The OGF Network Services InterfaceFramework An Overview, Status, and Futures Presented to: OGF 35 June 17-19, 2012 Delft, NL Jerry Sobieski Director., Int’l Research Initiatives NORDUnet
What is NSI? • NSI := “Network Services Interface” • It is intended to provide a single ubiquitous means for users, world wide, to dynamically manage network connection services. • The OGF NSI standards work has generated two documents so far: • The NSI Framework document – describes the high level abstracted notions of the NSI environment • The NSI Connection Service Protocol – describes the functional primitives that control point to point connections through their lifecycle. • This presentation will provide some technical details, current status, futures,… • ..And we’ll close with some thoughts about NSI relevance, the standards process, and how we gain momentum through OGF
What is “NSI”” • NSI is an architecture for inter-domain, automated, network connection provisioning. • It defines an abstract model of a network “Connection” • It specifies a very simple and generic multi-domain “Topology” model over which Connections are established • It defines an automated “Network Service Agent” (NSA) that represent each service domain in the topology • It defines a simple high level protocol between NSAs that manages a connection over its lifetime. Ingress “A” Egress Z” Access Access Transport Section NSI Protocol Network Service Agents NSA NSA NSA Network A STP A.2 Network B STP A.1 Network C STP B.2 STP C.2 STP B.1 STP C.1 Connections Topology
Overview of NSI Architecture User’s NSI Requesting Agent (RA) Network Services Agents Requesting Agent (RA) NSA NSI protocol Network Services Interface B Provider Agent (PA) NSA C A NRM E A D Network Resource Manager E D Domain C
Basic NSI Objects (2) • Several other basic NSI objects include: • The Service Termination Point (STP) • The Service Demarcation Point (SDP) • The intra-domain Network Resource Manager (NRM) NSA NSA “Service DemarcationPoint” “Service Termination Points” A Network “Aruba” Network “Bonaire” E NRM B D C Network Resource Manager
An “Inter-Domain” Model • NSI Framework describes a high level functionality that occurs across and between network service domains – not inside those domains. • It leaves intra-domain technical details to local engineers and automated tools. • The NSI Framework is technology agnostic. • It does not expect or require specific transport or switching technologies in the underlying infrastructure. • It leaves intra-domain technical details to local engineers and automated tools. • It is secure by design; • Authentication and Authorization at two levels is performed at every domain boundary for every NSI service request. • NSI is therefore well suited to multi-domain, multi-technology, and/or multi-layer network services.
NSI Connection Service Protocol • The NSI Connection Service (NSI-CS) is the first protocol defined under the NSI Framework • NSI-CSPrimitives: • Reserve, Provision, Release, Terminate, and Query. • Supports both “chain” signaling and novel “tree” signaling • Allows users to schedule connections in advance. • Allows service providers to refine common service specifications without modifying the protocol standard itself.
NSI CS Protocol • The CS protocol is a “request/response” protocol: • Requesting Agents issue primitive “requests” from RA to PA, • Provider Agents issue a corresponding “response” (confirmed or fail) from PA to RA. • Each NSA manages a state table associated with each Connections it has serviced. • The CS protocol is designed to provide consistent life cycle state transitions for all NSI connections regardless of how they are segmented or processed across multiple networks RA PA Resv.rq reserving Resv.cf scheduled Prov.rq provisioning Prov.cf In-service Rel.rq releasing Rel.cf released Term.rq terminating Term.cf
NSI “Segmentation” • It is the responsibility of each NSA to examine a Reservation Request and to choose a domain level path for the requested connection. • …and then to decompose the path into a set of “segments” that can be either • a) delegated to other NSAs (e.g. to reserve a portion of the path across one or more foreign domains), or • b) delegated internally to the local NRM. • Such path selection and segmentation can be performed recursively in two modes: • Conventional “Chain” provisioning in a sequential hop by hop fashion • Or a novel “Tree” process where the segments are reserved directly with downstream NSAs.
NSI Connection Segmentation Egress Service Termination Point “J” STP A Ingress Service Termination Point “A” Ingress STP “K” Egress STP “Z” STP J A>J J==K K>Z A J Access A>J Access Access Access Access J==K Transport Transport Segment 1 Transport K Z STP K STP Z A Z “Bonaire” Access “Aruba” K>Z Transport Segment 2 J K Y B
Connection Request Processing Conventional hop-by-hop “Chain” model Novel “Tree” model allows user path selection A RA PA PA PA 6 M 1 2 3 A B 5 D 1 3 C 2 4 6 4 5 C B D A Z A Z Hybrid processing that mixes tree and chain allows for 3rdparty requests, federations of networks, etc. 1 6 2 3 C B D 4 5 A Z
The NSI “Service Tree” The process of decomposition and segmentation defines the NSI “Service Tree” uRA – “ultimate Requesting Agent”, or user A 1 Tree model Aggregator NSAs – do PF and segmentation 8 C B D 2 Chain model Chain model 7 5 6 3 4 Leaf NSAs – Interface to local NRMs for actual data plane control. Tree model
Putting it all together… The user application NSA NSA NSA RM RM RM NSA Appl RA PA
NSI Road Map • OGF NSI-CS version 1.1 is capped: • Basic Framework • Basic primitives • Security • Basic NSI Topology • Hard coded service definition • Web Service implementation • The WSDL can be found at: http://code.google.com/p/ogf-nsi-project/source/checkout
NSI Road Map NSI v2.0 feature set drafted at OGF34 Oxford Features to be refined at OGF35 Delft Enhanced Error handling and state processing More powerful Connection endpoint semantics Control plane topology Simplified Client (RA) requirements Firewall/NAT interoperability Uni-directional STPs/connections ERO style route pinning • Formal Authorization/Security Profile • NSI & NML topology convergence • Dynamic inter-domain topology discovery and update • Compact enumeration of STPs, SDPs, etc. • Common Service Definitions • Versioning • Simplified State Machine
NSI-CS Development Road Map • OGF NSI-CS version 1.1 is in field test now in the Automated GOLE testbed • Sep 2011: First NSI CS InteropPlugfest – GLIF 2011 Rio de Janeiro, BR • Oct 2011: First NSI Transport Provisioning Future Internet Assembly 2011 Poznan, PL • Nov 2011: Global NSI / AutoGOLE Demonstration Supercomputing 2011 Seattle, US • OGF NSI-CS version 2.0 • V2.0 Feature set identified: Mar 2012 • Draft NSI-CS v2.0 document target: Jul 2012 • V2.0 Alpha test/interop Oct 2012 OGF/GLIF Workshop, Chicago • V2.0 Beta testing/[alpha] production service demo: Nov 2012, SC2012 Salt Lake City • NSI-CS V2.1 / Errata document target: Dec 2012 • Production Service deployments: EoY 2012
NSI Software Implementations • Software Implementations • OpenNSA – NORDUnet (Copenhagen, DK) • OpenDRAC – SURFnet (Amsterdam, NL) • G-LAMBDA-A - AIST (Tsukuba, JP) • G-LAMBDA-K – KDDI Labs (Fujimino, JP) • AutoBAHN– GEANT (Poznan, PL) • DynamicKL – KISTI (Daejeon, KR) • OSCARS is expected 2012-Q3/Q4 • Hardware/NRMs covered: • Juniper / “JunOS” : L2 & MPLS provisioning - OpenNSA • Brocade: L2 switching - AutoBAHN, OpenNSA • Ciena (Nortel) SDH & L2 switching – OpenDRAC • Dell L2: G-LAMBDA-A • NTT optical: G-LAMBDA-A • Force10: L2 switching – OpenNSA • Argia: L2 Switching - OpenNSA • Ciena NMS – DRAC (TBD)
Field Testing NSI v1.1 • Testing of NSI has proceeded in three stages: • Initial Lab testing by respective developers for self consistency and hardware functionality • “GLIF Plugfest” interoperability testing to prove inter-operability between implementations. • Plugfest Rio – GLIF fall 2011 in Rio de Janiero • Plugfest Windy City – GLIF fall 2012 in Chicago • Then field deployment in the GLIF Automated GOLE global fabric • NSI is being heavily and continually tested via the AutoGOLE testbed. This is good for protocol, good for applications to begin integration on a global basis, and good for NSI visibility beyond just OGF.
The Automated GOLE Fabric The GLIF Automated GOLE Pilot was initiated in 2010 to provide a global fabric of Open Lightpath Exchanges for the specific purpose of maturing the dynamic provisioning software and services, demonstrating the value and viability of GOLEs to advanced network service models, and to develop a set of BCP for these services. Nordunet GLORIAD KRLight PSNC NetherLight StarLight GEANT ACE CzechLight KDDI Labs ESnet UvA JGN-X Cern USLHCnet MANLAN Cal Tech AIST
Automated GOLE + NSI Demo Network 2012-04-23 WIX.ets Washington OpenNSA KRLight.ets Daejeon DynamicKL GLORIAD.ets Chicago OpenNSA NorthernLight.ets Copenhagen OpenNSA CzechLight.ets Prague OpenDRAC A A A A KRLight CESNET KDDI-Labs.ets Fujimino G-LAMBDA-K NORDUnet + SURFnet GLORIAD Pionier.ets Poznan AutoBAHN JGN-X ACE A A JGNX.ets Tokyo G-LAMBDA-K Pionier StarLight.ets Chicago OpenNSA/Argia NetherLight.ets Amsterdam OpenDRAC GEANT US LHCnet A A A ESnet.ets Chicago OSCARS AIST.ets Tsukuba G-LAMBDA-A UvALight.ets University of Ams. OpenNSA GEANT.ets Paris AutoBAHN NSI Networks (“A”=Aggregator) NSI peerings (SDPs) unless otherwise indicated these are vlans 1780-1783 NSI Control plane peeringswithout data plane connections (in progress)
Initial monitoring & visualization “Automated Earth” viz (Takatoshi Ikeda, KDDI-Labs) “NSI Monitor” viz (Tomohiro Kudoh, AIST)
Pointers • Visualization • AIST Java status monitor: http://22.214.171.124:8070/monitor.jnlp • KDDI Labs Google earth plugin: http://kote-ps-1.ps.jgn-x.jp/ps/autoearth-nsi/ • KDDI Labs Google earth kml: http://kote-ps-1.ps.jgn-x.jp/ps/autoearth-nsiAutoMAP.kml
Production NSI Services • NSI v2.0 is targeted for production deployment: • NORDUnet plans a production NSI based service in CY2013-Q1 • SURFnetplans a production NSI based service in CY2013-Q1 • StarLight plans a production NSI based service in CY2013-Q1 • Pionierplans a production NSI based service in CY2013-Q1 • …the list is growing • In parallel with protocol development, the NSI community are developing operations and administrative tools • NOC Query and manage local service segments • Logging and accounting • End to end performance verification and debugging tools • NSI protocols are evolving and maturing very rapidly – now need to address service definitions and engineering plans • Applications: • NEXPRES – EVLBI (currently testing from OSO to JIVE) • CO-Universe – HD video • LHCONE – HEP (a proof of concept for GOLE architecture) • Others in works (under the radar)…
We’ve been here before… • There have been a number of efforts over the last 15-20 years to make dynamic network connection oriented services an integral part of high performance networks: • DRAGON, FENIUS, AutoBAHN, IDCP, UCLP, GLAMBDA, Frederica, OSCARS, DRAC, MANTICORE, Phosphorus, O-BGP, HOPI, … • ITU Q931, Q2764 and ATM Forum Q-2931 signaling, G.709, ASON, • IETF RSVP, RSVP-TE, and GMPLS signaling and routing protocols • IEEE 802.3, 802.1Q, .1ad, .1ah, … • MPLS*, ATM, SONET/SDH, MEF, Lambda switching,… • These have all made progress, but none took root… • Wide skepticism of non-IP services • Many interesting but non-interoperable and incomplete service models. • Not Invented Here syndrome • Issues such as inter-domain topology management were “known to be” intractable • AAI, end-to-end performance guarantees, scheduling, etcwere poorly understood in a multi-domain, multi-service, heterogeneous environment.
Why NSI? Why now? • NSI does not try to boil the ocean (!) • Presents a simple inter-domain connection provisioning model, • It will grow incrementally in both global reach and sophistication over time… • NSI takes a Global perspective to Connection Services - the service architecture must be scalable: • Automated agents perform the resource management – no man-in-the-middle of these processes • Inter-domain (multi-domain) approach is necessary for global reach • Must be secure to be globally viable in the 21st century • Must respect local network autonomy • Must separate the protocols from technology to allow for wide diversity of infrastructure and longevity of the framework concepts
NSI in a Virtual SDN world • “Networks” still have two key components: • Switching & forwarding Nodes – e.g. routers and switches • And transport Links that connect the Nodes. • In real world, every virtual network layer is constructed upon a virtual layer below it… • To assume otherwise is not realistic in current networks • Software Defined Networking relies upon the basic nodes and links model as much as ever… • NSI builds those links • Predictable, reliable transport performance between nodes • Common provisioning framework across domains enables global links between SDN nodes • NSI is a control plane tool - it coexists with and adapts to new data plane technologies. • NSI has addressed the reality of real world multi-domain network switching and forwarding technologies. (AAI, security and privacy, autonomy, heterogeneity of infrastructure, topology integration, etc.) • NSI is complementary to and is an enabling tool for emerging technologies such as OpenFlow, GENI, etc.
Why is NSI different • NSI represents an open and consensus driven approach to inter-domain provisioning of LightPath (Connection) services • It is an Open standard – anyone [who is well informed] can participate in the discussion/specification • Consensus standards create “buy-in” – i.e. when everyone has had a voice in its specification, and understands its inner workings, everyone is willing to adopt it and deploy it. • The NSI Working Group has actively courted wide participation • We have invited key organizations to particiapte • We have tried to keep the broader community informed of progress • We have invested substantial effort into showing tangible progress and presenting high visibility demonstrations of the resulting OGF NSI standard • NSI represents the best opportunity in 20+ years to see a single common control architecture deployed globally to provide network performance guarantees. • Wide scale deployment within the R&E community • Commercial adoption and Vendor support for the OGF NSI Standard
OGF NSI Working Group • The OGF NSI WG is an Open working group • This means if you have ideas you would like to see incorporated into the NSI framework and/or protocols, please get active in the process: • Contact one of the active WG members and pick their brain • Join the mailing list, lurk, read the literature, and get up to speed, then join the calls… • Contribute – ask, comment, propose…help us sort thru the issues to achieve clarity within the group and consensus within the broader community Thank You!