DataTAG is a project funded by the European Commission under contract IST-2001-32459 GNEW2004 – 15-16/03/2004

Tiziana FerrariINFN - CNAF

INFN Experience with Layer-2 Services across GÉANT and the DataTAG Testbed

March 15, 2004

2GNEW2004, 15-16 March 2004

Talk Outline

n L2 VPNs and the Grid: n use cases and advantages

n MPLS L2 VPNs and additional featuresn MPLS L2 VPNs and DataTAG

n The Path resourcesn Advance Reservation architecturen Features and implementation

n Conclusions, requirements and future work

3GNEW2004, 15-16 March 2004

L2 Virtual Private Networks and the Grid

n L2 VPN: connectivity between geographically dispersed customer sites across MAN or WAN networks as if they were connected using a LAN

n Grid use cases:1. MPLS-based VPNs: a firewall bypass2. Overlay network set-up: simplicity and flexibility3. new Grid job scheduling and data replica

management models

4GNEW2004, 15-16 March 2004

Grid job scheduling and data replica management with L2 VPNs

n Today: Computing Elements (CEs) are selected from the site where one ore more SEs hold a copy of the input file which is accessed by the job to be scheduled

n L2 VPN: by configuring VPNs which include compute and storage resources from several different data tier levels, CEs can be considered “virtually” local to SEs which are remote from a network point of view

5GNEW2004, 15-16 March 2004

Grid job scheduling and data replica management with L2 VPNs

(cont)

n Advantages:n Jobs can execute on a CE even when a file replica

is not locally available -> Richer set of candidate CEs that can run the job

n Traffic load at potential Grid bottlenecks can be reduced

n Different data replica management policies are possible depending on the Grid application in mind:n Total/partial data set replication vs No replication

6GNEW2004, 15-16 March 2004

MPLS-based L2 VPNsn Ethernet/VLAN traffic is carried by MPLS over the service

provide network (PE and P routers) and then converted back to L2 format at the rx site

n Security and privacy: policies i the CE routers keep rotes that belong to different VPNs separated

n CE: it selects the output circuit to which specific L2 traffic has to be sent according to:n The VLAN ID present in the 802.1Q frame header (VLAN L2 VPN)n The input interface form which the frame wa eceived (Ethernet L2

VPN)

n On-demand set-up: CEs can be forced to belong to different L2 VLANs according to the Virtual Organization (VO) they are allocated to at a given time

7GNEW2004, 15-16 March 2004

Example

SE1,1

SE1,2

CE1,1

CE1,2

CE1,3

SE2,1

SE2,2

CE2,1

CE2,2

SE3,1

SE3,2

CE3,1

CE3,2

SE3,3

SE3,4

Grid Domain 1

Grid Domain 3

Grid Domain 2

CE3,3

CE3,4

8GNEW2004, 15-16 March 2004

Why MPLS?n A given host can belong to one or more VPNs at a

time if native VLAN tagging is enabledn The LSP primary/secondary path can apply non-

standard routing policiesn A given diffserv packet forwarding treatment can be

assigned to the LSPs associated to a given VPN (MPLS EXP field set by the LSP head-end router):n Grid ftp between SEs: if based on enhanced TCP stacks, it can

be handled through the Scavenger/Less Than Best Effortservice (fairness)

n CEs/SEs used for remote visualization with real-time requirements could apply to the IP Premium service

n Performance guarantees to individual VOs

9GNEW2004, 15-16 March 2004

L2 VPNs and DataTAG

C7609T320 T320

stm64

C7606M10 M10

3com

VLAN1, IP Premium

VLAN2 LBE/Scavenger

Adv Res&Resource Mgr/Grid Information Service

10GNEW2004, 15-16 March 2004

MPLS-based VPN advance reservation: the Path

n A possible abstraction of the Network Resourcen GGF Grid High-Performance Networking RGn Dynamic vs static (-> Grid Information Service)n PATH = concatenation of Path Elementsn Path Element:

n Across a single domain or a chain of contiguous domains with same control plane

n Types: optical, MPLS, Diffserv Virtual Leased Line, ...n Static path attributes:

n requested for resource matchmakingn Info about capabilities supported (eg. MPLS signalling)n Authentication/authorization: eg. AAA, Globus Gatekeeper,

etcn Path performance measured by the Grid network

monitoring service (GHPN)

11GNEW2004, 15-16 March 2004

Advance Reservation Architecture

Qos Path request/

reply

WS + Service Discovery

GridAuthentication VOMS

GARAAgent

Path provision indicationsQoSNetworks

BGP Topology advertisements +Reservation indications

BB

USER

Role Request +Reply Pseudo Cert

Advance Reservationrequest / reply

AuthDB

AAA

PolicyDB

Resourcemanagers

Slottable

EDG User Interface/Gara:. Reservation parsing (JDL). Matchmaking. Reservation identification. GARA APIs, Gatekeeper, Resource manager, LRAM, Resource specific manager

EDGUser Int

12GNEW2004, 15-16 March 2004

MPLS-based L2 VPN management: features

n MPLS LSP: n unidirectionaln based on a Diffserv path statically provisioned (IP

Premium)n Connects the two CE routers of the two leaf

domainsn Shared by authorized users/applications

generating traffic from the source domainn diffserv paths that support MPLS capabilities

(across MPLS-capable transit domains) are indicated by the information system

13GNEW2004, 15-16 March 2004

MPLS-based L2 VPN management: implementation

n Two given CE routers of two different leaf domains are connected by a single diffserv path of a given type (IP Premium, lbe etc)

n Each mpls/diffserv path is statically associated to a given pre-defined VLAN number

n VLAN tagging pre-configured statically on end-systems

n Router configuration:n Diffserv: marking and policing (IP Premium only) at the

ingress routern MPLS L2 VPN: VLAN tagging and encapsulation, LSPs with

QoS and CCC Connections (Juniper) on the LSP head-end router

n Topology and routing: very difficult to mange dynamically!

14GNEW2004, 15-16 March 2004

Router configurationn MPLS L2 VPN Manager:

n Perl application using Junoscript libraries (prototype for Juniper routers)n Configuration script parsingn possible operating system/configuration scripts

mismatchesn configuration errors (rollback)n Configuration add/modify/deleten Configuration locking

15GNEW2004, 15-16 March 2004

Conclusions & requirementsn Results:

n Optimal TCP performance on MPLS L2 VPNs between StarLight and CERN – 1 Gbps

n MPLS EXP field marking and classification: ok (Juniper)

n Diffserv scheduling: ok

n Requirements:n On-demand set-up of e2e MPLS LSPs (no

stitching)n Handling of MPLS EXP field for QoS

16GNEW2004, 15-16 March 2004

Future workn Applicability of L1/L3 VPNs to Gridsn VPLS (Virtual Private LAN Services) for multipoint vs

p2p ethernet services (MPLS packets from CE routers are broadcast to PEs, i.e. the ISP network is traversed in a p2mp fashion

n Enhancement of the advance reservation systemn Multiple vendorsn Interdomain scenarion Co-allocation, storage adv resn Software rewriting (OGSA compliance)

n Formal definition of Grid VPN Servicen Type of Grid Connectivity servicen GHPN