GS-2017-Adv NS Today-Use These

Internet2 Advanced Network Services Today

Dale Finkelson, Jon-Paul Herron, Paul Howell, George Loftus, John Moore, Chris Wilkinson Internet2

• Network Services Overview (George Loftus) • International (Dale Finkelson) • Network Security (Paul Howell) • Network Operations (Jon-Paul Herron) • Network Architecture (Chris Wilkinson) • Research Support (John Moore)

[ 2 ]

Internet2 Network Total PetaBytes

3000 Carried Per Year (Calendar Year) R² = 0.98706 2500

2000

1500 1168.1

1000 694.5 575.4 351.9

500 265.1 120.6 104. 80.3 47.4 0 CY 08 CY 09 CY 10 CY 11 CY 12 CY 13 CY 14 CY 15 CY 16 Peta Bytes per year Expon. (Peta Bytes per year)

[ 3 ]

• Ecosystem-wide conversation about collaboration on solutions

• Examining current and emerging business models and services

• Two key principles in determining the future iteration of Internet2 infrastructure:

– Ecosystem-wide collaboration – Agility and experimentation

[ 4 ]

• Volumetric DDoS Mitigation Service Pilot (6-8 participants)

• Private Cloud (Azure, AWS, etc. )

• Cloud Exchange

• Research Support – Hybrid Cloud in support of research – Leveraging existing campus & regional successes

[ 5 ]

• International (Dale Finkelson) • Network Security (Paul Howell) • Network Operations (Jon Paul Herron, Chris Wilkinson) • Network Architecture (Chris Wilkinson) • Research Support (John Moore)

[ 6 ]

[ 7 ]

• The ANA (Advanced North Atlantic) project remains strong: – Original 3 100G circuits • Washington DC – London Internet2 and Canarie • New York – Paris GEANT • Amsterdam – Montreal Nordunet and Surfnet – Recent additions 100G • New York – London NEAAR a project at Indiana University funded by NSF

[ 8 ] Atlantic Region

• The 4 listed circuits are all fully diverse. • There is also a cooperative agreement with Esnet to mutually back up each others capacity. – Esnet currently has 340G of capacity. • Since its inception there have been few or no instances where capacity is not available to the users.

[ 9 ] Pacific Region

• Internet2 and Singaren maintain a 100G connection from Los Angeles to Singapore. • Internet2 and CERNET maintain a 10G connection to China. • Overall Pacific connectivity is not as structured as the ANA. – Lots of capacity. – Work will continue on joint backup and sharing options. • It would be ideal to see the type of arrangements we have across the Atlantic evolve in the Pacific region. – Internet2 will continue to work with organizations like Singaren, Transpac, TEIN, AARnet and others for this.

[ 10 ] North America

• There is a dedicated 10G link to CUDI in Mexico from El Paso. • Internet2 and Canarie in Canada are connected by 100G in several locations.

[ 11 ] Partial list of International Peers

• Asia-Pacific Area Network • NORDUnet • Australian Academic and Research Network • NTT Communications Global IP Network • CA*Net/CANARIE • Qatar Foundation Network • Cenit (Venezuela) • Qatar National Research & Education Network • CERNLight CERNLight • Rede Nacional de Ensino e Pesquisa (RNP) • China Educational and Research Network • SINET • China Science and Technology Network • SingAREN • Corporacion Universitaria para el Desarrollo de Internet • SURFnet (Mexico) • Taiwan Advanced Research and Education Network • Egyptian National STI Network • TEIN • GEANT-Delivery of Advanced Network Tech to Europe • The World Bank • GEMnet (Mongolia) • UAE Research and Education Network • Japanese Gigabit Network • WIDE/NTTA • KDDI Corporation • http://www.internet2.edu/products- • King Abdulaziz City for Science and Technology • Korea Advanced Research Network services/advanced-networking/global- • Korea Research Open Network 2 services/international-peers/ • National Knowledge Network (India) • National University of Singapore Active Projects

• Internet2 continues to work with the University of Guam on getting them directly connected to Internet2. – Continue to coordinate efforts with the University of Hawaii and AARnet and others. • Internet2 continues to play a leading role in the activities of the GNA. – Please attend those sessions for more information. • Technical WG Session Wednesday 7:30 AM • The Global Network: Evolving from an Architecture to an Infrastructure Wednesday 1:15

[ 13 ] Internet2 Advanced Network Services Today

[ 14 ]

• Mission – Protect the Internet2 network from attack

• Approach – Enable Internet2 leadership to proactively manage security risks that jeopardize the Internet2 network – Working together with connectors/regionals and members to collectively protect the National Research and Education Networks

• Team – Grover Browning, Nathan Miller, Karl Newell, Ryan Nobrega

[ 15 ] Security Program Maturity

[ 16 ] You are here Key Improvements for This Year

• Strategy Developed for Attack Detection and Mitigation – DDoS Detection using Deepfield Defender – DDoS Mitigation • Cloud Scrubbing • BGP Flowspec • Real Time Black Hole • Promote improved routing security within our community • Improved network analytics – Moving from Netflow v5 to IPFIX – Updated version of Deepfield Cloud Intelligence • Implementation of Secure Management Network • Continue to improve security operations capabilities

[ 17 ] Security Operations

• Security risk assessment performed annually • Security incident management procedure implemented and had an incident • Vulnerability scanning of routers completed • Quarterly review of our ACL’s/filters. Of the 75 prefixes in our management filters, eliminated 52 prefixes, leaving 23 prefixes, most are /32’s • Annual review of router access led to 27 accounts removed • Annual badge review for physical access to co-location PoPs completed • New physical access procedure being implemented • Security awareness training for staff underway using Securing The Human • Visible Network now uses an authentication wall • Security analysis of syslog using splunk [ 18 ] NTP reflection DoS attack from a misconfigured router xntpd[21521]: sendto(): No route to host xntpd[21521]: too many recvbufs allocated (40)

[ 19 ] Internet2 Advanced Network Services Today

[ 20 ]

• Fix things in the network when they break • Maintenance • Answer questions and make changes people request • Monitoring, measurement, and other operational systems for the Internet2 Network • Projects for changes, new services, security enhancements, etc.

[ 21 ]

• In a typical month: • 600 tickets, 9,000 ticket edit events • 180 calls inbound • 500 emails outbound, 10,000 inbound • 28 off-hours calls to Internet2 NOC engineers • 10 projects

[ 22 ]

[ 23 ]

• Improvements to Change Management, Incident Management • Availability of Services • Projects – Lean/Kanban – Network Re-architecture – New connections/services – Capacity – Security

[ 24 ]

[ 25 ]

• Unified Teams • Targeted Notifications • More Service Awareness • Lean/Kanban round 2

[ 26 ]

• Network Services Overview (George Loftus) • International (Dale Finkelson) • Network Security (Paul Howell) • Network Operations (Jon Paul Herron) • Network Architecture (Chris Wilkinson) • Research Support (John Moore)

[ 27 ]

Layer 2 & People Layer 3 Platform

Software Community Infrastructure Portfolio

Testbeds Optical & Platform Agility [ 28 ]

• Establish Unified Teams – Cross-Organization (Internet2 and Indiana University GlobalNOC) – Improve Collaboration / Communications

• Continue Implementation of Effective, Lightweight Processes – Change Management – Prioritization – Project Management

People • Augment Staffing and Training

Community – Engineering Infrastructure Portfolio – Project Management [ 29 ]

• Gather Requirements, Needs, Goals, and Impacts – NTAC – Community Leaders

People

Community Infrastructure Portfolio

[ 30 ]

ALBA

BOST STAR

HART2 300G EQCH 200G CHIC 300G 200G CLEV NEWY1118TH 300G NEWY32AOA 200G PITT 200G ASHB

200G PHIL 300G INDI

300G WASH

CINC

LOUI

RALE

CHAR Layer 2 200G & Layer 3 Platform

Community ATLA Infrastructure Portfolio

• MPLS Core Network – Layer 2 – Layer 3

• OESS Development

• Security

Layer 2 & Layer 3 • Optical Network Optimization & Study Platform – 200G and 400G Software Community Infrastructure Portfolio

Q1 Q2 Q3 Q4

JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC

DCI Testbed

SDN Implement Enable Testbed Activities Testbed AL3S R&E VRF Layer 1, Layer 2, Layer 3

AL1S Optimization / Audit AL1S Optimization Phase 1 Phase 2

Community Migration AL3S -> MPLS Deploy Foundation MPLS

Layer 2 & Community Migration People Layer 3 AL2S OF -> MPLS Platform OESS Testing

Implement AL3S TR-CPS, LHCONE VRFs Software Community OESS MPLS Enabled Infrastructure Portfolio OESS Feature Development

[ 34 ]

• Convening national-level community-driven initiative to help support campus cyberinfrastructure needs in a sustainable manner • Program development underway – guided by a stellar advisory group – Reps from regionals, campuses, Open Science Grid, XSEDE, NSF Advisory Committee on CI, ACI-REF, Science Gateways Institute, ESNet, EDUCAUSE, etc. • Topic areas under development – National Research Platform (partnering with Pacific Research Platform) – Campus research facilitation – follow on to “Broadening the Reach” – Big Data Grand Challenge – seeking to partner with big data initiatives – Tool integration – started discussion between perfSONAR and XDMOD

[ 35 ] Internet2 Advanced Network Services Today

Subtitle (if any)

Dale Finkelson, Jon-Paul Herron, Paul Howell, George Loftus, John Moore, Chris Wilkinson Internet2