1 / 6

OESS AM, OESS Stitching Flowspace firewall

AL2S and GENI. OESS AM, OESS Stitching Flowspace firewall. FOAM on AL2S. OESS provides point-to-point and multipoint circuits across an OpenFlow substrate. Deployed on Internet2’s AL2S network. OESS AM p rovides a GENI interface to OESS circuit provisioning

nia
Download Presentation

OESS AM, OESS Stitching Flowspace firewall

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AL2S and GENI OESS AM, OESS StitchingFlowspace firewall

  2. FOAM on AL2S • OESS provides point-to-point and multipoint circuits across an OpenFlow substrate. Deployed on Internet2’s AL2S network. • OESS AM provides a GENI interface to OESS circuit provisioning • Takes GENI AM API requests and translates them into OESS API requests • Based on FOAM -- modified to support OESS API • Advertises available AL2S/OESS resources (endpoints, trunks) • Receives requests for AL2S/OESS circuit creation/removal, talks to AL2S OESS to make changes to network • ‘GENI-FOAM’ workgroup defines access policy for GENI users • New for this GEC: Stitching support

  3. AL2S Stitching • FOAM OESS AM extended to support stitching • Stitching supported on any AL2S interface that has interdomain provisioning enabled • NOC ticket to enable port for interdomain • Port owner creates ACL(s) granting ‘GENI-FOAM’ workgroup access to a set of VLANs • AL2S AM will then automatically advertise this port in stitching advertisement • Current Limitations: • 1 circuit per request. • One remote link per port.

  4. Stitching Advertisement <stitch:stitchingxmlns="http://hpn.east.isi.edu/rspec/ext/stitch/0.1/"> <stitch:aggregate id="urn:publicid:IDN+al2s.internet2.edu+authority+am" url="http://foam-oess-stage.grnoc.iu.edu:3626/foam/gapi/2"> <stitch:aggregatetype>oessfoam</stitch:aggregatetype> <stitch:stitchingmode>chainANDTree</stitch:stitchingmode> <stitch:scheduledservices>false</stitch:scheduledservices> <stitch:negotiatedservices>false</stitch:negotiatedservices> <stitch:node id="urn:publicid:IDN+al2s.internet2.edu+node+sdn-sw.clev.net.internet2.edu"> <stitch:port id="urn:publicid:IDN+al2s.internet2.edu+stitchport+sdn-sw.clev.net.internet2.edu:e5/1"> <stitch:capacity>10000000</stitch:capacity> <stitch:maximumReservableCapacity>10000000</stitch:maximumReservableCapacity> <stitch:minimumReservableCapacity>10000000</stitch:minimumReservableCapacity> <stitch:granularity>1000</stitch:granularity> <stitch:link id="urn:publicid:IDN+al2s.internet2.edu+interface+sdn-sw.clev.net.internet2.edu:e5/1:*"> <stitch:remoteLinkId>urn:publicid:IDN+ion.internet2.edu+interface+rtr.clev:et-5/0/0:al2s</stitch:remoteLinkId> <stitch:trafficEngineeringMetric>10</stitch:trafficEngineeringMetric> <stitch:capacity>100000000</stitch:capacity> <stitch:maximumReservableCapacity>100000000</stitch:maximumReservableCapacity> <stitch:minimumReservableCapacity>1000</stitch:minimumReservableCapacity> <stitch:granularity>1000</stitch:granularity> <stitch:switchingCapabilityDescriptor> <stitch:switchingcapType>l2sc</stitch:switchingcapType> <stitch:encodingType>ethernet</stitch:encodingType> <stitch:switchingCapabilitySpecificInfo> <stitch:switchingCapabilitySpecificInfo_L2sc> <stitch:interfaceMTU>9000</stitch:interfaceMTU> <stitch:vlanRangeAvailability>3900-4000</stitch:vlanRangeAvailability> <stitch:vlanTranslation>true</stitch:vlanTranslation> </stitch:switchingCapabilitySpecificInfo_L2sc> </stitch:switchingCapabilitySpecificInfo> </stitch:switchingCapabilityDescriptor> </stitch:link> </stitch:port> </stitch:node> …

  5. Stitching Request • OESS selects shortest path between the endpoints • Transparent VLAN translation across core <hop id="2"> <link id="urn:publicid:IDN+al2s.internet2.edu+interface+sdn-sw.wash.net.internet2.edu:e5/2:*"> <trafficEngineeringMetric>10</trafficEngineeringMetric> <capacity>100</capacity> <switchingCapabilityDescriptor> <switchingcapType>l2sc</switchingcapType> <encodingType>ethernet</encodingType> <switchingCapabilitySpecificInfo> <switchingCapabilitySpecificInfo_L2sc> <interfaceMTU>9000</interfaceMTU> <vlanRangeAvailability>670,3706-3750,3950-4000</vlanRangeAvailability> <suggestedVLANRange>3959</suggestedVLANRange> <vlanTranslation>true</vlanTranslation> </switchingCapabilitySpecificInfo_L2sc> </switchingCapabilitySpecificInfo> </switchingCapabilityDescriptor> </link> <nextHop>3</nextHop> </hop> <hop id="3"> <link id="urn:publicid:IDN+al2s.internet2.edu+interface+sdn-sw.clev.net.internet2.edu:e5/1:*"> <trafficEngineeringMetric>10</trafficEngineeringMetric> <capacity>100</capacity> <switchingCapabilityDescriptor> <switchingcapType>l2sc</switchingcapType> <encodingType>ethernet</encodingType> <switchingCapabilitySpecificInfo> <switchingCapabilitySpecificInfo_L2sc> <interfaceMTU>9000</interfaceMTU> <vlanRangeAvailability>1760-1779,3950-4000</vlanRangeAvailability> <suggestedVLANRange>3960</suggestedVLANRange> <vlanTranslation>true</vlanTranslation> </switchingCapabilitySpecificInfo_L2sc> </switchingCapabilitySpecificInfo> </switchingCapabilityDescriptor> </link> <nextHop>4</nextHop> </hop>

  6. Flowspace Firewall • Provides sliced OpenFlow interface to AL2S • Slices are differentiated by VLAN ID • Each slice is allocated one or more VLAN IDs on a set of edge and trunk ports • Flowspace Firewall acts as a proxy, enforcing VLAN policy for each slice • Enforces rate limits for each slice on OpenFlow control channel • FlowStats slicing • Deployed on Internet2 AL2S network on June 17 • Open source: https://github.com/GlobalNOC/FlowSpaceFirewall

More Related