310 likes | 315 Views
E2E.piPEs is a collaborative project aimed at improving end-to-end performance capabilities and resolving network problems. It enables users and network operators to determine performance capabilities, locate issues, and contact the right person for resolution. The project also allows remote initiation of partial path performance tests and makes the data publicly available.
E N D
Internet2: CCIRN reports 3 July 2004
Internet2 E2E piPEs • Project: End-to-End Performance Initiative Performance Environment System (E2E piPEs) • Approach: Collaborative project combining the best work of many organizations, including DANTE/GEANT, Daresbury, EGEE, GGF NMWG, NLANR/DAST, UCL, Georgia Tech, etc. • NSF-sponsored workshop: http://e2epi.internet2.edu/WK03/index.html
piPEs • Enable end-users & network operators to: • determine E2E performance capabilities • locate E2E problems • contact the right person to get an E2E problem resolved. • Enable remote initiation of partial path performance tests • Make partial path performance data publicly available • Interoperable with other performance measurement frameworks
Project Phases • Phase 1: Tool Beacons • BWCTL (Complete), http://e2epi.internet2.edu/bwctl • OWAMP (Complete), http://e2epi.internet2.edu/owamp • NDT (Complete), http://e2epi.internet2.edu/ndt • Phase 2: Measurement Domain Support • General Measurement Infrastructure (Prototype) • Abilene Measurement Infrastructure Deployment (Complete), http://abilene.internet2.edu/observatory • Phase 3: Federation Support • AA (Prototype – optional AES key, policy file, limits file) • Discovery (Measurement Nodes, Databases) (Prototype – nearest NDT server, web page) • Test Request/Response Schema Support (Prototype – GGF NMWG Schema)
American / European Collaboration Goals • Awareness of ongoing Measurement Framework Efforts / Sharing of Ideas (Good / Not Sufficient) • Interoperable Measurement Frameworks (Minimum) • Common means of data extraction • Partial path analysis possible along transatlantic paths • Open Source Shared Development (Possibility, In Whole or In Part) • End-to-end partial path analysis for transatlantic research communities • VLBI: Haystack, Mass. Onsala, Sweden • HENP: Caltech, Calif. CERN, Switzerland
Other ongoing collaborations • US networks: under aegis of JET • Abilene – ESnet deployment already • Coordination/deployments for key user communities • APAN deployment • Tokyo, Fukuoka, Korea(?) • Focus bwctl (scheduled tests) • GGF NMWG • Eric Boyd co-chair • Work on creating and revising schemata for test requests and responses • Beginning work on a “model” policy for authorization roles that can be used as a starting point for campuses/domains
Extending the research of R&E networking Report on the April Workshop
Background • Since Fall 2001, small BoF has met at Internet2 member meetings • Focus on sharing information about needs, activities regarding places not well connected to R&E networks • Geographical: e.g. mountains of Chile, island territories of France • Market/Economic: sub-Saharan Africa • Technical: ocean floors, field researchers • Fall 2003, proposal to host workshop focusing on development agencies and funding resources • Held post Internet2 Spring Member Meeting, Arlington, VA
Synergies between NRENs and aid and funding agencies • Science, funding and aid agencies: • and you are? No or very little knowledge about NRENs and what it is that NRENs do or about programs • duplication, costs, lack of coordination • expressed interest in exploring actions or activities the group might undertake beyond simple information sharing on an ad hoc basis. • Global research and education networking community and key science, funding and aid agencies: How can get to know each other (and know about what we do) • Overviews of agencies information and communication technology ICT programmatic areas and related programs • The need for the global research and education community to also do outreach on what it is that what we do, what our members do and that illustrate real proof of concept instantiations, • show that there are things we could do together
Workshop Goals • get to know a bit about each other • to have a a forum to explore ways in which we may work together to address the challenges in extending the reach of Internet infrastructure and networks in support of research, education and knowledge sharing • what do you see as the gap areas – the needs? Before and after the workshop
Steering Committee –many thanks! • Les Cottrell (SLAC) • Curtis White (Allied Communications) • Bob Dixon (Ohio State) • Heather Boyles (Internet2) • Peter Highnam (NIH) • Lori Perine (NSF) • Micah Beck (UT) • Mary Kratz (Internet2) • Steven Huter (NSRC, Univ. Oregon) • Art St George (Univ. New Mexico) • Dany Vandromme (RENATER) • George McLaughlin (AARNet) • Jim Williams (Indiana Univ) • sharon Moskwiak (Internet2) • Anil Srivastava, AcrossWorld • Ana Preston (Internet2)
Expanding the reach of advanced networking Highlights: • 80+ participants • a keynote speech by Mohamed Muhsin, Vice-President and CIO of the World Bank • presentations on programs from several science, funding and aid agencies including the National Science Foundation, National Institutes of Health, the Organization of American States, the World Bank, the Inter-American Development, USAID and other European and Australian agencies for international development. • presentations from members of the global research and education community on approaches for expanding network access to resource limited settings and working with agencies
Notes from workshop • roles of agencies • Expect “return on investment” • self-sustainability • opportunities generated – capabilities and tools • training – project learning plans • road maps • they want to work with our community and we want to work with them • Sharing experiences • solutions not just talk • Internet as a leveling mechanism • there are very compelling illustrations from the global NREN community that show that we can work together
Next steps • working group – yes • defining scope [charter?] of the group • Action: proceedings; mailing list and chair(s) • Action: continue dialogue/bridge with World Bank and all agencies represented here • Action: catalog possible projects and who may be able to lead/manage on behalf of group • clearinghouse of info and regular communications – • Best practices and lessons learned • Case studies that help drive approaches • Issues (poverty, education) • Pricing and policy • What are the needs? We need to have the needs expressed by the ones that have the needs
Cont. • working together to further articulate the role of NRENs (targeted to government and policy makers) • Value of NRENs and what they bring to the table – value that enables not just scientific and technological improvements but broader social and economical impact • ‘ROI’ – targeted to Ministers of Finance • Building Capacity • Networks are an enabler • PEOPLE! • Projects that strategically benefit economies, health, environment
Supported by Indiana University and through relationship with EDUCAUSE and Internet2. • The REN-ISAC is an integral part of the higher-ed strategy to improve network security by providing timely warning and response to cyber threat and vulnerabilities, improving awareness, and improving communications. • Supports efforts to protect national cyber infrastructure by participating in the formal U.S. ISAC infrastructure. • Receives, analyzes, and disseminates network security operational, threat, warning, and attack information within higher education. • Information is gathered from instrumentation, constituents, network engineers, DHS, other sector ISACs, other network security organizations, and vendors. • 24 x 7 Watch Desk, ren-isac@iu.edu, +1 (317) 278-6630 • http://www.ren-isac.net • http://www.terena.nl/tech/task-forces/tf-csirt/meeting11/RENISAC-Pearson.pdf
REN-ISACInformation is derived from: • Network instrumentation • Abilene NetFlow data • Abilene router ACL counters • Arbor PeakFlow analysis of NetFlow data • Abilene NOC operational monitoring systems • Constituents – related to incidents on local networks • Network engineers – related to national R&E backbones
REN-ISACInformation is derived from: • DHS sources include • IAIP Daily Open Source Report • http://www.nipc.gov/dailyreports/dailyindex.htm • Advisories • Regular conference calls • Other sectors ISACs • Other network security organizations • Vendors
Current and Planned Activities • Relationships and outreach to complimentary organizations and efforts • REN-ISAC Registry • Watch Desk, 24 x 7 • Regular information sharing with DHS, ISACs, others • Abilene NetFlow analysis • Abilene router ACL statistics • Arbor PeakFlow analysis • Per-host threat reports to member institutions • Policy and privacy statements and agreements
International Coordination • TF-CSIRT • Doug Pearson made presentation on REN-ISAC in January 2004 • GEANT • Revisit network security coordination week after next at meeting in Cambridge • Coordinate with GN2 security activities
Middleware and security • Internet2 Middleware Initiative launched 1999 • Focus on enterprise/campus • Focus on core middleware (that supports upperware e.g. grid middleware) • Focus on inter-institutional authentication and authorization; supporting collaboration, access to digital resources, virtual organizations • eduPerson attributes • Shibboleth authentication transport software • National Trust Federation (InCommon) initially built on institutions using Shibboleth
Shibboleth Status • http://shibboleth.internet2.edu/ • Open source, privacy preserving federating software • Being very widely deployed in US and international universities • SWITCH (Switzerland has adopted) • JISC (UK) is adopting; funding development of complementary pieces • Growing development activities in several countries, providing resource manager tools, digital rights management, listprocs, etc.
InCommon federation • Federation operations – Internet2 • Federating software – Shibboleth 1.1 and above • Federation data schema - eduPerson200210 or later and eduOrg200210 or later • Became operational April 5, with several early entrants to help shape the policy issues. • Precursor federation, InQueue, has been in operation for about six months and will feed into InCommon • http://incommon.internet2.edu
International federation peering • Shibboleth-based federations being established in the UK, Netherlands, Finland, Switzerland, Australia, Spain, and others • International peering meeting slated for October 14-15 in Upper Slaughter, England • Issues include agreeing on policy framework, comparing policies, correlating app usage to trust level, aligning privacy needs, working with multinational service providers, scaling the WAYF function
Security at Line Speed (SALSA) • Ken Klingenstein heading both middleware and security efforts • NSF-funded workshop: Security at Line Speed • http://apps.internet2.edu/sals/ • Network authentication, authorization • SALSA net-auth working group • Leverage Middleware work: Shibboleth, InCommon, international peering • Relationship to mobility work of TERENA, GN2
Abilene and HOPI national infrastructures Abilene and NLR Fiber Footprints
Hybrid Optical Packet Infrastructure (HOPI) • Since last CCIRN: • HOPI Design team formed • White Paper released: http://hopi.internet2.edu • Comments sought! • Moving forward with initial 3 node deployment September 2004 • Dependent on NLR buildout