ESnet On-demand Secure Circuits and Advance Reservation System (OSCARS)

1. ESnet On-demand Secure Circuits and Advance Reservation System (OSCARS) Chin Guok Network Engineering Group Energy Sciences Network Lawrence Berkeley National Laboratory Thomas Ndousse Visit February 6 2008 Networking for the Future of Science

2. Outline • OSCARS Status • OSCARS Related Research Areas • Extending OSCARS to Layer 1 • Topology Exchange and Updates • Path Computation and Scheduling • Authentication and Authorization • Ease of Use for End-User • Monitoring and Troubleshooting

3. OSCARS Status Update • ESnet Centric Deployment • Prototype layer 3 (IP) guaranteed bandwidth virtual circuit service deployed in ESnet (1Q05) • Prototype layer 2 (Ethernet VLAN) virtual circuit service deployed in ESnet (3Q07) • Inter-Domain Collaborative Efforts • Terapaths • Inter-domain interoperability for layer 3 virtual circuits demonstrated (3Q06) • Inter-domain interoperability for layer 2 virtual circuits demonstrated at SC07 (4Q07) • LambdaStation • Inter-domain interoperability for layer 2 virtual circuits demonstrated at SC07 (4Q07) • HOPI/DRAGON • Inter-domain exchange of control messages demonstrated (1Q07) • Integration of OSCARS and DRAGON has been successful (1Q07) • DICE • First draft of topology exchange schema has been formalized (in collaboration with NMWG) (2Q07), interoperability test demonstrated 3Q07 • Initial implementation of reservation and signaling messages demonstrated at SC07 (4Q07) • UVA • Integration of Token based authorization in OSCARS under testing • Nortel • Topology exchange demonstrated successfully 3Q07 • Inter-domain interoperability for layer 2 virtual circuits demonstrated at SC07 (4Q07)

4. OSCARS Related Research Areas • Extending OSCARS to Layer 1 • Topology Exchange and Updates • Path Computation and Scheduling • Authentication and Authorization • Ease of Use for End Users • Monitoring and Troubleshooting

5. Extending OSCARS to Layer 1 • Current Implementation / Issues • OSCARS supports both Layer 2 and Layer 3 virtual circuits from the user’s point of view • Internally within ESnet both circuits “types” are carried as MPLS LSPs • Research Directions • Implementing a Layer 1 testbed to extend OSCARS into the optical layer • Develop mechanisms to seamless integrate MPLS (Layer 2.5) with GMPLS (Layer 1) • Collaborators: Internet2 DCN, DRAGON, Hybrid Multi-Layer Network Control (Hybrid-MLN) project

6. Topology Exchange and Updates • Current Implementation / Issues • Topology information stored and exchanged is based on static configuration, time dimension is not integrated • Exchange protocol between Inter-Domain Controllers (IDCs) is reasonably heavy weight, and not designed for dynamic topology updates • Each IDC has global topology (n2 topology exchange) • Research Directions • Design network topology “listener” (e.g. OSPF-TE neighbor instance) to track real-time topology changes, and integrate Network Management System (NMS) and outage calendar into topology updates • Design topology exchange protocol for more dynamic updates and global scalability between IDCs • Collaborators: DICE Control Plane Group, NMWG, GLIF, Hybrid-MLN project

7. Path Computation and Scheduling • Current Implementation / Issues • Reserving bandwidth in the future is difficult, especially when topology is non-static (i.e. line upgrades, unscheduled outages), optimizing bandwidth scheduling is extremely difficult (i.e. original computed path may be invalid and require recalculation) when time dimension is added • Current implementation requires initiating IDC to compute end-to-end path based on static global topology, this may result in multiple tries before entire end-to-end has availability • Research Directions • Research in “Augmented” path computation (i.e. static topology augmented with time dependencies, AUPs, domain specific contraints) • Research sequential partial path computation (e.g. per domain vis-à-vis IP BGP routing) • Determine best fit options to reduce multiple resource scheduling tries • Collaborators: Dice Control Plane Group, GLIF, Hybrid-MLN project

8. Authentication and Authorization • Current Implementation / Issues • Current implementation uses X.509 certificates for authentication across IDCs (requiring acceptance of trusted chain), authentication mechanisms are distinct to each IDC • Using signed SOAP messages over SSL for messaging is costly (especially in the signaling phase) • Research Directions • Research alternative authentication and authentication methods (e.g. Shibboleth, VOMS) • Consider using tokens for signaling phase, and pushing token validation out to network edge devices • Collaborators: DICE Control Plane Group, GN2 JRA5, Universiteit van Amsterdam

9. Ease of Use for End-User • Current Implementation / Issues • Current use requires end user to determine reservation parameters (i.e. source, destination, bandwidth, duration of use, etc) • Use of ESnet SDN is based on user’s perception of what would be appropriate to provision a virtual circuit for • Research Directions • Investigate how to make use of this service in a manner that is transparent to the user, either by • Putting the intelligence in the user’s application (e.g. middleware), or • Designing the intelligence in the network (e.g. proxy) • Collaborators: Internet2, DRAGON, Phoebus

10. Monitoring and Troubleshooting • Current Implementation / Issues • This is the single largest deficit in deploying OSCARS as a production service in ESnet • Research Directions • Closer coupling between ESnet NMS and OSCARS • Develop tools to monitor condition of local circuits • Leverage perfSONAR to monitor end-to-end and local circuit status, utilization, etc • Collaborators: DICE Control Plane Group, perfSONAR