nordunet international activities toward a future internet

NORDUnetNordic Infrastructure for Research & Education

NORDUnet International Activities toward a

Future Internet

Jerry SobieskiDirector, International Research InitiativesNORDUnet

Presented APAN 28July 23, 2009

Kuala Lumpur, ML

NORDUnetNordic infrastructure for Research & Education

What features do we need/expect in the Future Internet ?

• Virtualization• Generalized cyber-resource virtualization (apps, networks,..)• Separation of name/location (imbeded inteligence, mobility)

• Federation• Shared physical infrastructure (possible due to virtualization)• Decentralized/non-hierarchical organization

• Security and Reliability• Encrypted computing (virtual security domains)• Resiliency analysis and virtual mapping for robustness

• Hybrid Services• Layer2 services – automated integrated provisioning agents• Wireless sensor nets – particularly remote (polar) regions


Thoughts, Observations, and Guesses

• FI will need to be highly dynamic - support heterogeneous and modular services

• IP Classic (Best Effort ) in addition to:• Hybrid services with hard QoS

• Layer2 and/or TDM services, • Lambdas,• VPNs

• Formalized service definitions and community based consensus engineering standards

• Modular & configurable services & protocols• {Reliable transport} + {encryption} +

{congestion control} + {rdma | {IPv4|v6|vn} } + • “Network” will integrate deeper into traditional

“inter-processor” communication


• FI physical resources will be federated • Network topologies will be virtualized to leverage

shared physical infrastructure (not centrally owned or managed at every layer)

• Network operators will rely on automated agents to provision, monitor, secure virtual topologies that realize strategic relationships

• Networks will set up TE links • Affinity groups will provision ASNs• Automated agents will manage routing and

addressing and access




• Future Internet will be virtualized• Strict 7-layer model will go by the wayside

(already?)• Network topologies will be virtual and dynamic• Notions of network service delivery points will not

directy correspond to physical network addresses• There will be no “One True Internet Protocol” – the

network will support hetergeneous protocols and inter-operability will be at a higher [virtual] layer… (yikes!)

• Virtualization will extend to all cyber-infrastructure requiring comprehensive integration of network and [traditionally] non-network resources



• Make no mistake: Mobility will be a big nut to crack… but this is not one of NORDUnet’s primary focii…

• With exception of authentication and related access

• Wireless and mobile are not the same problem..• Wireless sensor nets will be challenging new

architectural features of FI• New tool for environmental science in harsh and

remote regions – polar regions of particular note for NORDUnet

• Ocean, atmospheric, meterlogical, space, ice sheets, geological, remote areas,…

• As well as densely populated areas• Micronets (nanobots..)


• Future Internet functionality will necessarilly imbed more intelligence and services within the network

• Name/locator separation• Ex: content distribution networks• Intelligent CDN-like services will spool

information and replicate and migrate that information to where the consumers reside

• Application processes will decide when to move or replicate information, network processes will map UIDs to topological resource location specifics -> integrated intelligent services



Current NORDUnet Activities

• Target technologies for Applied Research projects with collaborators in US, EU, and PacRim:• Federated and Virtualized experimental networks• Automated network configuration and IaaS/NaaS• Generalized Resource Mgmt Services Architecture

(application layer)• Resilient Networks • Data intensive [distributed]applications over hybrid

networks• Secure computing in untrusted cyber-environments


Current NORDUnet Activities

• Near term activities:• US IRNC partnership(s)• EU FIRE – Experimental network architectures• US GENI – Global experimental infrastructure

• Hybrid Networking • OGF NSI-WG• NORDUnet DCN TestLab• North Atlantic Crossing (infrastructure enhancements)

• Exisiting efforts• GEANT3 tasks:

• SA2 – interdomain services, JRA1 – Hyrid/AutoBahn service

• MANTICORE II – Virtual networks and automated IP configurations• FENRIR – Internationally contributed experimental networking

resources and generalized resource management and control• CineGrid – Data intensive globaly distributed digital media

management and distribution


Virtualization

• Separate the “application” function(s) from the underlying physical resources on which they run…• Ex: Virtual Hosting, VPNs, distributed file systems, cloud

computing,

• Problem: no common architecture that provides a unified and generalized cyber-resource service model

• Future Capabilities• Formalized specifications for application functionality

and resource requirements• Automated agents for maping application service

requirements to appropriate resource infrastructure• Separate service “locator” from the network address

NORDUnetNordic infrastructure for Research & Education Federated and Virtualized

Experimental Network Technologies

• FENRIR - Federated Experimental Network Resources for International Research

• A collaboration of national and international R&E organizations to create a pool of experimental network research facilities that have a global reach.

• Lead by Dr. Driss Benhaddou (University of Houston) and Jerry Sobieski (NORDUnet)

• Currently includes collaborators from AARnet, JGN2+, KREOnet & KOREN, Pacific Wave, TWAREN, SURFnet, PSNC, StarLight/ICAIR, MANLAN/NYSERnet, Northrup Grumman Corp., NORDUnet,

• Disucssion with RNP, and hopefully others will follow


FENRIR Project

• Objectives:• FENRIR postulates a “generalized” dynamic cyber-

resources architecture that includes any type of • a) Harware resource: network, computation, storage,

visualization, instrument, or sensor related resource, and• b) functional software resources: ex: correlation

functions, information repositories, etc

• To develop and demonstrate an automated cyber-infrastructure services model in which global cyber-infrastructure can be quantized into dynamically allocatable units that can then be assembled under user control to create virtualized application specific cyber-environments.

NORDUnetNordic infrastructure for Research & Education 2009 FENRIR Participants

AARnet

NORDUnet

SYD

CPH

POZ

NYCLAX

STO

SURFnetHOU

AMS

PSNC

CHIMANLA

N

JGN2TOK

StarLight

Pacific Wave

iCAIRNYSERnet

Mar 5, 2009

WDC

NGC

TWAREN

TEI

KREOnet/KORENDAE

Univ. ofHouston


FENRIR – the elevator speech

• FENRIR has two main components:• A pool of cyber-resources contributed by participants that span

the globe – the “experimental network resources”• A software development effort to automate the description,

advertisement, allocation, and use of those resources – the Generalized Resource Management System (GRMS) architecture.

• Key research issues:• How do you virtualize physical network and telecom

resources? • How do you virtualize distributed applications?• How do you formalize these concepts in order create a

comprehensive and extensible cyber-infrastructure services model?

• These issues include authorization, user control, privacy, scheduling, negotiation, and will enable/support studies such as resiliency planning, secure computing, and data intensive

NORDUnetNordic infrastructure for Research & Education FENRIR GRMS – Allocation Phase

ResourcesFormal Textual

DescriptionResource Computational_Node {

Characteristic Arch = Intel_Generic;Characteristic Mem = 4 GB;Characteristic Clock = 2.4 GHz;Characteristic Local_Storage = 100 GB;Resource_Mgr clusterman.sdsc.edu 2020;Instance “Node01” 128.8.120.01 2021;Instance “Node02” 128.8.120.02 2021;Instance “Node03” 128.8.120.03 2021;

}

Other Resource ManagersResource

Database3

21

Computational nodes

Storage facility

Instrument

Resource Database of all resources managed by this

resource manager

Resource Brokers

4

Resource Manager

5

NORDUnetNordic infrastructure for Research & Education GRMS – User perspective

3

2

1

Resource Brokers

4

Resource Manager

6

Application “Master” agent

User requests certain resources

Brokers contact owners to qualify request and provide pointers to resource owner (resource manager)*

Managers return tickets for reserverd resources

User confirms reservation with RM

User initializes and controls resource instance via resource interface protocol

Resource“Minion” agent

Resource Manager

Resource Instances

Resource Instances

Formalized Application Specificatio

n

5


Experimental Networks

• What is an Experimental Network?• Can we construct a shared “instrument” (ala

LHC) that will serve network research • How should we design and build telecommunications

and networking facilities that enable a broad range of non-conventional (disruptive) ideas to be deployed and evaluated with realism at scale?

• What specific types of experiments will it support?• Ex: GENI, FENRIR, NETSE, FIRE, FEDERICA,…

• Virtualization, generalized cyber-infrastructure architecture, federation, dynamic provisioning, multi-layer abstractions, cross layer communication, modular protocols…


Cloud Computing

• Over-hyped commercial services for small scale outsourcing…• Old notion within R&E community… • But what if recent cost reductions and practical technical

advances now enable CC to [finally] find a critical mass? • What are challenges?

• E.g. historically limited by network capacity, latency, and cost, and automated software engineering tools

• Dynamic, scalable, and autonomous allocation processes of resources become important (if not critical)

• How do we trust such cloud computing models? • How do we secure information in an untrusted environment?

(medical records, financial data, etc)• How do we secure the data analysis processes (proprietary

algorithms, code) ?


Known (trusted) resources

Untrusted cloud resources pose a privacy and security risk

Secure Cloud Computing

• How can we trust an unknown cloud resource?• Can we be sure the information we distribute to cloud

resources will not be hijacked?• Can we be certain the algorithms we deploy to cloud

resources won’t be hijacked?

S

Known (trusted) Security perimeter

Encrypted (trusted) Transport


Untrusted Cloud Resource

Encrypted (Secure) Cloud Computing

• A public virtual machine is installed on the cloud resource• Both the data and the algorithm are encrypted• And delivered to the untrusted resource for processing• The computation is performed in the encrypted space – and

encrypted result(s) are returned.• Results are unencrypted within the secure perimeter• No clear text information ever leaves the security

perimeter

S

Known (trusted) Security perimeter

VMFUNC

IN

OUT

#%$^&%

* VM!(&@#

#%$^&%

*

NORDUnetNordic infrastructure for Research & Education Resilient Networks

• “Katrina” is now a verb.• As in: “Our entire bay area operations got katrina’d by the

earthquake and subsequent tsunami and fires.”

• Recent Disasters:• Indian Ocean Tsunami• Pakistan Earthquake• Hurricane Katrina, Rita, Ike, …• Buncefield Refinery Fire (UK)• Baltimore Tunnel Train Fire (US)• 9/11 (US)• London Tube Bombing (UK)• ChengDu, China Earthquake (CN)

• Lesson: serious ^#% happens…• Not “if”,…but “when”.• Our FI virtualized infrastructure must be resilient in the face of

large, rolling, and sustained failure modes


Resilient Networks- An example

Pre-Katrina Failure Mode

Radius

Post-KatrinaRadius


• Disaster Recovery (DR), Business Continuity (BC), and Cyber-Defense are no longer isolated notions that deal with a building fire, spot event, or isolated hacker.• Disaster radius is now measured in 100+ km• Event duration is considered to be weeks (sometimes longer)• Recovery Time Objectives (RTO) and Recovery Point

Objectives (RPO) are converging to zero impact. • As the event radius increases, customers, suppliers,

collaborators, etc *all* disperse their IT operations • Small radius events affect one or two adjacent application

resources but the overall infrastructure remains operational• Large radius events will knock out a large segments of the IT

infrastructure and other inter-organizational facilities• This will cause all affected organizations to revert to backup or

secondary facilities simultaneously • Result: Major and sudden shift in traffic loading on the network

affecting performance or even overwhelming normally underutilized telecommunications links.


• Research Agenda:• How can multi-institutional telecommunications relationships

be captured? What are the salient characteristics of such applications and/or services?

• How do you develop integrated failure mode resiliency planning?

• Integrate DR/COOP/BC across the entire supply chain• Integrate network protection and mitigation with “nodal” (data

center) resiliency/recovery planning• How should live applications deal with shifting network

characteristics? (e.g. database coherency)• How do resilient architectures affect network engineering,

capacity planning, prioritization, etc.

• How do we adapt virtualization of major infrastructure in order support resiliency? (ala GRMS)• Other topics will certainly become apparent as we pursue the

issues…


Next Gen Information Repositories

• Building “knowledge” repositories – a crucial new challenge facing e-science• Globally distributed storage facilities that incorporate raw data,

processed information, analysis results, and• Authenticated sequences of inferences and models used to

construct this knowledgebase • Meta-Data management – provinence, tagging, etc.• Access – security & privacy – as governed by multi-national legal

requirements (policy enforced within a virtualized application space rather than strictly within national borders)

• Access – performance at a global scale• Multi-discipline – data integration• Exponential growth.

• How should Future Internet technologies enable, support, and enhance the management of information?


Distributed Storage

• Novel approaches within a Future Internet virtualization framework:• Publish/subscribe architectures applied to

addressing and network control planes • Particularly interested in the overlap of UID/Locator

separation (Future Internet Hot Topic)• Tightly coupled data+authorization, i.e. can we

define a notion of <data> that is atomic and includes authorization policy?

• Network-based storage models for high speed real-time and near real-time content distribution applications• Simplified streaming HD/SHD video, E-VLBI

streams..


2009 Activities

• Dynamic Circuits Hands On Workshop• Technical workshop covering architecture,

engineering design, configuration, and verification of dynamic circuit based services

• Covers GMPLS standards for intra-domain provisioning, and IDC software for inter-domain, best current practices, etc

• Jan 21 & 22, Copenhagen• May 13 & 14, Copenhagen• Perhaps others in APAN regions?


NORDUnet DCN Test Lab

• Dynamic Circuits Networking Test Lab• Deploy the DCN/IDC softwre in an experimental

environment such that users can employ it, and the the Nordic O&E teams can develop BCPs for such services

IDC

VLSRSwitch element

STO

CPHHAM

NORDUnetDCN XFNordic NRENs

DCN XF

Other NRENs


DCN Test Facility

• The NORDUnet DCN Test Facility is a distributed experimental facility:• Stockholm, Copenhagen, Hamburg• Allows other networks, participants to easily connect

or otherwise access and take advantage of it.

• The facilitity will be used to test and evaluate other dynamic circuit service models as well• E.g. DRAGON, AutoBahn, DRAC, UCLP, MANITCORE,

G-Lambda, etc.

• The NORDUnet DCN Test Facility will be important component of FENRIR.


2009 Activities

• Ongoing Int’l meetings:• TERENA – Malaga, Spain - June ‘09• WRNP – Recife, Brazil – RNP workshop on hybrid networks and

experimental research networks• OGF – Research Triangle Park, US – Jun’09 • Korea- June 2009, Meetings with KREONET and KOREN

(Daejeon), Conference on Future Internet (Seoul)• Japan – June 2009 NICT + AIST• APAN 29 – Kuala Lumpur, Malyasia – Jul’09• GENI GEC5 – Seattle Jul’09• GLIF – Daejeon, KR – Oct’09• CANS – Beijing, CN – Nov’09 (tentative)• ACM-VISA conference, Barcelona, Spain – Aug’09• NORDUnet 09 – Copenhagen –Sep’09• Internet2 – San Antonio, US – Oct’09• Supercomputing – Portland, US, Nov 09


Toward more robust and broad reaching goals…

Nuuk

London

Copenhagen

Amsterdam

New York

Halifax

St. John’s

Reykjavik

ReykjavikNORDUnet POPCanarie POPTransit POP

Chicago

CPH-REY (NORDUnet – 10 Gbit) REY-CAN (NORDUnet – 10 Gbit)CAN-NYC (Canarie – 10 Gbit)NYC–CPH – (NORDUnet – 10 Gbit)

Oslo

Stockholm

Helsinki

ICE-Link


NORDUnet Washington Office

• NORDUnet now has office in Washington,DC.• Supports meetings, video conferencing, high

performance networking demonstrations, HD presentations, transient work space

• Next to US National Science Foundation


The End

• Join us for the 25th NORDUnet ConferenceSept 16-18, 2009Copenhagen, DK

• Thank You!

• Jerry Sobieski• +1-301-346-1849• NORDUnet (Washington DC Office)

nordunet international activities toward a future internet

Documents