Embed Size (px)
Citation preview
July 2014
NOAA External Network Connectivity
Goals• Meet TIC requirements, including traffic symmetry.
• Maintain resiliency and avoid single points of failure.
• Maintain the ability to scale, grow, and change.
• Ensure efficient utilization of network circuits and resources.
• Provide cost-effective solutions for both smaller and larger NOAA offices.
Traffic Symmetry Solutions
• A given office or location connects to all external resources and the Internet through a single TIC stack.
• Simplest solution.• Poor availability due to outages and routine maintenance.• Difficulty growing and scaling.
• A given office or location maintains connections to multiple TIC sites, but only one may be in use at any given time.
• “Warm spare” concept; backup pipe is unused until primary breaks.• Inefficient use of resources; expensive.• Difficult to ensure backup will always work properly when needed.
• An office or location connects via an entity that controls traffic routing on both sides of the TIC stacks, ensuring symmetry.
• High availability; automatically resilient under failures.• Easy to scale and add additional connections.• Efficient use of resources; allows load-balancing.
WEB PROXY
CONTENT FILTERING
PACKET FILTERING
NCPS MONITORING
internal
Internet Provider A
Internet2Regional Provider
Internet Provider B
Other External
internal
Seattle Boulder Ft. Worth S. Spring
Without X-Wave, Internet2 independently chooses it’s own best path back to the NOAA customer, breaking symmetry.
WEB PROXY
CONTENT FILTERING
PACKET FILTERING
NCPS MONITORING
internal
Internet Provider A
Internet2Regional Provider
Internet Provider B
Other External
X-Wave
internal
Seattle Boulder Ft. Worth S. Spring
Internet VRF B
Internet VRF A
Preferred path is via Seattle
Preferred path is via Seattle
With X-Wave, Internet2 chooses it’s own best path back to X-Wave, and X-Wave sends it to the correct symmetric return TIC site.
• Initial TICAPs established • All external (e.g., non-Fed) traffic must route through one of these sites
McLean, VA
Dallas, TX
Denver, CO
Honolulu, HI
Seattle, WA
Approved NOAA TICAPNOAA Multi-agency TICAP
NOAA TIC Architecture
NOAA TIC Architecture (2)
• NOAA’s current networks (N-Wave, OPSnet, etc.) will continue to provide internal enterprise connectivity to NOAA sites
• NOAA will continue to leverage commercial and R&E partners for continued access via TIC sites
• NOAA will use N-Wave where applicable to support TICAP transport
• NOAA is pursuing a new, external peering network: X-Wave
NOAA TIC Architecture (3)
NOAA will use N-Wave where applicable to support TICAP transport
N-Wave National Network 2014
WEB PROXY
CONTENT FILTERING
PACKET FILTERING
NCPS MONITORING
McLean
internalinternal
NOAA Interim TIC Architecture
Denver
ISPs, FRGP ISPs, MAX
Sand Pt Boulder SSMC
ISPs, UH, HIX
Honolulu
Se
ISPs, PNWG
Seattle
Ft Worth
ISPs, LEARN
Dallas
X-Wave
• Provide a peering infrastructure for network redundancy and failover between TICAP sites
• Enforce symmetrical IP traffic routing through the TIC
• Consolidate and share ISP connections and R&E network connectivity
• External networks can land in X-Wave, for routing to NOAA via TIC
• X-Wave can provide locations for Science DMZs and low-risk public data delivery
Typical Science DMZ
border routers
Internet
aggregation routers
TIC Firewalls/IPS
X-Wave
N-Wave
Other NOAA
TICAPs
Remote NOAA Field
Offices
GigaMon
Science DMZ switch/router
NOAA Campus
TIC Monitoring Einstein IDS etc
PerfSonarPerfSonarVirtual Machines
Data Transfer Nodes Globus/GridFTP HTTP LDM etc
Legend
Switch/RouterServer/Appliance
10 GE40 GE
SPAN/Mirror
PerfSonar
Storage
Internet Provider A
Internet2Regional Provider
Internet Provider B Other
External
X-Wave
WEB PROXY
CONTENT FILTERING
PACKET FILTERING
NCPS MONITORING
internalinternal
Denver
Se
SeattleDallas
Sand Pt SSMCBoulder Ft Worth
HonoluluMcLean
IRC
Thank You
Questions?
Alex HsiaX-Wave Network Architect
