GN3+ SA3T3 / Multi-Domain-VPN service: Collaboration of NRENs NOC 10 - - PowerPoint PPT Presentation

GN3+ SA3T3 / Multi-Domain-VPN service: Collaboration of NREN’s NOC

10th TF NOC meeting (Cambridge) – Friday, 21 March 2014 Xavier Jeannin / RENATER, SA3T3 Task Leader Miguel Angel Sotos / RedIRIS Bojan Jakovljevic / AMRES

2

Connect | Communicate | Collaborate

Agenda

What is MDVPN? Status of MD-VPN deployment Role of the NOCs MD-VPN operation model VPN Provisioning Monitoring Troubleshooting Conclusions on MDVPN operation

3

Connect | Communicate | Collaborate

http://keenetrial.com/

What is MD-VPN? 1/3

A joint service provided by GEANT and NRENs Extending the original IP cooperation between GEANT, NRENs and regional networks to deliver new services

–

Share the same cooperation model used for traditional IP traffic exchange  NREN NOC collaboration required

MD-VPN creates a baseline transport infrastructure for a bundle

• f data transmission services

“Umbrella” for P2P or multipoint transmission

–

Multi-domain networking

–

Layer3 or Layer2 VPNs spanned

• ver several domains

http://www.broadband4europe.com/

4

Connect | Communicate | Collaborate

What is MD-VPN? 2/3

VPN provider VPN transport provider VPN provider and VPN transport provider

RR RR RR RR ABR PE ABR ABR ABR PE ABR PE PE ABR ABR GEANT NREN A NREN B NREN C Regional Network SSP SSP SSP SSP SSP PE NREN E (non MPLS) VPN

proxy

SSP PE PE PE PE PE PE PE PE VPN1 VPN1 VPN1 PE PE VPN1 VPN2 VPN2 VPN2 VPN2 VPN2 VPN3 VPN3 VPN3

SDP SDP SDP SDP SDP SDP SDP SDP SDP SDP

Configure

• nly at edge

VPN multiplexing

• Configure only once

5

Connect | Communicate | Collaborate

Added value for end-users

Safe infrastructure

Dedicated virtual network No firewall needed

–

No additional transmission delay (DPI)

–

High performance

Site B Site A Site C

Safe Inter-university Research and Educational Network (S.I.R.E.N)

6

Connect | Communicate | Collaborate

Multi-domain operation validation (4th quarter 2013 – end of 1st quarter 2014) Technical Pilot Phase Setting-up GEANT pilot (1st quarter 2014) Pilot generalization phase (2nd and 3rd quarter 2014) Adding MD-VPN service to GEANT portfolio end of GN3 plus

MD-VPN status Deployment phase

• A first scientist project XiFi

XIFI is a project of the European Public-Private-Partnership on Future Internet

7

Connect | Communicate | Collaborate

PSNC GEANT RENATER DFN

VPN Route reflector

NORDUnet HEAnet FUnet SUnet FCCN AMRES

XiFi Lannion XiFi Berlin XiFi TSSG

GARR RedIRIS

XiFi Malaga XiFi Sevilla XiFi Trento NREN currently connected NREN nearly connected Active XiFi L3VPN Future XiFi L3VPN

MD-VPN status the 20th Febr. 2014 Current pilot running on production infrastructure

DeiC Litnet CESNET

8

Connect | Communicate | Collaborate

MD-VPN operation model

VPN Provisioning Monitoring Day-to-day monitoring Statistics Monitoring Troubleshooting  Ensure OLA commitment are achieved

9

Connect | Communicate | Collaborate

MDVPN Provisioning Process workflow

Authoritative End user * Initiator NREN NREN

NREN Email List VPN-ASTRO- providers@MDV PN.dante.net I want L3VPN ASTRO NREN + Users Email List VPN-ASTRO-

• peration@MDVPN.d

ante.net

2 1 2

List creation

NREN NREN Involved NREN

Service Order: L3VPN ASTRO RT 2200:001

3 4

Service Order validate or not via VPN-ASTRO- providers@MDVPN... MD-VPN

database

Central information hosted within DANTE:

• VPN Name
• VPN type
• RT,
• RENs involved
• PE used
• Technical contact list

5

NREN :

• Checks with their own users
• Implements the VPN

VPN implemenation announced via VPN- ASTRO-

• peration@MDVPN...

6 6 6

DANTE

2 6

Feedbacks to the user requester

End users

6

* DANTE can play the role of the Initiator NREN

10

Connect | Communicate | Collaborate

What to monitor?

Peerings to be monitored

Monitoring is decentralized: SDPs (DANTE and NRENs) SSPs (DANTE and NRENs) VPN Route Reflector (VR) (DANTE) VPN-Proxy (DANTE)

11

Connect | Communicate | Collaborate

MD-VPN monitoring plan for NG3plus

• SSP monitored by GEANT
• PE availability
• MD-VPN Looking Glass
• Prospective:

SDP, User VPN monitoring NREN collaboration on monitoring a L3VN is deployed on all PEs and ASBRs

A loopback is put into this L3VPN and pinged in order to check if ASBR or PE is alive and the service up

12

Connect | Communicate | Collaborate

• 1. DANTE will take care of its own MD-VPN features
• VPN transport service (Carrier of Carrier)
• VPN Route Reflector
• VPN Proxy
• 2. Escalation process will be the same process as for IP service
• The MDSD coordinates the troubleshooting NRENs
• NRENs appeals to DANTE if they cannot fix the pb
• NREN coordinates the troubleshooting of their Regional Network
• Regional Networks appeals to its NRENs if they cannot fix the pb

MD-VPN troubleshooting

13

Connect | Communicate | Collaborate

support to NRENs: coordination task

Key points Information related to the VPN

–

VPN database (NREN involved in the VPN, Route Target, …) Information channel

–

Between network providers

–

Between network provider and users Make available email list tools that allow NREN to set-up their VPN list

–

VPN-ASTRO-providers@dante.net

–

VPN-ASTRO-operation@dante.net Feedback to the end users

14

Connect | Communicate | Collaborate

Conclusions on MDVPN operation

Next step: Database model and Operation cookbook Collaboration around the operational model Dissemination toward NREN’s NOC Prospective Improve MDVPN operation Monitoring Advanced MDVPN

15

Connect | Communicate | Collaborate

www.geant.net

www.twitter.com/GEANTnews | www.facebook.com/GEANTnetwork | www.youtube.com/GEANTtv

Connect | Communicate | Collaborate