MANTICORE: Providing Users with a Logical IP Network Service Victor - - PowerPoint PPT Presentation

manticore providing users with a logical ip network
SMART_READER_LITE
LIVE PREVIEW

MANTICORE: Providing Users with a Logical IP Network Service Victor - - PowerPoint PPT Presentation

Mar 02, 2023 122 likes •451 views

MANTICORE: Providing Users with a Logical IP Network Service Victor Reijs (HEAnet) MANTICORE Partners (self funded project): Agenda MANTICORE vision MANTICORE-I implementation Infrastructure as a Service framework

slide-1
SLIDE 1

MANTICORE: Providing Users with a Logical IP Network Service

Victor Reijs (HEAnet) MANTICORE Partners (self funded project):

slide-2
SLIDE 2

Agenda

  • MANTICORE vision…
  • MANTICORE-I implementation

– Infrastructure as a Service framework… – Software architecture…

  • MANTICORE-II…
  • Influence on end-to-end service…
slide-3
SLIDE 3

MANTICORE vision

Physical Router Logical Router Physical Link User Site Each user’s IP network is represented by a different color Other user’s IP network or the Internet Logical Link

slide-4
SLIDE 4

MANTICORE use cases

Users NOC

slide-5
SLIDE 5

Routing integrity

slide-6
SLIDE 6

Logical IP Network Service

  • Define the edge ports of the IP network
  • Define the external Routing Service

(policy)…

  • In case there are preferences on internal

transport services; provide QoS and internal Routing Service metric

  • Provide IP address pool (guided by your

ISP)

slide-7
SLIDE 7

Benefits

  • On-demand (self definable/WS) IP network
  • Incorporating integrated route policy and

thus increased route integrity

  • Nothing new compared to VPNs:
  • Share physical routers/links; not buying

your own

  • No self-assembly required
  • Drawn back: need of this control plane
slide-8
SLIDE 8

Agenda

  • MANTICORE vision…
  • MANTICORE-I implementation

– Infrastructure as a Service (IaaS) framework… – Software architecture…

  • MANTICORE-II…
  • Influence on end-to-end service…
slide-9
SLIDE 9

Infrastructure as a Service Framework

  • Virtualization of workstations
  • Software as a Service (SAAS)
  • Infrastructure as a Service (IaaS)
slide-10
SLIDE 10

Implementations of IaaS Framework

– ARGIA -> Product for Optical Networks – ETHER -> R&D for Ethernet and MPLS Networks

– MANTICORE -> Logical IP Network Service

– GRIM -> R&D for Instruments and Sensors

RMC MANTICORE ETHER GRIM CHRONOS

slide-11
SLIDE 11

Infrastructure resource trading

User A Provider 1 User B Provider 2 User C

Resource List Resource List Resource List Resource List

slide-12
SLIDE 12

MANTICORE software architecture

IP Network WS

GUI client(s)

User Workspace WS

Virtual Resource Services

Ethernet Resource WS TDM Resource WS

. . .

Router-WS

Netconf Juniper device Protocol X Other vendor device Protocol Y Software router

slide-13
SLIDE 13

MANTICORE-I implementation

  • Based on Juniper routers using the Netconf JunOS XML API
  • An abstract routing language is not used as a means of

describing routing configurations (instead, a proprietary simple and limited representation is used).

  • The implementation is not a complete solution: working

prototypes of the services is implemented, and some features and performance optimization are left for future work

slide-14
SLIDE 14

MANTICORE-I Logical IP network

slide-15
SLIDE 15

Agenda

  • MANTICORE vision…
  • MANTICORE-I implementation

– Infrastructure as a Service (IaaS) framework… – Software architecture…

  • MANTICORE-II…
  • Influence on end-to-end service…
slide-16
SLIDE 16

MANTICORE II new features (1/2)

  • Allow and detect manual configurations

and allowing selected resource for other systems (isolation)

  • Abstract the internal/external routing policy
  • Support for other manufacturers (i.e. Cisco)
  • Integration of the enhancements made as part of FP7

FEDERICA project activities (e.g. Xorpsh CLI)

slide-17
SLIDE 17

MANTICORE II new features (2/2)

  • Add more features to the IP Network WS

–Ability to set up VPNs –Ability to set up bandwidth guaranteed paths in the IP Network –Firewalling, Access list

  • Integration with other IaaS based solutions, e.g.:

–ARGIA (optical networks: TDM, WDM, fibre) –ETHER (Native Ethernet and MPLS VLL networks)

  • Authentication/Authorization
  • This is also an invite to join MANTICORE-II!

Planned to start 1Q2009

slide-18
SLIDE 18

Agenda

  • MANTICORE vision…
  • MANTICORE-I implementation

– Infrastructure as a Service (IaaS) framework… – Software architecture…

  • MANTICORE-II…
  • Influence on end-to-end service…
slide-19
SLIDE 19

19

Influence on end-to-end service (1/3)

  • Deployable and SLA:

– NREN services ends at Institute boundary

Extending to other NREN (using GEANT+ /DCN) is possible (if service available)

– Institute’s responsibility to extend the local part to User (fibre, Ethernet, IP) – SLA for NREN service is available – SLA for local part is under Institute’s remit

slide-20
SLIDE 20

20

Influence on end-to-end service (2/3)

  • Acceptable Use Policy (AUP) and route

integrity

– AUP of NREN service is the normal NREN AUP with the Institute – AUP for the local service with User is under Institute’s remit – Unwanted route leaks with fibre/Ethernet need to be procedurally guaranteed (AUP) – Unwanted route leaks with logical IP network (aka AS) is more controlable

slide-21
SLIDE 21

21

Influence on end-to-end service (3/3)

  • Security and firewalling

– Institute must have a scalable security/firewall configuration – fibre/Ethernet need to be procedurally guaranteed (AUP) – logical IP network (aka AS)

  • firewall could be part of the logical IP network

service.

  • firewall managed by elligable party (Institute?)
slide-22
SLIDE 22

Thank you! victor.reijs@heanet.ie

slide-23
SLIDE 23

Additional agenda

  • How does it work: GUI preview…
  • Route Service e.g. using RPSL…
slide-24
SLIDE 24

How does it work: GUI preview

Two organizations

– NREN-A: Physical Network (PN) Admin. In this very simple example it

  • perates a network with one physical router.

– i2CAT: Virtual Network (VN) Admin. In this very simple example it will request two logical routers from NREN-A.

MANTICORE deployment:

15

NREN-A Server:

  • User Workspace WS
  • Ethernet Resource WS
  • IP Network WS
  • Router WS

i2cat Server: (optional)

  • User Workspace WS
  • Ethernet Resource WS
  • IP Network WS
slide-25
SLIDE 25
  • When NREN-A first

launches the GUI client, it must create a new physical network and add all the routers they want to manage to it.

NREN-A discovers the physical router (1/2)

slide-26
SLIDE 26

NREN A discovers the physical router (2/2)

slide-27
SLIDE 27

NREN-A PN Admin creates logical routers (1/2)

  • Create logical interfaces
  • Create logical routers
  • Assign i/fs to routers
  • Create tunnel between

the logical routers

slide-28
SLIDE 28

NREN-A PN Admin creates logical routers (2/2)

slide-29
SLIDE 29

Giving permissions to links and interfaces

  • PN Admin creates “resource list”

20

slide-30
SLIDE 30

Exporting resources

  • NREN-A PN Admin exports the resource list to i2cat

(permissions are set on the resources so that i2cat’s users can access and modify the resources on the resource list).

  • i2cat VN Admin, launches its GUI Client, logs into the server

and downloads the resource list.

NREN-A Server: i2cat Server: (optional)

Resource List

slide-31
SLIDE 31

i2cat’s IP Network

  • i2cat VN Admin creates a new IP Network and adds the

resources of the received resource list

  • Now he can configure

the IP parameters of the interfaces, configure IGPs, configure the peering, ...

OSPF configuration BGP configuration

slide-32
SLIDE 32

Route Service e.g. using RPSL

aut-num: AS1213 as-name: HEANET descr: HEAnet national network import: from AS1299 # Telia [transit provider] action pref=100 accept ANY import: from AS3257 # Tiscali [transit provider] action pref=100; accept ANY Import: from AS20965 # GEANT [private peer] action pref=50; accept ANY export: to AS1299 # Telia announce AS-HEANET export: to AS3257 # Tiscali announce AS-HEANET export: to AS20965 # GEANT announce AS-HEANET