LINK POLICY A Problem Statement Lars Fischer Winter GLIF Baton - - PowerPoint PPT Presentation

NORDUnet

Nordic Infrastructure for Research & Education

LINK POLICY A Problem Statement

Lars Fischer

Winter GLIF Baton Rouge, 25-26 January 2012

NORDUnet

Nordic infrastructure for Research & Education

GLIF model – Policy Free

NREN A NREN B CPE

User A

Resource

CPE

GOLE GOLE GOLE GOLE Control plane Control plane Control plane Control plane

NORDUnet

Nordic infrastructure for Research & Education

NORDUnet Europe 2012

NORDUnet

Nordic infrastructure for Research & Education

NORDUnet Atlantic 2011

NORDUnet

Nordic infrastructure for Research & Education

NORDUnet N.A. 2012

NORDUnet

Nordic infrastructure for Research & Education

…however, we do have policy

• Cannot afford policy-free links
• Cost
• Links acquired to serve specific projects, science

disciplines

• (GLIF) Policy description today
• Informal, often not in writing
• Not in a computer-parseable description language
• No system of policy exchange
• Typical policy is “good sense judgment”, enforced by
• telephone. The “ask me” policy.
• This does not scale. And will not work for automatic

provisioning.

• We need a way to describe, publish, exchange,

discover policy

• …and enforce it

NORDUnet

Nordic infrastructure for Research & Education

Policy: Links, not GOLEs

NREN A NREN B CPE

User A

Resource

CPE

GOLE GOLE GOLE GOLE Control plane Control plane Control plane Control plane

NORDUnet

Nordic infrastructure for Research & Education

Link Resouces

• More inter-GOLE links being put in place
• …and more GOLEs
• by NRENs, Regionals, Continental networks
• by projects, discipline-specific efforts
• Distributed GOLEs (that are not networks?)
• Even efforts to provide continent-wide

exchanges – Internet2, GÉANT

• User communities starting to use GOLE

model

• LHCONE
• This is great
• …but from a policy (description &

enforcement) point of view, it’s getting worse

NORDUnet

Nordic infrastructure for Research & Education

NSI protocol

A E C D D E

Domain C Domain B

B A

Requesting Agent (RA) Network Resource Manager Provider Agent (PA) NRM Network Services Interfae NSA Network Services Agent NSA

AutoGOLE – Link Policy

NORDUnet

Nordic infrastructure for Research & Education

Policy-aware path-finding?

The Playground

Pionier.ets

Poznan AutoBAHN

NetherLight.ets

Amsterdam DRAC

StarLight.ets

Chicago OpenNSA/Argia

GEANT .ets

Paris AutoBAHN

NorthernLight.ets

Copenhagen OpenNSA

AIST .ets

Tsukuba G-LAMBDA-A

NSI Networks (“A”=Aggregator) NSI peerings (SDPs) unless otherwise indicated these are vlans 1780-1783

KRLight.ets

Daejeon DynamicKL

US LHCnet KDDI-Labs.ets

Fujimino G-LAMBDA-K

ACE KRLight + GLORIAD JGN-X NORDUnet + SURFnet Pionier GEANT JGNX.ets

Tokyo G-LAMBDA-K

CzechLight.ets

Prague DRAC

ESnet.ets

Chicago OSCARS

UvALight.ets

University of Amsterdam DRAC

A A A A A A CESNET

NORDUnet

Nordic infrastructure for Research & Education

Policy enforcement at GOLEs

• GOLE as the guardian of the link resources connected to it
• Policy-aware GOLEs
• Is this only a AutoGOLE issue, or general?
• If we can’t have automatic policy enforcement, we’re

defeating the whole point of doing AutoGOLE in the first place

GOLE

Policy Agent Policy

NORDUnet

Nordic infrastructure for Research & Education

Policy Description

• Objectives
• So we can understand it
• So it can be enforced by GOLEs
• So it can be communicated to those looking

for resources

• So it can be understood by path-finders
• GOLEs can guarantee correct use of

resources

• Implications
• GOLE functionality
• AutoGOLE connection service, path-finding
• Topology exchange
• (GOLE) Service Description

NORDUnet

Nordic Infrastructure for Research & Education

Thank You

Lars Fischer lars@nordu.net http://www.nordu.net