The EARNEST Foresight Study 2006 - 2007 Results from the EARNEST Technical Study Licia Florio, TERENA [email protected] EARNEST Workshop, Amsterdam, 8

The EARNEST Foresight Study 2006 - 2007

Results from the EARNEST Technical Study

Licia Florio, TERENA

[email protected]

EARNEST Workshop, Amsterdam, 8 May 2007


Agenda

• Technical study– Lower layers preliminary results– Middleware preliminary results

• More details on this part of the study


Technical Study • Transmission technologies

– Equipment evolution, next-generation standards, transmission protocols & fibre provisioning.

• Operations and performance

– End-to-end performance, network management (optical & IP), VPN provisioning & PERT.

• Control plane technologies

– Switching & routing matrices (optical & IP), multicasting, IPvX, QoS provisioning.

• Middleware (new element)

– Authentication and authorisation infrastructures, identity federations and related technologies, mobility, support for network infrastructure, virtual organisations.


Technical Study Panel • Lower layers:

– Lars Fischer (Nordunet) – Transmission– John Graham (Indiana University) - Transmission

Otto Kreiter (DANTE) - Transmission– Gigi Karmous-Edwards (MCNC) - Control Plane (Optical)– Alexander Gall (SWITCH) - Control Plane (IP routing)– Stig Venaas (Uninett) - Control Plane (Multicast)– Dimitra Simeonidou (University of Essex) – Operations &

Performance (Optical)– Luca Deri (University of Pisa/Netikos) - Operations &

Performance (IP)– Simon Leinen (SWITCH) - Operations & Performance (IP)

• Middleware:– Diego Lopez (RedIRIS) - Middleware– Milan Sova (CESNET) - Middleware– Klaas Wierenga (SURFnet) - Middleware (Mobility)


Lower Layers First Results


1. This part of the study was conducted by my colleague,Kevin Meynell

> [email protected]

2. Study conducted via interviews with some major vendors:> So far only router & ethernet switching vendors interviewed.> Some results could different after talking to the network operators

Disclaimer


Lower Layer First Results

• Currently only a few OC-768 (40 Gbps) customers, mostly in oil and gas industries

• Reluctance to upgrade transport network to support 40 Gbps, as expensive (x20 the cost of 4 x 10 GE) and seen as interim step before higher speed standards.

• SUN seem to move away from 40Gbps

• Running into problems with n x 10 Gbps, due to link aggregation and load-balancing performance.

• Cisco, Juniper and Force10 pushing for 100 Gigabit Ethernet standard.

– 100 GE standard expected by 2009, with implementations by 2010.

– Copper standard for 100 GE being considered.


Lower Layers First Results • Routing scalability becoming problematic (again)

– Huge rise in number of hosts, fragmentation of service provider hierarchy, and amount of traffic.

– Global routing table now >200,000 entries, which is causing memory and processing problems (0.5-1 GB memory required).

– Other reasons – more multihoming, traffic engineering, plus IPv6.

– Proposed to split IP addresses into identifiers and locators. [Possible implications for AAA as well]

• Improvements to TCP for sustained high-bandwidth transmissions

• Juniper pushing (G)MPLS, but Cisco less interested


Middleware First Results


Why a middleware sub-study?

• It is not just the current ‘buzzword’ :-) • NRENs mission broader:

– Not only network provisioning, but also services provisioning

• NRENs more involved in middleware developments/deployment over the last years– Federations, eduroam, Grid– TERENA EuroCAMPs

• GEANT2/JRA5 working to create a European middleware framework – All NRENs are moving in the same direction– Not all NRENs move at the same pace

• EARNEST will look at how middleware technologies are expected to evolve in the next couple of years


What is Identity Management?

• Identity Management = IdM =– Giving each user an electronic identity– Set of technologies and policies to

control users’ access to resources


IdM Life CycleRes1


IdM Life CyclebasicAuthN Res1


IdM Life Cycle

basicAuthN

Res1

Res2


IdM Life Cycle

basicAuthN

Res1

Res2

Res1

Res2SSO


IdM Life Cycle

basicAuthN

Res1

Res2

Res1

Res2SSO

Resources…Resources…Resources…


IdM Life CycleRes1

Res2SSO

basicAuthN

Res1

Res2

Federat ion



IdM Life CycleRes1

Res2SSO

basicAuthN

Res1

Res2


Federat ion


Key Federation Technology

• SAML, in particular SAML2.0 – Security Assertion Markup

Language


IdM in the European higher education

• In Europe different technologies used for higher education federations:– Liberty Alliance (ID-FF)

• Norway– Shibboleth (SAML-based)

• UK, Switzerland, Finland, • Under development: Denmark, Italy, Germany

– PAPI• Spain

– A-Select• The Netherlands

• In US:– Mainly Shibboleth

• Many IdM solutions – Interoperability one of the key factors

• SAML (2.0) the way to go


Identity Federation Model

Identity Provider Service Provider

SAML request

SAML response

Trust

redirect


IdM from the vendors perspective

• Identity Management is definitely a big area of interest for vendors

• Different approaches for SSO:– Identity Federations: Liberty Alliance and SUN – User centric Identity model

• Fairly new concept• Implemented by Microsoft and OpenID

– Abstract identity framework (Higgins, IBM)• Close to the usercentric identity

• Some alliances between vendors• Probably to compete/cooperate with Microsoft

• Trust is a big concern for vendors– The user centric approach seems to guarantee

more privacy to the users


User Centric Identity Model

Service Provider

• User = Identity provider – Resource request for user identity information is handled

by the user– Users decide which credentials and other personal

information to present to the resource• In the same way users choose which credit card to use

for payment

Identity Provider

12

3


Middleware Sub-Study Preliminary Findings

• IBM and Microsoft seem to be working on the same track

• OpenId has announced cooperation with Microsoft– It seems like something will appear on the

market in the next ~6 months• Shibboleth developers are also talking to Microsoft• It is likely that there will be two major tracks:

– User-centric identity model – SAML2-based IdM federations

• How will these two approaches evolve?


Middleware Sub-Study Preliminary Findings

• Grid – Sufficient interest from vendors in what is

happening in the ‘Grid space’• The new user-centric model might fit Grid

requirements, but no concrete plans in this direction

• Middleware to support lightpaths– Middleware can be used, for instance, to create

lightpaths– Different lightpaths for different users


Conclusions

• Some interviews to be finalised on the control-plane and performances side

• A report will contain all the findings on the technical study– Initial report is expected to be available

in July 2007

Documents

The EARNEST Foresight Study 2006 - 2007 Results from the EARNEST Technical Study Licia Florio, TERENA [email protected] EARNEST Workshop, Amsterdam, 8