The Evolution of Internet2: 1996-2010

Douglas Van Houweling

CEO, Internet2

May 2010

TERENA

1996: The Internet2 “Project”

• 34 research university CIOs• Commit $25,000 annual membership, $1M annual institutional investment

• Required to fill the vacuum left when NSFNet project terminated

• A project of EDUCOM• Used the National Science Foundation vBNS for connectivity

1997: The University Corporation for Advanced Internet Development

• Home to the Internet2 project• Approximately 100 members• Corporations and laboratories added

• NSF High Performance Connections Program

• Quality of Service -- QBone• International collaboration • Applications support

I2 InterconnectCloud

GigaPoPOne

GigaPoPFour

GigaPoPTwo

GigaPoPThree

“Gigabit capacity point of presence” anaggregation point for regional connectivity

Internet2 Network Architecture

I2 InterconnectCloud

GigaPoPs, cont.

GigaPoPOne

University A

University B University C

Regional NetworkCommodityInternetConnections

1998: Abilene

• April White House announcement with VP Gore

• Partnership with Qwest, Nortel & Cisco

• 2.5 Gb national reach• Connects regional networks and universities

• NSF High Performance Connections Program

1999: Middleware, Network Performance & Growth

• Middleware• Early Harvest workshop• Trusted multi-institutional authentication

• End-to-end performance initiative

• 24 International MOUs• 249 Members

2000-1: Beyond the University

• Sponsored Network Access• Schools and small colleges• Libraries• Museums and concert halls

• The Quilt• Arts & Humanities Initiative• Health Sciences Initiative• National Laboratories

2002-7 Optical Networking

• FiberCo• National LambdaRail• Abilene -> 10 Gb• Hybrid Optical and Packet Infrastructure (HOPI) Initiative

• The New Internet2 Network• ESNet Partnership

2002-9 Middleware Invention -> Deployment

• Middleware Workshops• OpenSAML• Shibboleth• InCommon Federation• Signet Privilege Management• Grouper Group Management• InCommon Steering Committee

2006-8 Reformed Governance, Membership, and Strategy

• Community divided between Internet2 and National LambdaRail• Merger unsuccessful

• Internet2 response• Include regional network members• Democratize and expand governance structure

• Community-based strategic plan

2009-10 New National Focus

• The FCC National Broadband Plan• “Anchor institution” networking market failure

• Build on higher ed networking experience

• The Department of Commerce Broadband Technology Opportunities Program• Regional network projects• Internet2/NLR/Northern Tier US UCAN Proposal

What Have We Learned?

• Stay at the leading edge• Late to optical networking

• Build trust• A consortium, not a corporation

• Focus on community needs• What members can’t do for themselves

• Never stop changing

The Internet2 Research and Development Agenda for 2010: The Year of End to End

Deployment

Randall Frank

Chief Technology Officer, Internet2

May 2010

TERENA

Being Honest With Ourselves

• Lots of great advanced technology out there deployed in pockets

• Great at custom demos that show off incredible bandwidth, high quality video, seemless authentication, …

• Not so great at making this all available to normal end users at their desks

• Users often need to become network experts to make all of this work

Example Technologies

• High performance networking (reserved bandwidth, predictable QoS)

• Performance monitoring• Federated Authentication (InCommon)

What’s missing?

• Predictable deployment in a large scale end to end environment

• Technologies that work across the incredible diversity of networking infrastructures that are present within the R&E community

• Troubleshooting tools that enable end user to know what to do when things don’t work

2010: Concerted Effort to Move from Demos to Production• Previous model: we did our work in the network core, now if only campuses and regionals would do their part…

• New model: joint effort to make technology work end to end

• Work with campuses and regionals to develop plans for funding and deployment

High Performance Networking

• Goal: allow research users access to predictable high performance/high bandwidth flows

• Allow network be better handle needs of research users by capacity reservation

Some Experiments didn’t have right scaling/deployment characteristics

• Implemented separate circuit based network for reserved capacity• Required separate interface(s) for downstream networks

• Didn’t integrate into financial or operational model, not financially viable given current funding models

• Didn’t deal with campus/regional issues• Physical vs. virtualized services• Required users to become network experts

Best effortIP

IP MPLS w/Res’v b/w

Layer 2 frameOver MPLS

DCN Control Plane

Domain Controller

Network 1

IDC

Domain Controller

Network 2

IDC

User Request/IDC Response

IDC to IDC communication

Domain Controller

Network 3

IDC

IDC to IDC communication

Performance Measurement

• Perfsonar• Widely adopted framework for exchange of network measurement data

• Joint development of ESNET, Internet2, GEANT2, RNP and others

• Goal: allows users world-wide to obtain data on end-end performance of a network path

Successes

• Gaining widespread acceptance across diverse networks and communities

• Extensive deployment within some networks (e.g., ESNET)

Limitations

• Not ubiquitous – users can’t rely on available of data collection points

• Implementation somewhat complex• Lack of standard, low cost deployment devices

• Authorization environment still lags

• End user friendly analysis tools

2010 Goals

• Low cost deployment kits• Work with (virtual) communities to spur deployment

• Partner with other orgs that have specialized expertise (Gloriad, IRNC funded circuits)

• Work with vendors to build Perfsonar collection into network devices

Authentication

• Shiboleth: international R&E standard for federated authentication• Each campus continues to use local authentication environment

• SAML based• Allow inter-campus trust (within federation) of other campus authentication assertions

• InCommon: US Federation, 300+ campuses

US-wide certificate service

• Based heavily on TERENA program with COMODO (Thank you!)

• Campuses sign-up directly with InCommon for fixed annual fee

• Summer 2010 SSL certificates• Fall 2010 user (signing and encryption) certificates

• Campuses choice in COMODO GUI (CCM) or API development

Goals for 2010

• “productize” InCommon Federation in US

• Gain acceptance outside of R&E for R&E authentication• US Federal government acceptance of InCommon for US Gov’t authentication of academic users

• Eduroam testing in US• Expansion of services using Shib• Today primarily web based authentication• Deployment within other API services (e.g., Perfsonar)

Thank You