SURFnet7 Multi Service Port & Bandwidth on Demand



Similar documents
SURFnet7 explained. SNE, 17 maart 2014 Wouter Huisman

SURFnet vision on networking Where will it meet DAS?

Quantum Leap in Open Source Collaboration

NAC Guest. Lab Exercises

16-PORT POWER OVER ETHERNET WEB SMART SWITCH

Switching in an Enterprise Network

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Compiled By: Chris Presland v th September. Revision History Phil Underwood v1.1

Test Case 3 Active Directory Integration

login timeout 30 access list ALL line 20 extended permit ip any any port 9053 interval 15 passdetect interval 30

How to Configure Web Authentication on a ProCurve Switch

Getting Started with Clearlogin A Guide for Administrators V1.01

IGI Portal architecture and interaction with a CA- online

PROTECTING DATA IN TRANSIT WITH ENCRYPTION IN M-FILES

Flexible Identity Federation

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

Session Title: Exploring Packet Tracer v5.3 IP Telephony & CME. Scenario

Configuring the Avaya B179 SIP Conference Phone with Avaya Aura Communication Manager and Avaya Aura Session Manager Issue 1.0

Managing Qualys Scanners

Vocia MS-1 Voice-over-IP Interface. Avaya System Verification. Configuring Avaya Aura Session Manager system with Biamp s Vocia MS-1

Flexible Identity Federation

GVRP Overview. Overview

Installation of the On Site Server (OSS)

Installation Notes for Outpost Network Security (ONS) version 3.2

HP Software as a Service. Federated SSO Guide

Using VDOMs to host two FortiOS instances on a single FortiGate unit

CTS2134 Introduction to Networking. Module Network Security


Administering Jive Mobile Apps

OAM Operations Administration and Maintenance

THINKTEL COMMUNICATIONS DIGIUM G100/G200 PRI OVER IP SIP TRUNKING

Copyright Pivotal Software Inc, of 10

What is VLAN Routing?

How To Configure InterVLAN Routing on Layer 3 Switches

HP Software as a Service

How to configure MAC authentication on a ProCurve switch

External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

GEC4. Miami, Florida

Quick Configuration Guide L1-42.1B January 2009

TIB 2.0 Administration Functions Overview

Dynamic Circuit Network (DCN) / perfsonar Shared Infrastructure

VOIP Guide Using ZyXEL Switch

Setting Up Scan to SMB on TaskALFA series MFP s.

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6)

Agenda. How to configure

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

Salesforce.com Integration Guide

NMS300 Network Management System

DocuSign Single Sign On Implementation Guide Published: March 17, 2016

Configure VPN between ProSafe VPN Client Software and FVG318

System Administration and Log Management

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

Sharing files and folders through SURFdrive

Sample Configuration for Microsoft Firewall and McAfee Desktop Firewall 8.5 to Support Avaya IP Softphone Issue 1.0

Skills Assessment Student Training Exam

Setup Guide Access Manager 3.2 SP3

CCT vs. CCENT Skill Set Comparison

ZyXEL IP PBX Support Note. ZyXEL IP PBX (X2002) VoIP. Support Notes

Transport OIF. Hans-Martin Foisel Deutsche Telekom. OIF Carrier WG Chair. October 16, 2013

Installation & Configuration Guide

NEFSIS DEDICATED SERVER

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

Configuration Guide. BES12 Cloud

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Enterprise Network Management. March 4, 2009

Virtual Private Networks. Juha Heinänen Song Networks

Mul$path Networking OpenFlow and MPTCP Friend or Foe?

Implementing Intercluster Lookup Service

A Survey on Cloud Security Issues and Techniques

Introduction. What is a Remote Console? What is the Server Service? A Remote Control Enabled (RCE) Console

IBM Security Access Manager for Enterprise Single Sign-On V8.2 Implementation Exam.

How to Configure the Toshiba Strata CIX for use with Integra Telecom SIP Solutions

Configuration Worksheets for Oracle WebCenter Ensemble 10.3

0DQDJLQJ#0XOWLVHUYLFH#1HWZRUNV

LifeSize Video Center Administrator Guide March 2011

Huawei Enterprise A Better Way VM Aware Solution for Data Center Networks

24 Port Gigabit Ethernet Web Smart Switch. Users Manual

Step-up-authetication as a service

How to Migrate to MailEnable using the Migration Console

perfsonar Task Force Update GLIF workshop, Catania, Italy March 5, 2009 Thomas Tam CANARIE Inc.

IPMI Coniguration Guide

Radware s AppDirector and Microsoft Windows Terminal Services 2008 Integration Guide

Introduction to Directory Services

: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

Configuring Role-Based Access Control

Software Defined RON TROMPERT

NETASQ SSO Agent Installation and deployment

Configuring the Edgewater 4550 for use with the Bluestone Hosted PBX

qliqdirect Active Directory Guide

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

How to Configure the NEC SV8100 for use with Integra Telecom SIP Solutions

PassTest. Bessere Qualität, bessere Dienstleistungen!

Error and Event Log Messages

Intel Active Management Technology with System Defense Feature Quick Start Guide

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

ADMINISTRATION GUIDE Cisco Small Business

Ciphermail Gateway PDF Encryption Setup Guide

CONFIGURING ACTIVE DIRECTORY IN LIFELINE

SNMP Manager User s Manual

Transcription:

SURFnet7 Multi Service Port & Bandwidth on Demand https://bod.surfnet.nl/ Hans Trompert Seminar SURFnet7 in depth, June 27, 2013 (version 2)

One or more services on a single port Single Service Port (SSP) - One service, one port Multi Service Port (MSP) - Multiple network services, one port - Efficient use of interfaces SURFinternet SURF-lightpath SURF-lightpath OnDemand lightpath Free 10 Gbit/s MSP Interface 2 Gbit/s 1 Gbit/s 2 Gbit/s 3 Gbit/s 2 Gbit/s 2

MSP and SSP features Multi Service Port: Efficient use of port capacity, especially with higher bitrates Service separation with 802.1Q VLANs IP, static lightpaths and BoD services combined on a single port Unused port capacity available for BoD by default Single Service Port: Transparent for L2 control protocols like LLDP, LACP, SP, etc. Remote port shutdown with SSP on other side 3

BoD in SURFnet6 NOC engineer User Application NSI NSI Inter Domain 4

BoD in SURFnet7 NOC engineer User Applica/on NSI Inter Domain NSI GUI GUI SURFnet7 BoD MTOSI SURFnet7 NMS API Iden*ty Provider Group Provider 5

BoD roles The three roles in BoD: User Manage virtual ports (request new port from institute) Manage bandwidth reservations (make or cancel request) Manage OAuth2 Access Token for NSI requests (if using the API) BoD administrator Manage physical ports (SSP and MSP) Manage virtual ports (accept/decline user requests, delete port) Manage reservations (cancel user reservation) NOC engineer Manage physical ports (assign port to institute) Manage institutes (associate email address and SURFconext group) 6

Teams and Ports NOC Engineers NOC Engineer Team BoD Unallocated Physical Ports BoD Admins Institute A Admin Team Institute B Admin Team Physical Ports Institute A Physical Ports Institute B Users User Team 1 User Team 2 Virtual Ports Team 1 Virtual Ports Team 2 7

Bandwidth Allocation NOC engineer marks port for dynamic use NMS Port ID + Signaling Type + Available Bandwidth is learned through NBI BoD Unallocated Physical Ports Available BW BoD = total BW physical port BW existing static services Physical Ports Virtual Port Team 1 Virtual Port Team 2 Port X Institute A Institute B Physical Port BW Port Y Physical Port BW Port X Port Y VLAN 1062 VLAN 50 VLAN 33 Fixed LP services Fixed IP services Fixed IP services Port X Port Y Available BW BoD Available BW BoD Port X NOC engineer asigns port to institute A NOC engineer asigns port to institute B Port Y Available BW BoD Available BW BoD BW BW Max Port X VLAN 11 BW + VLAN set by BoD Admin A BW + VLAN set by BoD Admin B Max Port Y VLAN 3 Max BW Max BW Port X Port Y VLAN 23 VLAN 1 Port Y

Authentication and Authorization All authentication through SURFconext Users or administrators of federated institutes use own IdP Non-federated institutes use SURFguest (https://www.surfguest.nl/) User authorization through SURFconext Rights are based on group (https://teams.surfconext.nl/) membership Users can be invited to join a group by the group administrator Administrator authorization through SURFconext Defaults to SURFnet Autorisatie Beheer (https://sab.surfnet.nl/) based authorization Also used for SURFdashboard, SURFdomeinen, SURFcertificaten and others BoD uses the SAB role `Infraverantwoordelijke If SAB cannot be used the rights can be based on group membership (https:// teams.surfconext.nl/) All BoD administrators from the same institute are member of the same group The SURFconext group belonging to the institute is administered in BoD The administrators of an institute are reachable through one verified email address 9

OGF Network Service Interface NSI Connection Service 2.0 API offers the following primitives: Reserve Modify Provision Release Terminate Query NSI Topology Exchange Service Uses the Network Markup Language to describe network topology Needed to do multi domain pathfinding NSI Monitoring Service 10

NSI Authentication 2) User stores token in application User application 3) Token is included in NSI request MTOSI OAuth2 Access Token NSI request 4) BoD uses token to authenticate on behalf of user OAuth2 Access Token 1) User creates token using BoD GUI SURFnet7 BoD 11

Demo 12

Questions 13

hans.trompert[at]surfnet.nl W www.surfnet.nl Creative Commons Attribution license: http://creativecommons.org/licenses/by/3.0/

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information