infn experience with layer-2 services across gÉant and the ...n mpls l2 vpn: vlan tagging and...
TRANSCRIPT
DataTAG is a project funded by the European Commission under contract IST-2001-32459 GNEW2004 – 15-16/03/2004
Tiziana FerrariINFN - CNAF
INFN Experience with Layer-2 Services across GÉANT and the DataTAG Testbed
March 15, 2004
2GNEW2004, 15-16 March 2004
Talk Outline
n L2 VPNs and the Grid: n use cases and advantages
n MPLS L2 VPNs and additional featuresn MPLS L2 VPNs and DataTAG
n The Path resourcesn Advance Reservation architecturen Features and implementation
n Conclusions, requirements and future work
3GNEW2004, 15-16 March 2004
L2 Virtual Private Networks and the Grid
n L2 VPN: connectivity between geographically dispersed customer sites across MAN or WAN networks as if they were connected using a LAN
n Grid use cases:1. MPLS-based VPNs: a firewall bypass2. Overlay network set-up: simplicity and flexibility3. new Grid job scheduling and data replica
management models
4GNEW2004, 15-16 March 2004
Grid job scheduling and data replica management with L2 VPNs
n Today: Computing Elements (CEs) are selected from the site where one ore more SEs hold a copy of the input file which is accessed by the job to be scheduled
n L2 VPN: by configuring VPNs which include compute and storage resources from several different data tier levels, CEs can be considered “virtually” local to SEs which are remote from a network point of view
5GNEW2004, 15-16 March 2004
Grid job scheduling and data replica management with L2 VPNs
(cont)
n Advantages:n Jobs can execute on a CE even when a file replica
is not locally available -> Richer set of candidate CEs that can run the job
n Traffic load at potential Grid bottlenecks can be reduced
n Different data replica management policies are possible depending on the Grid application in mind:n Total/partial data set replication vs No replication
6GNEW2004, 15-16 March 2004
MPLS-based L2 VPNsn Ethernet/VLAN traffic is carried by MPLS over the service
provide network (PE and P routers) and then converted back to L2 format at the rx site
n Security and privacy: policies i the CE routers keep rotes that belong to different VPNs separated
n CE: it selects the output circuit to which specific L2 traffic has to be sent according to:n The VLAN ID present in the 802.1Q frame header (VLAN L2 VPN)n The input interface form which the frame wa eceived (Ethernet L2
VPN)
n On-demand set-up: CEs can be forced to belong to different L2 VLANs according to the Virtual Organization (VO) they are allocated to at a given time
7GNEW2004, 15-16 March 2004
Example
SE1,1
SE1,2
CE1,1
CE1,2
CE1,3
SE2,1
SE2,2
CE2,1
CE2,2
SE3,1
SE3,2
CE3,1
CE3,2
SE3,3
SE3,4
Grid Domain 1
Grid Domain 3
Grid Domain 2
CE3,3
CE3,4
8GNEW2004, 15-16 March 2004
Why MPLS?n A given host can belong to one or more VPNs at a
time if native VLAN tagging is enabledn The LSP primary/secondary path can apply non-
standard routing policiesn A given diffserv packet forwarding treatment can be
assigned to the LSPs associated to a given VPN (MPLS EXP field set by the LSP head-end router):n Grid ftp between SEs: if based on enhanced TCP stacks, it can
be handled through the Scavenger/Less Than Best Effortservice (fairness)
n CEs/SEs used for remote visualization with real-time requirements could apply to the IP Premium service
n Performance guarantees to individual VOs
9GNEW2004, 15-16 March 2004
L2 VPNs and DataTAG
C7609T320 T320
stm64
C7606M10 M10
3com
VLAN1, IP Premium
VLAN2 LBE/Scavenger
Adv Res&Resource Mgr/Grid Information Service
10GNEW2004, 15-16 March 2004
MPLS-based VPN advance reservation: the Path
n A possible abstraction of the Network Resourcen GGF Grid High-Performance Networking RGn Dynamic vs static (-> Grid Information Service)n PATH = concatenation of Path Elementsn Path Element:
n Across a single domain or a chain of contiguous domains with same control plane
n Types: optical, MPLS, Diffserv Virtual Leased Line, ...n Static path attributes:
n requested for resource matchmakingn Info about capabilities supported (eg. MPLS signalling)n Authentication/authorization: eg. AAA, Globus Gatekeeper,
etcn Path performance measured by the Grid network
monitoring service (GHPN)
11GNEW2004, 15-16 March 2004
Advance Reservation Architecture
Qos Path request/
reply
WS + Service Discovery
GridAuthentication VOMS
GARAAgent
Path provision indicationsQoSNetworks
BGP Topology advertisements +Reservation indications
BB
USER
Role Request +Reply Pseudo Cert
Advance Reservationrequest / reply
AuthDB
AAA
PolicyDB
Resourcemanagers
Slottable
EDG User Interface/Gara:. Reservation parsing (JDL). Matchmaking. Reservation identification. GARA APIs, Gatekeeper, Resource manager, LRAM, Resource specific manager
EDGUser Int
12GNEW2004, 15-16 March 2004
MPLS-based L2 VPN management: features
n MPLS LSP: n unidirectionaln based on a Diffserv path statically provisioned (IP
Premium)n Connects the two CE routers of the two leaf
domainsn Shared by authorized users/applications
generating traffic from the source domainn diffserv paths that support MPLS capabilities
(across MPLS-capable transit domains) are indicated by the information system
13GNEW2004, 15-16 March 2004
MPLS-based L2 VPN management: implementation
n Two given CE routers of two different leaf domains are connected by a single diffserv path of a given type (IP Premium, lbe etc)
n Each mpls/diffserv path is statically associated to a given pre-defined VLAN number
n VLAN tagging pre-configured statically on end-systems
n Router configuration:n Diffserv: marking and policing (IP Premium only) at the
ingress routern MPLS L2 VPN: VLAN tagging and encapsulation, LSPs with
QoS and CCC Connections (Juniper) on the LSP head-end router
n Topology and routing: very difficult to mange dynamically!
14GNEW2004, 15-16 March 2004
Router configurationn MPLS L2 VPN Manager:
n Perl application using Junoscript libraries (prototype for Juniper routers)n Configuration script parsingn possible operating system/configuration scripts
mismatchesn configuration errors (rollback)n Configuration add/modify/deleten Configuration locking
15GNEW2004, 15-16 March 2004
Conclusions & requirementsn Results:
n Optimal TCP performance on MPLS L2 VPNs between StarLight and CERN – 1 Gbps
n MPLS EXP field marking and classification: ok (Juniper)
n Diffserv scheduling: ok
n Requirements:n On-demand set-up of e2e MPLS LSPs (no
stitching)n Handling of MPLS EXP field for QoS
16GNEW2004, 15-16 March 2004
Future workn Applicability of L1/L3 VPNs to Gridsn VPLS (Virtual Private LAN Services) for multipoint vs
p2p ethernet services (MPLS packets from CE routers are broadcast to PEs, i.e. the ISP network is traversed in a p2mp fashion
n Enhancement of the advance reservation systemn Multiple vendorsn Interdomain scenarion Co-allocation, storage adv resn Software rewriting (OGSA compliance)
n Formal definition of Grid VPN Servicen Type of Grid Connectivity servicen GHPN