GHPN - Figuerola


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • When we talk here about “Next generation VPN” we refer to normal VPNs but able to have any topology (Point to Multipoint, Multipoint to Multipoint, etc.) and with a configurable topology.
  • The concept behind UCLP is to virtualise and partition infrastructures to provide users the “Lego Blocks” as web services that represents parts of the network. This way users are able to integrate these “Lego Blocks” into their applications using WS composition tools. SOA Web service can represent almost anything time slice, instruments or other process. UCLP allows user to configure their own APNs to change their topology, bandwidth etc APNs can be made up of layer 1 to 3 virtual links connecting instruments, routers or switches
  • Different Network Elements implementations will be defined using XML documents: to Create a new network element NO Java code will need to be created, command and response formats are defined in XML and interpreted by the XML core. For instance the AID format for a switch will be configured in XML instead of having a predefined (generic) resource structure that tries to handle every case. The major benefit of this approach is a more stable code since the Java code on the NE-WS won’t change with each new network element.
  • Lightpaths are orchestrations because they are logical representations of a flow of operations made on two WS-Enabled nodes. It will allow internal invocation of instruments or billing gateway when the link is created or setup. Different layers of services (Switching, VLANs) can be set up at usage time. The Lightpath workflow can be changed at any time without effecting the resulting WSDL.
  • Authentication of UAAs with X.509 certificates Each UCLP system has to store the X.509 certificates of the Authorities that are recognized Hierarchical authority structure: e.g. A national UCLP Authority certifies organizations supporting UCLP in a given country. Each organization in turn certifies the X.509 certificates of its UAA, and possibly of its users. The national authorities must be recognized by each UCLP system. Instead, there may be a unique global UCLP Authority (Note: this is a generalization of the above, and more flexible)
  • GHPN - Figuerola

    1. 1. UCLPv2 Update Sergi Figuerola Fundació i2CAT 16 th GGF Athens, Fabruary 2006
    2. 2. i2CAT Foundation <ul><li>i2CAT Foundation : private non-profit Foundation created by the local government and the UPC (Universitat Politècnica de catalunya) </li></ul><ul><li>Funding : Department of Research and Universities of the local Government, private sector and pre-competitive projects </li></ul><ul><li>Goals : boost of Research & Innovation on the Internet second generation environment </li></ul><ul><ul><li>Promote advanced networks research , innovation and broadband applications </li></ul></ul><ul><ul><li>Create new cooperation platforms </li></ul></ul><ul><li>Model : based on the collaboration between the public, private sectors and the universities </li></ul><ul><li>UCLPv2 : CANARIE’s Directed Research Program </li></ul><ul><ul><ul><li>UQAM/Uottawa </li></ul></ul></ul><ul><ul><ul><li>Solana Networks </li></ul></ul></ul><ul><ul><ul><li>CRC/UofO/Inocybe Tech. /i2CAT </li></ul></ul></ul>Private Sector Administration Universities Technology Transfer Research Innovation Dissemination Internet
    3. 3. Driver for User Controlled Networks <ul><li>Increasingly more and more organizations are acquiring their own fiber networks </li></ul><ul><ul><li>Universities, schools, hospitals, businesses </li></ul></ul><ul><li>Acquiring fiber in the long haul is very expensive to light and obtain </li></ul><ul><ul><li>Alternative is to use “dim fiber” – point to point wavelengths </li></ul></ul><ul><ul><li>But want flexibility to do configuration and change management as with dark fiber </li></ul></ul><ul><li>Increasingly science needs dedicated networks for specific applications and disciplines for high data volume grids </li></ul><ul><ul><li>Want to be able to manipulate the network in the same way they can manipulate the application </li></ul></ul><ul><li>SOA and networks </li></ul><ul><ul><li>SOA has the potential to provide the same user control over networks as with applications </li></ul></ul>
    4. 4. CAnet 4 design principles (UCLP) <ul><li>Occam’s rule of networking: </li></ul><ul><ul><li>“ The simplest network is the best network” </li></ul></ul><ul><li>Provide users with tools to do their own traffic engineering including changing topology and bandwidth </li></ul><ul><ul><li>“ Articulated Private Networks” </li></ul></ul><ul><li>Allow users to create IP networks for their own community of interest </li></ul><ul><ul><li>Most importantly allow extension of network into campus to specific servers and bypass campus firewall </li></ul></ul><ul><li>Use Service Oriented Architecture (web services and workflow) to allow users to do their own provisioning and configuration of the network </li></ul><ul><ul><li>Also allows easy integration of application </li></ul></ul>- Bill St. Arnaud -
    5. 5. What is UCLP? <ul><li>User Controlled LightPaths – a configuration and provisioning tool built around grid technology using Web Services </li></ul><ul><li>Allow third parties concatenate cross connects together from various links, routers and switches to produce a wide area network that is under their control </li></ul><ul><ul><li>Articulated Private Network (APN) </li></ul></ul><ul><ul><li>Next generation VPN </li></ul></ul><ul><li>Uses Service Oriented Architecture (SOA) and so network can be integrated with other Web Service applications </li></ul><ul><li>To extend the network into the application </li></ul><ul><li>End of the project, March/April 2006 </li></ul><ul><ul><li>Is UCLP an Automated management system? </li></ul></ul><ul><ul><li>NO it is a toolbox used to create customized services. </li></ul></ul>
    6. 6. UCLP Concept Substrate Router Instrument WS Substrate Switch Parent Lightpath WS Timeslice WS Child Lightpath WS (may run over IP Ethernet, MPLS, etc GMPLS Daemon WS APN Virtual Router WS Wireless Sensor Network
    7. 7. UCLPv2: High Level “Architecture” Resource Management Layer Service Orchestration Layer (BPEL) User Access Layer LP-WS ITF-WS XC-WS 802.1q-WS GMPLS-WS VR-WS INS-WS APN-WS
    8. 8. NE-WS (I) - RML <ul><li>NE-WS ( Network Element Web Service ) </li></ul><ul><ul><li>A family of network element WSs </li></ul></ul><ul><ul><li>Axis Web Service </li></ul></ul><ul><ul><li>Different types of NE-WSs exist depending on the network element it is controlling </li></ul></ul><ul><ul><li>Deployed on carrier’s side </li></ul></ul><ul><li>INS-WS ( INStrument Web Service ) </li></ul><ul><ul><li>Web Service that controls a third party device (sensors, instruments, etc.) </li></ul></ul><ul><ul><li>Deployed on the APN side </li></ul></ul>
    9. 9. NE-WS (II) - RML <ul><li>XC-WS ( Cross Connect Web Service ) </li></ul><ul><ul><li>SONET, SDH, Fibre, Lambda Cross Connects </li></ul></ul><ul><li>GMPLS-WS </li></ul><ul><ul><li>GMPLS Cloud </li></ul></ul><ul><li>802.1q-WS </li></ul><ul><ul><li>VLAN enabled Ethernet switch </li></ul></ul><ul><li>MPLS-WS </li></ul><ul><ul><li>MPLS Cloud </li></ul></ul><ul><li>Router-WS </li></ul><ul><ul><li>Layer 3 router </li></ul></ul>XC-WS XC PortType GUINode PortType GMPLS-WS GMPLS PortType GUINode PortType 802.1q-WS GUINode PortType MPLS-WS GUINode PortType Router-WS GUINode PortType 802.1q PortType MPLS PortType Router PortType
    10. 10. NE-WS (III) - RML Interface Binding XC Port Type . . . . . . XML Core Transport (TCP, UDP, SSL, etc.) Res. Manager Partition Table … Memory Hash Interface Binding GUI Port Type ONS 15454 XML OPTera 5200 XML
    11. 11. LP-WS (I) - SOL <ul><li>LP-WS ( Light Path Web Service ) </li></ul><ul><ul><li>An abstraction that represents a link between one or more interconnected resources </li></ul></ul><ul><ul><li>A web service composition </li></ul></ul><ul><ul><li>The end points of the LP can be anything that is network enabled </li></ul></ul><ul><li>ITF-WS ( InTerFace Web Service ) </li></ul><ul><ul><li>A web service composition that represents a single resource on a network element </li></ul></ul><ul><li>APN-WS ( Articulated Private Network Web Service ) </li></ul><ul><ul><li>A BPEL workflow script that links together a number of WSs from an APN resource list and other sources </li></ul></ul>
    12. 12. APN-WS (II) - SOL <ul><li>A workflow script that links together a number of lightpath, interface and instrument Web Services obtained from one or more providers </li></ul><ul><li>An APN is a single network configuration </li></ul><ul><li>Once an APN is deployed, the topology and bandwidth are fixed </li></ul><ul><ul><li>If the configuration of the network elements wants to be changed, the APN must be stopped, and a new APN must be created </li></ul></ul><ul><li>A single researcher can have multiple network configurations defined (APNs), and set/undo each configuration when different topologies are needed </li></ul>
    13. 13. Web Services: LP-WS (III) Satellite Antenna OC-192 STM-64 Sensor T1/E1 Access Point GbE 802.1q IEEE 802.11b/g Server Fiber Channel GMPLS Cloud LP-WS “ A lightpath represents a link between a pair of network enabled endpoints”
    14. 14. User Roles <ul><li>Physical Network (PN) Admin </li></ul><ul><ul><li>Responsible for provisioning the network and creating network resources (lightpath and interface Web Services) for APNs to use </li></ul></ul><ul><li>APN Admin </li></ul><ul><ul><li>Receives APN Resource Lists from PN or APN Admins </li></ul></ul><ul><ul><li>Responsible for creating the APN network configurations for the users </li></ul></ul><ul><ul><ul><li>Can partition/bond network resources </li></ul></ul></ul><ul><ul><li>Can give or sublease its resources to other APNs </li></ul></ul><ul><li>Users </li></ul><ul><ul><li>Can use APN configurations that were created by the APN Admin </li></ul></ul><ul><ul><li>Cannot modify network topologies </li></ul></ul>
    15. 15. Security: Implementation Architecture APN-WS (BPEL) GUI (Java) (User to Business) (Business to Business) Certificate Authority (UCLP.CA) SOAP Messages SOAP Messages Certificates involved User CRC-user-A LP-WS (BPEL) Provider Service Container User Service Container NE-WS (Axis) CRC UCLP Access Policies X.509 DN: CRC-user-A X.509 DN: CANARIE UAA X.509 DN: CRC UAA CRC UAA CANARIE UAA X.509 DN: CRC UAA Axis Handler BPEL customized Handler
    16. 16. UCLP Interoperability Issues <ul><li>We must be able to import and export Lightpaths and Interface web services between UCLP systems </li></ul><ul><ul><li>Agree on a common PortType for a proxy web service for that will be used when calling imported resources </li></ul></ul><ul><ul><ul><li>This common PortType is called the Common Data Model (CDM) </li></ul></ul></ul><ul><ul><ul><li>Need 2 proxy webservices; 1for lightpaths, 1 for Interfaces </li></ul></ul></ul><ul><ul><li>The proxy will be used to translate from the CDM to our own implementations </li></ul></ul><ul><ul><li>Must also agree on security conventions for accessing the resources </li></ul></ul><ul><li>As a minimum, we need to be able to import resources from other UCLP implementations and use them to make APNs, LPOs, etc. </li></ul><ul><ul><li>Partitioning and bonding imported resources from other UCLP systems is not required at this point but will be implemented at later time </li></ul></ul><ul><li>In our opinion, semantic techniques and the tools are not fully mature so it was decided not to use them for UCLP interoperability. It would also take too much time for each UCLP team to overcome the learning curve involved </li></ul><ul><ul><li>Implementing a Proxy web service with the CDM is the quickest and easiest way to support interoperability </li></ul></ul><ul><li>Can this Work be done within the GHPN </li></ul><ul><ul><li>Like any other W3C community : Math, BIO, Finance </li></ul></ul><ul><ul><ul><li>Consensus WS- Network Service? </li></ul></ul></ul><ul><ul><ul><li>… .. </li></ul></ul></ul>
    17. 17. Contact Information : Fundació i2CAT Nexus II Building c/ Jordi Girona 29 08034 Barcelona Tel. +34.93.413.75.80 Fax: +34.93.413.75.81 [email_address] Sergi.figuerola UCLPv2 info: