1 / 31

The MANTICORE Project: Providing Users with a Logical IP Network Service

The MANTICORE Project: Providing Users with a Logical IP Network Service. Victor Reijs, HEAnet Eduard Grasa, Fundació i2cat MANTICORE Partners (self funded project). Agenda. The MANTICORE Project Vision MANTICORE Implementation The IaaS Framework (UCLP Evolution) User Roles

beulah
Download Presentation

The MANTICORE Project: Providing Users with a Logical IP Network Service

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The MANTICORE Project: Providing Users with a Logical IP Network Service Victor Reijs, HEAnet Eduard Grasa, Fundació i2cat MANTICORE Partners (self funded project)

  2. Agenda • The MANTICORE Project Vision • MANTICORE Implementation • The IaaS Framework (UCLP Evolution) • User Roles • Software Architecture • How does it work: GUI preview • DEMO at TNC 2008 • Future work: MANTICORE and RPSL

  3. MANTICORE project • A Web Service based system that provides the User (NOC and/or end user) with the ability to define and configure of its own physical and/or logical IP network • Project partners: • HEAnet, i2CAT, Juniper, NORDUnet, RedIRIS

  4. Service specification • Define the edge ports of the IP network • Define the external Routing Service (policy) • In case there are preferences on internal transport services, QoS: the internal Routing Service metric • If available: IP address space

  5. The MANTICORE vision Physical Router User Site Logical Router Physical Link Logical Link Each user’s IP network is represented by a different color Other user’s IP Network or the Internet 5

  6. Logical IP network • Logical IP network should guarantee route integrity in contrast with point to point links/lightpath/lambdas • Two Routing Services (RPSL): • internal routing (pure internal configuration and making directly connected ports explicit) • external routing (other networks, directly connected hosts and propagation of external routing info)

  7. router1.rediris.es router4.rediris.es router2.rediris.es router3.rediris.es router5.rediris.es RPSL defines Routing Services: examples lo0: 10.10.20.5/32 lo0: 10.10.10.4/32 AS10 ge-3/0/0 192.168.20.2 static eBGP (network2) 192.168.10.2 AS20 lo0: 10.10.1.1/32 lo0: 10.10.1.2/32 ge-3/0/0 (network3) ge-3/0/0 ge-3/0/0 192.168.1.1 192.168.20.1 ge-2/0/0 ge-2/0/0 192.168.10.1 192.168.1.2 ge-1/0/0 ge-0/0/0 192.168.0.1 192.168.2.1 ge-1/0/0 AS1 192.168.0.2 ge-0/0/0 AREA 0 192.168.2.2 (network1) lo0: 10.10.1.3/32 • Sample RPSL and configs arising from our demo layout • eBGP AS1->AS20 • static AS1->AS10

  8. Sample RPSL: BGP to JUNOS protocols { bgp { export local-networks; group ebgp { type external; family inet { any; } neighbor 192.168.20.2 { peer-as 20; description "AS20"; export to-AS20; import from-AS20; } } } } policy-statement from-AS20 { term 1 { from { prefix-list AS20; } then accept }; } policy-options AS20 { prefix-list AS20 { 10.10.20.0/24; } } aut-num: AS1 as-name: network1 import: from AS20 # network3 action pref=100; accept AS20 export: to AS20 # network3 announce AS1 route: 10.10.20.0/24 descr: network3 orgin: AS20 mnt-by: manticore@heanet.ie changed: manticore@heanet.ie 20080520

  9. Sample RPSL: Static route -> IOS-XR aut-num: AS1 as-name: network1 import: protocol STATIC into BGP4 # network2 accept AS10 route: 10.10.10.0/24 origin: AS10 mnt-by: manticore@heanet.ie changed: manticore@heanet.ie 20080520 inject: at 192.168.10.1 action next-hop=192.168.10.2; cost=10 upon static ipv4 route 10.10.10.0 255.255.255.0 192.168.10.2 10 ! router bgp 1 address-family ipv4 unicast redistribute static route-policy local-statics ! route-policy local-statics if destination in ( 10.10.10.0/24 ) pass endif end-policy 9

  10. The components • The following components can be distinguished: • Router WSA logical or physical device with logical/physical ports with • Routing servicesAbility to route traffic according to certain rules, for internal entities (like Router WS) and external entities (like users or external networks) • Lower layer WSProvide connectivity at layer 0, 1 and 2 between (user/router) ports • IP network WSIntegrating the above services 10

  11. Agenda • The MANTICORE Project Vision • MANTICORE Implementation • The IaaS Framework (UCLP Evolution) • User Roles • Software Architecture • How does it work: GUI preview • DEMO at TNC 2008 • Future work: MANTICORE and RPSL

  12. Infrastructure as a ServiceIaaS and Virtualization • Virtualization consists of representing a physical device/substrate/datapath as a Software entity (P2V). • Initially started with PC virtualization (VMWare, VirtualIron, VirtualPC) • Provides Isolation. • IaaS is equivalent of SaaS for hardware devices. • Amazon and BlueLock pioneer the IaaS service by renting hardware using proprietary solutions. • Users pay to use shared infrastructures. • Monthly fees or Pay per use. • Long term exchanged compared to on-demand services. • Users control/own the infrastructure.

  13. UCLP, Argia and the IaaS Framework • Two UCLP research programs were put in place by CANARIE to provide a virtualization solution for optical networks starting in 2001 • UCLP initial goal was to provide end to end paths across domains (DataPath Virtualization) • UCLPv2 goals were to create reusable and configurable network blocks (Hardware Partitioning Virtualization) • UCLPv2 concepts are evolving into many different Physical to Virtual (P2V) products and R&D projects that are built on the IaaS Framework: • Argia -> Product for Optical Networks • Ether -> R&D for Ethernet and MPLS Networks • MANTICORE -> R&D for physical/logical IP Networks • GRIM -> R&D for Instruments and Sensors RMC ETHER MANTICORE GRIM CHRONOS

  14. Infrastructure Resource Trading (I): Direct Export User A Provider 2 Resource List Resource List Resource List Resource List Provider 1 User C User B

  15. Infrastructure Resource Trading (II): Broker Sites

  16. IaaS Framework Resource Architecture WS Interface (WS Resource) Capability Capability WS-MessagingEngines(Axis2, CXF, MiniSOAP) Web ApplicationSupport(MVC) Resource Representations / Service Interfaces (Java) Security Framework ApplicationContainer TransientInformation PersistentInformation Business Logic PersistanceLayer IaaSEngine(Driver Architecture) DB LDAP FileSystem Data Sources Physical Devices

  17. IP Network WS Router-WS MANTICORE Software Architecture Manage user accounts, get user credentials, authenticate RPSL may be used to let the GUI specify high level routing policies (internal as well as external) to the IP Network WS User Workspace WS GUI client(s) Transforms the routing configuration abstract description in high level operations that will be invoked in the Router WS over one or more virtual resources TDM Resource WS Ethernet Resource WS Transforms the high level operations over one or more virtual resources into specific commands that each particular routing device can understand . . . Represent the physical (ports) or logical interfaces (VLANs, TDM Channels) that users can access. Virtual Resource Services Protocol Y Protocol X Netconf Software router Other vendor device Juniper device

  18. First implementation limitations • Only deal with Juniper routers using the Netconf JunOS XML API • RPSL (will explain later) won’t be used as a means of describing abstract routing configurations (instead, a proprietary simple and limited representation will be used). • WS-Security: WS Messages are not encrypted nor signed. • The implementation is a proof of concept, not a complete solution: working prototypes of the services will be implemented, but some features and performance optimization will be left for future work

  19. Agenda • The MANTICORE Project Vision • MANTICORE Implementation • The IaaS Framework (UCLP Evolution) • User Roles • Software Architecture • How does it work: GUI preview • DEMO at TNC 2008 • Future work: MANTICORE and RPSL

  20. Example deployment • NREN A Server: • User Workspace WS • Ethernet Resource WS • IP Network WS • Router WS • i2cat Server: • (optional) • User Workspace WS • Ethernet Resource WS • IP Network WS • Two organizations: • NREN A: Physical Network Administrator. In this very simple example it operates a network with one physical router. • i2CAT: Virtual Network Administrator. In this very simple example it will request two logical routers to NREN A. • MANTICORE Software deployment

  21. NREN A discovers the physical router When NREN A first launches the GUI client, it must create a new physical network and add all the routers they want to manage to it.

  22. NREN A PN Admin creates logical routers • He also creates a logical tunnel between the two logical routers (new LT interfaces are created). • NREN A admin creates some logical interfaces, two logical routers and assigns these logical interfaces to the logical routers.

  23. Creation of virtual links and virtual interfaces • NREN A PN Admin creates a resource list (list of resources that can be accessed by NREN A or a 3rd party). • NREN A PN Admin creates virtual interfaces and virtual links (kind of proxy objects that represent the remotely configurable interfaces and links), and adds them to the resource list.

  24. Exporting resources Resource List i2cat Server: (optional) NREN A Server: • NREN A PN Admin exports the resource list to i2cat (permissions are set on the resources so that i2cat’s users can access and modify the resources on the resource list). • i2cat APN Admin, launches its GUI Client, logs into the server and downloads the resource list.

  25. i2cat’s IP Network • Now he can configure the IP parameters of the interfaces, configure IGPs, configure the peering, ... • i2cat APN Admin creates a new IP Network and adds the resources of the resource list to it.

  26. Agenda • The MANTICORE Project Vision • MANTICORE Implementation • The IaaS Framework (UCLP Evolution) • User Roles • Software Architecture • How does it work: GUI preview • DEMO at TNC 2008 • Future work: MANTICORE and RPS

  27. router1.rediris.es router4.rediris.es router2.rediris.es router3.rediris.es router5.rediris.es TNC 2008 MANTICORE Demo lo0: 10.10.20.5/32 lo0: 10.10.10.4/32 AS10 ge-3/0/0 192.168.20.2 static eBGP 192.168.10.2 AS20 lo0: 10.10.1.1/32 lo0: 10.10.1.2/32 ge-3/0/0 ge-3/0/0 ge-3/0/0 192.168.1.1 192.168.20.1 ge-2/0/0 ge-2/0/0 192.168.10.1 192.168.1.2 ge-1/0/0 ge-0/0/0 192.168.0.1 192.168.2.1 ge-1/0/0 AS1 192.168.0.2 ge-0/0/0 AREA 0 192.168.2.2 lo0: 10.10.1.3/32 • During the Terena Networking Conference 2008 (Bruges, 19-22 May) at the Juniper booth, the following scenario is going to be demonstrated.

  28. Agenda • The MANTICORE Project Vision • MANTICORE Implementation • The IaaS Framework (UCLP Evolution) • User Roles • Software Architecture • How does it work: GUI preview • DEMO at TNC 2008 • Future work: MANTICORE and RPSL

  29. IP Network WS Router-WS RPSL in MANTICORE Manage user accounts, get user credentials, authenticate RPSL may be used to let the GUI specify high level routing policies (internal as well as external) to the IP Network WS User Workspace WS GUI client(s) Transforms the routing configuration abstract description in high level operations that will be invoked in the Router WS over one or more virtual resources TDM Resource WS Ethernet Resource WS Transforms the high level operations over one or more virtual resources into specific commands that each particular routing device can understand . . . Represent the physical (ports) or logical interfaces (VLANs, TDM Channels) that users can access. Virtual Resource Services Protocol Y Protocol X Netconf Software router Other vendor device Juniper device • RPSL can be used as a means of describing the external routing policies as well as the IGP configurations (with minor extensions). • These RPSL descriptions can be taken as an input by the IP Network WS and then generate the high level operations to invoke at the Router WS (remember the architecture picture). • Implementation status: RPSL RFCs (2622, RPSL and 4012, RPSLng) have been studied, and some preliminary RPSL descriptions for the MANTICORE use cases have been generated. Not implemented yet due to time constraints.

  30. More Future Work • Integrate MANTICORE with the other IaaS Framework based network virtualization solutions: • With Argia, product for optical networks (TDM, WDM, Fibre). • With Ether, upcoming product for Ethernet and MPLS networks. • Create drivers for other router vendors • Add more features to the IP Network WS • Allow APN Admins and end users to create new logical interfaces • Provide means of describing more complex routing policies • Other? • Activities within the FEDERICA Project • Achieve interoperability with the IPsphere Framework (framework for composing multi-stakeholder services) • Provide support for software routers

  31. Thanks for your attention! More information: • MANTICORE: • Victor Reijs, Network Development Manager, HEAnet Limited (victor.reijs@heanet.ie) • Sergi Figuerola, Coordinator of the Network Technologies Cluster, Fundacio i2cat (sergi.figuerola@i2cat.net) • IaaS Framework: • Inocybe Technologies Inc. http://www.inocybe.ca • IaaS Framework website: http://www.iaasframework.com

More Related