Periodic Reporting for period 1 - GN4-1 (GN4-1 Research and Education Networking - GÉANT)
Reporting period: 2015-05-01 to 2016-08-31
GÉANT, the pan-European communications infrastructure serving Europe’s research and education (R&E) community, delivers advanced multi-domain services and facilitates joint-research activity that drives innovation. Together with Europe’s National Research and Education Networks (NRENs), the GÉANT network reaches over 50 million users in 10,000 institutions.
The GN4 Phase 1 (GN4-1) project was the first step in implementing the actions defined in the 68-month Framework Partnership Agreement established between the GÉANT Consortium and the European Commission. At the same time, the project also maintained, operated and enhanced a set of high-performance production networking services.
The overall objective of GN4-1 was to provide a stable, though innovative, environment for the growth of GÉANT as the European Communications Commons for the European Research Area (ERA), providing the best possible digital infrastructure to ensure that Europe remains at the forefront of research. GÉANT achieved this through network evolution and cost-optimisation, development of a portfolio of key services, engaging with industry leaders, working closely with the other e-infrastructures and welcoming new user communities.
The work in GN4-1 developed new capabilities and evolved and evaluated emerging technologies in collaboration with partners and industry in support of some of the most demanding network-based applications. Thanks to the terabit network, 50 million researchers, scientists, academics and students can now share record volumes of data unconstrained by geographical location. These collaborations are helping to solve some of mankind’s biggest challenges, including sustainable energy, deep space, high-energy physics, earth observation, environmental disasters, medicine and more.
A key element in the achievement of this objective was to maintain the operational excellence of the established GÉANT services, while achieving significant economies on the costs of the backbone network (€3.2M cost savings were achieved).
The implementation of GÉANT as the European Communications Commons for the European Research Area (ERA) continues to provide the best possible digital infrastructure to maintain a leading role in research. GÉANT’s extensive and long-standing contacts with large data disciplines such as biology, radioastronomy and high-energy physics help shape the evolution of state of the art networking facilities. This is complemented by partner contacts with research domains that are new users of high-performance networks and services, such as: digital preservation, real-time art and humanities and new collaborations with e-infrastructures.
In addition to the individual work package objectives, GN4-1 also:
• Maintained and enhanced the production service and achieved cost reductions without a negative impact on network service levels.
• Coordinated with the other European e-infrastructure efforts (e.g. PRACE, EUDAT, EGI, OpenAire) both individually and in the framework of the increased coordination effort planned by the EC.
• Provided a global extension of existing partnerships with CERN/LHC, EUMETSAT, iMinds and InfiniCortex.
• Expanded the footprint and increased the depth of services offered to roaming users with enhanced trust and identity services (in coordination with the AARC project) through Federation as a Service, and with added group and attribute management in eduGAIN. This was achieved by:
○ Growing eduGAIN by 150% of the baseline number of participating entities.
○ Supporting attribute release in eduGAIN by supporting deployment of the Research and Scholarship Entity category (usage increased by more than 400%) and by the Code of Conduct (usage increased by 225%).
○ The transition of Federation as a Service to production.
○ Completion and approval of the Moonshot business case, service definition and pilot.
• Developed online, real-time services to improve the ease and function of videoconferencing, open learning support and general multimedia use.
• Reviewed the existing service catalogue using the Product Lifecycle Management (PLM) process to carefully assess the cost/benefits of each service, as well as to inform the strategy for future service development.
At the end of GN4-1, the GÉANT Service Catalogue included the following network, trust and identity and other application services:
• GÉANT IP: The standard connectivity service, providing robust, high-bandwidth access.
• GÉANT Plus: Point-to-point connectivity across reserved, high-speed circuits.
• GÉANT Lambda: Providing dedicated, full 10 and 100Gbps point-to-point connectivity.
• GÉANT L3VPN: An enhancement of the GÉANT IP service, which provides L3 virtual private networks.
• GÉANT Testbed Service: A production service facilitating network research in virtual environments.
• GÉANT Open: A service for NRENs, international partners and approved commercial organisations.
• GÉANT Peering: A service that allows direct peering between NRENs and international partners.
• eduroam: A global service that provides secure WiFi roaming connectivity for the R&E community.
• eduGAIN: Enables the trustworthy exchange of Identity information between the GÉANT partners.
• perfSONAR: A multi-domain monitoring toolkit for performance tuning and diagnostics.
• eduPKI: Provides Public Key Infrastructure (PKI) certificates for GÉANT network services.
• FaaS: A hosted infrastructure to enable smaller countries to offer a Single Sign-on service.
• Cloud Brokerage: Offers selected cloud services to the pan-European GÉANT community.
• Multi-Domain VPN (GÉANT MD-VPN): A service that supports traffic across multiple VPN services.
GN4-1 comprised four Network Activities, three Joint Research Activities and eight Service Activities. In order to increase transparency and efficiency of Service Activities, increased focus was placed on operational services and the development of new services, such as Firewall on Demand (FoD) and integration of network services such as: Network to the Labs (NTTL), L2VPN Multipoint, Ethernet VPN (EVPN).
The Networking Activities enabled project cooperation and facilitated connection between partners, an ever-expanding user community, important stakeholder groups and many international relations, both on a technical (e.g. for standards and development) and operational levels, with international networks being developed jointly with institutions from other continents.
The Joint Research Activities acted as pathfinders for the relevant service and development activities.
In summary, GN4-1 provided the best possible digital infrastructure to ensure that Europe remains in the forefront of research and other knowledge endeavours. It cultivated a stable, though innovative, environment to operate, maintain and enhance a set of excellent production networking and other services. This ensured value and cost savings on the operational backbone and drove the take up of added-value services.
• Good progress was made implementing the GN3plus Final Review recommendations for the GÉANT2020 FPA during GN4-1.
• The TNC15 Conference held in Porto, Portugal 17–19 June 2015 was well-received by 650 participants.
• The GÉANT Assembly met 18-19 June 2015, 14–15 October 2015 in Brussels, 25–26 November 2015 in Luxembourg, and 14–15 March 2016 in Utrecht to discuss project progress.
• A GN4-1 Symposium was held in Vienna, Austria on 8–9 March 2016, with 294 participants.
• An amendment of the FPA and the GN4-1 technical annex allowed a partner from Latvia to be added to the Consortium.
• An amendment of the GN4-1 technical annex was accepted at the end of Q4, which extended the network costs of the project for four months.
• Launched the new brand’s visual identity and messaging at TNC15 – across the booth, posters, brochures, stage sets and livery, and a community collaboration video and animation to explain the logo/identity transition.
• Participated in TNC15 with GÉANT Project booth presence, service and technology demonstrations, 15 project-related presentations and posters, and a feature in ‘CONNECT’ magazine.
• Built and launched a responsive, comprehensive website for GÉANT, presenting for the first time an integrated set of services and offerings (from the DANTE, TERENA and GÉANT portfolios).
• Published three issues of ‘CONNECT’ magazine with over 100 articles in total, which were distributed at key events and to project partners.
• Sustained news outreach via web, email and social media postings, including the issue of seven press releases, publishing of 55 news stories, including partner announcements with Amazon Web Services and Microsoft. The Activity achieved a greater than 30% increase in twitter followers, engaging regularly with third parties – for example, Copernicus and Digital Single Market.
• Simplified and consolidated the portfolio into clear product families, and developed a product branding strategy.
• Developed service material and content library with one new service brief, six service descriptions (rebranded and business-as-usual updating), three white papers, two service posters and one pull-up banner, one video, and a range of service portfolio presentation slides for use across the project.
• Held GÉANT project sessions in the Task Force for Communications and Public Relations (TF-CPR) meetings (28–30 October, Cambridge, UK; 16–18 March, Stockholm, Sweden), focusing on project updates, clouds, campus best practice, user outreach, and campaign discussions for eduroam, eduGAIN and eduOER.
• Coordinated the project’s participation at multiple conferences, workshops and exhibitions including showcasing the project at four major events: TNC15 (Porto, Portugal), SC15 (Austin, USA), Net Futures (Brussels, Belgium) and ICT 2015 (Lisbon, Portugal).
• Achieved greater levels of engagement, with EC communications in particular, by developing a close working relationship with the EC DG CONNECT communications officer.
• Extended dissemination reach by sharing of content and news through close collaboration with NRENs, EC and other stakeholders.
• Significantly improved its outreach and dissemination activities.
• 2015 Compendium successfully published.
• Publication of 26 best practice documents.
• Successful completion of Tasks that are being discontinued, and work planned beyond GN4-1, including the establishment of a combined Special Interest Group.
• Production of 14 Green ICT test case documents.
• Nearly 100 presentations, training events, workshops and meetings organised.
• Continued work with European NRENs (via face-to-face visits and VC meetings) as well as significant interactions with international NRENs, including those in South Korea, Japan, India, USA and the Caribbean. These efforts established closer working relationships, which resulted in:
○ An important interconnection between NII (Japan) and GÉANT completed in March 2016.
○ GÉANT’s significant contribution to the global InfiniCortex project thanks to good relations with A*Star (Singapore).
○ GÉANT’s demonstration for the SC15 exhibition in Austin, Texas, USA.
• Co-ordinated implementation of 7 IP upgrades, 3 new international interconnects, 15 GÉANT Plus circuits and 5 GÉANT Open connections.
• Successfully started the new transnational education (TNE) initiative.
• A new focus on e-Infrastructures liaison was established. As a result work has begun on establishing sound partnerships with the other e-infrastructures working towards a seamless service offering to the R&E community.
• A highly-successful User Engagement Workshop was held at the SC15 conference, together with Internet2 and ESnet. More than 100 delegates attended.
• The contract to interconnect the Copernicus earth observation data-centre with GÉANT (via DFN) was finalised with the European Space Agency.
• Successfully carried out the NREN Satisfaction Survey.
• A meeting of the IUAC committee was hosted by EUMETSAT in Darmstadt, Germany, in December 2015, with a particular focus on global connectivity.
• A meeting of the External Advisory Committee was held alongside the GN4-1 Symposium in Vienna, in March 2016 providing advice on the GÉANT Strategy and emerging trends.
• Production of the Network Evolution Plan with input from all areas in SA1.
• Code certification of Juniper router software to enable upgrade of router operating system.
• New version of Juniper’s JunOS successfully deployed across the GÉANT IP/MPLS network. This allowed several other improvements, such as greater visibility to traffic flows and patterns on the network and enabling the creation of a VRF to separate GÉANT REN–to-REN and REN-to-Internet traffic.
• New type of tunnelling, Generic Routing Encapsulation (GRE), successfully lab tested and delivered to EUMETSAT. This enabled multicast to be extended to China and Australia and to end sites in the United States where it was not supported by intermediary networks.
• Implementation of regional study recommendations carried out and approved in the GN3plus project, including a number of newly procured 10Gbps circuits in Southern and Eastern Europe providing improved connectivity to the local NREN’s at greatly reduced cost.
• Commercial deal signed with Interxion to save €250k per annum on electricity costs.
• Commercial deal signed with Optical vendor Infinera that provides:
○ €540k reduction in support costs in 2017.
○ Support costs capped for 2016 and 2017.
○ Support cost elements reduced by 2% from 2018.
○ Provision of €300K of hardware at no cost.
○ Reduced cost of 100Gbps interfaces by 40%.
• Approval granted to create a new PoP in London to support network growth, as current PoP is full to capacity.
• Deployed five new GTS points of presence in Europe, bringing the total number of GTS pods to nine locations.
• Deployed GTS v3.0 3.0.1 and finally, v3.1.
○ Deployed five additional GTS locations: Hamburg, Prague, Milan, Madrid and Paris.
○ Capacity expanded with 32 additional servers (VM compute nodes, 4/pod).
○ GÉANT NOC integration for operational monitoring.
• Successful industry collaboration to introduce virtual SDN switching capabilities into high-performance hardware.
• 25+ user projects active or pending.
• Presented GTS at five, significant conference venues.
• Developed the ‘GTS Evolution Roadmap’ for versions 3, 4, and 5 (through to 2017).
• Hosted two successful GTS Tech+Futures workshops (Copenhagen and Utrecht).
• Developed a Generalised Virtualisation Model (GVM), which allows community-based evolution and enhancement of GTS-style virtual environments.
• The Firewall on Demand (FoD) component provided a production service, allowing subscribed NRENs to add, modify and delete firewall rules (with automatic or semi-automatic updates of the FoD rules, based on Warden information).
• Designed multi-domain security monitoring architecture.
• Network To The Lab (NTTL) designed to deliver flexible and robust transmission services; extends MD-VPN service area; delivers end-to-end connectivity at wire speeds to campus labs.
• New L2VPN multipoint service, Virtual Private LAN Service (VPLS) added to GÉANT MD-VPN.
• A MD-VPN service database created and prototype of a potential MD-VPN portal delivered.
• An e-VPN functionality test has been conducted, proving the ability to deliver seamless datacentre VM mobility between NRENs.
• The PRACE project adopted the MD-VPN service to deliver future network connectivity.
• Established label scan detection deemed efficient and operational; can be installed in the GÉANT backbone.
• Pilot of CMon circuit monitoring tool, allowing multi-domain circuits to be monitored.
• The WiFiMon tool also successfully piloted; attracted much university interest.
• A future performance monitoring and verification framework has been outlined.
• Pilot of the above-the-net networking service and the eduSAFE tool demonstrated viability. eduSAFE provided software-based secure tunnelling to existing networks, can connect to existing VPN networks or to public IP networks (for safer public WiFi access).
• eduSAFE adopted by a number of NRENs as an enterprise VPN solution, providing simple and cheap access to users.
• Production Application Services and Infrastructure, includes three lifecycle stages: service transition, service operation and continual service improvement.
• Activity established service validation and testing process for GÉANT products.
• First formal service transition from the development to production following service validation and testing process: transition of Federation as a Service (FaaS) into production.
• Continual Service Improvement (CSI) service lifecycle stage established.
• First CSI register established for GÉANT products.
• Successful operation of production services eduPKI, perfSONAR, FaaS.
• Secure code audit, quality code audit and penetration testing offered to all activities as internal supporting services.
• Two successful training events organised with NA1 T7 Training Desk:
○ ‘School for Developers’ (October 2015 in Poznań, Poland).
○ ‘Secure Code Training’ (March 2016 in Berlin, Germany).
• Growth of eduGAIN to 150% of the baseline number of participating entities (2573 entities available).
• Growth of eduroam national roaming authentications by 46% and international roaming by 49% (International: 37 594 491, National: 157 178 134).
• Helped support researchers with attribute release in eduGAIN by supporting deployment of the Research and Scholarship Entity Category (usage increased by more than 400%) and the Code of Conduct (usage increased by 225%).
• Completion of policy revision proposals for eduGAIN to futureproof for new technologies and increased global participation.
• Handover of Federation as a Service to Operations.
• Seven contributions made to draft standards bodies by eduroam and non-web tasks.
• Firewall on Demand entered full operational service.
• eduroam First-Level Support entered full operational service.
• GÉANT CERT accorded ‘Certified’ status by TF-CSIRT Trusted Introducer scheme.
• New contracts for Infinera support and PoP housing secured €843k in cost savings.
• Over 96% of all incident tickets were opened and updated within the service level targets.
• Number of cloud providers in the GÉANT Cloud Catalogue increased from 14 to 18, with Axess, Dropbox, IBM and Zettabox as new additions.
• SA7 negotiated breakthroughs with:
○ Amazon: announcing that data traffic charges for the R&E community will be waived.
○ Microsoft: connecting the Microsoft cloud directly to GÉANT via dedicated, private ExpressRoute network connections.
• The RENATER Rendez-Vous community cloud web-conferencing service was scaled up and the GRNET ~okeanos Infrastructure as a Service (IaaS) offering was prepared for production-level usage in the GÉANT project.
• SA7 launched a pan-European tender for IaaS solutions, which will establish a single digital market for the use of these services. The tender has received strong interest from over 30 providers. 36 NRENs are involved with the tender and will make the services available to their respective communities.
• 78% of the GÉANT NRENs are now planning to deliver cloud services and the NRENs actively exchanged knowledge through the communication and adoption channels provided by SA7.
• Usability improvements and handover of the eduCONF service to GÉANT Operations.
○ Improved usability of the eduCONF interface and service, including simplification of the landing/home page, the gatekeeper registration form, and link to FAQs.
○ The Directory Sharing proof-of-concept (PoC) included a comparison of the data schema of VC services’ directories, defining a functional specification and common data model, and producing example XML schema.
• Launch of the GÉANT eduOER service at the GÉANT Symposium on 7 March 2016 in Vienna, Austria.
○ Designed and developed both provider and end-user service interfaces of the GÉANT eduOER service and migrated the service comments to the operations environment hosted in the GRNET Cloud.
○ The eduOER service design, architecture and services have been described, and the development roadmap, value proposition and cost-benefit analysis documents have been completed for the service.
• Delivery of the WebRTC Roadmap recommendations, supported by detailed technology scouting documents and nine proof-of-concept studies.
○ Demonstration of how infrastructures for inter-NREN services may be built using open technologies. As a proof-of-concept, the team built a contextual communication application based on WebRTC.
○ Participation in the GÉANT task force TF-WebRTC, which delivered a solid Return of Investment (ROI) case.
• Proved the reliability and integrity of alien waves for NRENs to allow the transition of AW services into production for both client and own use.
• Conducted several experiments in time and frequency distribution and carried out tests to evaluate different orchestration mechanisms, including application-based network operations (ABNO).
• Composed a user questionnaire and obtained answers from 22 NRENs across Europe on their optical networks, their use of alien waves, and their understanding of alien wave concepts.
• Implemented live open-source virtual-AP based inter-domain roaming in a laboratory environment. It also modified CMon code to monitor the optical parameters of live alien wave services.
• Open Cloud Exchange (OCX) was adopted as a use case, on top of which the Zero Touch Network as a Service model was applied to demonstrate the benefits of the multi-domain Zero Touch paradigm. The OCX demo was presented at the SC15 Conference in Austin, Texas, USA in November 2015.
• JRA1 and GÉANT’s 4th Network Architects Workshop was held 19–23 October 2015 in Dubrovnik, Croatia.
• Establishment of an SDN-based service delivery architecture, utilising standards-based south-bound interfaces, a unified SDN controller solution and SDN applications for advanced network services delivery.
• Definition, specification, implementation and show-casing of advanced, SDN-based service capabilities: SDN-based BoD with advanced path computation, SDN IP / SDX at Layers 3 and 2, Transport SDN, Network in the Campus.
• Close collaboration with vendors on GE
ANT-tailored SDN product delivery and integration:
○ Drove CORSA’s development of a specialised white-box, multi-table pipeline switching solution with QoS features, suitable for the needs of GÉANT’s SDN-based offerings.
○ Led the work with Infinera and ON.Lab on the interoperation of the ONOS controller and Infinera’s Open Transport Switch solution.
• Delivery of production-quality code to the global community-supported ONOS controller's codebase, both in terms of functional SDN apps and the controller software modules.
• Multi-vendor SDN testbed established and utilised in Cambridge, UK.
• Outcomes presented (and awarded) at global-reach events and journals.
• The Certificate Transparency (CT) team created an independent implementation of CT (called Catlfish) and worked on Gossip which prevents potential partitioning attacks on the CT system.
• Development of a course on OAuth2, JW*, OpenID Connect and UMA (OJOU), which was held four times, two of which in the USA for InCommon and Internet2. It is usable beyond the timeframe of this project and increases the knowledge on ‘new generation’ identity management protocols.
• Delivered OpenStack multiple AA solution that allows the user to authorise with a variety of Attribute Authorities (AAs) to perform user provisioning and access.
• Activity members have made significant contributions to standardisation work. The contributions were on the topics of Certificate Transparency (CT, IETF), OpenID Connect (OIDC, the OpenID Foundation), user-managed access (UMA, Kantara working groups).
• Carried out several high-profile dissemination activities.
• The idea of using software statements for OpenID Connect federations has been presented and discussed at a number of workshops and conferences.
Some of the project objectives that also corresponded to those of the FPA, also progressed in GN4-1, included:
• Ever-more convenient mobility of individual users to better serve the very large collaborative research projects through higher granularity AAI. Several GÉANT partners also participated in the AARC project, which addressed important aspects of the AAI issue.
• Improvements to the cost effectiveness of the basic backbone network with faster network speed.
• Convenience and comfort of user access to other e-infrastructure services (databases, clouds, computing facilities, archiving, etc.) developed in collaboration with other e-infrastructure projects and users. To this effect, a senior coordinator was nominated (in 4/NA4) to work out concrete proposals to offer convenient and ubiquitous access to these services.
The work in GN4-1 progressed beyond state-of-the-art hosting activities in key areas:
• Networking: Terabit networking, software-defined networking and network function virtualisation.
• Trust and Identities: eduroam and eduGAIN, development of Identity providing roles and technologies.
• Cloud: Cloud services and Cloud interoperability.
• Testbeds as a Service: to support innovative research in networking and services on an agile platform, federated with similar initiatives, worldwide (e.g. GENI, FIRE+).
Due to the brief duration of the project, effort was focused on applying results to the production environment and preparing for future developments in each key area. Example developments include:
• Delivered 234 network changes, requiring 91 engineering site visits across Europe without incident.
• Fulfilled 66 complex user service requests.
• Open and updated 97% of all incident tickets within service level targets.
• Extended the reach of the EUMETcast Terrestrial service beyond Europe.
• Delivered SDN-based future network service solution proofs of concept
• Multi-vendor SDN testbed established
• Introduced tools to improve transparency and usability of eduGAIN.
• Contributed to seven draft standards by eduroam and non-web tasks.
• SA7Increased the number of cloud providers in the GÉANT Cloud Catalogue from 14 to 18.
• 78% GÉANT NRENs are planning to get involved with clouds.
• Waived data traffic charges from Amazon and Microsoft for the R&E community.
• Organised a pan-European tender for IaaS solutions with 36 participating countries to open a single digital market for the use of these services.
• Deployed five new GTS PoPs in Europe