INDUSTRY
Internet2 Becoming a Big Net on Campus
By Denise Pappalardo, Network World -- Its purpose is not to drive revenue growth, but to find better ways of getting the most out of a very fast IP backbone. As such, the concept of Internet2 is not new, but the research conducted over its network is far from commonplace.
About 200 universities participate in the Internet2 project, which includes a national backbone called Abilene that's being upgraded to support 10G bit/sec wavelengths. In addition to beefing up its exclusive network for higher education, Internet2 is working on several projects that could prove useful to public Internet users and to ISPs that support that network, while focused on the higher education community. The group is expanding network performance monitoring, operating an information-sharing center that's crucial to Abilene's security and stability, and experimenting with Multi-protocol Label Switching (MPLS) to support VPNs. These are just a few of Internet2's projects, which include developments in software, middleware and network engineering. All this research and experimentation takes place while the group upgrades its network to 10G. No 'glut' here "We view excess bandwidth as a feature of the network, not a waste," says Steve Corbato, director of backbone network infrastructure for Internet2. "We want to stay ahead of demand." While many service providers involved with the commercial Internet are dealing with what analysts call a "bandwidth glut," the Internet2 members want higher speeds to support bandwidth-intensive application development such as real-time, high-definition television. The group is deploying Juniper T640 routers throughout the 11 core network nodes that make up the Abilene network. Qwest is supplying additional wavelengths across the U.S. to support the higher speeds. While the majority of the routers are deployed, the whole network upgrade will not be completed until this summer, Corbato says. Supporting high-bandwidth applications was a motivating factor to upgrade Abilene, but the groups also are looking to migrate to IPv6, he says. "We wanted to make sure Abilene, as the backbone for U.S. research universities, wasn't an impediment in supporting ... native IPv6," he says. Internet2 has been experimenting and deploying IPv6 nearly since network construction got underway in 1997. IPv6 exponentially increases the number of IP addresses a network could support. Internet2 also is experimenting with larger packet sizes as a way of improving network performance. Large packets improve performance when transmitting "gigabit-per-second flows" because the large packets keep pertinent data together as it travels over the network, Corbato says. The typical IP packet is 15 bytes. A large packet is 9000 bytes, he says. The network upgrades also have led to the expansion of network performance monitoring, Corbato says. "We have quadrupled the number of [metrics] we monitor on Abilene," he says. One of the new metrics is a network validation test. "Servers are set up to send large flows of traffic, on the order of a gigabit," Corbato says. This lets universities use about 10% of their bandwidth to be sure the network is performing as it should before scientists begin application or network experiments. The group also now has the ability to capture and examine each flow across the network. While the ability to examine traffic closely from all universities has raised security and privacy concerns, Corbato says the group is "very careful with this data. We're looking to see what's happening over the network in real-time, what applications are most popular and the average duration of a data flow." The group also is dedicated to advancing Internet security. In February, Internet2's Research and Education Network Information Sharing Analysis Center (REN-ISAC) joined the Department of Homeland Security's national information sharing and analysis center group. "REN-ISAC is a higher-education-sponsored center designed to help universities and colleges improve their security," says Mark Bruhn, acting director of REN-ISAC at Indiana University. The program also lets higher education do its part in securing the national cyberinfrastructure, he says. Indiana University operates REN-ISAC to monitor security threats and events, such as denial-of-service attacks, in real time. The center not only immediately notifies victims and sources, but it also shares this information with other universities to help them better secure their networks. REN-ISAC, now that it's part of the national ISAC program, can exchange findings with other centers. When the federal government initially formed the national sharing program, higher education was not included, which was a mistake, as far as the Internet2 people were concerned. "An estimated 15% of the assigned Internet network addresses are held by higher education," Bruhn says. "And, because of what we do and how we approach things with technology, higher education generally experiences security events before other sectors." Analysis of the information gathered by REN-ISAC and the other centers is expected to lead to the development of detection and defense tools that could be used throughout the Internet, Bruhn says. He says many of those developments likely will come from the Indiana University Advanced Network Management Lab. Getting into MPLS Although REN-ISAC is at the cutting edge of intrusion detection and security, Internet2 just now is testing MPLS. But that's because the need for the technology is just arising for some Internet2 users. Internet2 recently began MPLS testing primarily because the Internet2 is not looking to marry multiple, legacy networks. The majority of MPLS offerings that businesses are buying from service providers meld together IP with legacy frame relay and ATM networks. The group started experimenting with MPLS because some Internet2 members were looking to support VPNs over Abilene. "In our view, MPLS is not a replacement for IP. We are using it as an experimental tool to support secure tunnels," Corbato says. Some Internet2 users want to set up secure tunnels between multiple sites for specific projects or experiments. MPLS seems to be a good fit for these applications. "One of the other reasons we're looking at MPLS is because it is one of the leading protocols on the table to provision and control lambdas in a dynamic sense," he says. "And more universities are acquiring optical networking assets." Over the next five years, the industry will need to manage native IP over optical, Corbato says. How those technologies are fully meshed will be critical to how the networks are managed, he says. Internet2 recognizes that MPLS is an important technology that could help to integrate IP and optical networks, Corbato says. The group is not interested in arguing whether MPLS is the best technology for telecom providers to manage their networks. Some service providers, such as Sprint, are not using MPLS, while others, such as AT&T, are betting on the technology and using it throughout their data networks. Instead, Internet2 is focusing on the future of IP networks, as has been its charter since its inception seven years ago.