EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé (nep@dante.org.uk) 1

GEANT’s Advanced services

EUMEDCONNECT APM meeting

Paris 19th of March 2002

EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé (nep@dante.org.uk) 2

Agenda

•Multicast Service

•IP premium Service

•CIP Service

•VPN service

•Security

•IPV6 test-bed

•Questions ?

EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé (nep@dante.org.uk) 3

Multicast Service

•GEANT is a transit domain for Multicast traffic as well

•24 NRENs over 27 have explicitly asked for being enabled multicast

•Multicast coverage

•Fully enabled with the Research peerings

•13 NRENs are already connected

•www.dante.net/nep/GEANT-MULTICAST/

EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé (nep@dante.org.uk) 4

Multicast Service• Access to the service

– Via the primary access to GÉANT– Via a GRE tunnel (currently nobody)– Support of PIM-SM v2 only

• Operational procedures (rolling out now)– Goal: fully supported service as Unicast.– Plus specific monitoring

• Troubleshooting – Extension of the trouble ticket systems to

multicast incidents

EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé (nep@dante.org.uk)

GÉANTPremium IP Service

• This service which is currently being piloted in GÉANT has the aim to provide international Virtual leased line based on Diffserv.

• The Premium IP service is an end-to-end service (University to University) crossing multiple administrative domains

• It is defined on the basis of the Diffserv Expedited Forwarding Per Hop behavior which is required to offer– Bandwidth, low loss, upper bounded delay and jitter

5

EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé (nep@dante.org.uk)

Premium IP:Virtual Leased Line service

UK

DE

NREN Janet

DFN

AS20965

GÉANT backbone

AS786

AS680

A

B

RegionalNetwork

RegionalNetwork

SE

FR•Premium IP packets are tagged with DSCP code =46•Rate Limitation is applied per aggregate on the NREN’s access, based on the total demanded bandwidth towards the destination.•Admission Control is made manually based on the Sum of bandwidth already booked on the destination access.

Rate limitation is applied on the NREN access

streams < 5 % of the BW access

6

EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé (nep@dante.org.uk)

Commodity IP Service

• The Commodity IP transit service provides transit to the general internet for the NRENs which requests it.

• GÉANT will be connected to Global Crossing and KPNQwest in eight locations– (Frankfurt, Geneva, Milan and Stockholm for

Global Crossing; London, Paris, Prague and Vienna for KPNQwest)

7

EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé (nep@dante.org.uk)

CIP usage and committed BW

GÉANTAS20965

Third party providerEuropean Distributed Access

Commodity Internet Access

Poland

NREN2

JANET

NREN4

UKSE

... ...

8

DSCP=32

XXXMbps

Rate limitation on NREN outgoing interface to the committed BW + WRED configured to drop preferentially BE in case of Congestion.

EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé (nep@dante.org.uk)

VPN Service

• The customers of the Managed Bandwidth Service from TEN-155 were using this service for the guaranteed BW and for the ability to have VPN layer 2 VPNs (ATM VPs or PVCs)

• Thus we are studying the possibility of provisioning of VPNs layer 2 with MPLS.

• In a first phase we’ll deliver layer 2 tunnels to NRENs access.

• We’ll be in production in May9

EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé (nep@dante.org.uk)

LSPs

Shared media access (up to STM16 POS)

DLCI Production traffic access

Dedicated accessSTMxx to STM16 POS

EncapsulationLayer2 <-> MPLS

NREN’s access router

GÉANT’s router

In the core

MPLS traffic

IPV4 traffic

DLCI Virtual Lab access

NREN B

NREN A NREN C

GÉANT backbone

Dedicated access (up to STM16 POS) NREN’s test router

Example of Virtual platform

10

EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé (nep@dante.org.uk) 11

What is DANCERT?

• DANTE’s Computer Emergency Response Team

• Responsible for defining and implementing DANTE security policies

• Providing security alert and investigation assistance

EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé (nep@dante.org.uk) 12

What does DANCERT cover?• Security of network elements on DANTE networks-

GEANT, GTREN, DWS• DoS, resource and service protection of DANTE networks

and those of NRN’s.– Proactively through rate limiting and anti-spoofing measures– Reactively through DoS tools applying filters and helping

report and investigate attacks.

EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé (nep@dante.org.uk)

What does DANCERT cover?

• Investigating new services and their subsequent security implications.• Assistance in investigating security incidents such as,

– Hacking– Port Scanning– Spam reports

13

EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé (nep@dante.org.uk)

DANCERT Contact Details

• dancert@dante.org.uk• abuse@noc.geant.net• robert.walton@dante.org.uk

14

EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé (nep@dante.org.uk)

FR

UK

IT

AT

DE

SE

GR

CH

NL

ColtDeutche TelekomTeliaTunneledNordic

• Native STM-1line to Greece under negotiation

• International IPv6 connectivity provided by partners including DANTE to NACSIS

Planned Y1 6NET topology

Testbed for activities using/supporting native IPv615

EUMEDCONNECT GEANT’s Advanced Services -- Agnès Pouélé (nep@dante.org.uk)

Questions ?

16