experimental infrastructures for the future internet process for joining infrastructure owners...
TRANSCRIPT
![Page 1: EXperimental Infrastructures for the Future Internet Process for Joining Infrastructure Owners Training - Basic](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e3a5503460f94b2c676/html5/thumbnails/1.jpg)
eXperimental Infrastructures for the Future Internet
www.fi-xifi.eu
Process for Joining
Infrastructure Owners Training -
Basic
![Page 2: EXperimental Infrastructures for the Future Internet Process for Joining Infrastructure Owners Training - Basic](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e3a5503460f94b2c676/html5/thumbnails/2.jpg)
TM1.5 - Berlin 2
Agenda
• Geographical Partition
• XIFI Federation Process
• Deployment Steps
• Cloud portal
• Keystone Proxy
• MD-VPN
2
M6 Review - Brussels
10th June 2014
![Page 3: EXperimental Infrastructures for the Future Internet Process for Joining Infrastructure Owners Training - Basic](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e3a5503460f94b2c676/html5/thumbnails/3.jpg)
Geographical Partition
310th June 2014 TM1.5 - Berlin
South-EastTI
Central-EastDT
South-WestTID
Central-WestORANGE
NorthWIT
TI will support activities in South-East Europe (Italy, Austria, Hungary, Serbia, Croatia, Bosnia, Slovenia, Slovakia, Montenegro, Albania, Macedonia, Bulgaria, Romania, Greece and Turkey).
DT will support the activities in Central-East Europe (Germany, Czech Republic, Denmark, Poland, Switzerland, Latvia, Estonia and Lithuania).
TID will support the activities in South-West Europe (Spain and Portugal).
ORANGE will support the activities in Central-West Europe (France, Belgium, Netherlands and Luxemburg).
WIT will support the activities in North Europe (Ireland, UK, Norway, Sweden and Finland).
![Page 4: EXperimental Infrastructures for the Future Internet Process for Joining Infrastructure Owners Training - Basic](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e3a5503460f94b2c676/html5/thumbnails/4.jpg)
XI-FI Federation Process
4
• The Federation process manages the introduction of a new node in the XIFI federation, an important step of this phase is the deployment
• In terms of XIFI lifecycle, the Deployment of a new node in XI-FI stands before the node production phase and the after the open call
• In order to successfully finish the deployment of a new node, some constraints has to be satisfied:
– connection to GEANT (or P2P internet VPN as backup solution)– Hardware procurement
• The deployment ends when the XIFI node in on production (when a node in on production is not a new node anymore !) and is managed by XIFI support
10th June 2014 TM1.5 - Berlin
![Page 5: EXperimental Infrastructures for the Future Internet Process for Joining Infrastructure Owners Training - Basic](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e3a5503460f94b2c676/html5/thumbnails/5.jpg)
Deployment StepsDeployment has been partitioned as follows:• Connectivity to XIFI Core
Backbone: MD-VPN connectivity through the local NREN
• HW procurement: It means hardware procured and deployed with the base operating system
• Cloud Infrastructure Installation: this is basically the OpenStack installation (included in ITBox)
• Cloud Management (GE): This step is inside ITBox, otherwise a manually installation of the needed GEs is required.
• Monitoring: This step is inside ITBox, otherwise a manually installation of the needed nagios plugins is required.
• Fi-Lab Joining: This is essentially the installation and configuration of the Keystone Proxy module.
Note: Connectivity to XIFI backbone is mandatory for Monitoring and Fi-Lab Joining but not for Cloud Installation and Management
510th June 2014 TM1.5 - Berlin
![Page 6: EXperimental Infrastructures for the Future Internet Process for Joining Infrastructure Owners Training - Basic](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e3a5503460f94b2c676/html5/thumbnails/6.jpg)
Cloud Portal - Integration• Provides the federation portal that allows
to manage Fi-Lab platforms in federated mode
• It requires to create user accounts on FI-Lab– https://account.lab.fi-ware.org/
• Other requirements– MD-VPN connectivity– Keystone Proxy connectivity– DCRM GE installed
28th May 2014 M12 Review - Brussels 6
![Page 7: EXperimental Infrastructures for the Future Internet Process for Joining Infrastructure Owners Training - Basic](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e3a5503460f94b2c676/html5/thumbnails/7.jpg)
Keystone Proxy - Integration• The keystone proxy provide the access to
federation Idm• Actually one instance of Keystone proxy is
running in the Spanish node• Requirements
– Update the catalogue (impacts all nodes) – Configure the Firewall policies to allow
communications with remote nodes
28th May 2014 M12 Review - Brussels 7
![Page 8: EXperimental Infrastructures for the Future Internet Process for Joining Infrastructure Owners Training - Basic](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e3a5503460f94b2c676/html5/thumbnails/8.jpg)
Keystone Proxy - Integration• Impacts
– Data on the local keystone (users, tenants, …) is lost
– VMs and their configuration remains but are not accessible through the federation portal
28th May 2014 M12 Review - Brussels 8
![Page 9: EXperimental Infrastructures for the Future Internet Process for Joining Infrastructure Owners Training - Basic](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e3a5503460f94b2c676/html5/thumbnails/9.jpg)
MDVPN - Integration
• Provides the federation connectivity across the nodes– Privacy– Security– Traffic Engineering on the backbone possible
• MD-VPN is created on top of the NREN connection– Typically delivered on a VLAN– Dedicated VRF should be used – BGP is used to exchange routing across the
nodes28th May 2014 M12 Review - Brussels 9
![Page 10: EXperimental Infrastructures for the Future Internet Process for Joining Infrastructure Owners Training - Basic](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e3a5503460f94b2c676/html5/thumbnails/10.jpg)
MDVPN - Integration
• The setup must be discussed with local NRENs
• Federation IP addressing plan– per node configuration available on D5.2– must be implemented on the network in which
all the federation related hosts are connected
• It is possible to provide backup solutions based on P2P VPN. – important delay of deployment of the NREN– if the NREN do not provide MD-VPN service – the Infrastructure can’t get NREN connectivity
28th May 2014 M12 Review - Brussels 10
![Page 11: EXperimental Infrastructures for the Future Internet Process for Joining Infrastructure Owners Training - Basic](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e3a5503460f94b2c676/html5/thumbnails/11.jpg)
Questions
1110th June 2014 TM1.5 - Berlin
![Page 12: EXperimental Infrastructures for the Future Internet Process for Joining Infrastructure Owners Training - Basic](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e3a5503460f94b2c676/html5/thumbnails/12.jpg)
Thank you for your attention!
Acknowledgments: The research conducted by XIFI receives funding from the European Commission FP7 under grant
agreement N°: 604590. The European Commission has no responsibility for the content of this presentation.
Find us at www.fi-xifi.eu
1210th June 2014 TM1.5 - Berlin