April 10, 2023
Internet2: CCIRN reports3 July 2004
Internet2 E2E piPEs
Project: End-to-End Performance Initiative Performance Environment System (E2E piPEs)
Approach: Collaborative project combining the best work of many organizations, including DANTE/GEANT, Daresbury, EGEE, GGF NMWG, NLANR/DAST, UCL, Georgia Tech, etc.
NSF-sponsored workshop: http://e2epi.internet2.edu/WK03/index.html
piPEs
Enable end-users & network operators to:• determine E2E performance capabilities• locate E2E problems• contact the right person to get an E2E problem resolved.
Enable remote initiation of partial path performance tests
Make partial path performance data publicly available
Interoperable with other performance measurement frameworks
Measurement Infrastructure Components
Database ofPerformance
Results
Server Server
Regularly Scheduled Tests
Router Router
On-Demand Tests
Laptop computer
TestResults Test
Results
TestResults
TestRequest
ResultRequest
End-to-End Path
Project Phases
Phase 1: Tool Beacons• BWCTL (Complete), http://e2epi.internet2.edu/bwctl• OWAMP (Complete), http://e2epi.internet2.edu/owamp• NDT (Complete), http://e2epi.internet2.edu/ndt
Phase 2: Measurement Domain Support• General Measurement Infrastructure (Prototype)• Abilene Measurement Infrastructure Deployment (Complete),
http://abilene.internet2.edu/observatory
Phase 3: Federation Support• AA (Prototype – optional AES key, policy file, limits file)• Discovery (Measurement Nodes, Databases) (Prototype –
nearest NDT server, web page)• Test Request/Response Schema Support (Prototype – GGF
NMWG Schema)
piPEs Deployment
Italy
Poland
Israel
In ProgressAbileneUS Govt. Labs
US UniversitiesGEANTAPAN
American / European Collaboration Goals
Awareness of ongoing Measurement Framework Efforts / Sharing of Ideas (Good / Not Sufficient)
Interoperable Measurement Frameworks (Minimum)• Common means of data extraction
• Partial path analysis possible along transatlantic paths
Open Source Shared Development (Possibility, In Whole or In Part)
End-to-end partial path analysis for transatlantic research communities• VLBI: Haystack, Mass. Onsala, Sweden • HENP: Caltech, Calif. CERN, Switzerland
Other ongoing collaborations
US networks: under aegis of JET• Abilene – ESnet deployment already• Coordination/deployments for key user communities
APAN deployment• Tokyo, Fukuoka, Korea(?)• Focus bwctl (scheduled tests)
GGF NMWG• Eric Boyd co-chair• Work on creating and revising schemata for test requests
and responses• Beginning work on a “model” policy for authorization roles
that can be used as a starting point for campuses/domains
April 10, 2023
Extending the research of R&E networking
Report on the April Workshop
Background
Since Fall 2001, small BoF has met at Internet2 member meetings
• Focus on sharing information about needs, activities regarding places not well connected to R&E networks
–Geographical: e.g. mountains of Chile, island territories of France
–Market/Economic: sub-Saharan Africa–Technical: ocean floors, field researchers
• Fall 2003, proposal to host workshop focusing on development agencies and funding resources
• Held post Internet2 Spring Member Meeting, Arlington, VA
Synergies between NRENs and aid and funding agencies
Science, funding and aid agencies:• and you are? No or very little knowledge about NRENs and what it
is that NRENs do or about programs• duplication, costs, lack of coordination• expressed interest in exploring actions or activities the group might
undertake beyond simple information sharing on an ad hoc basis.
Global research and education networking community and key science, funding and aid agencies: How can get to know each other (and know about what we do)
• Overviews of agencies information and communication technology ICT programmatic areas and related programs
• The need for the global research and education community to also do outreach on what it is that what we do, what our members do and that illustrate real proof of concept instantiations,
• show that there are things we could do together
Workshop Goals
get to know a bit about each other
to have a a forum to explore ways in which we may work together to address the challenges in extending the reach of Internet infrastructure and networks in support of research, education and knowledge sharing
what do you see as the gap areas – the needs? Before and after the workshop
Steering Committee –many thanks!
Les Cottrell (SLAC) Curtis White (Allied Communications) Bob Dixon (Ohio State) Heather Boyles (Internet2) Peter Highnam (NIH) Lori Perine (NSF) Micah Beck (UT) Mary Kratz (Internet2) Steven Huter (NSRC, Univ. Oregon) Art St George (Univ. New Mexico) Dany Vandromme (RENATER) George McLaughlin (AARNet) Jim Williams (Indiana Univ) sharon Moskwiak (Internet2) Anil Srivastava, AcrossWorld Ana Preston (Internet2)
Expanding the reach of advanced networking
Highlights: 80+ participants a keynote speech by Mohamed Muhsin, Vice-President and
CIO of the World Bank presentations on programs from several science, funding and
aid agencies including the National Science Foundation, National Institutes of Health, the Organization of American States, the World Bank, the Inter-American Development, USAID and other European and Australian agencies for international development.
presentations from members of the global research and education community on approaches for expanding network access to resource limited settings and working with agencies
Notes from workshop roles of agencies
• Expect “return on investment” – self-sustainability– opportunities generated – capabilities and tools – training – project learning plans– road maps
• they want to work with our community and we want to work with them
–Sharing experiences– solutions not just talk
Internet as a leveling mechanism there are very compelling illustrations from the global NREN community that show that we can work together
Next steps
working group – yes• defining scope [charter?] of the group
– Action: proceedings; mailing list and chair(s)– Action: continue dialogue/bridge with World Bank and all agencies
represented here– Action: catalog possible projects and who may be able to lead/manage
on behalf of group
clearinghouse of info and regular communications – • Best practices and lessons learned • Case studies that help drive approaches• Issues (poverty, education)• Pricing and policy • What are the needs? We need to have the needs expressed by the
ones that have the needs
Cont.
working together to further articulate the role of
NRENs (targeted to government and policy makers)–Value of NRENs and what they bring to the table – value
that enables not just scientific and technological improvements but broader social and economical impact
– ‘ROI’ – targeted to Ministers of Finance
Building Capacity• Networks are an enabler• PEOPLE!• Projects that strategically benefit economies, health,
environment
http://international.internet2.edu/intl_connect/agenda.html
April 10, 2023
Network Security, Middleware and Trust Federations
Supported by Indiana University and through relationship with EDUCAUSE and Internet2.
The REN-ISAC is an integral part of the higher-ed strategy to improve network security by providing timely warning and response to cyber threat and vulnerabilities, improving awareness, and improving communications.
Supports efforts to protect national cyber infrastructure by participating in the formal U.S. ISAC infrastructure.
Receives, analyzes, and disseminates network security operational, threat, warning, and attack information within higher education.
Information is gathered from instrumentation, constituents, network engineers, DHS, other sector ISACs, other network security organizations, and vendors.
24 x 7 Watch Desk, [email protected], +1 (317) 278-6630 http://www.ren-isac.net http://www.terena.nl/tech/task-forces/tf-csirt/meeting11/RENISAC-
Pearson.pdf
REN-ISACInformation is derived from:
Network instrumentation• Abilene NetFlow data• Abilene router ACL counters• Arbor PeakFlow analysis of NetFlow data• Abilene NOC operational monitoring systems
Constituents – related to incidents on local networks
Network engineers – related to national R&E backbones
REN-ISACInformation is derived from:
DHS sources include• IAIP Daily Open Source Report
–http://www.nipc.gov/dailyreports/dailyindex.htm
• Advisories• Regular conference calls
Other sectors ISACs
Other network security organizations
Vendors
Current and Planned Activities
Relationships and outreach to complimentary organizations and efforts
REN-ISAC RegistryWatch Desk, 24 x 7Regular information sharing with DHS, ISACs, othersAbilene NetFlow analysisAbilene router ACL statisticsArbor PeakFlow analysisPer-host threat reports to member institutionsPolicy and privacy statements and agreements
International Coordination
TF-CSIRT• Doug Pearson made presentation on REN-ISAC in January 2004
GEANT• Revisit network security coordination week after next at meeting in Cambridge
• Coordinate with GN2 security activities
Middleware and security
Internet2 Middleware Initiative launched 1999
• Focus on enterprise/campus• Focus on core middleware (that supports upperware e.g. grid middleware)
• Focus on inter-institutional authentication and authorization; supporting collaboration, access to digital resources, virtual organizations
–eduPerson attributes–Shibboleth authentication transport software–National Trust Federation (InCommon) initially built on
institutions using Shibboleth
Shibboleth Status
http://shibboleth.internet2.edu/Open source, privacy preserving federating software
Being very widely deployed in US and international universities
• SWITCH (Switzerland has adopted)• JISC (UK) is adopting; funding development of
complementary pieces
Growing development activities in several countries, providing resource manager tools, digital rights management, listprocs, etc.
InCommon federation
Federation operations – Internet2
Federating software – Shibboleth 1.1 and above
Federation data schema - eduPerson200210 or later and eduOrg200210 or later
Became operational April 5, with several early entrants to help shape the policy issues.
Precursor federation, InQueue, has been in operation for about six months and will feed into InCommon
http://incommon.internet2.edu
International federation peering
Shibboleth-based federations being established in the UK, Netherlands, Finland, Switzerland, Australia, Spain, and others
International peering meeting slated for October 14-15 in Upper Slaughter, England
Issues include agreeing on policy framework, comparing policies, correlating app usage to trust level, aligning privacy needs, working with multinational service providers, scaling the WAYF function
Security at Line Speed (SALSA)
Ken Klingenstein heading both middleware and security efforts
NSF-funded workshop: Security at Line Speed
• http://apps.internet2.edu/sals/
Network authentication, authorization• SALSA net-auth working group
–Leverage Middleware work: Shibboleth, InCommon, international peering
• Relationship to mobility work of TERENA, GN2
Abilene and HOPI national infrastructures
Abilene and NLR Fiber Footprints
Hybrid Optical Packet Infrastructure (HOPI)
Since last CCIRN:• HOPI Design team formed• White Paper released: http://hopi.internet2.edu• Comments sought!
Moving forward with initial 3 node deployment September 2004
• Dependent on NLR buildout