firewall AL2S and GENI OESS provides pointtopoint and multipoint circuits across an OpenFlow substrate Deployed on Internet2s AL2S network OESS AM p rovides a GENI interface to ID: 795703
Download The PPT/PDF document "OESS AM, OESS Stitching Flowspace" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
OESS AM, OESS StitchingFlowspace firewall
AL2S and GENI
Slide2OESS provides point-to-point and multipoint circuits across an OpenFlow substrate. Deployed on Internet2’s AL2S network.
OESS AM
provides a GENI interface to OESS circuit provisioningTakes GENI AM API requests and translates them into OESS API requestsBased on FOAM -- modified to support OESS APIAdvertises available AL2S/OESS resources (endpoints, trunks)Receives requests for AL2S/OESS circuit creation/removal, talks to AL2S OESS to make changes to network‘GENI-FOAM’ workgroup defines access policy for GENI usersNew for this GEC: Stitching support
FOAM on AL2S
Slide3FOAM OESS AM extended to support stitchingStitching supported on any AL2S interface that has
interdomain
provisioning enabledNOC ticket to enable port for interdomainPort owner creates ACL(s) granting ‘GENI-FOAM’ workgroup access to a set of VLANsAL2S AM will then automatically advertise this port in stitching advertisement Current Limitations: 1 circuit per request. One remote link per port. AL2S Stitching
Slide4Stitching Advertisement
<
stitch:stitching xmlns="http://hpn.east.isi.edu/rspec/ext/stitch/0.1/"> <stitch:aggregate id="urn:publicid:IDN+al2s.internet2.edu+authority+am" url="http://foam-oess-stage.grnoc.iu.edu:3626/foam/gapi/2"> <stitch:aggregatetype>oessfoam</stitch:aggregatetype> <stitch:stitchingmode>
chainANDTree
</
stitch:stitchingmode
>
<
stitch:scheduledservices
>false</
stitch:scheduledservices
>
<
stitch:negotiatedservices
>false</
stitch:negotiatedservices
>
<
stitch:node
id="urn:publicid:IDN+al2s.internet2.edu+node+sdn-sw.clev.net.internet2.edu">
<
stitch:port
id="urn:publicid:IDN+al2s.internet2.edu+stitchport+sdn-sw.clev.net.internet2.edu:e5/1">
<
stitch:capacity
>10000000</
stitch:capacity
>
<
stitch:maximumReservableCapacity
>10000000</
stitch:maximumReservableCapacity
>
<
stitch:minimumReservableCapacity
>10000000</
stitch:minimumReservableCapacity
>
<
stitch:granularity
>1000</
stitch:granularity
>
<
stitch:link
id="urn:publicid:IDN+al2s.internet2.edu+interface+sdn-sw.clev.net.internet2.edu:e5/1:*">
<
stitch:remoteLinkId
>urn:publicid:IDN+ion.internet2.edu+interface+rtr.clev:et-5/0/0:al2s</
stitch:remoteLinkId
>
<
stitch:trafficEngineeringMetric
>10</
stitch:trafficEngineeringMetric
>
<
stitch:capacity
>100000000</
stitch:capacity
>
<
stitch:maximumReservableCapacity
>100000000</
stitch:maximumReservableCapacity
>
<
stitch:minimumReservableCapacity
>1000</
stitch:minimumReservableCapacity
>
<
stitch:granularity
>1000</
stitch:granularity
>
<
stitch:switchingCapabilityDescriptor
>
<
stitch:switchingcapType
>l2sc</
stitch:switchingcapType
>
<
stitch:encodingType
>
ethernet
</
stitch:encodingType
>
<
stitch:switchingCapabilitySpecificInfo
>
<stitch:switchingCapabilitySpecificInfo_L2sc>
<
stitch:interfaceMTU
>9000</
stitch:interfaceMTU
>
<
stitch:vlanRangeAvailability
>3900-4000</
stitch:vlanRangeAvailability
>
<
stitch:vlanTranslation
>true</
stitch:vlanTranslation
>
</stitch:switchingCapabilitySpecificInfo_L2sc>
</
stitch:switchingCapabilitySpecificInfo
>
</
stitch:switchingCapabilityDescriptor
>
</
stitch:link
>
</
stitch:port
>
</
stitch:node
>
…
Slide5OESS selects shortest path between the endpointsTransparent VLAN translation across core
Stitching Request
<hop id="3"><link id="urn:publicid:IDN+al2s.internet2.edu+interface+sdn-sw.clev.net.internet2.edu:e5/1:*"><trafficEngineeringMetric>10</trafficEngineeringMetric><capacity>100</capacity><switchingCapabilityDescriptor><switchingcapType
>l2sc</
switchingcapType
>
<
encodingType
>ethernet</
encodingType
><switchingCapabilitySpecificInfo><switchingCapabilitySpecificInfo_L2sc><interfaceMTU>9000</interfaceMTU><vlanRangeAvailability>1760-1779,3950-4000</vlanRangeAvailability><suggestedVLANRange>3960</suggestedVLANRange><vlanTranslation>true</vlanTranslation></switchingCapabilitySpecificInfo_L2sc></switchingCapabilitySpecificInfo></switchingCapabilityDescriptor></link><nextHop>4</nextHop></hop>
<hop
id
="2">
<link
id
="urn:publicid:IDN+al2s.internet2.edu+interface+sdn-sw.wash.net.internet2.edu:e5/2:*">
<
trafficEngineeringMetric
>10</
trafficEngineeringMetric
>
<
capacity
>100</
capacity
>
<
switchingCapabilityDescriptor
>
<
switchingcapType
>l2sc</
switchingcapType
>
<
encodingType
>ethernet</
encodingType
>
<
switchingCapabilitySpecificInfo
>
<switchingCapabilitySpecificInfo_L2sc>
<
interfaceMTU
>9000</
interfaceMTU
>
<
vlanRangeAvailability
>670,3706-3750,3950-4000</
vlanRangeAvailability
>
<
suggestedVLANRange
>3959</
suggestedVLANRange
>
<
vlanTranslation
>
true
</
vlanTranslation
>
</switchingCapabilitySpecificInfo_L2sc>
</
switchingCapabilitySpecificInfo
>
</
switchingCapabilityDescriptor
>
</link>
<
nextHop
>3</
nextHop
>
</hop>
Slide6Provides sliced OpenFlow interface to AL2S
Slices are differentiated by VLAN ID
Each slice is allocated one or more VLAN IDs on a set of edge and trunk portsFlowspace Firewall acts as a proxy, enforcing VLAN policy for each sliceEnforces rate limits for each slice on OpenFlow control channelFlowStats slicingDeployed on Internet2 AL2S network on June 17Open source: https://github.com/GlobalNOC/FlowSpaceFirewallFlowspace Firewall