The OGF Network Services Interface Framework

NORDUnetNordic infrastructure for Research & Education

The OGF Network Services Interface

FrameworkAn Overview, Status, and Futures

Presented to:OGF 35

June 17-19, 2012Delft, NL

Jerry SobieskiDirector., Int’l Research Initiatives

NORDUnet

NORDUnetNordic infrastructure for Research & Education What is NSI?

• NSI := “Network Services Interface”• It is intended to provide a single ubiquitous means for users,

world wide, to dynamically manage network connection services.

• The OGF NSI standards work has generated two documents so far:– The NSI Framework document – describes the high level abstracted

notions of the NSI environment– The NSI Connection Service Protocol – describes the functional

primitives that control point to point connections through their lifecycle.• This presentation will provide some technical details, current

status, futures,…• ..And we’ll close with some thoughts about NSI relevance, the

standards process, and how we gain momentum through OGF

NORDUnetNordic infrastructure for Research & Education What is “NSI””

• NSI is an architecture for inter-domain, automated, network connection provisioning.

• It defines an abstract model of a network “Connection” • It specifies a very simple and generic multi-domain

“Topology” model over which Connections are established • It defines an automated “Network Service Agent” (NSA)

that represent each service domain in the topology• It defines a simple high level protocol between NSAs that

manages a connection over its lifetime.

Network A

STPA.1

STPA.2 Network

B

STPB.1

STPB.2

Network C

STPC.1

STPC.2Connections

Topology

Network Service Agents

NSA NSA NSA

NSI ProtocolIngress “A”

Egress Z”

TransportSection

AccessAccess


Domain C

Overview of NSI Architecture

NSI protocol

A

E

C

D

D E

B

A

Requesting Agent (RA)

Network Resource Manager

Provider Agent (PA)

NRM

Network Services Interface

NSA

Network Services Agents

NSA

User’s NSI Requesting Agent (RA)


• Several other basic NSI objects include:– The Service Termination Point (STP)– The Service Demarcation Point (SDP) – The intra-domain Network Resource Manager (NRM)

Basic NSI Objects (2)

NRM

NSA

NSA

Network “Aruba”

A

C

B

“Service TerminationPoints” Network

“Bonaire”D

“Service Demarcation Point”

E

Network Resource Manager

NORDUnetNordic infrastructure for Research & Education An “Inter-Domain” Model

• NSI Framework describes a high level functionality that occurs across and between network service domains – not inside those domains.– It leaves intra-domain technical details to local engineers and

automated tools.• The NSI Framework is technology agnostic.

– It does not expect or require specific transport or switching technologies in the underlying infrastructure.

– It leaves intra-domain technical details to local engineers and automated tools.

• It is secure by design; – Authentication and Authorization at two levels is performed at every

domain boundary for every NSI service request.

• NSI is therefore well suited to multi-domain, multi-technology, and/or multi-layer network services.


NSI Connection Service Protocol

• The NSI Connection Service (NSI-CS) is the first protocol defined under the NSI Framework

• NSI-CS Primitives: – Reserve, Provision, Release, Terminate, and

Query.• Supports both “chain” signaling and novel “tree”

signaling• Allows users to schedule connections in advance.• Allows service providers to refine common service

specifications without modifying the protocol standard itself.


reserving

provisioning

releasing

terminating

released

In-service

scheduled

NSI CS Protocol

RA PAResv.rq

Resv.cf

Prov.rq

Prov.cf

Rel.rq

Rel.cf

Term.rq

Term.cf

• The CS protocol is a “request/response” protocol:– Requesting Agents issue primitive

“requests” from RA to PA,– Provider Agents issue a corresponding

“response” (confirmed or fail) from PA to RA.

– Each NSA manages a state table associated with each Connections it has serviced.

• The CS protocol is designed to provide consistent life cycle state transitions for all NSI connections regardless of how they are segmented or processed across multiple networks

NORDUnetNordic infrastructure for Research & Education NSI “Segmentation”

• It is the responsibility of each NSA to examine a Reservation Request and to choose a domain level path for the requested connection.

• …and then to decompose the path into a set of “segments” that can be either – a) delegated to other NSAs (e.g. to reserve a portion of the path

across one or more foreign domains), or – b) delegated internally to the local NRM.

• Such path selection and segmentation can be performed recursively in two modes: – Conventional “Chain” provisioning in a sequential hop by hop

fashion– Or a novel “Tree” process where the segments are reserved directly

with downstream NSAs.


NSI Connection Segmentation

Ingress Service Termination Point

“A”

Egress Service Termination Point

“J”

TransportAccessAccess

Ingress STP“K”

Egress STP“Z”

TransportAccessAccess

TransportSegment 2

K ZA J

TransportSegment 1

Access

J==KA>J K>Z

Access

A>J

STP ASTP J STP K

STP Z

K>Z J==K

“Bonaire” “Aruba”

A

B

J K

Y

Z

NORDUnetNordic infrastructure for Research & EducationConnection Request Processing

PA1

23

45

61 2 3

456

RA PAPA A

B C D

M

B C D

A B C D

Conventional hop-by-hop “Chain” model

Novel “Tree” model allows user path selection

A Z

A Z

A Z

12 3

45

6 Hybrid processing that mixes tree and chain allows for 3rd party requests, federations of networks, etc.


Tree model

Chain model

The NSI “Service Tree”

3 4

56

1

2

A

B C D

7

8

Tree model

Chain model

The process of decomposition and segmentation defines the NSI “Service Tree”

uRA – “ultimate Requesting Agent”, or user

Aggregator NSAs – do PF and segmentation

Leaf NSAs – Interface to local NRMs for actual data plane control.

NORDUnetNordic infrastructure for Research & Education Putting it all together…

RM RM

NSA

RM

NSANSA

NSAAppl

RA PA

The user application

NORDUnetNordic infrastructure for Research & Education NSI Road Map

• OGF NSI-CS version 1.1 is capped:– Basic Framework– Basic primitives– Security – Basic NSI Topology – Hard coded service definition– Web Service implementation

• The WSDL can be found at:http://code.google.com/p/ogf-nsi-project/source/checkout

http://code.google.com/p/ogf-nsi-project/source/checkout

http://code.google.com/p/ogf-nsi-project/source/checkout

NORDUnetNordic infrastructure for Research & Education NSI Road Map

NSI v2.0 feature set drafted at OGF34 OxfordFeatures to be refined at OGF35 Delft

– Formal Authorization/Security Profile

– NSI & NML topology convergence

– Dynamic inter-domain topology discovery and update

– Compact enumeration of STPs, SDPs, etc.

– Common Service Definitions– Versioning– Simplified State Machine

– Enhanced Error handling and state processing

– More powerful Connection endpoint semantics

– Control plane topology– Simplified Client (RA)

requirements– Firewall/NAT interoperability– Uni-directional

STPs/connections– ERO style route pinning


NSI-CS Development Road Map

• OGF NSI-CS version 1.1 is in field test now in the Automated GOLE testbed Sep 2011: First NSI CS Interop Plugfest – GLIF 2011 Rio de Janeiro, BR Oct 2011: First NSI Transport Provisioning Future Internet Assembly 2011

Poznan, PL Nov 2011: Global NSI / AutoGOLE Demonstration Supercomputing 2011

Seattle, US

• OGF NSI-CS version 2.0 V2.0 Feature set identified: Mar 2012– Draft NSI-CS v2.0 document target: Jul 2012– V2.0 Alpha test/interop Oct 2012 OGF/GLIF Workshop, Chicago– V2.0 Beta testing/[alpha] production service demo: Nov 2012, SC2012 Salt

Lake City– NSI-CS V2.1 / Errata document target: Dec 2012– Production Service deployments: EoY 2012


NSI Software Implementations

• Software Implementations– OpenNSA – NORDUnet (Copenhagen, DK)– OpenDRAC – SURFnet (Amsterdam, NL)– G-LAMBDA-A - AIST (Tsukuba, JP)– G-LAMBDA-K – KDDI Labs (Fujimino, JP) – AutoBAHN – GEANT (Poznan, PL)– DynamicKL – KISTI (Daejeon, KR)– OSCARS is expected 2012-Q3/Q4

• Hardware/NRMs covered:– Juniper / “JunOS” : L2 & MPLS provisioning - OpenNSA – Brocade: L2 switching - AutoBAHN, OpenNSA– Ciena (Nortel) SDH & L2 switching – OpenDRAC– Dell L2: G-LAMBDA-A– NTT optical: G-LAMBDA-A– Force10: L2 switching – OpenNSA – Argia: L2 Switching - OpenNSA– Ciena NMS – DRAC (TBD)

NORDUnetNordic infrastructure for Research & Education Field Testing NSI v1.1

• Testing of NSI has proceeded in three stages:– Initial Lab testing by respective developers for self consistency

and hardware functionality– “GLIF Plugfest” interoperability testing to prove inter-operability

between implementations.• Plugfest Rio – GLIF fall 2011 in Rio de Janiero• Plugfest Windy City – GLIF fall 2012 in Chicago

– Then field deployment in the GLIF Automated GOLE global fabric

– NSI is being heavily and continually tested via the AutoGOLE testbed. This is good for protocol, good for applications to begin integration on a global basis, and good for NSI visibility beyond just OGF.


The Automated GOLE Fabric

USLHCnet

PSNC

JGN-XMANLAN

NetherLight

CernUvACzechLight

KRLight

AIST

KDDI Labs

StarLight

ESnet

Cal Tech

GLORIAD

GEANTACE

Nordunet

The GLIF Automated GOLE Pilot was initiated in 2010 to provide a global fabric of Open Lightpath Exchanges for the specific purpose of maturing the dynamic provisioning software and services, demonstrating the value and viability of GOLEs to advanced network service models, and to develop a set of BCP for these services.

NORDUnetNordic infrastructure for Research & Education AUTOMATED GOLE + NSI

DEMO NETWORK 2012-04-23

Pionier.etsPoznan

AutoBAHNStarLight.etsChicago

OpenNSA/Argia

GEANT.etsParisAutoBAHN

NorthernLight.etsCopenhagenOpenNSA

AIST.etsTsukubaG-LAMBDA-A

NSI Networks (“A”=Aggregator)NSI peerings (SDPs) unless otherwise indicated these are vlans 1780-1783

KRLight.etsDaejeonDynamicKL

KDDI-Labs.etsFujiminoG-LAMBDA-K

ACE

KRLight

JGN-XPionier

GEANT

JGNX.etsTokyo

G-LAMBDA-K

CzechLight.etsPragueOpenDRAC

ESnet.etsChicagoOSCARS

UvALight.etsUniversity of

Ams.OpenNSA

CESNET

GLORIAD.etsChicago

OpenNSA

NetherLight.etsAmsterdamOpenDRACUS LHCnet

NORDUnet + SURFnet

A

A

A A

A

A

A

A

GLORIAD

A

WIX.etsWashingtonOpenNSA

NSI Control plane peerings without data plane connections (in progress)


Initial monitoring & visualization

“Automated Earth” viz(Takatoshi Ikeda, KDDI-Labs)

“NSI Monitor” viz(Tomohiro Kudoh, AIST)

NORDUnetNordic infrastructure for Research & Education Pointers

• Visualization• AIST Java status monitor:

http://163.220.30.174:8070/monitor.jnlp• KDDI Labs Google earth plugin:

http://kote-ps-1.ps.jgn-x.jp/ps/autoearth-nsi/• KDDI Labs Google earth kml:

http://kote-ps-1.ps.jgn-x.jp/ps/autoearth-nsiAutoMAP.kml

http://163.220.30.174:8070/monitor.jnlp

http://kote-ps-1.ps.jgn-x.jp/ps/autoearth-nsi/

http://kote-ps-1.ps.jgn-x.jp/ps/autoearth-nsi/AutoMAP.kml

http://kote-ps-1.ps.jgn-x.jp/ps/autoearth-nsi/AutoMAP.kml

NORDUnetNordic infrastructure for Research & Education Production NSI Services

• NSI v2.0 is targeted for production deployment:– NORDUnet plans a production NSI based service in CY2013-Q1– SURFnet plans a production NSI based service in CY2013-Q1– StarLight plans a production NSI based service in CY2013-Q1– Pionier plans a production NSI based service in CY2013-Q1– …the list is growing

• In parallel with protocol development, the NSI community are developing operations and administrative tools– NOC Query and manage local service segments– Logging and accounting– End to end performance verification and debugging tools

• NSI protocols are evolving and maturing very rapidly – now need to address service definitions and engineering plans

• Applications:• NEXPRES – EVLBI (currently testing from OSO to JIVE) • CO-Universe – HD video• LHCONE – HEP (a proof of concept for GOLE architecture)• Others in works (under the radar)…


• There have been a number of efforts over the last 15-20 years to make dynamic network connection oriented services an integral part of high performance networks:

• DRAGON, FENIUS, AutoBAHN, IDCP, UCLP, GLAMBDA, Frederica, OSCARS, DRAC, MANTICORE, Phosphorus, O-BGP, HOPI, …

• ITU Q931, Q2764 and ATM Forum Q-2931 signaling, G.709, ASON,• IETF RSVP, RSVP-TE, and GMPLS signaling and routing protocols• IEEE 802.3, 802.1Q, .1ad, .1ah, …• MPLS*, ATM, SONET/SDH, MEF, Lambda switching,…

• These have all made progress, but none took root…• Wide skepticism of non-IP services • Many interesting but non-interoperable and incomplete service models. • Not Invented Here syndrome• Issues such as inter-domain topology management were “known to be”

intractable • AAI, end-to-end performance guarantees, scheduling, etc were poorly

understood in a multi-domain, multi-service, heterogeneous environment.

We’ve been here before…

NORDUnetNordic infrastructure for Research & Education Why NSI? Why now?

• NSI does not try to boil the ocean (!)– Presents a simple inter-domain connection provisioning model, – It will grow incrementally in both global reach and sophistication

over time…

• NSI takes a Global perspective to Connection Services - the service architecture must be scalable:– Automated agents perform the resource management – no man-

in-the-middle of these processes– Inter-domain (multi-domain) approach is necessary for global

reach – Must be secure to be globally viable in the 21st century– Must respect local network autonomy– Must separate the protocols from technology to allow for wide

diversity of infrastructure and longevity of the framework concepts

NORDUnetNordic infrastructure for Research & Education NSI in a Virtual SDN world

• “Networks” still have two key components:– Switching & forwarding Nodes – e.g. routers and switches– And transport Links that connect the Nodes.

• In real world, every virtual network layer is constructed upon a virtual layer below it…– To assume otherwise is not realistic in current networks

• Software Defined Networking relies upon the basic nodes and links model as much as ever…

• NSI builds those links– Predictable, reliable transport performance between nodes– Common provisioning framework across domains enables global links between SDN

nodes– NSI is a control plane tool - it coexists with and adapts to new data plane technologies. – NSI has addressed the reality of real world multi-domain network switching and

forwarding technologies. (AAI, security and privacy, autonomy, heterogeneity of infrastructure, topology integration, etc.)

• NSI is complementary to and is an enabling tool for emerging technologies such as OpenFlow, GENI, etc.


• NSI represents an open and consensus driven approach to inter-domain provisioning of LightPath (Connection) services– It is an Open standard – anyone [who is well informed] can participate in the

discussion/specification– Consensus standards create “buy-in” – i.e. when everyone has had a voice in its

specification, and understands its inner workings, everyone is willing to adopt it and deploy it.

• The NSI Working Group has actively courted wide participation – We have invited key organizations to particiapte– We have tried to keep the broader community informed of progress – We have invested substantial effort into showing tangible progress and

presenting high visibility demonstrations of the resulting OGF NSI standard

• NSI represents the best opportunity in 20+ years to see a single common control architecture deployed globally to provide network performance guarantees.– Wide scale deployment within the R&E community– Commercial adoption and Vendor support for the OGF NSI Standard

Why is NSI different

NORDUnetNordic infrastructure for Research & Education OGF NSI Working Group

• The OGF NSI WG is an Open working group • This means if you have ideas you would like to see incorporated

into the NSI framework and/or protocols, please get active in the process:

• Contact one of the active WG members and pick their brain• Join the mailing list, lurk, read the literature, and get up to

speed, then join the calls…• Contribute – ask, comment, propose…help us sort thru the

issues to achieve clarity within the group and consensus within the broader community

Thank You!

Documents

The OGF Network Services Interface Framework