Forschungs- & Entwicklungsinformationsdienst der Gemeinschaft - CORDIS

Bandwidth on demand

The DataTAG project produced an advance reservation system based on an extension of the GARA toolkit, which supports a novel network resource abstraction called “Path” and implements network resource allocation in a layered fashion by including the possibility to also allocate MPLS Label Switched Paths and Optical Light Paths, besides the existing IP Differentiated Services.

The “Path” is a network resource that can be requested and/or used by an application in a number of ways. It can be static or dynamic, per-domain or end-to-end and can be shared by a collection of streams or used by a single flow.

The MPLS Manager gives the possibility to dynamically allocate an MPLS Label Switched Path (LSP). The MPLS LSP supports the configuration of remote VLANs spanning remote network domains, so that traffic between elements of the VLAN can be associated to a user-specified Class of Service, e.g. IP Premium or Less than Best Effort.

On the other hand, the Light Path Manager is a prototype tool that configures on-demand bidirectional Light paths crossing a chain of optical cross-connects. It can work in single domain as well as with multiple domains thanks to the inter-domain facilities offered by the AAA Architecture.

The authentication and authorization of user requests are performed by AAA servers, but the DataTAG system interoperates with both the Globus Gatekeeper, adopted with the code released by the DataGrid project, and with the DataGrid User Interface.

The advance reservation is the mechanism that allows the user to request the exclusive access to a set of resources that satisfy some user requirements in a future time span. An advance reservation request contains the full specification of the resources needed through a set of resource-specific attributes, and it supplies run-time information at a later stage through a binding operation. Then, the user who issues an advance reservation request has to be authenticated and authorized on the basis of a set of policy rules. An authorized request can only be granted if a resource, that satisfies the user’s requirements, is available in the specified time slot. The actual resource allocation is performed by a resource manager that hides the complexity of the resource-specific allocation tasks. During the reservation lifecycle the Grid Information System (GIS) provides vital information in a number of reservation phases. In particular, during the resource discovery it provides the list of resource instances that satisfy the user’s requirements, and for each instance, the information about its properties and its corresponding authentication/authorization server.

The Generic Advance Reservation Architecture (GARA) adheres to the conceptual model above and implements an excellent prototype. The DataTAG advance reservation system takes GARA as its fundamental starting point and extends it in a number of ways.

We have adopted a layered approach to resource management by adding new types of resource managers that are based on a variety of network technologies: the Light Path Manager, which works at the physical layer, and the MPLS Manager, which can provide both layer 2 and layer 3 services. In addition, we have extended the number of Per Domain Behaviours supported by the existing GARA Diffserv Manager.
Grid users typically belong to a Virtual Organization (VO). VO members are recognized by Grid resources based on their identity or role within a VO. This deliverable describes how a network path is able to recognize VO members. The architecture develops the authentication and authorization component by including the use of the Virtual Organization Management Service (VOMS) and of the Generic AAA servers. Thus, authentication and authorization can be performed in two alternative ways: either through a Generic AAA server or through GRAM (Grid Resource Acquisition and Management) a component of the Globus Toolkit, by interfacing the Gatekeeper according to the mechanism supported in GARA. The authentication and authorization approach to be adopted in each case depends on the resource and this information is provided by the Grid Information System (GIS). If a co-allocation is requested, i.e. multiple path elements belonging to different administrative domains have to be allocated in a coordinated fashion, the GIS specifies for each resource instance the authentication and authorization approach of choice.

The dynamic set-up of a network path that crosses several transit domains is a network-specific example of co-allocation. In this case, the end-to-end path is a chain of per-domain path elements and its configuration requires an intervention in each transit domain. Two solutions can be adopted: the central approach with a single resource manager, and the distributed approach, where each resource manager is only responsible of configuration in its specific domain and the inter-domain communication protocol is implemented by the AAA servers.

Verwandte Informationen

Reported by

INFN-CNAF, Viale Berti Pichat, 6/2
40127 Bologna
See on map
Folgen Sie uns auf: RSS Facebook Twitter YouTube Verwaltet vom Amt für Veröffentlichungen der EU Nach oben