INFN Experience with Layer-2 Services across GANT and the DataTAG - - PowerPoint PPT Presentation

infn experience with layer 2 services across g ant and
SMART_READER_LITE
LIVE PREVIEW

INFN Experience with Layer-2 Services across GANT and the DataTAG - - PowerPoint PPT Presentation

Mar 30, 2023 397 likes •571 views

INFN Experience with Layer-2 Services across GANT and the DataTAG Testbed March 15, 2004 Tiziana Ferrari INFN - CNAF DataTAG is a project funded by the European Com m ission GNEW2004 15-16/ 03/ 2004 under contract I ST- 2001- 32459

slide-1
SLIDE 1

DataTAG is a project funded by the European Com m ission under contract I ST- 2001- 32459 GNEW2004 – 15-16/ 03/ 2004

Tiziana Ferrari INFN - CNAF

INFN Experience with Layer-2 Services across GÉANT and the DataTAG Testbed

March 15, 2004

slide-2
SLIDE 2

2 GNEW 2 0 0 4 , 1 5- 1 6 March 2 0 0 4

Talk Outline

L2 VPNs and the Grid:

use cases and advantages

MPLS L2 VPNs and additional features MPLS L2 VPNs and DataTAG

The Path resources Advance Reservation architecture Features and implementation

Conclusions, requirements and future work

slide-3
SLIDE 3

3 GNEW 2 0 0 4 , 1 5- 1 6 March 2 0 0 4

L2 Virtual Private Networks and the Grid

  • L2 VPN: connectivity between geographically

dispersed customer sites across MAN or WAN networks as if they were connected using a LAN

  • Grid use cases:

1.

MPLS-based VPNs: a firewall bypass

2.

Overlay network set-up: simplicity and flexibility

3.

new Grid job scheduling and data replica management models

slide-4
SLIDE 4

4 GNEW 2 0 0 4 , 1 5- 1 6 March 2 0 0 4

Grid job scheduling and data replica management with L2 VPNs

Today: Computing Elements (CEs) are

selected from the site where one ore more SEs hold a copy of the input file which is accessed by the job to be scheduled

L2 VPN: by configuring VPNs which include

compute and storage resources from several different data tier levels, CEs can be considered “virtually” local to SEs which are remote from a network point of view

slide-5
SLIDE 5

5 GNEW 2 0 0 4 , 1 5- 1 6 March 2 0 0 4

Grid job scheduling and data replica management with L2 VPNs (cont)

Advantages:

Jobs can execute on a CE even when a file replica

is not locally available -> Richer set of candidate CEs that can run the job

Traffic load at potential Grid bottlenecks can be

reduced

Different data replica management policies are

possible depending on the Grid application in mind:

Total/ partial data set replication vs No replication

slide-6
SLIDE 6

6 GNEW 2 0 0 4 , 1 5- 1 6 March 2 0 0 4

MPLS-based L2 VPNs

  • Ethernet/ VLAN traffic is carried by MPLS over the service

provide network (PE and P routers) and then converted back to L2 format at the rx site

  • Security and privacy: policies i the CE routers keep rotes that

belong to different VPNs separated

  • CE: it selects the output circuit to which specific L2 traffic has

to be sent according to:

The VLAN ID present in the 802.1Q frame header (VLAN L2 VPN) The input interface form which the frame wa eceived (Ethernet L2

VPN)

  • On-demand set-up: CEs can be forced to belong to different L2

VLANs according to the Virtual Organization (VO) they are allocated to at a given time

slide-7
SLIDE 7

7 GNEW 2 0 0 4 , 1 5- 1 6 March 2 0 0 4

Example

SE1,1 SE1,2 CE1,1 CE1,2 CE1,3 SE2,1 SE2,2 CE2,1 CE2,2 SE3,1 SE3,2 CE3,1 CE3,2 SE3,3 SE3,4

Grid Domain 1 Grid Domain 3 Grid Domain 2

CE3,3 CE3,4

slide-8
SLIDE 8

8 GNEW 2 0 0 4 , 1 5- 1 6 March 2 0 0 4

Why MPLS?

A given host can belong to one or more VPNs at a

time if native VLAN tagging is enabled

The LSP primary/ secondary path can apply non-

standard routing policies

A given diffserv packet forwarding treatment can be

assigned to the LSPs associated to a given VPN (MPLS EXP field set by the LSP head-end router):

Grid ftp between SEs: if based on enhanced TCP stacks, it can

be handled through the Scavenger/ Less Than Best Effort service (fairness)

CEs/ SEs used for remote visualization with real-time

requirements could apply to the IP Premium service

Performance guarantees to individual VOs

slide-9
SLIDE 9

9 GNEW 2 0 0 4 , 1 5- 1 6 March 2 0 0 4

L2 VPNs and DataTAG

C7609 T320 T320 stm64 C7606 M10 M10 3com VLAN1, IP Premium VLAN2 LBE/Scavenger Adv Res&Resource Mgr/ Grid Information Service

slide-10
SLIDE 10

10 GNEW 2 0 0 4 , 1 5- 1 6 March 2 0 0 4

MPLS- based VPN advance reservation: the Path

A possible abstraction of the Network Resource GGF Grid High-Performance Networking RG Dynamic vs static (-> Grid Information Service) PATH = concatenation of Path Elements Path Element:

Across a single domain or a chain of contiguous domains

with same control plane

Types: optical, MPLS, Diffserv Virtual Leased Line, ... Static path attributes:

requested for resource matchmaking Info about capabilities supported (eg. MPLS signalling) Authentication/ authorization: eg. AAA, Globus Gatekeeper,

etc

Path performance measured by the Grid network

monitoring service (GHPN)

slide-11
SLIDE 11

11 GNEW 2 0 0 4 , 1 5- 1 6 March 2 0 0 4

Advance Reservation Architecture

Qos Path request/ reply

WS + Service Discovery

Grid Authentication VOMS GARA Agent

Path provision indications

QoS Networks

BGP Topology advertisements + Reservation indications

BB

USER

Role Request + Reply Pseudo Cert

Advance Reservation request / reply

Auth DB A A A

Policy DB

Resource managers Slot table

EDG User Interface/Gara: . Reservation parsing (JDL) . Matchmaking . Reservation identification . GARA APIs, Gatekeeper, Resource manager, LRAM, Resource specific manager

EDG User Int

slide-12
SLIDE 12

12 GNEW 2 0 0 4 , 1 5- 1 6 March 2 0 0 4

MPLS- based L2 VPN management: features

MPLS LSP:

unidirectional based on a Diffserv path statically provisioned (IP

Premium)

Connects the two CE routers of the two leaf

domains

Shared by authorized users/ applications

generating traffic from the source domain

diffserv paths that support MPLS capabilities

(across MPLS-capable transit domains) are indicated by the information system

slide-13
SLIDE 13

13 GNEW 2 0 0 4 , 1 5- 1 6 March 2 0 0 4

MPLS-based L2 VPN management: implementation

Two given CE routers of two different leaf domains

are connected by a single diffserv path of a given type (IP Premium, lbe etc)

Each mpls/ diffserv path is statically associated to a

given pre-defined VLAN number

VLAN tagging pre-configured statically on end-

systems

Router configuration:

Diffserv: marking and policing (IP Premium only) at the

ingress router

MPLS L2 VPN: VLAN tagging and encapsulation, LSPs with

QoS and CCC Connections (Juniper) on the LSP head-end router

Topology and routing: very difficult to mange

dynamically!

slide-14
SLIDE 14

14 GNEW 2 0 0 4 , 1 5- 1 6 March 2 0 0 4

Router configuration

MPLS L2 VPN Manager:

Perl application using Junoscript libraries

(prototype for Juniper routers)

Configuration script parsing possible operating system/ configuration scripts

mismatches

configuration errors (rollback) Configuration add/ modify/ delete Configuration locking

slide-15
SLIDE 15

15 GNEW 2 0 0 4 , 1 5- 1 6 March 2 0 0 4

Conclusions & requirements

Results:

Optimal TCP performance on MPLS L2 VPNs

between StarLight and CERN – 1 Gbps

MPLS EXP field marking and classification: ok

(Juniper)

Diffserv scheduling: ok

Requirements:

On-demand set-up of e2e MPLS LSPs (no

stitching)

Handling of MPLS EXP field for QoS

slide-16
SLIDE 16

16 GNEW 2 0 0 4 , 1 5- 1 6 March 2 0 0 4

Future work

Applicability of L1/ L3 VPNs to Grids VPLS (Virtual Private LAN Services) for multipoint vs

p2p ethernet services (MPLS packets from CE routers are broadcast to PEs, i.e. the ISP network is traversed in a p2mp fashion

Enhancement of the advance reservation system

Multiple vendors Interdomain scenario Co-allocation, storage adv res Software rewriting (OGSA compliance)

Formal definition of Grid VPN Service

Type of Grid Connectivity service GHPN