Embed Size (px)
Citation preview
Implementation of the FELIX SDN Experimental Facility
EWSDN Workshop, Bilbao, Spain
September 30, 2015
U. Toseef, C. Fernandez, C. Bermudo, G. Carrozzo, R. Monno, B. Belter, K. Dombek,
L. Ogrodowczyk, T. Kudoh, A. Takefusa, J. Haga, T. Ikeda, J. Tanaka, K. Pentikousis
Gino Carrozzo, Nextworks
Outline
• FELIX Architecture Overview
• FELIX Architecture Insight
– Resource Orchestrators
– Resource Managers
– Monitoring System
– Authentication & Authorisation
– User Access
• FELIX Use-cases
• Summary
Introduction – FELIX rationale
• Testing innovative solutions for network control calls for experimentation using large-scale testbeds – Need to emulate near real-world testing conditions and allow for wide
technical and industrial impact
• Network programmability via Software Defined Networking (SDN) and dynamic on-demand network service provisioning are key ingredients
• Experimental research infrastructures are a reality for this thanks to efforts in Europe, Asia, and the Americas
• FELIX is part of this research experimentation infrastructure line of work – Future Internet Research Experimentation (FIRE) framework in EU – special focus on using SDN and Bandwidth on Demand (based on the
Network Service Interface – NSI) for dynamic transit network connectivity
FELIX essentials
FELIX Federated Framework
• Federation of SDN test-beds in Europe and Japan
• Technology-agnostic architecture allowing for federation of Future Internet facilities
– Autonomos coordination of resources at different hierarchical levels
– On-demand connectivity between geographically dispersed domains using the Network Software Interface (NSI) standard
FELIX Management Stack (FMS)
• Open Source implementation of the FELIX Federated Framework
FELIX test-bed
• Distributed experimentation test-bed • FMS manages infrastructure slices over IT servers, switches and data links inter-islands
FELIX experiments
• Realization of federation use-cases • 6 use cases defined in the project to validate Federation Framework and FMS software
Architecture Overview
• FELIX Space to provide users
with slices for their own use • Users request slices to an RO
– RO: Resource Orchestrator – RM: Resource Manager – PHY RES: physical
resources (testbed)
• User Space to run any tools and applications that a user wants to deploy to control a slice or execute particular operations
Request configuration of slice(s)
Users
Manage slice
Control slice
Architecture Overview (2)
RO: Resource Orchestrator MS: Monitoring System RM: Resource Manager
CRM: Computing RM TNRM: Transit Network RM SERM: Stitching Entity RM
SDNRM: SDN RM AAA: Authentication, Authorisation & Accounting
Architecture Insight > Resource Orchestrator (RO)
• Design follows GENI Slice-Based Federation Architecture (SFA)
• Implementation partially based on eiSoil framework for Aggregate Managers
(https://github.com/EICT/eiSoil )
– Agnostic communication to most FELIX components (peers): ROs and any RM
• Can be deployed in hierarchies for multi-region & scalability
– E.g. Domain1=facility Domain2=country Domain3=continent
• ROs in the upper layer Master ROs (e.g. EU-MRO, JP-MRO)
• Introduces a level to perform common operations on managed ROs or RMs (e.g. policies)
• Aggregates information on physical resources provided by facilities
– Periodic sync of resources provided by managed FELIX peers: ROs, RMs
• Track resources per slice
– Provides FELIX Monitoring System with access to gather metrics of user’s resources
• Simple support for new managed Resource Managers
RO > Schema
• Northbound API (to client) – GENIv3
• Supported tools for experimenters: OMNI, jFed
• Southbound API (to peer): GENIv3, (others?)
https://github.com/dana-i2cat/felix/wiki/RO_configuration
Resource Managers > Computing RM
• Allows creating and managing Virtual Machines on top of XEN and KVM hypervisors
(XEN-CRM, KVM-CRM)
• Design follows SFA/GENI
– Implementation extends VTAM by FP7-OFELIA project
• Standard APIs from experimental communities
– SFA/GENIv2 and GENIv3 APIs and RSpecs v3 for experimenters
– Compatible with OMNI and jFed (by Fed4FIRE federation project)
• Allows allocating (reservation), provisioning (generation), (re)starting and deleting VMs on
different physical servers
• GUI-based administration of VMs and some networking parameters
• Automated procedures and improved access
– Multiple user log-in through public SSH keys (allows live insertion of new keys)
– Automatic clean-up of VM-related resources after expiration
CRM > Schema
• Northbound API (to client) – GENIv3, Expedient/OFELIA
• Supported tools for experimenters: OMNI, jFed
https://github.com/dana-i2cat/felix/wiki/XEN_CRM_configuration
https://github.com/dana-i2cat/felix/wiki/XKVM_CRM_configuration
Resource Managers > Software-Defined Networking RM
• Grants experimenters a portion (~flowspace) of shared SDN-enabled networking devices
• Design follows SFA/GENI approaches
– Implementation extends OFAM by FP7-OFELIA project
• Standard APIs from experimental communities (again SFA/GENIv2, GENIv3 APIs and
Rspecs v3)
• Compatible with OMNI and jFed
• Allows allocating (reservation), provisioning (generation), enable/disable and delete rules
in SDN-enabled networking devices
• Supports (at least) FlowVisor 0.8.7 and 1.4.0-1 (>= OpenFlow 1.0)
• Alternative to FOAM
– GUI-based administration for manual approval
– Automatic re-approval/re-enable can be defined
• Automated procedures and improved access
– Automatic clean-up of FlowSpaces (and rules) after expiration
SDNRM > Schema
• Northbound API (to client) – GENIv3, Expedient/OFELIA
• Supported tools for experimenters: OMNI, jFed
https://github.com/dana-i2cat/felix/wiki/SDNRM_configuration
Resource Managers > Transit Network RM
• Implement mechanisms for network connectivity between domains – Allocation (reservation), provisioning (generation), (re)creation, deletion of inter-
domain links between Service Termination Points of remote networks – Proxy between RO and NSI agent to set up connectivity between different domains
• Transit network technology agnostic (e.g. NSI, GRE, etc.) – OGF Network Services Interface – Connection Service (NSI-CS) as primary/default
southbound interface choice • Standard APIs from experimental communities (again SFA/GENIv2, GENIv3 APIs and
Rspecs v3)
• Northbound API (to client) – GENIv3, Expedient/OFELIA
• Southbound API (to NSI peers) – NSI Connection Service 2.0 providers/aggregators
Resource Managers > Stitching Element RM
• Solves low level data plane issues when interconnecting SDN domains with other kinds of
Transport Networks
– SDN domain and Transport Network interconnected by a data plane proxy device
(“stitching entity”)
– Switching SDN traffic to/from VLAN-based services of Transport Networks
• Fully dynamic services: GLIF NSI, GÈANT BoD AutoBAHN
• Static services (created by mgmt procedures): GÈANT Plus Layer2, GÈANT MPVPN
– Switching SDN traffic to/from tunnels:
• GRE (in progress)
• Low level data plane issues addressed
– Taking into account limitations of VLANs availability at Transport Network domain boundary
– Both SDN domain and many Transport Networks connected to stitching device by one or
more ports
– Managing mappings between Transport Network VLANs and SDN domain VLANs
– Managing mappings between ingress (TN) and egress ports (SDN)
SERM > Schema
Northbound API (to client) –
GENIv3, Expedient/OFELIA
Southbound API (towards
stitching entity)
– RPC interface of
OpenFlow POX
Controller
– HTTP/REST interface of
OpenFlow Ryu
Controller
https://github.com/dana-i2cat/felix/wiki/SERM_configuration
Certificate-based AAA for SDN experimental facilities (C-BAS)
• Realizes a Certificate-Based ClearingHouse • Serves as a trust anchor • Implementation is based on eiSoil • Implements various services through plug-ins
– Service Registry (SR)
• Maintains a list of registered services like MA, SA etc. – Member Authority (MA)
• Manages and asserts attributes about particular members • Maintains a set of members, SSH & SSL keys and certificates
– Slice Authority (SA)
• Creates new slices, updating existing slice, maintains list of slices • Generates and offer slice credentials
– Project Service (PS)
• Maintains list of projects • Asserts the existence of projects and the roles of members
– Logging Service (LS)
• Stores transaction details for accountability
C-BAS > Schema
Slice Authority, Project Authority
Member Authority
Service Registry
User Registration service
Service Access
Interface
Database interface
Plug-in Container
www.eict.de/c-bas
User Access
• A number of user-agent tools can be used to obtain different support:
– Request and manage resources (experimenters)
– Manage resources and environment (administrators / island managers)
– Test behaviour of RMs (developers / island managers)
FEATURE jFed OMNI client Expedient
Experimenter scope Manage resources
through GENIv3
Manage resources
through GENIv3 and
SFA/GENIv2
Check physical
topology, constructed
slice and metrics from
resources
Experimenter access GUI, RSpec RSpec GUI
Manage experiments
through GENIv3 Every RM, RO Every RM, RO -
Administrator
management and
developer testing
Automated API testing
tool -
Check logs of XEN-CRM,
SDNRM; remove VMs of
XEN-CRM
http://jfed.iminds.be
https://trac.gpolab.bbn.com/gcf/wiki/Omni
https://github.com/dana-i2cat/felix/wiki/GUI_configuration
FELIX Experimental Facility
Source: www.ict-felix.eu
FELIX Use case: High Quality Media Transmission
• Goal – examine long distance network capabilities for high quality media streaming
• Two studies performed – examining long distance network capabilities and evaluating user experience
(QoE) – examining a new intelligent network application to control high quality media
streaming • Results from experiments
– estimation of network capacity needed for transmission of the high quality media (boundaries based on user QoE)
– real time monitoring system of media traffic to observe possible stream degradations due to traffic congestion on the paths
– smart network application for automatic network reconfiguration and adjustments during the degradation of parameters
High Quality Media Transmission implementation
FELIX Infrastructure components
• SDN resources – OpenFlow switches in 8 Islands (EU and Japan)
• UltraGridv3 software for media streaming/ decoding/visualization
• Rate-limiter for capacity configuration over the links
• Monitoring system gathering information about media and network conditions
• Ryu SDN Controller for OpenFlow path configuration over the network
• HQmon - SDN application for path reconfiguration based on the monitoring parameters (FPSs, movie frame losses)
• Experiment GUI for setting up the experiment conditions and visualizing of its current state
>> Visit our demo space
Islands inteconnection, an inter-continental headache
• Backbone VLAN interconnections for FELIX project
Other use cases in progress
Data Pre-processing on Demand
Data Mobility Service by SDN
Technologies (Inter-Cloud)
Disaster recovery by migrating IaaS
to a remote DC Follow-the-sun / follow-the-moon
principles
Summary
• FELIX facilitates the federation and integration of different network and computing resources controlled via SDN and Network Service Interface Connection Service (NSI-CS) in a multi-domain heterogeneous environment spanning Europe and Japan
• FELIX designed and implemented a generalized control framework where users can request, monitor and manage a slice provisioned over distributed and distant SDN experimental facilities
• FELIX framework uses a combination of recursive and policy-based hierarchical configurations for orchestration, request delegation and inter-domain dependency management
• FELIX orchestration and resource management open-source software is currently deployed in a number of interconnected SDN island across Europe and Japan
• We’re now running experimental validation in our federated heterogeneous testbed using
selected use cases
• Our goal is to deliver architecture design, FELIX Management Stack software and lessons learnt on use cases
– Access to our infrastructure by external experimenters under discussion/development
Thank you Questions?
Poznan Supercomputing
and Networking Center
Poland
Nextworks
Italy
European Center for Information and Communication Technologies Gmbh
Germany
Fundacio Privada i2CAT,
Internet I Innovacio Digital
A Catalunya
Spain
SURFnet bv
Netherlands
KDDI
Japan
National Institute
of Advanced Industrial Science
and Technology
Japan
iMinds VZW
Belgium
PARTNERS
