Upload
molly-davidson
View
213
Download
1
Tags:
Embed Size (px)
Citation preview
Duke University
SDN Approaches and UsesGENI CIO Workshop – July 12, 2012
Duke Network – Current State• Duke’s existing infrastructure has a great deal
of flexibility– Campus core is 20Gbps today (40Gbps soon)– External connectivity is 20Gbps today– Extensive wireless (~3200 802.11n APs) + Wired– Utilizes MPLS/VRF (VPN Routing and Forwarding)
technologies throughout the campus (multi bldg depts, etc)
• More than 65 VPNs operating today, from PCI to e-PHI• Custom firewalls can be deployed for any VRF
– IPS/IDS operating at network Interchange Layer• Inspects traffic in/out of Duke and VRF-to-VRF
Duke Network – Current OperationMCNC
(Commodity + I-2/NLR)
Campus“Backbone”
InterchangeLayer
DukeSharedCluster
ResourcePhysics
Department
Institute for
Genome Sciences &
Policy
Duke Network – Current OperationMCNC
(Commodity + I-2/NLR)
Campus“Backbone”
InterchangeLayer
DukeSharedCluster
ResourcePhysics
Department
CurrentCross-domain
Data Flow
Institute for
Genome Sciences &
Policy
Duke Network – Limitations• VRFs (VPNs) are configured by central IT– We’d like to give scientists more control and
flexibility to create their own private VPNs with their collaborators on the campus network
• IPS/IDS can add latency and complexity– We’d like known (safe) transmissions on campus
to proceed without exhaustive security checks• External “big data” collaborations are the norm– We’d like to enable faster transmissions + more
flexibility to access resources (cycles, storage) outside of Duke (without clogging the core network)
Duke Network – SDN Approach• Leverage existing enterprise infrastructure and
provide a bridge mechanism to enable SDN at the “edge” and take advantage of VRF capabilities where SDN is not yet deployed (in the “core”)– Retain the “rock solid” nature of the production
network, WITHOUT creating a totally separate and independent physical research network
• Extend Exo-GENI access via SDN capabilities• Enable “regular traffic” routes + “HOV/express”
routes with planned points of ingress/egress– Enable scientists to opt-in to SDN connectivity as well
as Exo-GENI capability
Give scientists easy access to virtual slices (network, computation, storage) whether at Duke or beyond
Duke Network – Current OperationMCNC
(Commodity + I-2/NLR)
Campus“Backbone”
InterchangeLayer
DukeSharedCluster
ResourcePhysics
Department
Institute for
Genome Sciences &
Policy
Duke CS – Exo-Geni Research
RENCI’s BreakableExperimental
Network (BEN)
SDN Enabled Only for ExoGENI Research Project in CS, with Direct Connection by-passing Duke
Network
Duke Network – Future OperationMCNC
(Commodity + I-2/NLR)
Campus“Backbone”
InterchangeLayer
DukeSharedCluster
ResourcePhysics
Department
Institute for
Genome Sciences &
Policy
Duke CS – Exo-Geni Research
RENCI’s BreakableExperimental
Network (BEN)
SDN Capability Added to Edge Sites with Know Use Cases:
Physics (DYNES and big data transfers externally), IGSP
(research with ePHI implications)
Duke Network – Future OperationMCNC
(Commodity + I-2/NLR)
Campus“Backbone”
InterchangeLayer
DukeSharedCluster
ResourcePhysics
Department
Institute for
Genome Sciences &
Policy
Duke CS – Exo-Geni Research
RENCI’s BreakableExperimental
Network (BEN)
FutureCross-domain
Data Flow: SDN-Mediated
+ Prepositioned-VRFs to Enable Shortest
Path, bypass Interchange
Pre-positionedVRF Segment
Prepositioned VRFs
• Prepositioned VRFs can be used to connect an SDN edge endpoint with know collaboration sites in the core (non-SDN) network
– Traffic routes around campus interchange layer• Avoids IPS/IDS checks – faster transmission of “big data”
for researchers• Point-to-point routes mean less traffic in the “core” -
benefits other university users
– Benefit to the SDN users: potentially higher bandwidth, lower latency paths
Expressway Links
• Med-/Long-term SDN connections between known (frequently accessed) end-points
– Establishes direct traffic routes • Benefits are even greater than prepositioned VRF
(even more direct), but less scalable since SDN required on both sides and fiber capacity needed between end-points
– Enables ExoGENI experimentation and access to compute, storage and network “slices” beyond Duke to other SDN-enabled sites & ExoGENI racks
Duke Network – Future OperationMCNC
(Commodity + I-2/NLR)
Campus“Backbone”
InterchangeLayer
DukeSharedCluster
ResourcePhysics
Department
Institute for
Genome Sciences &
Policy
Duke CS – Exo-Geni Research
RENCI’s BreakableExperimental
Network (BEN)
FutureExternal
Data Flow: SDN-Mediated“Expressway”
Links: Enable Layer2 Transport and
ExoGENI Resource Access
I-2/ION
External Data Flow
• SDN-enabled edge points can connect through a (pre-established) set of VPNs in the campus core (Layer 3) to reach external destinations
• Where Expressway Links exist and connect to ExoGENI, SDN-enabled edge points can connect via BEN-ExoGENI (Layer 2) to reach external destinations