A new framework for GLIF Interdomain Resource Reservation Architecture (GIRRA) - PDF

Please download to get full document.

View again

of 15
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Information Report
Category:

Devices & Hardware

Published:

Views: 5 | Pages: 15

Extension: PDF | Download: 0

Share
Related documents
Description
Ann. Telecommun. (2010) 65: DOI /s y A new framework for GLIF Interdomain Resource Reservation Architecture (GIRRA) Gigi Karmous-Edwards Silvana Greco Polito Admela Jukan George
Transcript
Ann. Telecommun. (2010) 65: DOI /s y A new framework for GLIF Interdomain Resource Reservation Architecture (GIRRA) Gigi Karmous-Edwards Silvana Greco Polito Admela Jukan George Rouskas Received: 31 August 2009 / Accepted: 28 May 2010 / Published online: 26 June 2010 Institut Télécom and Springer-Verlag 2010 Abstract Many existing and emerging Scientific highend applications (E-science) require end-to-end circuits interconnecting Grid resources for large data transfers. A few advanced networks, mainly National Research and Education Networks (NRENs), such as Surfnet, National Lambda Rail and Internet 2, now provide mechanisms for end-users to reserve and provision lightpaths via middleware referred to as Network Resource Mangers (NRMs). Although, some progress has been made in automated intra-domain lightpath services, inter-domain lightpath provisioning still requires manual intervention and presents several key challenges such as scalability of topology information exchanged, consistency and scalability of information model, security of access to the resources, hybrid networking and multi-layer lightpaths, and accounting and billing. In this paper, we describe a new architectural framework called Global Lambda Integrated Facility (GLIF) Interdomain Resource Reservation Architecture (GIRRA) with the goal to provide an integrated response to these challenges. We propose a new approach to model GLIF network domains and GOLEs as virtual switches and to describe their behavior, func- G. Karmous-Edwards (B) S. G. Polito A. Jukan Department of Electrical Engineering, Institute of Computer and Network Engineering, Technische Universität Carolo-Wilhelmina zu Braunschweig, Pockelsstraße 14, Brunswick, Germany G. Karmous-Edwards G. Rouskas Department of Computer Science, North Carolina State University, Raleigh, NC, USA tionality, policy capabilities, and topology aggregation. We define an inter-domain path computation model to determine paths that meet constraints and access policy restrictions. We propose a security framework for authentication and authorization of users and a model for accounting and billing that aims to provide easy and secure access to the resources. Key aspects of the GIRRA solution are that it focuses on the inter-dependence between different challenges of interdomain path provision, and it is built around already existing solutions for intra-domain resource provisioning. Keywords Inter-domain networking Security Path computation GLIF Middleware 1 Introduction Today, many E-science researchers use applications that require high-capacity and deterministic end-to-end circuits. These existing and emerging applications [1, 2] contain large data flows of the terabyte and petabyte scale. Therefore, successful execution of these applications will need lightpath/lambda networking and onthe-fly per user/application provisioning mechanisms. The Global Lambda Integrated Facility (GLIF) has been promoting the paradigm of Lambda networking since 2002 to help facilitate this growing class of highend applications. In doing so, the GLIF consortium provides lambdas internationally as an integrated facility to support data-intensive scientific research, and supports middleware development for lambda networking, mostly free of charge to researchers. As described in Fig. 1, GLIF resources comprise National Research and 724 Ann. Telecommun. (2010) 65: Termination Point A NRM A user or application request Network A GNI: user-nrm interface NRM GOLE X GOLE X Fig. 1 Today s GLIF architecture NRM GOLE Y GOLE Y Network B NRM B Termination Point B Education Network (NREN) network domains and GLIF Open Lambda Exchanges (GOLEs). GOLEs behave similar to Internet exchange points, in that most NRENs have static connections to one or more GOLEs. The fact that most of the NRENs are hybrid networks leads to a range of technologies available for stitching multi-layered lightpaths end-to-end. The term stitching is referred to as the concatenation of different technologies into a single path, e.g., source connected via an Ethernet partial path that is concatenated with a Synchronous Optical Network (SONET) partial path (to cross the Atlantic for example) and finally connected via Ethernet to the destination. The term multi-layered in the context of this paper refers to a lightpath created across multiple network technologies with network elements supporting adaption between these technologies. An example of this is a lightpath carrying 1GB Ethernet over SONET using GFP-F. As the demand for global lightpath provisioning is increasing, the GLIF community is considering to open access to its resources to commercial applications as well. To this end, the GLIF community needs a new, user-initiated, automated, and scalable inter-domain resource reservation and provisioning framework capable of handling security, accounting, and billing issues. In recent years, the effort for automated resource provisioning in GLIF has focused on the design of software controllers known as Network Resourc Managers (NRMs). NRMs represent pockets of automation within a domain, but inter-working solutions between NRMs for inter-domain provisioning is still an open issue. The provisioning of multi-domain network resources is challenging for multiple reasons. The hybrid nature of most of the NREN networks leads to a range of technologies available for creating multilayered lightpaths. Interoperability between different NRMs is required for multi-domain provisioning. As inter-domain path computation requires some level of topology and resource information to be exchanged between domains, a uniform description language and model is also required. Once a modeling framework is agreed upon by the resource owners, the main complexities lie with the amount and type of information that is required to be exposed by each domain, leading to scalability and security considerations. Exchange of information between domains implies a certain level of trust between domains and models for mutual authentication between them. To secure access to resources, while guaranteeing authorization-based provision, policy-based mechanisms are required. In addition, accurate accounting and billing functions are needed to facilitate payment for the provision of lightpaths. In order to meet the complex challenge of interdomain provisioning in GLIF, we contend that rather than solving each of these challenges independently, a holistic integrated solution must be developed, where interdependencies between key problem areas are identified and resolved. To this end, we present the design framework for GLIF resource reservations, called GLIF Interdomain Resource Reservation Architecture (GIRRA). GIRRA extends the NRM-based framework with tools to automate and secure GLIF resource provisioning in multi-domain contexts and builds on concepts currently under discussions in both the GLIF and Open Grid Forum (OGF) working groups, such as the Generic Network Interface (GNI) GLIF task force and the OGF s Network Service Interface (NSI). Specifically, we propose an integrated solution that addresses the problem spaces of (1) model representation of domains and GOLEs and information exchange, (2) authentication and authorization (AA) for security, (3) inter-domain path computation, and (4) accounting and billing. With regards to model representation, we propose to model GLIF domains and GOLEs as virtual switches called Girra Virtual Switches (GVSs). In doing so, we capture the behavior and functionality of a network as GVS capabilities. The objective is to provide GOLE and domain information for path computation enriched with technology, security and administrative capabilities such as technology adaptation and multiplexing functions, access policy roles associated to the resources, and cost/value of the resources. These capabilities support the design of a novel multi-layer, multidomain path computation model that encompasses security and advanced services as it allows computation based on the authorization profile of the requester, Ann. Telecommun. (2010) 65: determination of the cost of the resources at the end of computation, and specification of different technological constraints for computation. The path computation model is based on an a-priori representation of a global GLIF topology with domains/goles described as GVSs. Inter-domain coarse grain paths are first computed using this topology, and later intra-domain resources consistent with the inter-domain coarse grain path are computed independently within each domain; note that, for privacy and scalability reasons, GVS data does not include any intra-domain resource information. We assume that all intra-domain path computation and provisoning, including multi-layer and technology adaptation considerations, are performed by the domains NRM and GIRRA does not interfere with existing domain/gole control and management. Since all resource reservation occurs during intradomain path computation, all necessary traffic grooming will not be considered during inter-domain path computation. The network resources are controlled and managed only by the domain/gole owners who are aware of other traffic running through the equipment to provide traffic grooming. The fine-grain path computation occurs only for the intra-domain path computation, which is handled by the NRMs, and therefore out of scope on the course-grain inter domain path computation. The term coarse grain is used in this paper for interdomain and only includes the domains and GOLEs involved in the path and their associated edge ports (including technologies, and policies, configurations). The security framework that we integrate in GIRRA aims to secure access to the resources based on user authentication and authorization models and provides an infrastructure for resource provisioning based on collaboration between providers. We propose a federation-based trust model for GLIF providers and we provide a single and secure interface for access to the GLIF resources, accounting and billing. Users are asked to register with the federated GLIF providers for access to free services and are asked to register with a clearinghouse for access to commercial services. Registration corresponds to the submission of service level agreements that allow users to access resources provided by multiple providers. The trust model also allows the introduction of a collaborative model with accounting computed on the base of metering functions activated in one domain and using cost/value data advertised in the GVS representation of multiple domains. The paper is organized as follows. In Section 2, we describe related work. In Section 3, wedescribe the GIRRA architecture and its design objectives. In Section 4, we introduce the GVS description model. Section 5 describes the GIRRA security framework, including its trust model and the interfaces for users to access the GLIF resources. The path computation model is presented in Section 6, while Section 7 describes the GIRRA accounting and billing framework. Finally, Section 8 provides a brief discussion and conclusion. 2 Standards and related work 2.1 Network resource managers The GLIF community is an international virtual organization that promotes the paradigm of lambda (lightpath) networking based on circuit-switching. An important objective of GLIF is to enable international network connectivity along with the ability to reserve and provision lightpaths in advance and on the fly across NRENs. Note that individual domains typically employ a NRM to setup dynamic lightpaths between network elements within its purview. Examples of NRMs include Nortel DRAC [3], Phosphorous Harmony [4], ENL NRM [5], and DICE IDC [6]. Since these technologies have been developed independently of each other, several efforts are currently underway to enable interoperability between these NRMs. These efforts mainly entail the development of software wrappers between NRMs. While successful demonstrations of interoperability have taken place [7, 8, 38, 39], especially in contexts where scalability has not been critical, it is generally recognized that new control and management mechanisms are needed for dynamic provisioning of global lightpaths [9, 10, 36]. 2.2 Network resource information models Information models have been around for years. Existing models include the Common Information Model [11] that provides an object-oriented schema for different devices but does not have a schema that represents some of the DWDM gear in a GLIF environment. The authors of [12] developed the Network Description Language (NDL) which is a modular set of schemas based on the Resource Description Format mainly to describe networks. This functional model is based on International Telecommunication Union (ITU) G.805 [13] with the addition of capability information. The use of NDL to represent the complex multi-layered GLIF resources has been demonstrated for the creation of a single-layer interdomain lightpath [14, 15]. This effort is now going through standardization in a new OGF working group called Network 726 Ann. Telecommun. (2010) 65: Markup Language working group (NML wg) [17]. The Stitching Framework [18] also developed an object oriented data model for inter-domain path computation. GIRRA will also build upon the efforts of the NDL team, and the work of the NML working group with a nuance of modeling a GVS, which has capabilities that are mapped from an entire domain or GOLE. A similar schema will be used to represent the GVS as the NDL representation of single physical devices. 2.3 Generic network interface and Fenius project The GLIF consortium has been working towards a solution for interoperability between the NRMs mentioned above for several years and recently initiated a releated software development project referred to as Fenius [19]. The Fenius project is developing a single GNI API for experimentation. The purpose of this API is to have a single, agreed upon, user-to-network service agent API that can be translated to any existing single domain APIs (with existing NRMs as described above). GLIF is working closely with the OGF NSI working group [20], which will use the experiences of the GNI API to develop the standard NSI API. The NSI API is between a requester agent and a network service agent, where the requester agent could be either a end-user or another network service agent. 2.4 AA and billing in multi-domain, multi-provider networks The design of a security framework for inter-domain resource provisioning in GLIF-like communities, such as GRID, is still a challenge [21 24, 26]. The heterogeneity of the GRID community is a serious challenge in defining and implementing a uniform and common security model for AA, hence most of the solutions proposed focus on interworking mechanisms between different security infrastructures deployed by the multiple GRID providers. Moreover, the insistence of GRID providers on keeping tight control of the authentication and the authorization data of their users increases the complexity of the inter-working AA models. Outside the GRID community, lightpath provisioning with security features integrated in [25], or interworking with [27, 28], the GMPLS control plane has also been studied. In particular, [25] proposes to enhance the path computation protocol with features for AA of requesters. Most of the GRID solutions for accounting and billing refer to GRIDBanks [29, 30]. GRIDBanks obtain user usage records from the service providers and manage the procedure for billing. The literature provides approaches [31, 32], that propose to use accounting not only to motivate resource contribution, but also to control resource sharing. 2.5 Interdomain multi-layer path computation Path computation is defined as the mechanism that allows computation of optimal paths satisfying a set of user requirements. There are several existing algorithms today for pathfinding, however, not all of them consider multi-layer path computations as required for GLIF-type hybrid networks. With multi-layer paths, technology adaptation must be considered throughout the path finding process as a constraint. Recently, several papers have demonstrated results on the design of mechanisms and protocols for both intra- and interdomain path computations [15, 34]. A comprehensive comparison of different interdomain models for path provisioning appears in [35], and key open issues are outlined, including interdomain topology exchanges, routing, and QoS and reliability of paths, for which no scalable solution yet exists. An important conclusion of [35] is that incorporating precomputation models with PCE-based [33] path computation may result in a scalable solution. Other unique approaches to address the interdomain lightpath problem space include Optical Border Gateway Protocol (OBGP) [37], where it is suggested to utilize the familiar layer 3 BGP framework and apply it to the optical layer for wavelength reachability across multiple domains. In [37], it was proposed that an optical domain is modeled as a distributed Layer 3 switch, controlled by optical BGP. In [40], an alternative to the ITU s UNI/NNI concept is considered to provide a Multi-providor Federation Interface with a focus on policy-based requirements on services. Although a prototype of OBGP has been developed, neither approach has seen wide deployment yet. 3 GIRRA architecture and objectives The proposed GIRRA architecture for automatic interdomain resource provisioning encompasses resource description, abstraction and advertising models, multidomain and multi-layer path computation, interfaces for secure accesses to the resources and for accounting and billing between users and the GLIF network. In the following, we first describe the objectives that have driven our design, and later we describe in detail each of its components as shown in Fig. 2. We emphasize that the principle driving our design has been to reduce and simplify the information exchanged so as to facilitate Ann. Telecommun. (2010) 65: Fig. 2 GIRRA architecture and interfaces interoperability among domains and a scalable path computation process. 3.1 GIRRA objectives In the design of the GIRRA architecture we have the following main objectives. First, we want to introduce a new abstraction model of network domains and GLIF GOLEs that includes not just topology information as traditional models do, but also security and functional capabilities. The key challenge in the design of this model is the abstraction of resource description that provides exhaustive information for path computation with a controlled amount of description data. Our second objective is to develop an advertising model with reduced traffic load for scalable exchange of information between domains. To achieve this objective we rely on the observation that key pieces of information useful for path computation, including functional and security capabilities, are relatively static. Our third objective is about designing an interdomain, multi-layer path computation model that builds upon existing NRM-based solutions. We assume that intra-domain resource reservations will only be conducted via the NRM of a given domain/gole. Inter-domain constraint-based path computations use the (mostly) static, abstracted GVS information, and take into account the authorization profile of users; the required technology adaptation and user request parameters are taken as constraints to determine the path suitable for each request. Our fourth objective is an AA framework that allows secure access to resources according to networkimposed user authentication and path computation policies. Lastly, we want to design an interface for access to the GLIF resources that makes the inter-domain path provisioning mechanism and the number of providers involved transparent to users, while guaranteeing accountability and billing for all t
Recommended
View more...
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks