Tera Paths Tera Paths Establishing EndtoEnd Qo S
Tera. Paths: Tera. Paths Establishing End-to-End Qo. S Paths through L 2 and L 3 WAN Connections Presented by Dimitrios Katramatos, BNL
Outline T The Tera. Paths project q Motivation q Concept and implementation q View of the world (network) T Interoperating with WAN services T L 2 vs. L 3 T What is required from the site LAN? T Status/future 2
Motivation T The problem: support efficient/reliable/predictable peta-scale data movement in modern high-speed networks q Capacity is not limitless q Multiple data flows with varying priority q Default “best effort” network behavior can cause performance and service disruption problems T Solution: enhance network functionality with Qo. S features to allow prioritization and protection of data flows q Classify traffic q Schedule network usage 3
Prioritized vs. Best Effort Traffic 4
The. Tera. Paths Service: Reserve End-to. End Paths with Guaranteed Bandwidth 2 Tera. Paths 1 3 Tera. Paths WAN web services WAN 5
Data Flow Information T Owner info (user) T Data flow ID q Source IP and port q Destination IP and port q IPs and ports can be ranges (multiple flows) q Direction (unidirectional/bidirectional) q Protocol T Bandwidth (class of service) q Multiple flows will share (best effort within the class) T Start time and duration q Minute resolution 6
Path Setup T Participating end site subnets are controlled by Tera. Paths software instances (Tera. Paths Domain Controllers or TDCs) q TDCs configure end site LANs to prioritize authorized flows via the Diff. Serv framework at the network device level q Source site polices/marks authorized flow packets q Destination site admits/re-polices/re-marks packets q End site LANs hand over/receive marked packets to/from the WAN T WAN provides MPLS tunnels or dynamic circuits q Initiating TDC requests MPLS tunnel or dynamic circuit with matching bandwidth and lifetime, or… q TDC funnels several flows into MPLS tunnel or dynamic circuit with aggregate bandwidth and lifetime q WAN preserves packet markings 7
Path Setup (ii) T WAN domains must interoperate q Each end site’s TDC has a single point of contact for WAN services q TDCs have no knowledge of WAN internals other than what is exposed by the WAN services z End sites have no direct control over the WAN T Either tunnel or circuit through WAN q Cannot mix and match 8
Conceptual View of the Network Site B Tera. Paths WAN 1 WAN 2 Tera. Paths Site A Tera. Paths Site C peering WAN 3 WAN chain Tera. Paths data flow Site D service invocation 9
Tera. Paths Testbed ( ) current US ATLAS T 2 sites 10
Tera. Paths Web Services Architecture remote Web Interface CLI s/w client • • • WAN Services Public Services WAN Services proxy • • • API proxy Internal Services Admin Module protected network Database NDC • • • NDC local • • • 11
Interoperating with WAN Services T Tera. Paths “proxy” servers q Implement interface required by Tera. Paths core q Hide WAN service differences q Clients to WAN web services (OSCARS and DRAGON) z Close cooperation with ESnet and I 2 development teams q Submit reservations for MPLS tunnels or dynamic circuits q Handle security requirements q Handle errors T MPLS tunnels vs. dynamic circuits q Utilization requires drastically different approach 12
L 2 vs. L 3 (i) T MPLS tunnel starts and ends within WAN domain q Packets are admitted into the tunnel based on flow ID information (IPsrc, portsrc, IPdst, portdst) q WAN admission performed at the first router of the tunnel (ingress) MPLS tunnel ingress/egress router border router MPLS tunnel ingress/egress router WAN border router 13
L 2 vs. L 3 (ii) T Dynamic circuit appears as VLAN connecting end site border routers with single hop q Cannot use flow ID data directly q Flow must be directed to the proper VLAN q WAN admission performed within end site LAN q Select VLAN with Policy Based Routing (PBR) switch border router switch WAN border router 14
Site LAN Setup (Diff. Serv) 15
Site LAN Setup (Diff. Serv w/pass-thru) 16
3 rd Party WAN Segments TSome WAN segments may not be automatically configurable TStatic configuration allows DSCP bits to go through q Only allow specific interfaces q ACLs and aggregate policers 17
L 2 -Specific Issues T Limitations with VLANs q Tag range - tentatively selected 3550 -3599 (50 VLANs) q Tag conflicts - eliminate by synchronizing site databases T Scalability problems q Flow grouping z q Logistics PBR overhead z Virtual border router T Sensitive/3 rd party network segments q VLAN pass-thru 18
Additional Setup for L 2 19
Summary T Tera. Paths stitches together virtual paths with guaranteed bandwidth… q through end-site LANs (direct control)… q and end-site interconnecting WANs (indirectly, automatically)… q from end host to end host T Tera. Paths… q utilizes Diff. Serv for LAN Qo. S… q makes arrangements for WAN MPLS tunnels or dynamic circuits by interfacing with WAN (web) services… q schedules bandwidth usage with advance reservations… q utilizes “pass-thru” techniques for sensitive or 3 rd party network segments 20
Status and Future T Currently: basic software ready, infrastructure tested q API and web interface, simple negotiation q Statically allocated bandwidth classes q L 3 paths (MPLS tunnels) through ESnet q Elementary AAA q BNL UMich T In the works, future q Testbed expansion to US ATLAS Tier 2 sites q Utilization of L 2 paths (dynamic circuits) through ESnet and Internet 2 q Dynamic bandwidth allocation within service classes q CLI, extended API, configurable negotiation q Grid-style AAA (GUMS/VOMS) q Admin module to facilitate end site LAN setup T http: //www. racf. bnl. gov/terapaths 21
- Slides: 21
