1 / 28

perfSONAR WG 2006 Spring Member Meeting

perfSONAR WG 2006 Spring Member Meeting. Jeff W. Boote 24 April 2006. Agenda. Introduction Agenda bashing perfSONAR overview/status perfSONAR multi-LS solution (Jason Z.) perfSONAR AuthN/Z plans Open Discussion. perfSONAR: Overview. Joint effort of ESnet, G É ANT2 JRA1 and Internet2

hestia
Download Presentation

perfSONAR WG 2006 Spring Member Meeting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. perfSONAR WG2006 Spring Member Meeting Jeff W. Boote 24 April 2006

  2. Agenda • Introduction • Agenda bashing • perfSONAR overview/status • perfSONAR multi-LS solution (Jason Z.) • perfSONAR AuthN/Z plans • Open Discussion

  3. perfSONAR: Overview • Joint effort of ESnet, GÉANT2 JRA1 and Internet2 • Webservices network performance framework • Network measurement tools • Network measurement archives • Distributed scheduling/authorization • Multi-domain policy

  4. perfSONAR is a joint effort Participants: ESnet, GEANT2 JRA1, Internet2, RNP, Fermilab Internet2 includes: University of Delaware Georgia Tech Internet2 staff My apologies if I have overlooked someone (still working on the credits process) GEANT2 JRA1 includes: Arnes Belnet Carnet Cesnet DANTE DFN FCCN GRNet ISTF PSNC Nordunet (Uninett) Renater RedIRIS Surfnet SWITCH perfSONAR: Credits

  5. perfSONAR: Project Activity Meter • 1-2 conf calls/week • 1 new service/month (accelerating) • 3-4 development workshops/year • 3-4 paper submissions/year

  6. perfSONAR: System Description • Domains represented by a set of services • Each domain can deploy services important to the domain • Analysis clients interact with service across multiple domains

  7. perfSONAR: Services (1) • Lookup Service • Allows the client to discover the existing services and other LS services. • Dynamic: services registration themselves to the LS and mention their capabilities, they can also leave or be removed if a service gets down. • AuthN/Z Service • Internet2 MAT, GN2-JRA5 (eduGAIN) • Authorization functionality for the framework • Users can have several roles, the authorisation is done based on the user role. • Trust relationships defined between users affiliated with different administrative domains.

  8. perfSONAR Services (2) • Transformation Service • Transform the data (aggregation, concatenation, correlation, translation, etc). • Topology Service • Make the network topology information available to the framework. • Find the closest MP, provide topology information for visualisation tools • Resource protector • Arbitrate the consumption of limited resources between multiple services.

  9. Inter-domain perfSonar example interaction Useful graph Client Token MA Here is who I am, I’d like to access MA B Here is who I am, I’d like to access MA A Token MB a,b,c : Network A, MA A, AA A Where Link utilisation along - Path a,b,c? AA A Here you go Get Link utilisation a,b,c Get link utilisation c,d,e,f AA B Here you go a,b,c: Network A – LS A, c,d,e,f : Network B, MA B, AA B Where Link utilisation along - Path a,b,c,d,e,f? LS A LS B MA B MA A a b f e c d Network A Network B

  10. perfSONAR: Status Update • Production release of base package expected by June (code freeze next week) • Will include: • Single domain LS solution • RRD MA • (no AS) • Additional services and client applications supporting this version will soon follow: • BWCTL MP • perfSONAR UI

  11. perfSONAR: Hot Topics • Multi-domain hierarchical LS • AuthN/Z development plan with JRA-5 (eduGAIN) • SSH MP (LookingGlass) service • Topology Services • L2 specific MA service

  12. MPs SSH/Telnet (Looking Glass) ABW (bandwidth packet capture cards) BWCTL NMS (SDH status) SNMP Command line (OWAMP, Ping, Traceroute) MAs RRD SQL TopS BWCTL Hades (owd, jitter, owpl) Flow replicator Visualization Clients CNM perfSONAR UI Visual perfsonar Looking glass perfSONAR: Current Developments

  13. Agenda • Introduction • Agenda bashing • perfSONAR overview/status • perfSONAR multi-LS solution (Jason Z.) • perfSONAR AuthN/Z plans • Open Discussion

  14. perfSONAR: multi-LS • Jason

  15. Agenda • Introduction • Agenda bashing • perfSONAR overview/status • perfSONAR multi-LS solution (Jason Z.) • perfSONAR AuthN/Z plans • Open Discussion

  16. perfSONAR: authN/Z plans • perfSONAR(JRA-1)/JRA-5 sub-group • Group tasked with determining how to leverage JRA-5 authentication system (eduGAIN) in perfSONAR infrastructure • Jeff Boote (Internet2) • Diego Lopez (RedIRIS) • Maurizio Molina (Dante) • Andreas Solberg (Uninett)

  17. perfSONAR: Background • Designed with Federated authentication in mind • AS becomes a ‘proxy’ for Authorization requests

  18. eduGAIN: Background • JRA-5 provided authentication “interface” • Provides “bridging” to other authentication systems • Shibboleth • PAPI • Others… • Designed mostly with web-browser interaction in mind

  19. Current Status • Group has come to general consensus on how this should work • Paper is currently underway describing interaction of perfSONAR with eduGAIN API

  20. perfSONAR: Trust relationship entities • Client • idP (identity provider) • pSR (perfSONAR resource “service”) • AS (perfSONAR AS service) • HLS (Home Location Service)

  21. Automated Client Interaction

  22. Normal User Interaction

  23. Implications for JRA-5 • Future extensibility for multiple X.509 root CA certificates • Non-web profile for authN attribute request • Current identity provider servers (attribute stores) may need to hold attributes for non-human clients • Others???

  24. Implications for JRA-1 • AS has slightly different role • Clients never directly interact with AS • AS is effectively a ‘proxy’ between services and the eduGAIN ‘bridging elements’ • Attribute requests from services to RP’s and from RP’s to AS need to be made in a ‘boolean’ fashion to protect the privacy of clients • Automated clients MUST have X.509 client certificates

  25. Questions/Concerns • Let me know if you would like a copy of the ‘document’ when it is complete • Please feel free to send further questions/comments to Maurizio and Jeff boote@internet2.edu maurizio.molina@dante.org.uk

  26. Agenda • Introduction • Agenda bashing • perfSONAR overview/status • perfSONAR multi-LS solution (Jason Z.) • perfSONAR AuthN/Z plans • Open Discussion

  27. Additional Topics

More Related