An Hierarchical Policy Policy- -Based Based An Hierarchical - - PowerPoint PPT Presentation

an hierarchical policy policy based based an hierarchical
SMART_READER_LITE
LIVE PREVIEW

An Hierarchical Policy Policy- -Based Based An Hierarchical - - PowerPoint PPT Presentation

Oct 29, 2023 556 likes •723 views

An Hierarchical Policy Policy- -Based Based An Hierarchical Architecture for for Integrated Integrated Architecture Management of Grids and Networks of Grids and Networks Management Ricardo Neisse Ricardo Neisse Evandro Della Della

slide-1
SLIDE 1

An Hierarchical An Hierarchical Policy Policy-

  • Based

Based Architecture Architecture for for Integrated Integrated Management Management of Grids and Networks

  • f Grids and Networks

Ricardo Neisse Ricardo Neisse Evandro Evandro Della Della Vechia Vechia Pereira Pereira Lisandro Lisandro Zambenedetti Granville Zambenedetti Granville Maria Janilce Bosquiroli Almeida Maria Janilce Bosquiroli Almeida Liane Liane Margarida Margarida Rockenbach Rockenbach Tarouco Tarouco Federal University of Rio Grande do Federal University of Rio Grande do Sul Sul

slide-2
SLIDE 2

Ricardo Neisse Ricardo Neisse -

  • Policy 2004

Policy 2004

Slide Slide 2 2 of 15

  • f 15

Outline Outline

  • Introduction

Introduction

  • Grids, networks and policies

Grids, networks and policies

  • Hierarchical mapping architecture

Hierarchical mapping architecture

  • System prototype

System prototype

  • Conclusions and future work

Conclusions and future work

slide-3
SLIDE 3

Ricardo Neisse Ricardo Neisse -

  • Policy 2004

Policy 2004

Slide Slide 3 3 of 15

  • f 15

Introduction Introduction

  • Configuration of the underlying network to allow the

Configuration of the underlying network to allow the grid operation grid operation

  • Grid resources distributed along several network

Grid resources distributed along several network administrative domains: management problems? administrative domains: management problems?

  • Network policies x Grid policies

Network policies x Grid policies

  • A system to generate network policies based on

A system to generate network policies based on grid policies grid policies

slide-4
SLIDE 4

Ricardo Neisse Ricardo Neisse -

  • Policy 2004

Policy 2004

Slide Slide 4 4 of 15

  • f 15

Grid Management I nfrastrucutre (Toolkit) Grid Management I nfrastrucutre (Toolkit)

Grids, networks and policies Grids, networks and policies

Grid node (users and resources) Grid node (users and resources) Grid Administrator Grid Administrator Administrative domain Administrative domain

slide-5
SLIDE 5

Ricardo Neisse Ricardo Neisse -

  • Policy 2004

Policy 2004

Slide Slide 5 5 of 15

  • f 15

Grids, networks and policies Grids, networks and policies

Services Resource (Cluster)

Network infrastructure

Grid administrator Grid administrator Web Services (SOAP/ HTTP) Web Services (SOAP/ HTTP) Local network administrator Local network administrator

slide-6
SLIDE 6

Ricardo Neisse Ricardo Neisse -

  • Policy 2004

Policy 2004

Slide Slide 6 6 of 15

  • f 15

Hierarchical policies and grids Hierarchical policies and grids

Grid management policies Configuration actions into devices Network management policies

Mapping defined by the network administrator Policy deployment via PDPs

High abstraction level

slide-7
SLIDE 7

Ricardo Neisse Ricardo Neisse -

  • Policy 2004

Policy 2004

Slide Slide 7 7 of 15

  • f 15

Grid policy examples Grid policy examples

if (user == " if (user == "neisse neisse" and " and startTime startTime >= "11/25/2003 00:00:00" and >= "11/25/2003 00:00:00" and endTime endTime <= "11/25/2003 23:59:59") <= "11/25/2003 23:59:59") { { if (resource == " if (resource == "LabTec LabTec Cluster") { Cluster") { allowAccess allowAccess = true; = true; login = login = griduser griduser; ; maxProcessing maxProcessing = 50%; = 50%; networkQoS networkQoS = = remoteProccessControl remoteProccessControl; ; } } if (proxy == " if (proxy == "LabTec LabTec Cluster" and Cluster" and resource == "UFRGS Data Server") resource == "UFRGS Data Server") { { allowAccess allowAccess = true; = true; maxAllowedStorage maxAllowedStorage = 40GB; = 40GB; networkQoS networkQoS = = highThroughputDataIntensive highThroughputDataIntensive; ; } } } }

slide-8
SLIDE 8

Ricardo Neisse Ricardo Neisse -

  • Policy 2004

Policy 2004

Slide Slide 8 8 of 15

  • f 15

Network policy repository Grid policy repository Rule repository

Mapping architecture Mapping architecture

Network Network administrator administrator Mapping Engine Mapping Engine Grid policy editor Grid policy editor Grid Grid administrator administrator HTTP/HTTPS HTTP/HTTPS Mapping rule editor Mapping rule editor Grid Grid policies policies Mapping Mapping rules rules Network Network policies policies Grid Toolkit Grid Toolkit

Network Network domain

domain

Grid Grid domain

domain

PDP PEP PEP PEP PDP IETF PBNM IETF PBNM architecture architecture

slide-9
SLIDE 9

Ricardo Neisse Ricardo Neisse -

  • Policy 2004

Policy 2004

Slide Slide 9 9 of 15

  • f 15

Mapping architecture Mapping architecture

if (srcResource.address/24 == 143.54.47.0/24 and if (srcResource.address/24 == 143.54.47.0/24 and dstResource.address/24 != 143.54.47.0/24 and dstResource.address/24 != 143.54.47.0/24 and dstResource.port dstResource.port == 80 and == 80 and dstResource.protocol dstResource.protocol == TCP) == TCP) { { p1 = new p1 = new NetworkPolicy NetworkPolicy(); (); p1.addCondition(startTime,">=", p1.addCondition(startTime,">=",schedule.startTime schedule.startTime); ); p1.addCondition(endTime,"<=", p1.addCondition(endTime,"<=",schedule.endTime schedule.endTime); ); p1.addCondition(srcAddress,"==", p1.addCondition(srcAddress,"==",srcResource.address srcResource.address); ); p1.addCondition(dstAddress,"==", p1.addCondition(dstAddress,"==",dstResource.address dstResource.address); ); p1.addCondition(dstPort,"==", p1.addCondition(dstPort,"==",dstResource.port dstResource.port); ); p1.addCondition(dstProtocol,"=="," p1.addCondition(dstProtocol,"==","tcp tcp"); "); p1.addAction(DSCP,2); p1.addAction(DSCP,2); p2 = new p2 = new NetworkPolicy NetworkPolicy(); (); p2.addCondition(startTime,">=", p2.addCondition(startTime,">=",schedule.startTime schedule.startTime); ); p2.addCondition(endTime,"<=", p2.addCondition(endTime,"<=",schedule.endTime schedule.endTime); ); p2.addCondition(DSCP,2); p2.addCondition(DSCP,2); p2.addAction(bandwith,requiredQoS.requiredBandwidth); p2.addAction(bandwith,requiredQoS.requiredBandwidth); } }

slide-10
SLIDE 10

Ricardo Neisse Ricardo Neisse -

  • Policy 2004

Policy 2004

Slide Slide 10 10 of 15

  • f 15

Mapping architecture Mapping architecture

if (srcResource.address/24 == 143.54.47.0/24 and if (srcResource.address/24 == 143.54.47.0/24 and dstResource.address/24 != 143.54.47.0/24 and dstResource.address/24 != 143.54.47.0/24 and dstResource.port dstResource.port == 80 and == 80 and dstResource.protocol dstResource.protocol == TCP) == TCP) { { p1 = new p1 = new NetworkPolicy NetworkPolicy(); (); ... ... inPEPs inPEPs = select pep = select pep . .within[srcResource.address within[srcResource.address, 143.54.47.1] , 143.54.47.1] . .direction["in direction["in"] "] from from device.type["DiffServDevice device.type["DiffServDevice"]; "]; inPEPs[0].deployPolicy(p1); inPEPs[0].deployPolicy(p1); p2 = new p2 = new NetworkPolicy NetworkPolicy(); (); ... ...

  • utPEPs
  • utPEPs= select pep

= select pep . .within[srcResource.address within[srcResource.address, 143.54.47.1] , 143.54.47.1] . .direction["out direction["out"] "] from from device.type["DiffServDevice device.type["DiffServDevice"]; "];

  • utPEPs.deployPolicy(p2);
  • utPEPs.deployPolicy(p2);

} }

slide-11
SLIDE 11

Ricardo Neisse Ricardo Neisse -

  • Policy 2004

Policy 2004

Slide Slide 11 11 of 15

  • f 15

System prototype System prototype

slide-12
SLIDE 12

Ricardo Neisse Ricardo Neisse -

  • Policy 2004

Policy 2004

Slide Slide 12 12 of 15

  • f 15

System prototype System prototype

slide-13
SLIDE 13

Ricardo Neisse Ricardo Neisse -

  • Policy 2004

Policy 2004

System Prototype System Prototype

FreeBSD ALTQ Routers Network domain Grid domain Network administrator Grid administrator HTTP/HTTPS Globus GT3 MDS (Web Service/XML) QAME PBNM System (PHP) PDP (Java) Grid policy editor Mapping rule editor Mapping Engine (PHP) QAME QAME QAME Network policy repository (LDAP) System files Grid policy repository (LDAP)

slide-14
SLIDE 14

Ricardo Neisse Ricardo Neisse -

  • Policy 2004

Policy 2004

Slide Slide 14 14 of 15

  • f 15

Conclusions Conclusions

  • Grid

Grid policies: they policies: they are needed, but with network are needed, but with network policies policies integration integration

  • Mapping

Mapping rules are rules are not easy to not easy to define, requires: define, requires:

  • Preview agreement between grid and network

Preview agreement between grid and network administrator administrator

  • Good knowledge of the network and grid infrastructure

Good knowledge of the network and grid infrastructure

  • Future work

Future work

  • How to make the definition of mapping rules easier?

How to make the definition of mapping rules easier?

  • Bandwidth and performance evaluation

Bandwidth and performance evaluation

  • Policy conflicts

Policy conflicts

slide-15
SLIDE 15

Ricardo Neisse Ricardo Neisse -

  • Policy 2004

Policy 2004

Slide Slide 15 15 of 15

  • f 15

Questions? Questions?

  • Contact information:

Contact information:

  • Ricardo Neisse

Ricardo Neisse

  • Federal University of Rio Grande do

Federal University of Rio Grande do Sul Sul

  • E

E-

  • mail:

mail: neisse@inf.ufrgs.br neisse@inf.ufrgs.br

  • http

http:// ://gerencia.inf.ufrgs.br gerencia.inf.ufrgs.br

  • Thanks for your attention!

Thanks for your attention!