Network Virtualization for

Future Internet Research

Mauro Campanella - GARR On behalf of the FEDERICA project

Internet2 Fall Meeting New Orleans, October 14th, 2008

2 Internet2 Fall Meeting, October 14th, 2008

www.fp7-federica.eu Agenda

FEDERICA at a glance, vision and principles

Description and status

Network Virtualization details Boundaries

3 Internet2 Fall Meeting, October 14th, 2008

www.fp7-federica.eu FEDERICA at a glance

What: European Community co-funded project in its 7th Framework Program in the area “Capacities - Research Infrastructures” 3.7 MEuro EC contribution, 5.2 ME budget, 461 Man Months

When: 1st January 2008 - 30 June 2010 (30 months)

Who: 20 partners, based on stakeholders on network research and management: 11 National Research and Education Networks, DANTE (GÉANT2), TERENA, 4 Universities, Juniper Networks, 1 small enterprise (MARTEL), 1 research centre (i2CAT) - Coordinator: GARR (Italian NREN)

Where: Europe-wide e-Infrastructure, open to external connections

4 Internet2 Fall Meeting, October 14th, 2008

www.fp7-federica.eu FEDERICA Partners

National Research & Education Networks (11) CESNET Czech Rep. DFN Germany FCCN Portugal GARR (coordinator) Italy GRNET Greece HEAnet Ireland NIIF/HUNGARNET Hungary NORDUnet Nordic countries PSNC Poland Red.es Spain SWITCH Switzerland

Small Enterprise

Martel Consulting Switzerland

NREN Organizations

TERENA The Netherlands DANTE United Kingdom

Universities - Research Centers

i2CAT Spain KTH Sweden ICCS (NTUA) Greece UPC Spain PoliTO Italy

System Vendor

Juniper Networks Ireland

5 Internet2 Fall Meeting, October 14th, 2008

www.fp7-federica.eu FEDERICA Vision

•  Create by fall 2008 an e-Infrastructure for all researchers on Future Internet. Allow researchers complete control of resources in a “slice”, enabling disruptive experiments.

•  Support research in virtualization of e-Infrastructures integrating network resources and nodes capable of virtualization (V-Nodes). In particular on multi(virtual)domain control, management and monitoring, including virtualization services and user oriented control in a federated environment

•  Pave the way, research and create experience for the next generation of the European Research and Education Networks.

6 Internet2 Fall Meeting, October 14th, 2008

www.fp7-federica.eu FEDERICA Principles 1.  Create an agnostic and neutral (transparent) infrastructure 2.  Create “slices” which are a set of (virtual) network and computing

resources according to user’s request and are “disruptible” 3.  Provide to the user complete control within a slice down to the lowest

possible layer (in particular allow any application and protocol) 4.  Strive/engineer for reproducibility of experiments, i.e. given the same

initial conditions, the results of an experiment are the same 5.  Allow slices (if requested) to connect to the general Internet, to access

external services/nodes (e.g. for content/delivery, specialized HW) 6.  Ensure isolation between slices maintaining the possibility to cross-

connect slides on request 7.  Allow simultaneous use without conflict 8.  Force/be exposed to topology changes (various level of resiliency) 9.  Open to interconnect / federate with other e-Infrastructures 10.  Access granted through a User Policy Board

7 Internet2 Fall Meeting, October 14th, 2008

www.fp7-federica.eu Agenda

FEDERICA at a glance, vision and principles

Description and status

Network Virtualization details Boundaries

8 Internet2 Fall Meeting, October 14th, 2008

www.fp7-federica.eu

Design Principles: - Virtualization - Network and systems

resources - Almost clean slate - Simultaneous use -  Interconnection with

general Internet - Extensible, open to

federate and to host users’ resources

9 Internet2 Fall Meeting, October 14th, 2008

www.fp7-federica.eu

GN2 project

The GÉANT2 network

2008

32 European NRENs’ Backbone

based on dark fibers operated by DWDM at multiple

10 Gb/s

10 Internet2 Fall Meeting, October 14th, 2008

www.fp7-federica.eu FEDERICA e-Infrastructure

11 Internet2 Fall Meeting, October 14th, 2008

www.fp7-federica.eu

Topology

1 Physical GbE from GN2+

1 Physical GbE tbd

Core Nodes

1 GbE VLAN or L2MPLS

Legenda

Jan 2008

Oct 2008

Feb 2010

Slic

es

Month 10

GARR IT

DFN DE

CESNET CZ

SWITCH CH

Red.es ES

GRNET GR

Hungarnet HU

PSNC PL

HEAnet IE

i2CAT ES

KTH SE NORDUNET SUNET

FCCN PT

RENATER FR

12 Internet2 Fall Meeting, October 14th, 2008

www.fp7-federica.eu Agenda

FEDERICA at a glance, vision and principles

Description and status

Network Virtualization details Boundaries

13 Internet2 Fall Meeting, October 14th, 2008

www.fp7-federica.eu Pictorial of “Slices” Creation

FEDERICA substrate

FEDERICA Physical Layer substrate FEDERICA Data Link layer substrate FEDERICA Network Layer substrate

Slice 1

The user requests an Infrastructure made of L2 circuits, un-configured virtual nodes, to test a new BGP version.

Virtual Router/Switch Virtual node

NRENs and Global Internet

14 Internet2 Fall Meeting, October 14th, 2008

www.fp7-federica.eu Slicing the Core (Substrate)

FEDERICA substrate

Switches: Juniper MX480, (virtual and logical routing, MPLS, VLANs, IPv4 v6, QoS linecards)

V-Nodes: Up to 8-16 images/node, Unix OS, 4-8 Ethernet NICs, ~ 1 TB disk, 4core CPUs

15 Internet2 Fall Meeting, October 14th, 2008

www.fp7-federica.eu Sample FEDERICA PoP

BGP Peering

GigabitEthernet FastEthernet RS-232

Legenda

FEDERICA Network switch

FEDERICA Computing Node (PC)

Out-Of-Band Terminal server

Other FEDERICA

PoPs

NREN Production Network

The FEDERICA substrate (physical infrastructure and Single IP AS public number)

Notes: -  Each PC has many Gb Ethernet

interfaces -  The FastEthernet Interfaces are to

decouple the control and data plane -  OOB is not mandatory

Management

16 Internet2 Fall Meeting, October 14th, 2008

www.fp7-federica.eu Network virtualization in FEDERICA

A simple case of a slice containg only two hosts connected by a single circuit is discussed here for simplicity.

Creating a virtual circuit between the two virtual system requires the as main steps:

-  Connect the network interface(s) in the virtual hosts to one of the physical interface(s) in the hosting platform.

-  Create a virtual circuit from one host the other, with a specified assured capacity or with a best effort quality.

The following slides describes the architectural decision to optimize reproducibility in slice behaviour.

17 Internet2 Fall Meeting, October 14th, 2008

www.fp7-federica.eu Network virtualization (V-nodes)

To avoid contention at the V-Node level, more than one physical interface is installed in the V-Nodes. This to allow to preferably assign only one virtual interface to each physical interface.

Also in the virtualization software to the logical interface of each nodes is assigned a single (software) bridge.

Virtual slice

Physical substrate

18 Internet2 Fall Meeting, October 14th, 2008

www.fp7-federica.eu Network virtualization (network)

There are various technologies available in FEDERICA to slice the 1 Gbps physical capacity between the two switches.

The main distinction is whether assured capacity is requested or only reachability with no capacity guarantees.

Virtual slice

Physical substrate

19 Internet2 Fall Meeting, October 14th, 2008

www.fp7-federica.eu Network virtualization (network)

initial technologies

Technology Non assured Capacity

Capacity Guarantees

Without HW With HW assistance

MPLS no limitation

Ethernet VLAN 4K vlans

Physical circuit Very few IP packet based policers Limited to IP

It is assumed that the switch has line rate switching capabilities for all its ports and that the V-Nodes contain HW capable of supporting full line rate in each interface.

20 Internet2 Fall Meeting, October 14th, 2008

www.fp7-federica.eu Network Virtualization

Although the mentioned technologies all work well on a single point to point link, in the case of assured capacity requests, the extension to a multi-hop meshed virtual network requires additional planning to avoid congestion.

A careful engineering of each virtual network topology and hardware assistance can provide, on a the FEDERICA scale, capacity assurances for virtual networks in each slice.

For these reasons it is not possible to allow, at least in the first phase of the project, complete open access to researchers. The request will instead be served through the NOC.

21 Internet2 Fall Meeting, October 14th, 2008

www.fp7-federica.eu Agenda

FEDERICA at a glance, vision and principles

Description and status

Network Virtualization details Boundaries

22 Internet2 Fall Meeting, October 14th, 2008

www.fp7-federica.eu Initial Boundaries

•  Scalability •  Larger virtual slices can be obtained

reducing the number of concurrent users, user’s equip. may be added

•  IPv6 to be enabled according to users’ requests •  Equipment is ready for IPv6

•  Ethernet framing (large MTUs) as data link

•  Not considered a limiting factor, can be overcame later using WDM equipment

•  Packet switching and statistical multiplexing assumed by default

•  Hardware QoS is available on two Juniper MX480 switches

•  Less powerful switches outside the core •  Rely more on software emulation

•  Initial manual provisioning •  Slower initial provisioning, matching the decision process

•  Not all technologies available (e.g. wireless, nomadic nodes)

•  Equipment hosting, federation with other testbed

23 Internet2 Fall Meeting, October 14th, 2008

www.fp7-federica.eu

Thank you for

your attention