GN3+ SA3T3 / Multi-Domain-VPN service: Collaboration of NREN’s NOC 10 th TF NOC meeting (Cambridge) – Friday, 21 March 2014 Xavier Jeannin / RENATER, SA3T3 Task Leader Miguel Angel Sotos / RedIRIS Bojan Jakovljevic / AMRES
Agenda What is MDVPN? Status of MD-VPN deployment Role of the NOCs MD-VPN operation model VPN Provisioning Monitoring Troubleshooting Conclusions on MDVPN operation 2 Connect | Communicate | Collaborate
What is MD-VPN? 1/3 A joint service provided by GEANT and NRENs Extending the original IP cooperation between GEANT, NRENs and regional networks to deliver new services – Share the same cooperation model used for traditional IP traffic exchange NREN NOC collaboration required http://keenetrial.com/ MD-VPN creates a baseline transport infrastructure for a bundle of data transmission services “Umbrella” for P2P or multipoint transmission – Multi-domain networking – Layer3 or Layer2 VPNs spanned over several domains http://www.broadband4europe.com/ 3 Connect | Communicate | Collaborate
What is MD-VPN? 2/3 VPN1 PE VPN2 SDP VPN1 Configure SDP ABR only at edge PE RR VPN2 SSP PE SDP ABR RR NREN B ABR NREN A PE VPN1 SSP ABR SDP SDP VPN3 PE PE SSP NREN E VPN multiplexing PE SSP VPN PE proxy (non MPLS) - PE Configure only once SDP GEANT PE PE VPN2 SSP ABR VPN1 Regional SDP PE NREN C Network RR VPN2 RR ABR PE VPN provider ABR SSP PE PE VPN provider and SDP SDP VPN transport provider VPN3 SDP VPN2 VPN3 VPN transport provider 4 Connect | Communicate | Collaborate
Added value for end-users Safe infrastructure Dedicated virtual network No firewall needed – No additional transmission delay (DPI) – High performance Safe Inter-university Research and Educational Network (S.I.R.E.N) Site A Site B Site C 5 Connect | Communicate | Collaborate
MD-VPN status Deployment phase Multi-domain operation validation (4th quarter 2013 – end of 1st quarter 2014) Technical Pilot Phase Setting-up GEANT pilot (1st quarter 2014) Pilot generalization phase (2nd and 3rd quarter 2014) Adding MD-VPN service to GEANT portfolio end of GN3 plus • A first scientist project XiFi XIFI is a project of the European Public-Private-Partnership on Future Internet 6 Connect | Communicate | Collaborate
MD-VPN status the 20th Febr. 2014 Current pilot running on production infrastructure NREN currently connected DeiC SUnet FUnet NREN nearly connected Active XiFi L3VPN Litnet Future XiFi L3VPN XiFi TSSG PSNC NORDUnet HEAnet VPN Route reflector GEANT CESNET FCCN AMRES RedIRIS DFN RENATER GARR XiFi XiFi Berlin Sevilla XiFi XiFi XiFi Malaga Trento Lannion 7 Connect | Communicate | Collaborate
MD-VPN operation model VPN Provisioning Monitoring Day-to-day monitoring Statistics Monitoring Troubleshooting Ensure OLA commitment are achieved 8 Connect | Communicate | Collaborate
MDVPN Provisioning Process workflow Central information * DANTE can play the role of the Initiator hosted within DANTE: NREN • VPN Name MD-VPN • VPN type database • RT, 3 I want • RENs involved Authoritative L3VPN • PE used 6 ASTRO • Technical contact list End user * Initiator 5 1 NREN 4 List creation Service Order validate or Service Order: not via VPN-ASTRO- 2 L3VPN ASTRO providers@MDVPN... RT 2200:001 2 6 DANTE NREN 2 NREN NREN NREN + Users NREN VPN implemenation Involved Email List Email List announced via VPN- VPN-ASTRO- VPN-ASTRO- NREN ASTRO- providers@MDV operation@MDVPN.d operation@MDVPN... PN.dante.net ante.net NREN : • Checks with their own users 6 • Implements the VPN Feedbacks to the user 6 6 requester End users 9 Connect | Communicate | Collaborate
What to monitor? Monitoring is decentralized: SDPs (DANTE and NRENs) SSPs (DANTE and NRENs) VPN Route Reflector (VR) (DANTE) VPN-Proxy (DANTE) Peerings to be monitored 10 Connect | Communicate | Collaborate
MD-VPN monitoring plan for NG3plus • SSP monitored by GEANT • PE availability • MD-VPN Looking Glass • Prospective: SDP, User VPN monitoring a L3VN is deployed on all PEs and ASBRs NREN collaboration on monitoring A loopback is put into this L3VPN and pinged in order to check if ASBR or PE is alive and the service up 11 Connect | Communicate | Collaborate
MD-VPN troubleshooting 1. DANTE will take care of its own MD-VPN features • VPN transport service (Carrier of Carrier) • VPN Route Reflector • VPN Proxy 2. Escalation process will be the same process as for IP service • The MDSD coordinates the troubleshooting NRENs • NRENs appeals to DANTE if they cannot fix the pb • NREN coordinates the troubleshooting of their Regional Network • Regional Networks appeals to its NRENs if they cannot fix the pb 12 Connect | Communicate | Collaborate
support to NRENs: coordination task Key points Information related to the VPN – VPN database (NREN involved in the VPN, Route Target, …) Information channel – Between network providers – Between network provider and users Make available email list tools that allow NREN to set-up their VPN list – VPN-ASTRO-providers@dante.net – VPN-ASTRO-operation@dante.net Feedback to the end users 13 Connect | Communicate | Collaborate
Conclusions on MDVPN operation Next step: Database model and Operation cookbook Collaboration around the operational model Dissemination toward NREN’s NOC Prospective Improve MDVPN operation Monitoring Advanced MDVPN 14 Connect | Communicate | Collaborate
Connect | Communicate | Collaborate www.geant.net www.twitter.com/GEANTnews | www.facebook.com/GEANTnetwork | www.youtube.com/GEANTtv 15 Connect | Communicate | Collaborate
Recommend
More recommend
