Workshop Fed4FIRE Federation of Testbeds. Brecht Vermeulen, Fed4FIRE architect

Similar documents
Software Defined Exchange (SDX) and Software Defined Infrastructure Exchange (SDIX) Vision and Architecture

SDN Testbeds and Experimentation

SAVI/GENI Federation. Research Progress. Sushil Bhojwani, Andreas Bergen, Hausi A. Müller, Sudhakar Ganti University of Victoria.

Tutorial: OpenFlow in GENI

D6.2 Detailed specifications regarding monitoring and measurement for second cycle

Federation of Internet experimentation facilities: architecture and implementation

ViSION Status Update. Dan Savu Stefan Stancu. D. Savu - CERN openlab

CloudLab. updated: 8/13/14

Cloud and Network facilities federation in BonFIRE David García Pérez, AtoS

GigaSpaces XAP 10.0 Administration Training ADMINISTRATION, MONITORING AND TROUBLESHOOTING GIGASPACES XAP DISTRIBUTED SYSTEMS

Robert Ricci GEC 22 March 2015

From Federated Software Defined Infrastructure to Future Internet Architecture

What is the Future of FI-WARE?

FIWARE Lab Solution for Managing Resources & Services in a Cloud Federation

Cloud Federations and the benefits of SDN/NFV

Network Virtualization

Data Center Virtualization and Cloud QA Expertise

The FP7 Ofelia project

HOW TO CREATE A SLICE IN GENI?

Experiences Monitoring and Managing QoS using SDN on Testbeds Supporting Different Innovation Stages

D2.2 SDN support for wireless islands and OpenFlow integration into OMF in Europe

Agenda. NRENs, GARR and GEANT in a nutshell SDN Activities Conclusion. Mauro Campanella Internet Festival, Pisa 9 Oct

ExoGENI: A Mul-- Domain IaaS Testbed

BRINGING NETWORKS TO THE CLOUD ERA

About the VM-Series Firewall

Federation of the Monitoring Tools. José Augusto Suruagy Monteiro With contributions from Mayur and Jordan Workshop PROCAD São Carlos June 18, 2012

SDN Overview. Southern Partnership in Advanced Networking John Hicks, November 3, 2015

CORD Monitoring Service

Easily Connect, Control, Manage, and Monitor All of Your Devices with Nivis Cloud NOC

GENI Laboratory Exercises for a Cloud Computing course

Status of OpenFlow research and test facilities in Europe

Open Source Network: Software-Defined Networking (SDN) and OpenFlow

2. Findings Summary. Resolved Issues

D6.3 Report on first cycle development regarding measuring and monitoring

Security-as-a-Service in Multi-cloud and Federated Cloud Environments

OpenNebula Open Souce Solution for DC Virtualization

Using GENI, CloudLab and AWS together within a Cloud Computing course

OF 1.3 Testing and Challenges

Data Centers and Cloud Computing

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer

Software-Defined Networks Powered by VellOS

Network performance in virtual infrastructures

GENICLOUD: AN ARCHITECTURE FOR THE INTERCLOUD

Virtualization Technologies (ENCS 691K Chapter 3)

IRATI - Investigating RINA as an Alternative to TCP/IP

SDN Architecture and Service Trend

Bring your virtualized networking stack to the next level

IPv6 Research and Testbeds in BUPT. EU-China Test beds Federation Workshop Yan Ma Jan. 15, 2015

Cloud Federations in Contrail

Virtualized Network Services SDN solution for enterprises

Presented By Joe Mambretti, Director, International Center for Advanced Internet Research, Northwestern University

Flexible Identity Federation

Orbiter Series Service Oriented Architecture Applications

Programming Assignments for Graduate Students using GENI

OpenNebula Open Souce Solution for DC Virtualization. C12G Labs. Online Webinar

Designing Virtual Network Security Architectures Dave Shackleford

Modern Multi-factor and Remote Access Technologies

CloudCIX Bootcamp. The essential IaaS getting started guide.

Installation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure

GEC4. Miami, Florida

CCT vs. CCENT Skill Set Comparison

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

How to Configure a High Availability Cluster in Azure via Web Portal and ASM

Global Headquarters: 5 Speen Street Framingham, MA USA P F

OpenNebula Open Souce Solution for DC Virtualization

MPLS multi-domain services MD-VPN service

Challenges in Hybrid and Federated Cloud Computing

Data Analysis Load Balancer

IPOP-TinCan: User-defined IP-over-P2P Virtual Private Networks

Software Defined Network (SDN)

IPv6/IPv4 Automatic Dual Authentication Technique for Campus Network

NephOS A Licensed End-to-end IaaS Cloud Software Stack for Enterprise or OEM On-premise Use.

HOW SDN AND (NFV) WILL RADICALLY CHANGE DATA CENTRE ARCHITECTURES AND ENABLE NEXT GENERATION CLOUD SERVICES

Cloud Computing Security: What Changes with Software-Defined Networking?

Architecture Overview

Tengu: an Experimentation Platform for Big data Applications

big switch FlowVisor Engineering Tutorial Open Networking Summit 2012 Rob Sherwood

GENI Network Virtualization Concepts

Delivering IaaS for the Greek Academic and Research Community

w w w. u l t i m u m t e c h n o l o g i e s. c o m Infrastructure-as-a-Service on the OpenStack platform

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

How To Connect To Bloomerg.Com With A Network Card From A Powerline To A Powerpoint Terminal On A Microsoft Powerbook (Powerline) On A Blackberry Or Ipnet (Powerbook) On An Ipnet Box On

GigaSpaces XAP.NET Administration Training ADMINISTRATION, MONITORING AND TROUBLESHOOTING GIGASPACES XAP.NET DISTRIBUTED SYSTEMS

Workday Mobile Security FAQ

Test Case 3 Active Directory Integration

Outline. Why Neutron? What is Neutron? API Abstractions Plugin Architecture

Wireless Software Defined Networks Ayaka Koshibe, Akash Baid and Ivan Seskar

Getting to know OpenFlow. Nick Rutherford Mariano Vallés

C a r l G o e t h a l s T e r r e m a r k E u r o p e. C a r l. g o e t h a l t e r r e m a r k. c o m

FI-WARE Cloud Overview

architecture: what the pieces are and how they fit together names and addresses: what's your name and number?

Getting Started with GENI: A User Tutorial

Intel IT s Cloud Journey. Speaker: [speaker name], Intel IT

Federating the wireless facilities of OpenLab with wired networks and the cloud

The Impact of PaaS on Business Transformation

Compass Deploying and Monitoring a Software Defined Infrastructure

Clodoaldo Barrera Chief Technical Strategist IBM System Storage. Making a successful transition to Software Defined Storage

Global Headquarters: 5 Speen Street Framingham, MA USA P F

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

Grid Computing Vs. Cloud Computing

Transcription:

Workshop Fed4FIRE Federation of Testbeds Brecht Vermeulen, Fed4FIRE architect Brecht.vermeulen@iminds.be

Fed4FIRE s role in European FIRE framework Source figure: FIRE Brochure 2 2014 (AmpliFIRE)

Fed4FIRE general info IP project coordinated by iminds 10/2012-9/2016 Total budget: 7.75 MEUR 28 partners 3

4 Belgium

iminds research institute Flanders' digital research center and business incubator Flanders = Dutch speaking part of Belgium Building on the strength of 850+ researchers in 5 Flemish universities Digital expertise for 6 key markets ICT, Media, Health, Energy, Smart Cities and Manufacturing Work with research partners to convert digital know-how into real-life products and services that change people's lives for the better Guide researchers, young entrepreneurs and start-ups in the successful market introduction of their ideas www.iminds.be 5

iminds testbeds Virtual Wall: 320 physical servers Wireless: 70 wireless nodes + 15 robots 6

Brecht Vermeulen PhD in 2004 about Quality of Service in the Future internet Technical responsible for iminds testbeds and testlab Leading architecture work package in Fed4FIRE project 7

Current testbeds in Fed4FIRE 8

Fed4FIRE testbeds Diverse technologies Diverse implementation stacks 9

US GENI federation More testbeds More uniformity of testbeds Better connectivity Designed GENI AM API (instageni rack, exogeni rack, Openflow, Wimax) GEC = Geni Engineering Conference 10

Goals of federation Make it easy for experimenters to use multiple testbeds Single account Single (or small number) of tools Multiple testbeds To scale up To use/combine special resources (e.g. wireless robots) Redundancy (e.g. testbed in maintenance) To re-use experiments (class exercises, scientifically, ) To compare environments (e.g. wireless) 11

Design principles Multiple identity provider Testbeds trust IdPs in federation Multiple tools Multiple testbeds All of them can appear 12 and disappear!

Agenda Experiment workflow Overview Fed4FIRE (http://doc.fed4fire.eu) Technical workflow between components Monitoring Connectivity Proxy International federation and connectivity Tools beyond resource provisioning Workflow adding testbed to the federation jfed toolkit International collaboration GENI-FIRE summer class GENI-FIRE API definitions Use cases Class exercise by Forge project Belgian SME (outside of open calls) Geocloud (opencall experiment) Services on top: Xifi cloud node, hadoop/openstack on demand US Cloudlab Federation membership models 13

Experiment workflow

Experiment workflow Create Account Documentation http://doc.fed4fire.eu Federation policy: experimenter can run tutorial experiments to learn testbeds Do more experiments and tutorials: Provision resources, control resources (ask more quota to testbeds if needed as testbeds can have different policies) 15

From account creation to first experiment (tutorial with client-server & emulated link) 16

Technical workflow between components

Workflow Signed X.509 certificate of an identity provider Testbeds trust IdPs in federation Use a tool Use one or more testbeds 18

Fed4FIRE Identity providers https://authority.ilabt.iminds.be Portal: https://portal.fed4fire.eu Planetlab Europe: http://www.planet-lab.eu/ 19

Workflow (protocol: XMLRPC over SSL) Create Account and get certificate Slice Authority API Member Authority API 1. Use signed certificate in tool 3. Create slice/get credential (signed XML) 2. Get credential (signed XML) 4. Provision resources 5. Control resources Aggregate Manager API 20

Monitoring

jfed testing and monitoring https://flsmonitor.fed4fire.eu API testing http://monitor.ilabt.iminds.be 22

Connectivity: proxy

Connectivity test (also in bug report) 24

TCP ports and firewalls 12369, 12346, 11443, 8081, IPv6 for node access = problems First step: Detection (connectivity tester) Second step: work around -> SSH proxy 25

SSH proxy (optional!) For API calls For SSH login Automatic SSH agent for extra comfort 26

SSH proxy: only TCP 22 Virtual Wall Authority Public SSH keys of PEM cert IPv4 API calls TCP 22 IPv4 SSH TCP 22 SSH gateway server AMs, nodes, IPv4/IPv6 API calls SSH login Even private vpns connected to SSH gateway 27

International federation and connectivity

Layer 2 connectivity = stitching VLANs AUTOBAHN SDX STATIC VLANS Meshed L2 connections possible SDX = software defined exchange eases connectivity (=exchange) VLAN translation needed + SDN functionality 29

Stitching workflow: iminds to Illinois. Experimenter draws layer 2 link Stitching Computation Service (SCS) 2. and starts provisioning 3. Tool contacts SCS to know the path and SCS sends back the path and workflow (e.g. some networks can do VLAN translation) Wall1 Wall2 Geant Inter net2 Illinois 4. Tool provisions at all testbeds and networks through the aggregate manager API and negotiates the VLAN IDs Wall1 Wall2 Geant Inter net2 30 Illinois 5. User logs in and can ping

SCS per federation SCS SCS SCS 31

Tools beyond provisioning: experiment control

jfed: timebased experiment control 33

Labwiki experiment control (OMF/OML) http://labwiki.test.atlantis.ugent.be:4000 34

NEPI experiment control http://doc.fed4fire.eu/nepi.html 35

Agenda Experiment workflow Overview Fed4FIRE (http://doc.fed4fire.eu) Technical workflow between components Monitoring Connectivity Proxy International federation and connectivity Tools beyond resource provisioning Workflow adding testbed to the federation jfed toolkit International collaboration GENI-FIRE summer class GENI-FIRE API definitions Use cases Class exercise by Forge project Belgian SME (outside of open calls) Geocloud (opencall experiment) Services on top: Xifi cloud node, hadoop/openstack on demand US Cloudlab Federation membership models 36

Workflow adding a testbed to the federation

Adding a testbed to the federation Design RSpecs doc.fed4fire.eu Add testbed in Experimenter tools AM API doc Implement AM API on top of testbed Document testbed Dashboard and Test with jfed probe nightly testing (+internal testbed monitoring) 38

jfed toolkit

jfed toolkit http://jfed.iminds.be, current release 5.3.2 Speaks AM API, Federation (CH) APIs, SCS, Written in Java(FX) MIT license Experimenter tool, test and monitor federation Experimenter tool jfed UI 40

Philosophy: jfed experimenter GUI Leverages APIs from jfed Probe testing Can be used by a new experimenter (abstract things!) Full power when needed raw Rspec API call insight Debug and support Leverage API call analysis from jfed probe For support: send all those calls to support! Can work around firewall port blocking stuff through SSH proxy Cross platform: Windows, OS X, Linux Saves and reads RSpecs 41

Abstract resources 42

Raw RSpec editing: support everything RSpec = Resource Specification: describes experiment 43

Debug by looking into API calls 44

Bug reports and support 45

RSpec and tutorial/classes world 46

Agenda Experiment workflow Overview Fed4FIRE (http://doc.fed4fire.eu) Technical workflow between components Monitoring Connectivity Proxy International federation and connectivity Tools beyond resource provisioning Workflow adding testbed to the federation jfed toolkit International collaboration GENI-FIRE summer class GENI-FIRE API definitions Use cases Class exercise by Forge project Belgian SME (outside of open calls) Geocloud (opencall experiment) Services on top: Xifi cloud node, hadoop/openstack on demand US Cloudlab Federation membership models 47

How does the AM work

AM AM v2 http://groups.geni.net/geni/wiki/gapi_am_api_v2 AM v3 http://groups.geni.net/geni/wiki/gapi_am_api_v3 Upcoming AM, but can help in understanding it better (does not differ much from AM v3): https://fed4fire-testbeds.ilabt.iminds.be/asciidoc/ federation-am-api.html https://github.com/open-multinet/federation-am-api (on github you can request for clarifications, report problems on the standard API description) 49

Workflow 3 types of Rspecs: advertisement, request, manifest Getversion: informative Listresources: advertisement RSpec Createsliver (v2) vs allocate/provision/ performoperationalaction (v3): send request, receive manifest SliverStatus (v2) vs Status (v3): check Listresources (v2) vs Describe (v3): get overview Renew: to extend duration DeleteSliver (v2) vs Delete (v3) 50

How to implement the AM

Possibilities for AM implementation If you have only hardware, no mgmt software for your testbed, pick testbed software which has an AM implementation and which is closest to your HW Emulab (contact iminds for more information) Nitos Broker with OMF (contact University of Thessaly for more information) Foam (openflow + flowvisor) (contact iminds for more information) GRAM (works with Openstack) (contact Inria Grid 5000 if you want more information) If you have software for managing your testbed, you can wrap it with the AM API: SFAwrap (python) contact UPMC/Inria Sophia Antipolis Fiteagle (java) contact TU Berlin Geni Control Framework (GCF) GENI BBN - http://trac.gpolab.bbn.com/gcf Implement yourself the AM API on top of an existing testbed Choice depends on what you have and what you want 52

FIRE GENI Research Experiment Summit July 7 th July 11 th, Gent

Overview 35 participants: 10 US 25 EU 21 took part in the project (all US, and 11 of EU) 15 tutors (US + EU) Exchange of people, tools and testbeds with same tutorials 54

Agenda 55

Keynotes: Mark Berman/Jorge Pereira 56

Talks Laurent Vanbever: SDX: A Software Defined Internet Exchange Sachin Sharma and Sahel Sahhaf Experimentation on the Virtual Wall Hellen Maziku Network Aware VM Migration In Cloud Data Centers Gerard Marin and Mennan Selimi Community-Lab testbed and experiments 57

58

Tutorials/summer schools: stress testing 59

Project 1: Cloud Service provider choses network connectivity with SDN 60

61

Project 2: DDOS detection 62

63

Project 3: improve testbed resource selection with Xquery/Xtools 64

Project 4: Localization based on RSSI measurements 65

66

Conclusion Nice number of participants US-EU collaboration works: tools/testbeds/ tutorials/tutors are interoperable IPv6 works transparent Idea of organizing a 2 nd workshop in 2015 Probably adding technical discussion sessions 67

International collaboration: APIs

APIs Member and Slice authority API http://groups.geni.net/geni/wiki/ CommonFederationAPIv2 Aggregate Manager API https://fed4fire-testbeds.ilabt.iminds.be/asciidoc/ federation-am-api.html Discussion and API changes are done through github: accessible for everyone and neutral https://github.com/open-multinet 69

Agenda Experiment workflow Overview Fed4FIRE (http://doc.fed4fire.eu) Technical workflow between components Monitoring Connectivity Proxy International federation and connectivity Tools beyond resource provisioning Workflow adding testbed to the federation jfed toolkit International collaboration GENI-FIRE summer class GENI-FIRE API definitions Use cases Class exercise by Forge project Belgian SME (outside of open calls) Geocloud (opencall experiment) Services on top: Xifi cloud node, hadoop/openstack on demand US Cloudlab Federation membership models 70

Use cases

Forge: lab in Greece using iminds testbed 200 students in 4 sessions 72

Example: SME does scalability testing 73

The GEO-Cloud Experiment Resources and Architecture Workload Time to user? Workload? 74

Xifi project in EU FI-PPP 10 additional infrastructures 30/01/ 75 75

Xifi node runs on FIRE testbed (Virtual Wall) @ iminds: openstack RSpec Scale up when needed Experimenters can use exactly the same for own private clouds cloud-on-demand service (with size as they want) Including all other testbeds and connectivity of the F4F federation 76

Openstack instance 30/01/ 77 77

iminds Tengu platform Fed4FIRE services Create services on top of testbeds Cloud-on-demand Hadoop/Storm/Lambda -on-demand POST /tengu/{type}?nodes={nr}&testbed={urn}&project{str} Powered by RSpec and Chef 30/01/ 78 78

US Cloudlab 79

Agenda Experiment workflow Overview Fed4FIRE (http://doc.fed4fire.eu) Technical workflow between components Monitoring Connectivity Proxy International federation and connectivity Tools beyond resource provisioning Workflow adding testbed to the federation jfed toolkit International collaboration GENI-FIRE summer class GENI-FIRE API definitions Use cases Class exercise by Forge project Belgian SME (outside of open calls) Geocloud (opencall experiment) Services on top: Xifi cloud node, hadoop/openstack on demand US Cloudlab Federation membership models 80

Federation membership technical requirements

Note This is about technical requirements There is also need for policy decisions (can a testbed join or not) to be discussed in the sustainability task/federator (board) work Although a testbed joining the federation is different from their users joining (their authority is not automatically allowed on existing testbeds, only vice versa: F4F experimenters can use the new testbed) 82

What is a testbed (that can be federated)? Testbed = hardware + management software Ssh/FRCP controlled resource testbeds Ability to share resources between different users Shared over time or in parallel (multiplexing, slicing) Concept of credentials and dedicated access (e.g. ssh) API only testbeds A service with an API (proprietary or standard) Concept of credentials *** better naming for these types needed, but the idea should be clear (infrastructure versus service is confusing) 83

What types of federation Light federation Advanced federation Associated testbeds 84

Advanced federation: min. requirements Support for AMv2 or AMv3 (or later versions) Authentication, authorization: X.509 certificates, slice and user credentials, accepting root certificates of the main F4F authorities Resource description and discovery: RSpec definition Provisioning (instant): through the AM API Control: through SSH with ssh public/private keys put in the API calls, FRCP control or openflow: point a controller for a switch Documentation (on a webpage maintained by the testbed) Testbed description RSpec description URLs of the AM API A basic experiment showing the testbed (and with a F4F tool), described as a tutorial Policies: everyone with a valid F4F certificate can execute the basic experiment without extra approval Facility monitoring AM API tested from central location, if testbed has internal monitoring, send a summary through OML to the central OML server Connectivity: public IPv4 for AM, public IPv4 or IPv6 for ssh login (exceptions for VPN can be granted, but then the ssh gateway of the F4F federation will be a permanent client of the VPN) Testbed has to provide basic support on the testbed functionalities towards experimenters 85

Advanced federation: options Infrastructure monitoring Advanced reservation SLA Reputation Permanent storage Experiment control FRCP enabled images AMQP server PDP Layer 2 connectivity between testbeds VLAN stitching (federation runs stitching computation engine) Tunnels (egre or gre option in RSpec link) 86

Advanced federation: what does the federation offer? Testing tools for the AM API, test credentials,... Nightly testing when federated Central monitor dashboard Min. 1 client tool having support for all federated infrastructure testbeds At least 1 authority to provide credentials Ssh gateway (to bridge e.g. to IPv6, VPNs,...) Central documentation linking to all testbeds Central support (google group, NOC) for first help and single point of contact 87

Light federation: min. requirements Support for Fed4FIRE credentials in client based SSL API X.509 certificates, e.g. derived PKCS12 version which can be loaded in a webbrowser or other HTTPS tool API is not the AM API Documentation (on a webpage maintained by the testbed) Testbed description Documentation on the specific API URLs of the API A basic experiment showing the testbed, in a tutorial format Policies: everyone with a valid F4F certificate can execute the basic experiment without extra approval Facility monitoring API tested from central location, if testbed has internal monitoring, send a summary through OML to the central OML server Connectivity: public IPv4 for the API server 88

Light federation: what does the federation offer? Test credentials Information on enabling PKCS12 authentication Central monitor dashboard Min. 1 client tool exporting PKCS12 credentials from the X.509 certificate At least 1 authority to provide credentials Central documentation linking to all testbeds Central support (google group, NOC) for first help and single point of contact 89

Associated testbeds No real federation (e.g. no credential exchange, no testing, ) Only mentioning the testbed and linking to the testbed specific documentation Testbed has to organise its own support 90

Matrix of possibilities SSH/FRCP/openflow controllable testbeds Light federation (e.g. use Bonfire API with F4F credentials) Advanced federation (e.g. Bonfire with an AM, use F4F tool) Associated tested API only testbed Only Light federation possible (e.g. hadoop on demand service with F4F credentials) Associated testbed Reason to make this clear: an API only testbed can never do Tight federation, so it is not federated less, just at the moment, this is the maximum federation that is possible. (and that is demanded from experimenter view as far as we see) 91

Thank you brecht.vermeulen@iminds.be www.fed4fire.eu

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information