Testbeds as a Service Building Future Networks A view into a new GEANT Service Jerry Sobieski (NORDUnet) GLIF Tech Atlanta, Mar 18, 2014
From Innovation to Infrastructure! Network Innovation requires testing to prove out...! Testing in live networks can have unintended effects on non-combatants. Other users and network providers don t like being crash test dummies.! Production environments have the required scale but are highly risk averse. How do we evolve innovations from concept to production with minimal risk to infrastructure, services, and applications already in place providing on-going stable and reliable services? 2
Networking R&D Laboratories! The network research community needs Laboratories to test novel concepts...! Constructed from stable underlying infrastructure! Allow high risk experiments to be carried out...! Yet prevent unexpected or errant behaviour from interfering with production services or other research activities! Provide reliable and effective work environment for the researcher! Enable a broad range of innovation i.e. technology agnostic! Agile: Ability to rapidly prototype new ideas or integrate new results! Scalable: Ability to construct large scale test environments! These laboratories must be able to duplicate real world scenarios such that research results are useful and valid 3
GN3+SA2 Testbeds as a Service TaaS! SA2 key service capabilities:! Dynamic Packet Testbeds dynamically allocated, virtual networks provisioned over production transport and switching infrastructure with a pan-european footprint. Under control of the researcher Insulated to prevent collateral damage Flexible user defined network resources, can morph as necessary Extensible support for novel hardware! Dark Fiber Testbeds photonic testbeds over dark/dim fiber along long haul routes between a limited set of major EU metro areas. Virtualization of these resources is hard...but we ll see...! GOFF a prototype OF testbed originally fielded by GN3-JRA2 Software emulated OpenFlow switching (OVS) Bridge service as TaaS ramps up...! SA2 is a GEANT Production Service! The test beds it creates are expected to be reliable and consistently available.! Which means the SA2 support processes must be stable and secure! This integrated multi-species virtualization represents new technology and continues to evolve in the community... There continues to be many research efforts, and many emerging frameworks and service models... 4
A Brief Dive into the Internals: The TaaS Architecture treats all [testbed] networks as graphs Testbed Alpha Description VLAN L1 Virtual Machine A A Ethernet Switch B B Virtual Circuit L3 VLAN L2 C X86 Server C Internally, TaaS represents all testbed components as virtual resources with data flow ports. User specified Port adjacency relations define the testbed topology. class: etherswitch p0 dst class: EFTSlink L src 1 if0 class: x86vm A if1 if2 B src p1 Data plane resource graph L 3 dst src L 2 Class: EFTSlink dst if2 class: EFTSlink if3 C if1 class: x86vm 5
TaaS Dynamic Testbed Provisioning - How it works Network testbed concept to test brilliant idea Researcher logs in, builds a testbed description via a web GUI Testbed Template doc BrilliantIdea network Resource A port p0, p1; Resource B port out1, out2; Adj B/out1==A/ p0; Virtual Circuit L1 Virtual Machine A VC L3 Switch B VC L2 VM C TCA RM Resource Manager allocates resources Researcher has a brilliant idea Testbed is activated and user controls it via the TCA dst if0 A L1 if2 p0 B src A L3 p1 src Z L2 p2 dst p1 C 6
GEANT Testbeds as a Service Virtualization, Management, and Control Layers Testbed X Testbed Control z Testbed Agent Control X Agent Control Agent Testbed Y Control Agent User Control Inteface SA2 Core Resource Manager and Resource Control Methods Transport Resources Storage Resources Compute Resources TaaS Virtualization Layer Services OpenNSA/BoD NFS OpenStack Routing/Switching Resources JunOS/HP GN3 & NRENs CPH BRA AMS GN3+SA2 Core Physical Infrastructure 7
Resource Specific Testbed Control Primitives! Each Resource Class defines methods (control primitives) that translate high level TaaS control semantics to resource specific command sequences.! Each resource class must implement the gang of five.. Reserve() Activate() Query() Deactivate() Release()! Each resource class may define additional control primitives/ semantics that may be specific to that class of resource only! New resources classes may be introduced into the TaaS service by developing these control primitives 8
Resource Roadmap! Processing Resources! Virtual Machine (v1.0)! Virtual OpenFlow Fabric (v1.0)! Bare Metal Nodes (v1.1)! Virtual Switches! Virtual Routers (v1.1)! Transport Resources! Virtual Circuits (v1.0) Ethernet framed endpoints, VLAN deliniated! BE IP subnets(v1.1)! Waves (v1.x)! Photonic spectrum (v2.0)! Other Resources! IP Subnet User access gateway! Wifi / mobile 9
SA2 Testbeds Testbed X Testbed Y GN3+SA2 Intelligent Resource Mapping Layer Storage Resources Network Transport Compute Resources Resource (e.g NSI BoD service) Geographically distributed physical resource pool 10
SA2 Testbeds- External Access Testbed X Internet Testbed Y Inter-testbed connectivity via externally exposed ports. External connectivity via NSI provisioned connections GN3+SA2 Intelligent Resource Mapping Layer Storage Resources Network Transport Resource (e.g NSI BoD service) Compute Resources Geographically distributed physical resource pool 11
SA2 Multi-domain Testbeds (Phase 2) Testbed X Control Agent Provider A Resources Provider C Resources Provider B Resources Globally interoperating virtualized services domains establish a globally distributed user controlled [SDN] VNE domain... Promotes deterministic Operations Monitoring and Performance Verification 12
GN3 OpenFlow Facility LON FRA ZAG AMS VIE (Interim Bridge Service until TaaS is launched) 13
TaaS Deployment Plan (as of Jan 2014) AMS 3 CPH 1 FRA PAR MIL GVA ATH PRA LON VIE ZAG LJU 4 BRA 2 GOFF=FRA, AMS, VIE, LON, ZAG 14
TaaS initial multi-domain interconnection concept v m LJU NSI Connection Services create multi-domain transparent data planes CPH vmvmv* vmvmv* Other NSI domains NSI v m... v m... LON... vmvmv*... NSI SA2 intra-service Layer2 bridging/ switching GEANT SA3 BoD (inter-domain reach using NSI provisioning for data transport resources) v m v m v m BRA vmvmv* NSI AMS vmvmv* Other NSI domains NSI v m... v m... v m v m 15
Inter-Domain & Multi-Domain! Testbeds (virtual network environments/slices) must extend/scale globally - yet preserve security, insulation, control, privacy, etc! GEANT SA2-T4 is exploring a strategy! EU deployment within NRENs and Campus service implementations! Inter-domain interoperation with similar projects in other international regions US/NA (Internet2 AL2S, GENI ) SA APAC! Common service model, common inter-domain architecture, consensus protocol(s),... 16
TaaS Features Roadmap! TaaS v1.0 Full April 2014! Resources: new VM flavors (e.g. thin VMs)! Begin migrating GOFF users to TaaS! NAS storage, 10Gbps VCs,...! TaaS 1.1 Sep 2014! Virtual Router resources specifics TBD Juniper?, OpenFlow, 10+ Gbps,... (TBD!)! Interface with BoD (SA3) and NRENs for VCs! Bare Metal servers (blade servers (?))! Cloud /Datacenter integration! Initial multi-domain resource brokering! TaaS 2.0 CY15-Q1! GN4-2015-2022 (!) Project being defined now... 17
SA2 TaaS Conspirators:! GARR! PSNC! TERENA! DANTE! CESnet! AMRES! GRnet! RedIRIS! DFN! RENETER! HEAnet! NIIFI! NORDUnet 18
SA2 Ring Leaders! SA2 Activity Leader: Jerry Sobieski (NORDUnet) The [actual] important people:! T1: Hardware and Systems Eng TL: Dom Tailor (DANTE)! T2: Software Development TL: Blazej Pietrzak (PSNC)! T3: Service Management TL: Peter Szegedi (TERENA)! T4: Multi-Domain Interoperability TL: Fabio Farina (GARR) Dom Tailor Blazej Pietrzak Peter Szegedi Fabio Farina 19
Questions? 20