Title: Internet2: CCIRN reports
1Internet2 CCIRN reports
2Internet2 E2E piPEs
- Project End-to-End Performance Initiative
Performance Environment System (E2E piPEs) - Approach Collaborative project combining the
best work of many organizations, including
DANTE/GEANT, Daresbury, EGEE, GGF NMWG,
NLANR/DAST, UCL, Georgia Tech, etc. - NSF-sponsored workshop http//e2epi.internet2.ed
u/WK03/index.html
3piPEs
- Enable end-users network operators to
- determine E2E performance capabilities
- locate E2E problems
- contact the right person to get an E2E problem
resolved. - Enable remote initiation of partial path
performance tests - Make partial path performance data publicly
available - Interoperable with other performance measurement
frameworks
4Measurement Infrastructure Components
5Project Phases
- Phase 1 Tool Beacons
- BWCTL (Complete), http//e2epi.internet2.edu/bwctl
- OWAMP (Complete), http//e2epi.internet2.edu/owamp
- NDT (Complete), http//e2epi.internet2.edu/ndt
- Phase 2 Measurement Domain Support
- General Measurement Infrastructure (Prototype)
- Abilene Measurement Infrastructure Deployment
(Complete), http//abilene.internet2.edu/observato
ry - Phase 3 Federation Support
- AA (Prototype optional AES key, policy file,
limits file) - Discovery (Measurement Nodes, Databases)
(Prototype nearest NDT server, web page) - Test Request/Response Schema Support (Prototype
GGF NMWG Schema)
6piPEs Deployment
7American / European Collaboration Goals
- Awareness of ongoing Measurement Framework
Efforts / Sharing of Ideas (Good / Not
Sufficient) - Interoperable Measurement Frameworks (Minimum)
- Common means of data extraction
- Partial path analysis possible along
transatlantic paths - Open Source Shared Development (Possibility, In
Whole or In Part) - End-to-end partial path analysis for
transatlantic research communities - VLBI Haystack, Mass. ?? Onsala, Sweden
- HENP Caltech, Calif. ?? CERN, Switzerland
8Other ongoing collaborations
- US networks under aegis of JET
- Abilene ESnet deployment already
- Coordination/deployments for key user communities
- APAN deployment
- Tokyo, Fukuoka, Korea(?)
- Focus bwctl (scheduled tests)
- GGF NMWG
- Eric Boyd co-chair
- Work on creating and revising schemata for test
requests and responses - Beginning work on a model policy for
authorization roles that can be used as a
starting point for campuses/domains
9Extending the research of RE networking
- Report on the April Workshop
10Background
- Since Fall 2001, small BoF has met at Internet2
member meetings - Focus on sharing information about needs,
activities regarding places not well connected to
RE networks - Geographical e.g. mountains of Chile, island
territories of France - Market/Economic sub-Saharan Africa
- Technical ocean floors, field researchers
- Fall 2003, proposal to host workshop focusing on
development agencies and funding resources - Held post Internet2 Spring Member Meeting,
Arlington, VA
11Synergies between NRENs and aid and funding
agencies
- Science, funding and aid agencies
- and you are? No or very little knowledge about
NRENs and what it is that NRENs do or about
programs - duplication, costs, lack of coordination
- expressed interest in exploring actions or
activities the group might undertake beyond
simple information sharing on an ad hoc basis. - Global research and education networking
community and key science, funding and aid
agencies How can get to know each other (and
know about what we do) - Overviews of agencies information and
communication technology ICT programmatic areas
and related programs - The need for the global research and education
community to also do outreach on what it is that
what we do, what our members do and that
illustrate real proof of concept instantiations, - show that there are things we could do together
12Workshop Goals
- get to know a bit about each other
- to have a a forum to explore ways in which we
may work together to address the challenges in
extending the reach of Internet infrastructure
and networks in support of research, education
and knowledge sharing - what do you see as the gap areas the needs?
Before and after the workshop
13Steering Committee many thanks!
- Les Cottrell (SLAC)
- Curtis White (Allied Communications)
- Bob Dixon (Ohio State)
- Heather Boyles (Internet2)
- Peter Highnam (NIH)
- Lori Perine (NSF)
- Micah Beck (UT)
- Mary Kratz (Internet2)
- Steven Huter (NSRC, Univ. Oregon)
- Art St George (Univ. New Mexico)
- Dany Vandromme (RENATER)
- George McLaughlin (AARNet)
- Jim Williams (Indiana Univ)
- sharon Moskwiak (Internet2)
- Anil Srivastava, AcrossWorld
- Ana Preston (Internet2)
14Expanding the reach of advanced networking
- Highlights
- 80 participants
- a keynote speech by Mohamed Muhsin,
Vice-President and CIO of the World Bank - presentations on programs from several science,
funding and aid agencies including the National
Science Foundation, National Institutes of
Health, the Organization of American States, the
World Bank, the Inter-American Development, USAID
and other European and Australian agencies for
international development. - presentations from members of the global
research and education community on approaches
for expanding network access to resource limited
settings and working with agencies
15Notes from workshop
- roles of agencies
- Expect return on investment
- self-sustainability
- opportunities generated capabilities and tools
- training project learning plans
- road maps
- they want to work with our community and we want
to work with them - Sharing experiences
- solutions not just talk
- Internet as a leveling mechanism
- there are very compelling illustrations from the
global NREN community that show that we can work
together
16Next steps
- working group yes
- defining scope charter? of the group
- Action proceedings mailing list and chair(s)
- Action continue dialogue/bridge with World Bank
and all agencies represented here - Action catalog possible projects and who may be
able to lead/manage on behalf of group - clearinghouse of info and regular communications
- Best practices and lessons learned
- Case studies that help drive approaches
- Issues (poverty, education)
- Pricing and policy
- What are the needs? We need to have the needs
expressed by the ones that have the needs
17Cont.
- working together to further articulate the role
of NRENs (targeted to government and policy
makers) - Value of NRENs and what they bring to the table
value that enables not just scientific and
technological improvements but broader social and
economical impact - ROI targeted to Ministers of Finance
- Building Capacity
- Networks are an enabler
- PEOPLE!
- Projects that strategically benefit economies,
health, environment
18- http//international.internet2.edu/intl_connect/ag
enda.html
19Network Security, Middleware and Trust Federations
20- Supported by Indiana University and through
relationship with EDUCAUSE and Internet2. - The REN-ISAC is an integral part of the higher-ed
strategy to improve network security by providing
timely warning and response to cyber threat and
vulnerabilities, improving awareness, and
improving communications. - Supports efforts to protect national cyber
infrastructure by participating in the formal
U.S. ISAC infrastructure. - Receives, analyzes, and disseminates network
security operational, threat, warning, and attack
information within higher education. - Information is gathered from instrumentation,
constituents, network engineers, DHS, other
sector ISACs, other network security
organizations, and vendors. - 24 x 7 Watch Desk, ren-isac_at_iu.edu, 1 (317)
278-6630 - http//www.ren-isac.net
- http//www.terena.nl/tech/task-forces/tf-csirt/mee
ting11/RENISAC-Pearson.pdf
21REN-ISACInformation is derived from
- Network instrumentation
- Abilene NetFlow data
- Abilene router ACL counters
- Arbor PeakFlow analysis of NetFlow data
- Abilene NOC operational monitoring systems
- Constituents related to incidents on local
networks - Network engineers related to national RE
backbones
22REN-ISACInformation is derived from
- DHS sources include
- IAIP Daily Open Source Report
- http//www.nipc.gov/dailyreports/dailyindex.htm
- Advisories
- Regular conference calls
- Other sectors ISACs
- Other network security organizations
- Vendors
23Current and Planned Activities
- Relationships and outreach to complimentary
organizations and efforts - REN-ISAC Registry
- Watch Desk, 24 x 7
- Regular information sharing with DHS, ISACs,
others - Abilene NetFlow analysis
- Abilene router ACL statistics
- Arbor PeakFlow analysis
- Per-host threat reports to member institutions
- Policy and privacy statements and agreements
24International Coordination
- TF-CSIRT
- Doug Pearson made presentation on REN-ISAC in
January 2004 - GEANT
- Revisit network security coordination week after
next at meeting in Cambridge - Coordinate with GN2 security activities
25Middleware and security
- Internet2 Middleware Initiative launched 1999
- Focus on enterprise/campus
- Focus on core middleware (that supports upperware
e.g. grid middleware) - Focus on inter-institutional authentication and
authorization supporting collaboration, access
to digital resources, virtual organizations - eduPerson attributes
- Shibboleth authentication transport software
- National Trust Federation (InCommon) initially
built on institutions using Shibboleth
26Shibboleth Status
- http//shibboleth.internet2.edu/
- Open source, privacy preserving federating
software - Being very widely deployed in US and
international universities - SWITCH (Switzerland has adopted)
- JISC (UK) is adopting funding development of
complementary pieces - Growing development activities in several
countries, providing resource manager tools,
digital rights management, listprocs, etc.
27InCommon federation
- Federation operations Internet2
- Federating software Shibboleth 1.1 and above
- Federation data schema - eduPerson200210 or later
and eduOrg200210 or later - Became operational April 5, with several early
entrants to help shape the policy issues. - Precursor federation, InQueue, has been in
operation for about six months and will feed into
InCommon - http//incommon.internet2.edu
28International federation peering
- Shibboleth-based federations being established in
the UK, Netherlands, Finland, Switzerland,
Australia, Spain, and others - International peering meeting slated for October
14-15 in Upper Slaughter, England - Issues include agreeing on policy framework,
comparing policies, correlating app usage to
trust level, aligning privacy needs, working with
multinational service providers, scaling the WAYF
function
29Security at Line Speed (SALSA)
- Ken Klingenstein heading both middleware and
security efforts - NSF-funded workshop Security at Line Speed
- http//apps.internet2.edu/sals/
- Network authentication, authorization
- SALSA net-auth working group
- Leverage Middleware work Shibboleth, InCommon,
international peering - Relationship to mobility work of TERENA, GN2
30Abilene and HOPI national infrastructures
Abilene and NLR Fiber Footprints
31Hybrid Optical Packet Infrastructure (HOPI)
- Since last CCIRN
- HOPI Design team formed
- White Paper released http//hopi.internet2.edu
- Comments sought!
- Moving forward with initial 3 node deployment
September 2004 - Dependent on NLR buildout