perfsonar wg 2006 spring member meeting jeff w. boote 24 april 2006
DESCRIPTION
Jeff W. Boote perfSONAR: Overview Joint effort of ESnet, GÉANT2 JRA1 and Internet2 Webservices network performance framework Network measurement tools Network measurement archives Distributed scheduling/authorization Multi-domain policyTRANSCRIPT
perfSONAR WG2006 Spring Member Meeting
Jeff W. Boote24 April 2006
Jeff W. Boote
Agenda
• Introduction• Agenda bashing• perfSONAR overview/status• perfSONAR multi-LS solution (Jason Z.)• perfSONAR AuthN/Z plans• Open Discussion
Jeff W. Boote
perfSONAR: Overview
• Joint effort of ESnet, GÉANT2 JRA1 and Internet2
• Webservices network performance framework
• Network measurement tools• Network measurement archives• Distributed scheduling/authorization• Multi-domain policy
Jeff W. Boote
perfSONAR: Credits•perfSONAR is a joint effort•Participants: ESnet, GEANT2 JRA1, Internet2, RNP, Fermilab
•Internet2 includes:• University of Delaware• Georgia Tech• Internet2 staff
•My apologies if I have overlooked someone (still working on the credits process)
•GEANT2 JRA1 includes:• Arnes• Belnet• Carnet• Cesnet• DANTE• DFN• FCCN• GRNet• ISTF• PSNC• Nordunet (Uninett)• Renater• RedIRIS• Surfnet• SWITCH
Jeff W. Boote
perfSONAR: Project Activity Meter
• 1-2 conf calls/week• 1 new service/month (accelerating)• 3-4 development workshops/year• 3-4 paper submissions/year
Jeff W. Boote
perfSONAR: System Description
•Domains represented by a set of services•Each domain can deploy services important to the domain•Analysis clients interact with service across multiple domains
Jeff W. Boote
perfSONAR: Services (1)• Lookup Service
• Allows the client to discover the existing services and other LS services.
• Dynamic: services registration themselves to the LS and mention their capabilities, they can also leave or be removed if a service gets down.
• AuthN/Z Service• Internet2 MAT, GN2-JRA5 (eduGAIN)• Authorization functionality for the framework• Users can have several roles, the authorisation is done based
on the user role.• Trust relationships defined between users affiliated with
different administrative domains.
Jeff W. Boote
perfSONAR Services (2)• Transformation Service
• Transform the data (aggregation, concatenation, correlation, translation, etc).
• Topology Service• Make the network topology information available to the
framework.• Find the closest MP, provide topology information for
visualisation tools
• Resource protector• Arbitrate the consumption of limited resources between
multiple services.
Jeff W. Boote
Here is who I am, I’d like to access MA B
Where Link utilisation along - Path a,b,c,d,e,f?a,b,c: Network A – LS A, c,d,e,f : Network B, MA B, AA B
Inter-domain perfSonar example interaction
Client
Network A Network B
LS A LS BMA A MA B
AA A AA B
a bc d
e f
Where Link utilisation along - Path a,b,c?a,b,c : Network A, MA A, AA A Token MBHere is who I am, I’d like to access MA A
Get link utilisation c,d,e,fHere you go
Token MA
Get Link utilisation a,b,cHere you go
Useful graph
Jeff W. Boote
perfSONAR: Status Update
• Production release of base package expected by June (code freeze next week)
• Will include:•Single domain LS solution•RRD MA• (no AS)
• Additional services and client applications supporting this version will soon follow:•BWCTL MP•perfSONAR UI
Jeff W. Boote
perfSONAR: Hot Topics
• Multi-domain hierarchical LS• AuthN/Z development plan with JRA-5
(eduGAIN)• SSH MP (LookingGlass) service• Topology Services• L2 specific MA service
Jeff W. Boote
perfSONAR: Current Developments
•MPs• SSH/Telnet (Looking
Glass)• ABW (bandwidth packet
capture cards)• BWCTL• NMS (SDH status)• SNMP• Command line (OWAMP,
Ping, Traceroute)
•MAs• RRD• SQL• TopS• BWCTL• Hades (owd, jitter, owpl)• Flow replicator
•Visualization Clients• CNM• perfSONAR UI• Visual perfsonar• Looking glass
Jeff W. Boote
Agenda
• Introduction• Agenda bashing• perfSONAR overview/status• perfSONAR multi-LS solution (Jason Z.)• perfSONAR AuthN/Z plans• Open Discussion
Jeff W. Boote
perfSONAR: multi-LS
• Jason
Jeff W. Boote
Agenda
• Introduction• Agenda bashing• perfSONAR overview/status• perfSONAR multi-LS solution (Jason Z.)• perfSONAR AuthN/Z plans• Open Discussion
Jeff W. Boote
perfSONAR: authN/Z plans
• perfSONAR(JRA-1)/JRA-5 sub-group• Group tasked with determining how to
leverage JRA-5 authentication system (eduGAIN) in perfSONAR infrastructure•Jeff Boote (Internet2)•Diego Lopez (RedIRIS)•Maurizio Molina (Dante)•Andreas Solberg (Uninett)
Jeff W. Boote
perfSONAR: Background
• Designed with Federated authentication in mind
• AS becomes a ‘proxy’ for Authorization requests
Jeff W. Boote
eduGAIN: Background
•JRA-5 provided authentication “interface”•Provides “bridging” to other authentication systems
•Shibboleth•PAPI•Others…
•Designed mostly with web-browser interaction in mind
Jeff W. Boote
Current Status
• Group has come to general consensus on how this should work
• Paper is currently underway describing interaction of perfSONAR with eduGAIN API
Jeff W. Boote
perfSONAR: Trust relationship entities
•Client•idP (identity provider)•pSR (perfSONAR resource “service”)•AS (perfSONAR AS service)•HLS (Home Location Service)
Jeff W. Boote
Automated Client Interaction
Jeff W. Boote
Normal User Interaction
Jeff W. Boote
Implications for JRA-5
• Future extensibility for multiple X.509 root CA certificates
• Non-web profile for authN attribute request
• Current identity provider servers (attribute stores) may need to hold attributes for non-human clients
• Others???
Jeff W. Boote
Implications for JRA-1
•AS has slightly different role•Clients never directly interact with AS•AS is effectively a ‘proxy’ between services and the eduGAIN
‘bridging elements’
•Attribute requests from services to RP’s and from RP’s to AS need to be made in a ‘boolean’ fashion to protect the privacy of clients•Automated clients MUST have X.509 client certificates
Jeff W. Boote
Questions/Concerns
• Let me know if you would like a copy of the ‘document’ when it is complete
• Please feel free to send further questions/comments to Maurizio and Jeff
[email protected]@dante.org.uk
Jeff W. Boote
Agenda
• Introduction• Agenda bashing• perfSONAR overview/status• perfSONAR multi-LS solution (Jason Z.)• perfSONAR AuthN/Z plans• Open Discussion
Jeff W. Boote
Additional Topics
Jeff W. Boote