grnet advanced network services tool
TRANSCRIPT
GRNet
Advanced Network Services Tool
(and Topology Database)
TF-NGN, Paris, July 2005
Aggelos Varvitsiotis, GRnet ([email protected])Vangelis Haniotakis, UoC ([email protected])Dimitris Primpas, CTI ([email protected])
ā¢Rationaleā¢Componentsā¢GRnet DB & updater scriptā¢ANStool
ā¢Overviewā¢Architectureā¢Services
ā¢Evaluationā¢Demoā¢Next Steps
Contents
To create a simple, extensible framework that will:
Get administrative information about the GRnet networkStore this information in a DB
Having that, we can:Provide a web interface for network service requestsAssist network managers in complex network configuration tasks
Design guidelines:
Simple and modular implementationOpen-source tools
Rationale
Components
(Network)Updater
ScriptTopology
DB
ANStool
Collect config
Write: network info
Upload Config
Read: network infoWrite: provisioning
Models GRnet managed network components:
ā¢Member institutions and networks (ASs, domains, etc)ā¢Physical points of presenceā¢Provider Routersā¢Interfaces / subinterfacesā¢Edge switches, ports and L2 broadcast domainsā¢Network services (QoS, VPNs, ...)
GRNet Topology Database
A custom Perl script that keeps the DB up-to-date with RL:
ā¢Network objects are unmanaged by defaultā¢Setting a router as managed: insert a new entry to l3_nodeā¢Setting an interface as managed: add a member tag to description in configuration ā i.e. Ethernet1/0.2 : [UOC-23]
Operation:ā¢Updater script looks at router configuration, regexps through it,ā¢Script adds/updates DB accordingly
Topology DB Updater
ā¢Clients can: ā¢submit requests for servicesā¢view service status
ā¢Network managers can: ā¢view requestsā¢ask ANStool for recommended router configā¢(soon) tell ANStool to upload config to router
ANStool: Overview
ANStool: Request state diagram
Unconfirmed
Pending
(Nonexistent)
Rejected
Expired
Completed
submit
revoke
Active
reject approve
cfg ok
cfg bad
cfg ok && time up
cfg bad &&
time up
revoke
extend
extend
revoke
Key: MemberNetwork AdminANStool
PHP 4 / MySQL
Common framework:AuthN/AuthZUser Sessions DB access (PEAR::DB)Templating engine (Smarty)Utility classes and functions
Separate, per-service āpagesā MPLS VPNsQoSMBSDimensioning
ANStool: Architecture
ā¢VPN services:ā¢MPLS L2 VPNsā¢MPLS L3 VPNs
ā¢QoS services: ā¢IP Premiumā¢Managed Bandwidth Servicesā¢Network Dimensioning
ā¢Composite services:ā¢MBS
ANStool:Supported Services
Provide VPN services to GRnet member institutions using network MPLS core.
ā¢Point-to-point L2 VPNs ā¢Port modeā¢VLAN transport mode
ā¢Multipoint L3 VPNs ā¢Mesh ā¢Hub & Spoke
MPLS L2 / L3 VPNs:Overview
MPLS L2 request comprises of:
ā¢VPN type (Port / VLAN mode) ā¢Port mode needs physical ifce, VLAN needs logical subifce
ā¢Desired endpoints (PoPs, Member networks, PE routers / ifces) *ā¢Administrative details (start / end dates etc.)
* ANStool prefilters managed ifces ā only displays ifces that can support VPN owned by Member at PoP (possibly too smart)
Cfg generated (usually) ready for deployment on the PE routers Relevant parts of the CE router config so that they can be emailed to the client NOC(see demo for configuration samples)
ANSTool: MPLS L2 VPNs
ANSTool: MPLS L3 VPNsMPLS L3 request ~= L2 request:
ā¢VPN type is IPv4 L3 (Cisco VRFs)ā¢Multiple endpoints (2..N)ā¢Topology (== imported and exported RTs)
ā¢Full meshā¢Hub-and-spokeā¢Other
ANStool will reserve RTs / RDs / tunnel endpoint IP addresses from managed pools Will generate PE router VRFs using above configCE configuration trivial
(Future challenge: a good algorithm for minimizing # of VRFs)
Quality of Service (QoS)Overview
ā¢ GRNET provides:ā¢ IP Premium (IPP)
ā¢ IP premium (end points aware, marked traffic with DSCP 46)
ā¢ IP premium transparent (to Geant, marked traffic with DSCP 40)
ā¢ IP premium VoIP (source aware, marked traffic with DSCP 47)
ā¢ Best Effort (BE)ā¢ Less than Best Effort (LBE)
ā¢ High priority queue enabled on all output interfaces (MDRR and CBWFQ)
ā¢ Strict policing at the edgeā¢ Avoid unauthorized marked trafficā¢ Ensure the profile of traffic from each
request (cir policing)
Managed Bandwidth Service Overview
ā¢ Point-to-point connections (L2 MPLS VPNs) with guaranteed bandwidth
ā¢ Currently available to Ethernet connections only ā¢ Implementation:
ā¢ Dedicated VLANs at the edge for the MBSā¢ Ī¤raffic engineering tunnel between PE routers (across GRNETās
backbone)ā¢ VLANs traffic routed via tunnelā¢ At PE routers:
ā¢ Policing in input interfaceā¢ Traffic marking at the MPLS EXP field (value 5)
ā¢ Implementation through AToM and pseudowire classes in GSRsā¢ The MBS service follows the dimensioning rules of QoS service
ā¢ MBS service combines QoS and L2 MPLS VPNs
Network dimensioningOverview
ā¢ An initial amount of bandwidth on each access link available for reservation for IP Premium, QoS and MBS services
ā¢ Dimensioning algorithm calculates the maximum reservation in backbone links (even in link failures)
ā¢ We try to keep the maximum IP Premium traffic at an acceptable portion of link capacity - keep the delay and jitter low (efficient guarantees for QoS)
ā¢ Admission control performed according to reservations at the edges
ANStool: QoS Serviceā¢ Using GRNET Topology DB that models:
ā¢ Network interfacesā¢ Network dimensioningā¢ The QoS and MBS requestsā¢ The implemented configuration on the routersā¢ Preferred paths for traffic engineering (explicit routing)
ā¢ Functionality:ā¢ Clients submit requests through web form
ā¢ Type of service, End points, Durationā¢ Traffic profile, Traffic class (through ACLs that users describe in the
implemented ACL wizard)
ANStool: QoS Serviceā Automatic checking and response
ā¢ Checks the end points (declared interfaces etc)ā¢ The duration of the requestā¢ Perform admission control according to request details and network
dimensioning
ā Automatic management of requestsā¢ Edit/view requests functionalityā¢ Automatic notification for expiration, pending for implementation,
decommission etcā¢ Automatic handling of request status (confirmation pending, active, expired)
ā Dynamic production of the relevant configurationā¢ Hierarchical in case of VLANs in physical interfacesā¢ Takes into account the network topology and changes
ANStool: QoS Serviceā Monitoring of the implemented QoS configuration
ā¢ QoS configuration parsing (from routers) and store in DBā¢ Comparison of stored configuration with the submitted requests in the tool
(consistency checks)
ā Automatic and periodic check of the networkās dimensioningā¢ Checks the topology and insert dimensioning values in DB for new
connections on the networkā¢ Allows manual changes on networkās dimensioning (by the administrator)
ā Provide statistics per connection for reserved bandwidth for QoSā Support of traffic engineering characteristics for MBS
ā¢ Declaration of paths for traffic engineering tunnels (explicit-path routing instead of dynamic)
EvaluationGRnet DB:
(+) Many features, managed objects and relationships
(-) Possibly manages a few too many things
(-) Difficult to add new functionality
ANSTool:
(+) Simple, straightforward design
(+) Easily reconfigurable and extensible
(-) Relatively low level of abstraction
(-) Cisco-specific
Demo
Demo available at:
http://edet.ucnet.uoc.gr/demo/html/
ā Submit a request or two
ā View outstanding requests
ā See generated config
Next Stepsā Improve tool to support GN2 standards (web services)ā Investigate an XML-based network topology DBā Create a better provisioning scheme for network servicesā QoS: Implement an IPv6 ACL wizard for IPv6 QoS support ā QoS: Implement a second step admission control
ā Routing based admission control (for requests that exceed the allocated bandwidth)
ā MPLS VPNs: QinQ support, VLAN rewritingā MPLS VPNs: Support VPNs spanning different media (Ethernet
VLANs ATM VCs)ā Support for L2TP service: LNS / LAC / RADIUS configuration