300 likes | 366 Views
Generic AAA based optical networking SURFnet Research on Networks Workshop Utrecht 28/04/04 Leon Gommans University of Amsterdam. Some history.
E N D
Generic AAA based optical networking SURFnet Research on Networks Workshop Utrecht 28/04/04 Leon Gommans University of Amsterdam
Some history The optical telegraph represented the most refined development of non-electrified telecommunications systems. In Finland, the use of the optical telegraph based on the utilisation of signalling stations and telescopes began in 1796. An optical telegraph on the line between Hankoniemi and Kronstadt Source: www.sonera.fi. 28 Apr 2004 SURFnet Workshop Leon Gommans
Automate the operator 28 Apr 2004 SURFnet Workshop Leon Gommans
AAA and ISO Telecommunications Management Networks (TMN) reference model Business Management Level Integrate Pizza, network, movie AAA User WS Service Management Level Manage a 99.9995 % available network AAA WS Network Management Level AAA Create best route Carrier WS Element Management Level AAA Offer manageable elements TL1, SNMP,XMLCONF,COPS Network Elements Optical switches TMN is based on the OSI management framework and uses an object-oriented approach, with managed information in network resources modeled as attributes in managed objects. TMN is defined in ITU-T M.3000 series recommendations 28 Apr 2004 SURFnet Workshop Leon Gommans
AAA in Telecommunication Information Networking Architecture (TINA) AAA AAA AAA AAA TINA defines 5 key Business Roles and their relationships AAA 28 Apr 2004 SURFnet Workshop Leon Gommans
RFC 2904 Authorization sequences that allow users to access a service based on a policy decision taken by a AAA component. AAA AAA AAA 1 1 User User 2 User 4 2 2 3 1 3 3 Service Service Service 4 4 Pull sequence NAS (remote access) RSVP (network QoS) Agent sequence Agents, Brokers, Proxy’s. Push sequence. Tokens, Tickets, AC’s etc. 28 Apr 2004 SURFnet Workshop Leon Gommans
Example AuthZ RFC 2904 pull sequence AAA User Home Organization Applic. AAA AAA AAA Resource Netw. I/F Switch Netw. I/F Switch Switch User Domain A Domain B Domain C Resource 28 Apr 2004 SURFnet Workshop Leon Gommans
Example AuthZ RFC 2904 agent / pull sequence AAA User Home Organization Applic. AAA AAA AAA Resource Netw. I/F Switch Netw. I/F Switch Switch User Network Domain A Network Domain B Network Domain C Resource 28 Apr 2004 SURFnet Workshop Leon Gommans
Example AuthZ RFC2904 hybrid sequence Broker AAA Applic. AAA AAA AAA Resource Netw. I/F Switch Netw. I/F Switch Switch User Network Domain A Network Domain B Network Domain C Resource 28 Apr 2004 SURFnet Workshop Leon Gommans
Example AuthZ hybrid sequence Application AAA Applic. AAA AAA AAA Resource Netw. I/F Switch Netw. I/F Switch Switch User Network Domain A Network Domain B Network Domain C Resource 28 Apr 2004 SURFnet Workshop Leon Gommans
Positioned in TMN example reference model. AAA Business Management Layer ? Applic. AAA AAA AAA Resource Service Management Layer Netw. I/F Switch Netw. I/F Switch Switch User Network Domain A Network Domain B Network Domain C Resource Network Management / Element Management Layer 28 Apr 2004 SURFnet Workshop Leon Gommans
Base of Generic AAA Architecture - RAP Policy Decision Point Fundamental idea’s inspired by work of the IETF RAP WG that in RFC 2753 describes a framework for Policy-based Admission Control. Foundation for COPS The point where policy decisions are made. Policy Repository Request Decision Policy Enforcement Point The point where the policy decisions are actually enforced. Basic Goal Generic AAA: Allow policy decisions to be made by multiple PDP’s belonging to different administrative domains. 28 Apr 2004 SURFnet Workshop Leon Gommans
RFC 2903 Generic AAA Architecture in pull model PDP PDP Rule Based Engine Policy Repository Rule Based Engine Application Specific Module Policy Repository Application Specific Module User Rights AAA Request Decision Policy Enforcement Point Service Service Request 28 Apr 2004 SURFnet Workshop Leon Gommans
RFC 2903 Generic AAA Architecture in agent model PDP PDP Rule Based Engine Policy Repository Rule Based Engine Service Request Application Specific Module Policy Repository Application Specific Module User Rights Service Ack Service Provision Policy Enforcement Point Service 28 Apr 2004 SURFnet Workshop Leon Gommans
RFC 2903 Generic AAA Architecture in push model PDP PDP Rule Based Engine Policy Repository Rule Based Engine Service Request Application Specific Module Policy Repository Token Application Specific Module User Rights Policy Enforcement Point Service Token Service Ack 28 Apr 2004 SURFnet Workshop Leon Gommans
Single - domain 802.1Q VLAN setup Demo iGrid 2002 Policy Database RBE AAA Request Message (XML/SOAP) ASM ASM SNMP Dot 1Q Bridge MIB SNMP Dot 1Q Bridge MIB 802.1Q VLAN Switch PC PC 802.1Q VLAN Switch PC PC 28 Apr 2004 SURFnet Workshop Leon Gommans
Example XML request message • <AAARequest version="0.1" type="BoD"><Authorization><credential><credential_type>simple</credential_type><credential_ID>JanJansen</credential_ID><credential_secret>#f034d</credential_secret></credential></Authorization><BodData><Source>192.168.1.5</Source><Destination>192.168.1.6</Destination><Bandwidth>1000</Bandwidth><StartTime>now</StartTime><Duration>20</Duration></BodData></AAARequest> WHY WHAT 28 Apr 2004 SURFnet Workshop Leon Gommans
Example part of a Driving Policy (is an ID) if ( ( ASM::RM.CheckConnection( Request::BodData.Source, Request::BodData.Destination ) && ( Request::BodData.Bandwidth <= 1000 ) ) ) then ( ASM::RM.RequestConnection( Request::BodData.Source, Request::BodData.Destination, Request::BodData.Bandwidth, Request::BodData.StartTime, Request::BodData.Duration ) ; Reply::Answer.Message = "Request successful" ) else ( Reply::Error.Message = "Request failed" 28 Apr 2004 SURFnet Workshop Leon Gommans
Single - Domain Calient OXC setup RBE AAA Request Message (XML/SOAP) Policy Database ASM TL-1 Calient DaimondWave Photonic Switch PC PC PC PC Calient provided by EVL at UIC 28 Apr 2004 SURFnet Workshop Leon Gommans
Multi - domain setup at Netherlight Policy Database RBE AAA Request Message (XML/SOAP) ASM ASM ASM RBE Policy Database ASM SNMP Dot 1Q Bridge MIB SNMP Dot 1Q Bridge MIB TL-1 802.1Q VLAN Switch Calient DaimondWave Photonic Switch PC PC 802.1Q VLAN Switch PC PC 28 Apr 2004 SURFnet Workshop Leon Gommans
Multi - domain setup using a TMN system (DataTAG) Policy Database RBE AAA Request Message (XML/SOAP) ASM ASM ASM Alcatel 1355 BOND + 1354 SNMP Dot 1Q Bridge MIB SNMP Dot 1Q Bridge MIB Alcatel 1353 EM NIKHEF NIKHEF 802.1Q VLAN Switch PC PC Alcatel 1670 ADM Alcatel 1670 ADM 802.1Q VLAN Switch CERN PC PC 28 Apr 2004 SURFnet Workshop Leon Gommans
Multi - domain setup using Nortel Policy Database RBE AAA Request Message (XML/SOAP) ASM ASM ASM SNMP Dot 1Q Bridge MIB SNMP Dot 1Q Bridge MIB NIKHEF NIKHEF 802.1Q VLAN Switch PC PC NDA 802.1Q VLAN Switch PC PC 28 Apr 2004 SURFnet Workshop Leon Gommans
Multi - domain setup using Nortel Policy Database RBE AAA Request Message (XML/SOAP) ASM ASM ASM SNMP Dot 1Q Bridge MIB SNMP Dot 1Q Bridge MIB NIKHEF NIKHEF 802.1Q VLAN Switch PC PC CO 2 802.1Q VLAN Switch PC PC 28 Apr 2004 SURFnet Workshop Leon Gommans
Collaborative Multi-domain experiment at SC2003 PIN DOES ROUTE DETERMINATION BASED ON SOURCE ROUTING PIN PIN RSVP LIKE RESERVATION SIGNALLING PHOTONIC INTERDOMAIN NEGOTIATOR AuthZ ASM RBE PDC Resource Mgr ASM ASM Policy Database PHOTONIC DOMAIN CONTROLLER PHOTONIC POLICY BASED ACCESS CONTROLLER PIN AND PDC ARE DEVELOPMENTS FROM UIC Calient PXC Calient PXC PC PC PC PC Calient provided by EVL 28 Apr 2004 SURFnet Workshop Leon Gommans
AAA based demo at SC2003 Stateful WS I/F AuthZ ASM RBE ASM Resource Mgr ASM ASM Policy Database RBE RBE ASM ASM Policy Database Policy Database ASM ASM Stateful Client I/F PC Calient Calient PC PC PC Calient provided by EVL 28 Apr 2004 SURFnet Workshop Leon Gommans
Next: Adding more Web Services interfaces towards a SOA. Put user/broker in control. Stateful WS I/F AuthZ WS ASM RBE ASM WS Resource WS ASM ASM Policy Database Topology WS ASM WS User or Broker WS RBE RBE ASM ASM Policy Database Policy Database ASM ASM Stateful Client I/F PC Calient Calient PC PC PC Calient provided by EVL 28 Apr 2004 SURFnet Workshop Leon Gommans
Research idea: WS/Token based TINA like model. WS WS 3rd party Provider WS AAA WS WS WS WS WS WS Broker Applic. WS AAA WS AAA WS AAA WS Resource WS Netw. I/F Switch Domain Netw. I/F Switch Domain Switch Domain Consumer Connectivity provider A CO2 Connectivity provider B UCLP Connectivity provider C PIN/PDC Retailer 28 Apr 2004 SURFnet Workshop Leon Gommans
J2EE, Apache –Axis Web Services – OGSA AAA protocol IETF, GGF, IRTF Standards Body Liaison + Architect. Run Time Env Management And Monitoring Managemnt & Document. User/ Organization Integration PKI, RADIUS KERBEROS, VOMS AAA Core Policy Language Security Integration CA, CA policy Authentication Devices, Protocol Security Service Control + Integration Accounting Layer N networking Scheduling Advance Reservation Service Discovery and Ontology Billing, Clearing & Settlement 28 Apr 2004 SURFnet Workshop Leon Gommans
AAA related Research Topics • Policy: • - Stateful policy handling • Concurrency • Policy Management: • Policy generation • Policy distribution • Object abstractions & position. • Run time & development environment • Positions of AAA in (optical) Control Models • AAA message security and trust federation. • Grid interaction (WSRF) 28 Apr 2004 SURFnet Workshop Leon Gommans
Thank you ! Research funded by: Leon Gommans lgommans@science.uva.nl Acknowledgements: Cees de Laat, Bas van Oudenaarde, Rob Meijer, Arie Taal, Freek Dijkstra, Yuri Demchenko, Martijn de Munnik Zeger Hendrikse, David Groep, Joe Mambretti, Oliver Yu, Franco Travestino, Bill St. Arnaud, John Vollbrecht, Eric He, Tom DiMaggio and many more