any event, let’s dive in…

4 The New Network Connection Paradigm Old connection model: packet based OC12, Gig, OC48, or 10Gig New standard connection package: two connections one 10gig packet connection, but ALSO -- one 10gig lambda connection The fundamental question: How will Internet2 connectors and campuses integrate those new lambda based connections with their local networks? Will those using lambdas simply bypass the normal campus infrastructure? Will lambdas tightly integrate with the campus infrastructure? What’s the role of regionals or gigapops in facilitating lambdas for their members? How you decide to use lambdas, and how you think about lambdas, potentially drives a lot of other questions…

5 Lambdas and Security Considerations Are there security considerations associated with bringing lambdas to your campus? For example, will the availability of lambdas introduce new security risks, or will lambdas perhaps act to reduce or eliminate some security risks? While HOW YOU USE lambdas may drive part of the answer to that question, how you THINK about lambdas may also be important: “Lambdas will blow right past our border firewall, and we also won’t be able to passively monitor traffic over that channel!” vs. “Lambdas are point-to-point ‘virtual wires,’ and as a closed network with a small number of interconnected hosts, such a network will inherently have far fewer security risks!”

6 Scheduling Access to Constrained Lambda Resources Another example of how lambdas differ from traditional packet-based connections is the need to consider scheduling and prioritization of use. That is, if only a single lambda is available, will it be used in a static fashion, or in a more dynamic way? Who will determine what user or application has priority access? Potential models: -- First come, first serve use without any prior reservation? -- Ad-hoc negotiation with IT technical or managerial staff? -- Priority reservation system, with key users having the right to “bump” or “pre-empt” lower priority user reservation? -- An institutional “lambda allocation committee?” In deciding on a solution, remember that you may/will ALSO need to simultaneously schedule access on the other end of the pipe. This will get harder as the # of sites and the number of users increases…

7 Are There Emerging Situations Where Campuses May Have Specific Lambda-Related Requirements? Packet-based traffic may still be the primary production campus and IT focus (particularly given that connectors are looking at getting a 10gig packet-based connection as part of the new Internet2 connection model), but lamba-based requirements should also be on the planning radar. The classic examples for lambdas have all traditionally been research-related projects, but your campus may also have requirements for lambdas for more mundane (but still very important)! Let’s quickly consider just a couple of examples…

8 Example #1: DR/BCP Consider campus disaster recovery (DR) and business continuity planning (BCP) requirements where you might have large SAN or NAS disk farms at a location on campus that’s continually replicated/synchronized at one (or more) remote “hot backup” locations. Some associated lambda-favorable characteristics: -- this is a mission critical application (so $$$ may be available) -- filer synchronization has persistent and predictable long term point-to-point flows (nice property for lambda based networks!) -- interfiler traffic may need to be isolated (it may be unencrypted) -- routine interfiler synchronization traffic bandwidth may be large -- recovery bandwidth requirements may be larger still -- substantial geographical separation may be desired (e.g., more distance than you can get from just a state or regional network) -- Backup channels should avoid common points of failure

9 Example #2: Dealing with DDoS Attacks Another situation where campuses might be interested in lambdas would be if they’re experiencing problems with distributed denial of service (DDoS) attacks. DDoS attacks can easily run multiple Gbps DDoS attacks may last for minutes, hours, days, or longer. Currently many sites attempt to mitigate DDoS attacks by announcing specific blackhole routes as far upstream as possible. While that may protect campus links from that attack traffic, it limits the ability of targeted sites to track/analyze the attack traffic. Would dynamic waves represent an alternative way of handling that DDoS traffic, offloading and protecting an institution’s primary packet-based connectivity while also facilitating delivery of that atack traffic (with customer permission) to local or remote network analysts for scrutiny and backtracking purposes?

10 Campus Interest in Lambdas and Upstream Architectures The last issue I’ll raise this morning is the question of how campus interest in lambdas impacts upstream architectures and business relationships… This is not a new issue. For example, thinking about some other technologies: -- IP multicast: if a campus wanted to do IP multicast, upstreams needed to play -- IPv6: if a campus wanted to do IPv6, upstreams needed to play -- jumbo frames: if a campus wanted to do jumbo frames, upstreams needed to play Are we facing the same sort of issues when it comes to lambdas? If so, are the regional optical networks and the campuses ready? With that, I’ll throw this BoF open to y’all… do any of those issues resonate for you? How are you planning to address them?