Internet2 SDN Network Adds Multi-Tenancy
- By Dian Schaffhauser
- 10/29/14
Internet2 has added a new resource that enables its national education network to be divided into segments that can be allocated for use as multiple, discrete private networks by specific research or other user communities. The "FlowSpace Firewall" has been installed in the Internet2 production network, allowing it to be partitioned across nearly 40 100G-attached access nodes throughout the country. The firewall software was commissioned by the community organization and co-developed by Indiana University.
With the new firewall in place on the Internet2 network, one allocation will be prevented from consuming resources set aside for other allocations. The first uses are expected to surface among the research and education community.
The news came during this week's 2014 Technology Exchange in Indianapolis, a gathering of technologists who participate in the Internet2 network.
Internet2 runs the first 100-gigabit open, national software-defined network (SDN), a platform for network virtualization. As with virtualized servers and storage, SDN-enabled hardware uses abstraction to simplify the management of the underlying physical network, especially useful as data centers integrate cloud services and virtualization with on-premises operations. The SDN approach is intended to enable IT to pull together and manage hardware such as switches and routers from different vendors without having to deal with the underlying operating systems or protocols running on those components. When network service delivery changes are required, the network can respond programmatically.
The segmenting capability now built into the network "is a foundational technology that we've put in place," said Rob Vietzke, executive director of networking services within Internet2. "We don't quite know which [communities] will use it and for what. The first people will probably be computer scientists and folks developing infrastructure services. But it's a really unique partitioning of a very important national resource in a way that allows each person that chooses to take a partition to essentially act like they have their own national network."
Several institutional research organizations have already announced new projects to try out virtual slices of the SDN network. In August the National Science Foundation awarded separate $10 million grants to two projects creating cloud computing testbeds.
Chameleon is a large-scale, reconfigurable experimental environment for cloud research, co-located at the University of Chicago and the University of Texas at Austin.
The Chameleon testbed is intended to adapt to multiple experimental needs "from bare metal reconfiguration to support for ready-made clouds," said Kate Keahey, a scientist at the Computation Institute at U Chicago and principal investigator, in a statement. "Furthermore, users will be able to run those experiments on a large scale, critical for big data and big compute research." That project also encompasses creation of a community "where researchers will be able to discuss new ideas, share solutions that others can build on or contribute traces and workloads representative of real life cloud usage."
CloudLab, the second project, is a large-scale distributed infrastructure based at three institutions, the University of Utah, Clemson University in South Carolina, and the University of Wisconsin. Researchers will use CloudLab as a support for constructing different kinds of clouds using new architecture. Each site will have unique hardware, architecture and storage features and will connect to the others via Internet2's SDN-enabled network.
"By connecting CloudLab to Internet2's nationwide SDN network, we can give researchers a level of end-to-end network programmability that is unprecedented in a cloud platform," said Robert Ricci, a research assistant professor of computer science at U Utah and principal investigator of CloudLab. "Having this level of control, programmability and visibility into the network will enable the research community to push the boundaries of cloud networking and explore the future of network architectures for the cloud."
Traditionally, systems and network researchers have been part of the computer science department in the university while computational scientists worked in other disciplines using computing and network resources as tools to do their simulation and modeling-oriented research, added U Utah's Interim CIO, Steven Corbato. "Where we're headed is for these two disciplines to start talking to each other in ways they haven't done in probably 20 or 30 years. It's a pretty exciting time. Whenever you can bring scientists from different disciplines together, I think there are usually good results that come from it. That's one of the drivers from Utah's end."
Although the work going on now is intended to test out and prove the merits of the technology, eventually, the technologies and architectural schemes developed through the use of Internet2's SDN experimental efforts will infiltrate institutional data center operations, he noted.
"If I look at our network, it has historically been based on campus geography or organization," said Corbato.
What he'd rather see is a network structured to accommodate traffic segmentation based on the role of the individual and the risk profile of the data being handled. "We have a hospital; we have a lot of educational records flying around, especially now that we're pushing online education very hard. Those all fall under classes of protected information. Credit card information is protected. We need to put that on a special part of the network where it does not mix with other traffic." SDN and the other developments coming out of work being done by Internet2 and its members and partners "can help us achieve this architectural vision."