2014 Technology Exchange

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Advanced Technology Demonstrations

All Advanced Technology Demonstrations will take place in the Sponsor Salon in Griffin Hall Monday afternoon, Tuesday and Wednesday.

Redefining the Wireless LAN through Open Programmable Software that Maps Physical Network Hardware to Virtual Network Services
Organization: Matrix Integration

Using the first commercially available OpenFlow-based SDN solution for Wi-Fi networks, we will demonstrate how campus Wi-Fi networks can be virtualized, programmatically controlled through SDN and linked to services and compelling new applications hosted virtualized data centers. We will show how an SDN solution for campus networks can enable applications that tightly integrate the network with business databases and applications such as a mobile app, which helps teachers focus student use of the Internet in the classroom.

Realizing the Promise of SDN – Today
Organization: Fujitsu

Software Defined Networking (SDN) promises much in the way of network flexibility and lowered costs. However, a major hurdle to realizing the potential of SDN is the large number of network infrastructure elements in use today, especially legacy switches and routers, while the SDN market is still evolving. Now is the time for Researchers, Universities, and RONs to begin planning their network evolution to take full advantage of current and future SDN benefits. During the Internet2 Technology Exchange, Fujitsu will highlight our SDN controller software on current Fujitsu products, demonstrating our commitment to helping I2 members evolve to SDN with current infrastructure elements that are forward-feature compliant.

Ultra-High-Speed Data Transfer and Processing - up to 100 Gbps over the WAN
Organization: Aspera, an IBM Company

One major challenge in high-performance computing is being able to move big data in and out of the data center. While high-performance servers and hardware are already deployable inside the data center, and WAN bandwidth can be provisioned beyond multi-Gbps, existing transport technology cannot fully utilize the end-to-end capacity, particularly over a wide area. To address this need, Aspera and Intel investigated ultra-high-speed (40 Gbps and beyond) data transfer solutions built on Aspera’s FASP transport technology and the Intel® Xeon® processor E5-2600 product family. In Phase I of this investigation, the team achieved predictable 10 Gbps WAN transfer speeds on both bare metal and virtualized hardware platforms, over commodity Internet connections with hundreds of milliseconds of round-trip time and several percentage points of packet loss characteristic of typical global-distance WANs. Phase II of the investigation focused on an experimental integration with Intel® Data Plane Development Kit (Intel® DPDK), which made it possible to directly control the network interface controller (NIC), thereby bypassing the kernel networking stack. This integration allowed Aspera to overcome the packet-processing bottleneck for single-stream transfers, minimizing CPU, memory, and I/O bottlenecks, to achieve 40Gbps on the same commodity hardware. We are even looking at showing 100 Gbps transfers over the WAN. The ability to achieve such high speeds—on both bare metal and virtualized hardware systems that are low-cost and off-the-shelf—could dramatically reduce data center hardware cost and footprint and the associated power and cooling costs and more easily scale up transfer capacity for large-scale data processing.

Arista Network Telemetry and Programmability Solution
Organization: Arista Networks

Arista is working closely with University and research organizations to provide a cost effective tap aggregation and network telemetry application. Arista specifically has worked with NCSA to provide an elephant flow bypass capability between a Bro Cluster and an Arista tap aggregation switch. This demo will demonstrate the telemetry and tap aggregation capabilities on an Arista switch and COULD include 100G tap connectivity if available.

Using Cisco Modeling Lab as Base - Cisco Simulation Tool that Allows Network Modeling and Simulation to Test Use Cases, Typologies, SDN Deployments, etc.
Organization: Cisco Systems

Using this platform we will demonstrate at least the following: 1) Open Daylight with BGP-LS leveraging ASR9K or simulated ASR9K depending connectivity quality. 2) APIC Enterprise Module - APEM campus SDN controller to manage campus QoS & ACL 3) Using new collaboration endpoints (DX80) demo mobile & desktop collaboration integration in Cisco's new HD displays We will also use the Cisco Modeling Lab for ad hoc simulations and demos based on conversations and interactions with the attendees at the Technology Exchange.

Secure Multi-Vendor Cloud & Connect Resource Orchestration
Organization: Ciena

Virtualization of compute and storage resources have long been a reality in the data center environment while inter-data center network connectivity has remained less flexible. Creating an elastic cloud ecosystem where application or user demands can trigger the acquisition and release of shared resources (including the network) enables a new landscape for innovation of combined network and services delivery to truly remove geographic boundaries. Ciena will leverage both Ciena and Brocade platforms which will interoperate to demonstrate a unique multi-vendor software defined networking based solution that enables the dynamic automated provisioning in response to the requirements of network-enabled applications. This can be used as workload conditions demand to deploy data center and network resources optimally. In addition we will demonstrate the ability to actively monitor and direct traffic while dynamically managing network resources. Our innovative and unique demonstration of network and application resource orchestration will highlight:

  • Cloud bursting workload orchestration to dynamically change network topology and computing resources in seconds, increasing flexibility of research utilization
  • Automatic, dynamic creation and return of resources, in real time, across local and remote data centers, to respond to changing application demands
  • Seamless integration of Virtual Machine (VM) creation with on-demand network services, helping to better optimize resource utilization ensure adherence to performance requirementsMaintaining separate policies for each application, allowing fine-grained tuning of thresholds and actions.

Methodologies to secure the SDN control plane Securing Internet2 High-Performance 100G and Cloud Networks 
Organization: Fortinet

10 x 10 = 100G Firewall Demo For years the Internet2 community has had to choose between high performance and robust security, with commercial firewall offerings at campus/organization perimeters not being designed to handle the high speed flows for scientific data and other traffic. Many have looked to workarounds to divert around campus firewalls and other best-practice security. Fortinet is demonstrating a breakthrough with the first affordable compact appliance able to secure 100GbE Internet2 network traffic. Together with technology partner Ixia, Fortinet will demonstrate live validation of firewalling high-speed 10Gbps scientific data flows on a 100GbE network without compromising network performance, leveraging Ixia’s PerfectStorm XGS12 that is the first able to replicate high-load Internet2 and normal enterprise traffic flows under real-world conditions across 100GbE fabric. Consolidated FortiGuard threat services provide intrusion prevention, anti-malware, DDoS and additional protection, and FortiASIC hardware accelerates IPv6 packet forwarding with no degradation for Internet2 traffic. Cloud Security for Net+ Demo Internet2 Net+ cloud services is validating Amazon Web Services and other service provider cloud offerings that augment and complement Internet2 network services. Ensuring consistent protection is a challenge when big data and other applications migrate from internal networks to AWS and other public clouds. Fortinet is demonstrating cloud security such as FortiGate-VM that is orchestrated with AWS to provide seamless firewall and network security across Internet2 Net+ hybrid cloud environments. Virtual firewall services provide local inspection in the cloud without expensive backhaul traffic across the WAN, while centralized management ensures consistent security policy across FortiGate-VM’s in the cloud and high-performance physical FortiGate’s within the internal network.

Brocade OpenDaylight Controller
Organization: Brocade

Brocade will be demonstrating our ODL controller. Brocade's direction is much different than most vendors. Brocade will maintain a close relationship with ODL providing source code back to the project and, most importantly, Brocade's product will remain VERY close to the open source codebase with regular syncing between the Opensource and Brocade ODL, Brocade will then provide enterprise level support on BODL to provide organizations the safety needed to allow their own SDN applications to move out of experimental status into general deployment. This demonstration will provide a milestone for the community to base future SDN plans and actions as a critically needed demonstration of the maturity of SDN. This will maintain and accelerate SDN in the REN community.

The Brocade Vyatta Controller Path Explorer Application explicitly shows open flow capabilities in a visual intuitive user interface. PE supports the Brocade MLX, ICX and Mininet, and will also work with any OpenFlow 1.0/1.3 compatible switch. The path demo also demonstrates the RestConf API, and exercises the controller top to bottom.

Internet Security Threat Report
Organization: Symantec

Symantec, a global leader in information management and security will be presenting an overview and analysis of the year in global threat activity by sharing highlights from their Annual Internet Security Threat Report. Given that 2013 was the year of the breach, and it appears that this trend will continue in 2014, healthcare, education and the public sector organizations should be developing initiatives that will protect their information and ensure continuity of operations.

Managing Dynamic Networked Cloud Infrastructure for Data-Driven Scientific Workflows
Organization: RENCI/UNC, ISI/USC

This demonstration will showcase a novel, dynamically adaptable cloud infrastructure driven by the demand of a data-driven scientific workflow. It will use resources from ExoGENI - a Networked Infrastructure-as-a-Service (NIaaS) testbed funded through NSF's Global Environment for Network Innovation (GENI) project. The demo will connect compute and data resources in the booth to a large dynamically provisioned 'slice' spanning multiple ExoGENI cloud sites that are interconnected using dynamically provisioned connections from Internet2 and ESnet. The slice will be used to execute a scientific workflow. We propose to demonstrate the features of "ShadowQ”, an entity that predicts future resource needs of a workflow, and runs alongside the Pegasus workflow management system. This workflow introspection feature will be used to adapt the slice to the demands of the workflow as it executes, by adding on-ramps and adjusting the amount of resources used.

Network Visualization at ESnet
Organization: ESnet

ESnet has developed many visualization of the network. This session will demonstrate the various visualizations that have been developed with a focus on the newer time series work that has been done recently.

Virtual Reality: Enter the Metaverse
Organization: Internet2

Virtual reality has reached a new level of immersion with technological breakthroughs in head mounted display technology. This demonstration will take participants through a variety of virtual reality demonstrations, including realistic virtual environments, simulations, and applications including precursors to the 3D web and the Metaverse.

Enhancing GridFTP through Hardware Offloading
Organization: RNET Technologies, Argonne National Laboratory

GridFTP is a high-performance and secure protocol widely utilized for bulk file transfer in scientific and commercial grid environments. Globus GridFTP, the de-facto implementation of GridFTP, plays a significant role in grid-based scientific research and collaboration. Therefore, its efficiency, performance and scalability over high speed, long-haul networks are critical to the overall success of the scientific community. Using UDT in Globus GridFTP, as an alternative transport protocols to TCP, has shown superior capability in sustaining line-rate throughput over long-haul network connections. However, the user level processing incurred by UDT requires even more CPU resources than TCP. In this work, we show how offloading transports such as UDT, and upper layer protocols on top of it, can significantly reduce host CPU usage while enabling the GridFTP throughput benefits for regular and secure data transfers over high-bandwidth high-latency networks. We will demonstrate the sustained line-rate throughput and reduced host utilization from using UDT and SSL offload (using RNET’s 10Gbps user programmable SmartNIC), by running GridFTP file transfers over an ESNet 10GbE reservation through UC's Science DMZ network. Our nodes are currently connected; therefore there is no need for a network set up at the meeting. We will connect to the nodes remotely from the meeting site to demonstrate the work.

SciPass: a 100Gbps capable secure Science DMZ using OpenFlow and Bro
Organization: Global NOC/IU

SciPass is an OpenFlow based implementation of a Science DMZ architecture capable of operating at 100Gbps with integrated active security features including dynamic white and black listing of traffic, adaptive IDS load balancing and ability to balance based on IDS sensor CPU load. SciPass programs an OpenFlow switch to act as an IDS Load Balancer sending traffic to an array of Bro sensors for inspection while simultaneously forwarding traffic through the institutional firewall on a "slow path". Unique in our approach is the use of Bro to detect "good flows" such as Lustre-WAN or GridFTP data transfers between trusted research facilities. Once these good flows are detected packet forwarding is modified to bypass institutional firewalls. This same system can also be used to block flows determined to be hostile. This approach provides several essential operational benefits. First, data transfers will perform better because the firewall is no longer limiting the transfer performance. Second, load balancing features support-scaling IDS to 100Gbpss. Third, hardware requirements are reduced for the firewall and IDS cluster leading to lower operational costs. These capabilities will be demonstrated by performing science data transfers between Indiana University and other remote institutions.