SURFnet7 Multi Service Port & Bandwidth on Demand https://bod.surfnet.nl/ Hans Trompert Seminar SURFnet7 in depth, June 27, 2013 (version 2)
One or more services on a single port Single Service Port (SSP) - One service, one port Multi Service Port (MSP) - Multiple network services, one port - Efficient use of interfaces SURFinternet SURF-lightpath SURF-lightpath OnDemand lightpath Free 10 Gbit/s MSP Interface 2 Gbit/s 1 Gbit/s 2 Gbit/s 3 Gbit/s 2 Gbit/s 2
MSP and SSP features Multi Service Port: Efficient use of port capacity, especially with higher bitrates Service separation with 802.1Q VLANs IP, static lightpaths and BoD services combined on a single port Unused port capacity available for BoD by default Single Service Port: Transparent for L2 control protocols like LLDP, LACP, SP, etc. Remote port shutdown with SSP on other side 3
BoD in SURFnet6 NOC engineer User Application NSI NSI Inter Domain 4
BoD in SURFnet7 NOC engineer User Applica/on NSI Inter Domain NSI GUI GUI SURFnet7 BoD MTOSI SURFnet7 NMS API Iden*ty Provider Group Provider 5
BoD roles The three roles in BoD: User Manage virtual ports (request new port from institute) Manage bandwidth reservations (make or cancel request) Manage OAuth2 Access Token for NSI requests (if using the API) BoD administrator Manage physical ports (SSP and MSP) Manage virtual ports (accept/decline user requests, delete port) Manage reservations (cancel user reservation) NOC engineer Manage physical ports (assign port to institute) Manage institutes (associate email address and SURFconext group) 6
Teams and Ports NOC Engineers NOC Engineer Team BoD Unallocated Physical Ports BoD Admins Institute A Admin Team Institute B Admin Team Physical Ports Institute A Physical Ports Institute B Users User Team 1 User Team 2 Virtual Ports Team 1 Virtual Ports Team 2 7
Bandwidth Allocation NOC engineer marks port for dynamic use NMS Port ID + Signaling Type + Available Bandwidth is learned through NBI BoD Unallocated Physical Ports Available BW BoD = total BW physical port BW existing static services Physical Ports Virtual Port Team 1 Virtual Port Team 2 Port X Institute A Institute B Physical Port BW Port Y Physical Port BW Port X Port Y VLAN 1062 VLAN 50 VLAN 33 Fixed LP services Fixed IP services Fixed IP services Port X Port Y Available BW BoD Available BW BoD Port X NOC engineer asigns port to institute A NOC engineer asigns port to institute B Port Y Available BW BoD Available BW BoD BW BW Max Port X VLAN 11 BW + VLAN set by BoD Admin A BW + VLAN set by BoD Admin B Max Port Y VLAN 3 Max BW Max BW Port X Port Y VLAN 23 VLAN 1 Port Y
Authentication and Authorization All authentication through SURFconext Users or administrators of federated institutes use own IdP Non-federated institutes use SURFguest (https://www.surfguest.nl/) User authorization through SURFconext Rights are based on group (https://teams.surfconext.nl/) membership Users can be invited to join a group by the group administrator Administrator authorization through SURFconext Defaults to SURFnet Autorisatie Beheer (https://sab.surfnet.nl/) based authorization Also used for SURFdashboard, SURFdomeinen, SURFcertificaten and others BoD uses the SAB role `Infraverantwoordelijke If SAB cannot be used the rights can be based on group membership (https:// teams.surfconext.nl/) All BoD administrators from the same institute are member of the same group The SURFconext group belonging to the institute is administered in BoD The administrators of an institute are reachable through one verified email address 9
OGF Network Service Interface NSI Connection Service 2.0 API offers the following primitives: Reserve Modify Provision Release Terminate Query NSI Topology Exchange Service Uses the Network Markup Language to describe network topology Needed to do multi domain pathfinding NSI Monitoring Service 10
NSI Authentication 2) User stores token in application User application 3) Token is included in NSI request MTOSI OAuth2 Access Token NSI request 4) BoD uses token to authenticate on behalf of user OAuth2 Access Token 1) User creates token using BoD GUI SURFnet7 BoD 11
Demo 12
Questions 13
hans.trompert[at]surfnet.nl W www.surfnet.nl Creative Commons Attribution license: http://creativecommons.org/licenses/by/3.0/