ABOUT

What is KREONET-S?


    KREONET-S Architecture and Primary Components




The First Software-Defined Wide Area Network (SDN-WAN) on Nationwide Research Network in Korea

  • ONOS-enabled Core, Edge/Access, International Network Operations

  • KREONET-S is designed to provide end-to-end SDN production network services for advanced researches and applications requiring time-to-research and time-to-collaboration. All the network elements on KREONET-S infrastructure including domestic and international networks will be turned on by ONOS control platform for new SDN network operations, management, and services.

      Toward Software and User driven Virtualized, Dynamic, and Flexible Environment
      from Hardware-based Fixed, Closed Network Infra & Services




  • KREONET-S Data Plane Networks





  • Distributed ONOS Experiments and Deployment

  • For the enhanced KREONET-S network operations, each of ONOS controllers is located in geographically distributed regional network centers (e.g., Seoul and Busan) in Korea to gain SDN scalability, high availability, reliability, and performance. Various test scenarios are being applied to verify the (distributed) controller clustering on KREONET-S.


  • KREONET-S Distributed Control Plane





  • Multi-layer SDN control and SDN-IP Experiments and Deployment

  • The layered network control is essential for efficient network operations and utilization on KREONET-S. SDN-IP is considered a key issue on KREONET-S as well for production Internet users to opt in the virtual networks generated on SDN domain (using ONOS) for collaborative research. The two main topics will be experimented and deployed on KREONET-S.


  • KREONET-S SDN-IP Testbed





  • SDN-IP Global Experiments at Open Networking Summit (ONS) 2016





Future Plan

  • KREONET-S is pursuing nationwide virtual programmable network infrastructure (based on SDN control platform/ONOS and programmable network devices) that can be accessed mainly via Open APIs by KREONET users who want to develop their own R&E applications over SDN. Diverse user-participating and training programs on KREONET-S will promote the production use of SDN-WAN applications and infrastructure.

    Our future work includes the extended development of virtual convergence network environment as well as the improvement in the flexible and efficient federation with open cloud computing platform (e.g., OpenStack) over software-defined wide area networks. It is an advanced science cloud over software-defined wide area networks (SC-WAN), which will connect user sites, science datacenters, high-performance computing (HPC) centers and other R&E resources over multiple SDN-WAN control domains. That is, the SC-WAN will integrate Cloud, IoT, scientific resources, advanced R&E facilities and technologies with KREONET-S based on WAN-based auto-provisioning of dynamic and on-demand virtual networks, which are represented as virtual open convergence network environment using inter-domain SDN federations to access and share distributed data, networking, and computing resources in the virtualized, intelligent and automated manner.

    Eventually, KREONET-S will contribute to building national software-defined infrastructure as a major component for the new area of hyper-convergence ICT and data-centric economy based on IoT, cloud, big data, supercomputing, and data-intensive science.







SERVICE R&D

Applications and Services Development on KREONET-S

  •      On-Demand Virtually Dedicated Network

  • The first and foremost service demand by KREONET-S customers is dynamic and on-demand virtual network provisioning per user and/or application with bandwidths (over 1Gbps) guaranteed. The prototype of VDN had been developed on ONOS through collaborative works between KISTI and KAIST* in 2015. Furthermore, the first production version (v1.0 beta) of VDN was developed in 2016. In 2017, the official version (v1.1) of VDN was released including newly developed features and enhancements such as intra-VDN Slicing, inter-VDN Federation, virtual Network Access Control (vNAC), and VDN DHCP (vDHCP). KREONET-S users should be able to create, update, and delete their 1/10/40/100Gbps virtually isolated and bandwidth-guaranteed/dedicated networks using VDN for various science applications derived from Supercomputing, High Energy Physics, Astronomy, Bio/Genomics, Cultural Science, etc.

    *KAIST stands for Korea Advanced Institute of Science and Technology.
App Name Short Description of VDN Functionality
 VDN Manager  Dynamic and on-demand virtual network provisioning per user and/or application with guaranteed network performance and security
 Intra-VDN Slicing  End-to-End (hosts-to-hosts) virtual network slicing within a VDN over KREONET-S core networks
 Inter-VDN Federation  Connecting inter-domain VDNs with specific network performance guaranteed between different ONOS/VDN control domains
 vNAC  Providing 5-tuple based network access control for each VDN
 vDHCP  Providing dynamic host configuration protocol for each VDN


  •      User-oriented Network Visibility

  • Combined with VDN services, the user/application-oriented virtual networks should be visualized in an intuitive way where (primary) network operations and performance parameters are associated with virtual network nodes and links. The virtual network visualization is mainly implemented based on ONOS GUI features.

  • New Architecture and Functionalities of VDN/UoV System






  • VDN/UoV Prototype (implemented in 2015) - KISTI-KAIST Joint Development



    • Global Topology View


  • Whole (Multi) VDN Topology View                                        E2E Topology View           
  •             


  • Demos: VDN/UoV Prototype





    VDN/UoV 1.0 Beta Release (implemented in 2016)



  •            Global Topology View                                        Whole (Multi) VDN Topology View   
  •             

  • Single VDN Topology View                                             E2E Topology View     
  •             



  • Demos: VDN/UoV 1.0b GUI




    Demos: VDN/UoV 1.0b REST-API






    VDN/UoV 1.1 Official Release (implemented in 2017)



    • Intra-VDN Slicing

    • Intra-VDN slicing using OpenFlow meters over KREONET-S infrastructure for E2E network slicing within a VDN (w/ the core network devices on KREONET-S). The VDN slicing feature works as follows (see the video clip).

  • Principal Intra-VDN Slicing Policy




  • Example for Intra-VDN Slicing




  • Demos: Intra-VDN Slicing




    • Inter-VDN Federation

    • Inter-VDN connections with guaranteed network performance between different ONOS/VDN control domains over SDN-WAN for inter-SDN connectivity & resource federation, e.g., between KREONET-S, HPC centers, science DCs. See how the new feature operates with following information and video clip.

  • Basic Operation of Inter-VDN Federation




  • Example for Inter-VDN Federation




  • Demos: VDN Federation




    • Virtual Network Access Control (vNAC) & VDN-based Dynamic Host Configuration Protocol (vDHCP)

    • The 5-tuple network access control is provided for each VDN so that users can easily configure thier own (simple) security policy on the VDNs, while DHCP capability can also be applied to the SDN-IP enabled VDN environment. See the following video clips describing detailed operations of the new VDN features.

    Demos: Virtual Network Access Control (vNAC)




    Demos: VDN Dynamic Host Configuration Protocol (vDHCP)





    •      Virtual Science DMZ (vSciZ)

    • Science DMZ (https://fasterdata.es.net/science-dmz/) is a scalable network design model for optimizing science data transfers. The virtualized version of Science DMZ (vSciZ) needs to be developed in Korea where most of individual university/institute/organization wants to be free of any security issues by avoiding on-site installation of network, computing and storage devices. The vSciZ application model is being designed based on NFV, cloud, service chaining, and SDN (ONOS) over KREONET-S for now.


    KREONET-S Service Types

       
    •               Pure SDN Services

    •                 • Deterministic QoS & Performance
    •                 • Logically Isolated User Group Networks
    •                 • Enhanced Security & New User Experiences
    •                 • OpenFlow-based Science Cloud WAN




    • SDN-IP Services

    • • SDN-to-Internet Connectivity & VDN opt-in
    • • Traffic-engineered AS Transit (DC to DC)
    • • Partial Guarantee of QoS & Performance
    • • Partial Security, but still New User Experiences




    • Federated SDN Services

    • • Inter-SDN Connectivity & Federated Resources
    • • Virtually Isolated Networks on Inter-Cluster SDN
    • • Deterministic Guarantee of QoS & Performance
    • • Enhanced Security & New User Experiences
    • • Extended Connectivity with SDN-IP







    Use Cases

    • In the second phase (2018-2020), KREONET-S production SDN-WAN services are targeted to accommodate more than 50 advanced project participants on science and information technology using (multiple) 1/10/40/100Gbps high performance research network connections. The KREONET-S users will possibly be expanded to the entire advanced R&E organizations of KREONET in the third phase (2020-2022).


    KREONET Top 10 Advanced Applications





    KREONET-S Users and Facilities


    KREONET-S VDN Connections: user sites, research & experimental facilities, cloud, gateways, VM servers, etc.





    Example for KREONET-S User Sites






    KREONET-S Use Cases based on Virtually Dedicated and Isolated Networks

    • Use Case I: VDN Provisining over Single and Multiple SDN Domains

    • • Logically Isolated Networks for High-speed & Secure Cloud Access over SDN-WAN
    • • E2E Virtual Network Connectivity for User Sites over Multiple SDN Domains




    • Use Case II: Elastic and Secure SDN-IP with IoT-Cloud-VDN Integration

    • • Dynamic VDN + IoT + Secure SDN-IP and/or Inter-VDN Federation
    • • On-demand VDN + Cloud + IoT + User Organizations/Domains




    • Use Case III: VDN-enabled ScienceDMZ for Multi-access Edge Cloud and HPC

    • • Federating VDNs between R&D-Centers/Science-DCs and KREONET-S
    • • Dynamic VDN Slices for Distributed HPC-Centers over KREONET-S
    • • Virtual Science DMZ at Regional & International Cloud Network Centers on KREONET and GLORIAD









    Contact Us

    • For more supports, contact us!

    • Dept. of Advanced KREONET Operations and Services, Advanced KREONET Center, Division of Supercomputing, Korea Institute of Science and Technology Information
    • 245 Daehak-ro, Yuseong-gu, Daejeon, 34141, South Korea
    • Questions and/or Comments to mirr-at-kisti.re.kr, yh.kim086-at-kisti.re.kr




    Copyright ⓒ 2016. KREONET-S. All rights reserved.