April 10, 2023

Internet2: CCIRN reports3 July 2004

Internet2 E2E piPEs

Project: End-to-End Performance Initiative Performance Environment System (E2E piPEs)

Approach: Collaborative project combining the best work of many organizations, including DANTE/GEANT, Daresbury, EGEE, GGF NMWG, NLANR/DAST, UCL, Georgia Tech, etc.

NSF-sponsored workshop: http://e2epi.internet2.edu/WK03/index.html

piPEs

Enable end-users & network operators to:• determine E2E performance capabilities• locate E2E problems• contact the right person to get an E2E problem resolved.

Enable remote initiation of partial path performance tests

Make partial path performance data publicly available

Interoperable with other performance measurement frameworks

Measurement Infrastructure Components

Database ofPerformance

Results

Server Server

Regularly Scheduled Tests

Router Router

On-Demand Tests

Laptop computer

TestResults Test

Results

TestResults

TestRequest

ResultRequest

End-to-End Path

Project Phases

Phase 1: Tool Beacons• BWCTL (Complete), http://e2epi.internet2.edu/bwctl• OWAMP (Complete), http://e2epi.internet2.edu/owamp• NDT (Complete), http://e2epi.internet2.edu/ndt

Phase 2: Measurement Domain Support• General Measurement Infrastructure (Prototype)• Abilene Measurement Infrastructure Deployment (Complete),

http://abilene.internet2.edu/observatory

Phase 3: Federation Support• AA (Prototype – optional AES key, policy file, limits file)• Discovery (Measurement Nodes, Databases) (Prototype –

nearest NDT server, web page)• Test Request/Response Schema Support (Prototype – GGF

NMWG Schema)

piPEs Deployment

Italy

Poland

Israel

In ProgressAbileneUS Govt. Labs

US UniversitiesGEANTAPAN

American / European Collaboration Goals

Awareness of ongoing Measurement Framework Efforts / Sharing of Ideas (Good / Not Sufficient)

Interoperable Measurement Frameworks (Minimum)• Common means of data extraction

• Partial path analysis possible along transatlantic paths

Open Source Shared Development (Possibility, In Whole or In Part)

End-to-end partial path analysis for transatlantic research communities• VLBI: Haystack, Mass. Onsala, Sweden • HENP: Caltech, Calif. CERN, Switzerland

Other ongoing collaborations

US networks: under aegis of JET• Abilene – ESnet deployment already• Coordination/deployments for key user communities

APAN deployment• Tokyo, Fukuoka, Korea(?)• Focus bwctl (scheduled tests)

GGF NMWG• Eric Boyd co-chair• Work on creating and revising schemata for test requests

and responses• Beginning work on a “model” policy for authorization roles

that can be used as a starting point for campuses/domains

April 10, 2023

Extending the research of R&E networking

Report on the April Workshop

Background

Since Fall 2001, small BoF has met at Internet2 member meetings

• Focus on sharing information about needs, activities regarding places not well connected to R&E networks

–Geographical: e.g. mountains of Chile, island territories of France

–Market/Economic: sub-Saharan Africa–Technical: ocean floors, field researchers

• Fall 2003, proposal to host workshop focusing on development agencies and funding resources

• Held post Internet2 Spring Member Meeting, Arlington, VA

Synergies between NRENs and aid and funding agencies

Science, funding and aid agencies:• and you are? No or very little knowledge about NRENs and what it

is that NRENs do or about programs• duplication, costs, lack of coordination• expressed interest in exploring actions or activities the group might

undertake beyond simple information sharing on an ad hoc basis.

Global research and education networking community and key science, funding and aid agencies: How can get to know each other (and know about what we do)

• Overviews of agencies information and communication technology ICT programmatic areas and related programs

• The need for the global research and education community to also do outreach on what it is that what we do, what our members do and that illustrate real proof of concept instantiations,

• show that there are things we could do together

Workshop Goals

get to know a bit about each other

to have a a forum to explore ways in which we may work together to address the challenges in extending the reach of Internet infrastructure and networks in support of research, education and knowledge sharing

what do you see as the gap areas – the needs? Before and after the workshop

Steering Committee –many thanks!

Les Cottrell (SLAC) Curtis White (Allied Communications) Bob Dixon (Ohio State) Heather Boyles (Internet2) Peter Highnam (NIH) Lori Perine (NSF) Micah Beck (UT) Mary Kratz (Internet2) Steven Huter (NSRC, Univ. Oregon) Art St George (Univ. New Mexico) Dany Vandromme (RENATER) George McLaughlin (AARNet) Jim Williams (Indiana Univ) sharon Moskwiak (Internet2) Anil Srivastava, AcrossWorld Ana Preston (Internet2)

Expanding the reach of advanced networking

Highlights: 80+ participants a keynote speech by Mohamed Muhsin, Vice-President and

CIO of the World Bank presentations on programs from several science, funding and

aid agencies including the National Science Foundation, National Institutes of Health, the Organization of American States, the World Bank, the Inter-American Development, USAID and other European and Australian agencies for international development.

presentations from members of the global research and education community on approaches for expanding network access to resource limited settings and working with agencies

Notes from workshop roles of agencies

• Expect “return on investment” – self-sustainability– opportunities generated – capabilities and tools – training – project learning plans– road maps

• they want to work with our community and we want to work with them

–Sharing experiences– solutions not just talk

Internet as a leveling mechanism there are very compelling illustrations from the global NREN community that show that we can work together

Next steps

working group – yes• defining scope [charter?] of the group

– Action: proceedings; mailing list and chair(s)– Action: continue dialogue/bridge with World Bank and all agencies

represented here– Action: catalog possible projects and who may be able to lead/manage

on behalf of group

clearinghouse of info and regular communications – • Best practices and lessons learned • Case studies that help drive approaches• Issues (poverty, education)• Pricing and policy • What are the needs? We need to have the needs expressed by the

ones that have the needs

Cont.

working together to further articulate the role of

NRENs (targeted to government and policy makers)–Value of NRENs and what they bring to the table – value

that enables not just scientific and technological improvements but broader social and economical impact

– ‘ROI’ – targeted to Ministers of Finance

Building Capacity• Networks are an enabler• PEOPLE!• Projects that strategically benefit economies, health,

environment

http://international.internet2.edu/intl_connect/agenda.html

April 10, 2023

Network Security, Middleware and Trust Federations

Supported by Indiana University and through relationship with EDUCAUSE and Internet2.

The REN-ISAC is an integral part of the higher-ed strategy to improve network security by providing timely warning and response to cyber threat and vulnerabilities, improving awareness, and improving communications.

Supports efforts to protect national cyber infrastructure by participating in the formal U.S. ISAC infrastructure.

Receives, analyzes, and disseminates network security operational, threat, warning, and attack information within higher education.

Information is gathered from instrumentation, constituents, network engineers, DHS, other sector ISACs, other network security organizations, and vendors.

24 x 7 Watch Desk, ren-isac@iu.edu, +1 (317) 278-6630 http://www.ren-isac.net http://www.terena.nl/tech/task-forces/tf-csirt/meeting11/RENISAC-

Pearson.pdf

REN-ISACInformation is derived from:

Network instrumentation• Abilene NetFlow data• Abilene router ACL counters• Arbor PeakFlow analysis of NetFlow data• Abilene NOC operational monitoring systems

Constituents – related to incidents on local networks

Network engineers – related to national R&E backbones

REN-ISACInformation is derived from:

DHS sources include• IAIP Daily Open Source Report

–http://www.nipc.gov/dailyreports/dailyindex.htm

• Advisories• Regular conference calls

Other sectors ISACs

Other network security organizations

Vendors

Current and Planned Activities

Relationships and outreach to complimentary organizations and efforts

REN-ISAC RegistryWatch Desk, 24 x 7Regular information sharing with DHS, ISACs, othersAbilene NetFlow analysisAbilene router ACL statisticsArbor PeakFlow analysisPer-host threat reports to member institutionsPolicy and privacy statements and agreements

International Coordination

TF-CSIRT• Doug Pearson made presentation on REN-ISAC in January 2004

GEANT• Revisit network security coordination week after next at meeting in Cambridge

• Coordinate with GN2 security activities

Middleware and security

Internet2 Middleware Initiative launched 1999

• Focus on enterprise/campus• Focus on core middleware (that supports upperware e.g. grid middleware)

• Focus on inter-institutional authentication and authorization; supporting collaboration, access to digital resources, virtual organizations

–eduPerson attributes–Shibboleth authentication transport software–National Trust Federation (InCommon) initially built on

institutions using Shibboleth

Shibboleth Status

http://shibboleth.internet2.edu/Open source, privacy preserving federating software

Being very widely deployed in US and international universities

• SWITCH (Switzerland has adopted)• JISC (UK) is adopting; funding development of

complementary pieces

Growing development activities in several countries, providing resource manager tools, digital rights management, listprocs, etc.

InCommon federation

Federation operations – Internet2

Federating software – Shibboleth 1.1 and above

Federation data schema - eduPerson200210 or later and eduOrg200210 or later

Became operational April 5, with several early entrants to help shape the policy issues.

Precursor federation, InQueue, has been in operation for about six months and will feed into InCommon

http://incommon.internet2.edu

International federation peering

Shibboleth-based federations being established in the UK, Netherlands, Finland, Switzerland, Australia, Spain, and others

International peering meeting slated for October 14-15 in Upper Slaughter, England

Issues include agreeing on policy framework, comparing policies, correlating app usage to trust level, aligning privacy needs, working with multinational service providers, scaling the WAYF function

Security at Line Speed (SALSA)

Ken Klingenstein heading both middleware and security efforts

NSF-funded workshop: Security at Line Speed

• http://apps.internet2.edu/sals/

Network authentication, authorization• SALSA net-auth working group

–Leverage Middleware work: Shibboleth, InCommon, international peering

• Relationship to mobility work of TERENA, GN2

Abilene and HOPI national infrastructures

Abilene and NLR Fiber Footprints

Hybrid Optical Packet Infrastructure (HOPI)

Since last CCIRN:• HOPI Design team formed• White Paper released: http://hopi.internet2.edu• Comments sought!

Moving forward with initial 3 node deployment September 2004

• Dependent on NLR buildout