The Internet Protocol Journal - Volume 2, No. 4

The Internet2 Project

The Internet2 Project
by Larry Dunn, Cisco Systems

Communication, connectivity, education, entertainment, e-commerce across a broad spectrum of activities, the commodity Internet has made a strong impact on the way we live, work, and play. Nevertheless, many classes of applications do not yet run well, and some don't run at all, over the commodity net. As new applications are developed in disciplines from medicine to engineering to the arts and sciences, their success increasingly depends on an ability to use networks effectively. In research and education collaborations all over the world, efforts are under way to make use of new network technologies and develop network services that will facilitate these advanced applications. One such effort in the United States is called the Internet2 Project [1].

The Internet2 Project was started in 1996 by 34 U.S. research universities. It has since grown to over 140 universities, and includes several corporate members and international partners. This article examines network technology used in Internet2, and looks at some of the engineering challenges involved in facilitating applications being developed by Internet2 members.

Background
In 1995, the U.S. National Science Foundation (NSF) funded a program to create the very-high-performance Backbone Network Service (vBNS) [2]. The NSF provided funding to MCI, who interconnected five U.S. supercomputer centers and 3 Network Access Points (NAPs), where it was envisioned that supercomputer clients and other vBNS users would connect.

By 1996, congestion stemming from academic traffic to the commodity Internet had seriously congested the NAPs; it was accordingly recognized that clients of the supercomputer centers might be better served if the Research Universities, where Principal Investigators often resided, were themselves directly connected to the vBNS. So in 1996, the NSF accepted proposals as part of the High-Performance Connections (HPC) program [3]. Schools applying for an HPC grant might receive $350,000 over a 2-year period, provided their proposals met various criteria, including meritorious research that would benefit from the high-performance connection, a solid network plan, intention to investigate capabilities enabled by such a connection, commitment to share results with the community, matching funds from the University, and so on.

In October 1996, representatives from 34 universities met, and concluded that, while not all the schools had projects involving "meritorious research" that would meet the NSF criteria, they all did have a critical interest in deploying the kind of applications that such high-performance connections could enable.

Thus, to facilitate development and deployment of applications that would further the research and education mission of member universities, the Internet2 Project was formed.

From the beginning, the stated intention was to enable applications that could not run, or could not run well, on the "Commodity Internet." Networks would be utilized or constructed only so as to facilitate this applications enabling goal, and results/methods would be applied to the broader community as rapidly as possible.

Applications Focus
The list of applications being used or developed by Internet2 members is extensive. Several fall in the category of "meritorious research" as mentioned in the NSF HPC criteria. Examples include: remote instrument control (for instance, telescopes, microscopes), high-performance distributed computation, and large-scale database navigation. Other applications that further the education mission of member universities include tools to facilitate multisite collaboration, and asynchronous learning. Many examples in areas from science, engineering, art, language, music, and more can be found at the Internet2 applications Web site [4]. In addition to individual applications, a couple of broad initiatives have a relationship with Internet2, including The Internet2 Digital Video Initiative, housed at the International Center for Advanced Internet Research(iCAIR) [5], and the Internet2 Distributed Storage Infrastructure Initiative (I2-DSI) [6].

The above applications share several challenging requirements, many of which translate to resource commitments that must be met by the network in an end-to-end fashion, including bandwidth and jitter. Additionally, the applications can become scalable only if more mature middleware and control plane infrastructure is developed. Necessary components include features such as Authentication , Authorization , and Accounting (AAA), scheduling, and coordination of resources managed by multiple administrative domains.

One compelling example of the network challenges present in a virtual collaborative environment is exemplified by a CAVE (Cave Automated VR Environment ). See [7] for more details, but in brief, a single CAVE is a (10 x 10 x 10) foot cube, with one wall removed. Users enter through the open wall, and using lightweight stereo-three-dimensional (3D) glasses, and a radio frequency (RF) mouse, can interact with an immersive environment created by rear screen and direct projection on multiple walls and the floor. As an example, the interconnection of multiple CAVEs allows design teams in remote locations to jointly experience the operating "feel" of a new vehicle, and to dynamically adjust, design, or control parameters to see how the modified vehicle behaves.

The developers of CAVE software at Argonne National Labs have noted that the data flows in a CAVE consist of at least: control, text, audio, video, tracking, database, simulation, haptic, and rendering flows. Additionally, they have estimated the latency, jitter, and bandwidth requirements for these flows. Some of the flows represent a challenge in a single resource dimension, others have strict requirements in multiple resource dimensions.

Backbone Networks
At this time, Internet2 members may connect to either of two backbone networks, or both.

The vBNS is operated by MCI/Worldcom. It consists primarily of an IP over ATM network. Most schools connect at DS3 or OC-3c via ATM to a vBNS ATM switch. Interior vBNS links are OC-12c ATM. The schools peer with a Layer 3 router; a router is attached to each of the vBNS ATM switches. The vBNS routers are logically connected to each other via a full mesh of Unspecified Bit Rate (UBR) Virtual Circuits (VCs). The ATM switches are connected to each other via a second layer of ATM switches, which are part of MCI's commercial Hyperstream offering. While schools pass the vast majority of their traffic via peering at Layer 3 with the nearest vBNS border router, other services are available, including the option to establish Variable Bit Rate (VBR) VCs as needed, and the possibility to place some of the ATM-attached hosts of the school directly in a vBNS Classical IP Logical IP Subnet (LIS). This setup allows such hosts to send bytes directly to other ATM- attached hosts, bypassing the routers of both the school and the vBNS. The vBNS also carries native IP multicast traffic among members. In addition, the vBNS has a native IPv6 offering, which is achieved by deploying routers that run IPv6, and provisioning VCs to schools also running IPv6. The vBNS has also begun to offer an IP over Synchronous Optical Network (SONET) service, the first instance of which is an OC-48 Packet-over -SONET (POS) link from Northern to Southern California. Because the nominal partnership arrangement with the NSF expires in the year 2000, the vBNS has established a new network offering [called Next Generation Network (NGN)], to which schools and other entities may connect if the vBNS/NSF partnership is not renewed.

Measurement Tools in vBNS
One of the outcomes of the vBNS program has been the development of a variety of high-performance measurement tools. One such tool, called OC-3mon (and now, OC-xMon), was developed to allow passive capture (using optical splitters) of ATM cell and IP header information, to facilitate high-speed flow characterization. More detail is available at the vBNS Web site [2]. Recently, further development of OC-xMon has been undertaken by the Cooperative Association for Internet Data Analysis (CAIDA) [8]. CAIDA has perhaps the best collection of high-performance public-domain measurement and analysis tools in the world, and its Web site is definitely worth browsing.

The second backbone network to which Internet2 members can connect is called Abilene [9]. Abilene was constructed by the University Corporation for Advanced Internet Development (UCAID) in collaboration with three industrial partners and Indiana University (IU). Partner contributions include fiber capacity from Qwest, SONET gear from Nortel, and routers from Cisco. The Abilene Network Operations Center (NOC) is staffed and operated by Indiana University. The network uses OC-48c POS interior links that initially connect ten routers in a partial mesh (a few interior links started as OC-12c, but are being upgraded). Abilene participants can connect at OC-3c or OC-12c, using either POS or ATM. See [10] for details on the router hardware architecture. For an insightful look at a research project that shows how this architecture can scale, see the second link in [10] and also see Stanford Professor Nick McKeown's Tiny Tera homepage at [11].

Measurement Tools in Abilene
It's worth spending a bit of time at the Abilene NOC Web site [12]. One of the interesting tools developed there is the "Abilene Weather Map" [13]. Abilene NOC has indicated that it will make source code for this tool available to Internet2 schools.

Gigapop Technology Survey
Internet2 schools can connect to either vBNS or Abilene directly. However, it is also common for several schools to converge their links at a "gigapop." This gigapop then connects to Abilene and/or vBNS, and possibly to commodity Internet Service Providers (ISPs) (to carry the "Commodity Internet" traffic of the school). Additionally, non-Internet2 schools, libraries, K-12, and state government networks also often converge at gigapops. Non-Internet2 schools typically don't forward traffic over Abilene or vBNS. But the common meeting point allows local exchange of local traffic, often affords larger aggregate commodity Internet connectivity for the gigapop participants, and allows direct access to other services that might be offered at the gigapop (Web caching, and so on).

The connectivity architecture used at gigapops varies widely. Detailed documentation for several gigapops can be found at [14]. Some Gigapops are "Layer 2," meaning that each participant is responsible for exchanging routes and traffic among themselves directly. More often, gigapops are "Layer 3," meaning that the gigapop provides a router with which gigapop participants peer. The gigapop router then typically exchanges traffic with vBNS and/or Abilene, and possible commodity ISPs.

Some gigapops are implemented at a single site (for instance, Metropolitan Research and Education Network [MREN], Southern Crossroads [SoX]), while others are "distributed gigapops," meaning gigapop equipment exists at multiple locations (for instance, the California Research and Educational Network [CalREN-2], and The Great Plains Network [GPN]). Following are a couple of specific gigapop examples.

MREN
The MREN [15] is built on a Layer 2 gigapop near Chicago that joins schools and research facilities from Illinois and several states in the Midwest. MREN members typically connect with OC-3c ATM links. Since MREN is a Layer 2 gigapop, the border router of each member peers directly with the border routers of other members. Additionally, each member's border router might peer with the Chicago area vBNS or Abilene border router. vBNS and Abilene routers (as well as several other national research and international networks) peer here. Physically, the facility is built upon the Network Access Point (NAP) facility provided by Ameritech Advanced Data Services (AADS) [16]. Routers typically peer with each other via ATM UBR Permanent Virtual Paths (PVPs), although other arrangements are possible.

CENIC/CalREN-2
The Corporation for Education Network Initiatives in California (CE- NIC) [17] has constructed CalREN-2. The CalREN-2 distributed gigapop is interesting in several respects. First, as the name implies, it represents a distributed gigapop. In this case, three separate SONET ring facilities provide connectivity for Northern, Central (Los Angeles area), and Southern California schools. These three regions are linked to each other, and also to external networks.

Second, in each ring, there are two sets of OC-12c connections to each adjacent school. CalREN-2 has currently utilized these connections to construct both a ring of ATM connectivity, and a separate, parallel ring of POS connectivity. As a result, CalREN-2 is uniquely positioned to experiment simultaneously with both ATM and POS connectivity, performance, and QoS characteristics.

Third, to take the Northern schools as an example, the ring structure allows for a variety of Layer 3 topologies to be explored. For example, in a ring with these size and bandwidth characteristics, what are the trade- offs on application level performance of inducing more hops while keeping the per-hop bandwidth high, versus dividing the bandwidth into smaller slices but creating a partial mesh that reduces the average Layer 3 hop count?

Engineering Challenges
This section looks at some of the engineering challenges present in Internet2. They revolve around enabling applications with new network services, implementing appropriate policy, and doing all of this at high speed. Specifically, we'll look at Explicit Routing, Multicast, and Quality of Service.

Explicit Routing—The Fish Problem
The condition that several schools often converge at a gigapop, combined with the constraint that sometimes the funders of high-performance connectivity require that only the funded schools are allowed to use the high-performance connection, gives rise to a need for "explicit routing" at the gigapop. The gigapop can forward packets through either a high-performance connection, or through the commodity Internet. Usually, for a single destination, traditional routing would have the gigapop use the "best" path to forward all packets to a particular destination. But when multiple policies must be implemented at the gigapop, the gigapop router must be able to "override" normal routing and forward packets on a path that's not the "best." A concrete example is shown in Figure 1.

Figure 1: The "Fish Problem"

*Note:Click above for larger view

Consider packets from schools A and B, both headed for destination D. Assume both schools are connected to gigapop G, and that G has two paths to D; one along G-Hi_perf-D, and the other along G-Commodity_ 1-Commodity_2-D . Further assume that A is allowed to use either path (and would perfer G-Hi_perf-D), but that B is prohibited from using G-Hi_perf-D. This scenario describes the "Explicit Routing Problem," and since it is often drawn in a shape resembling a fish, is also known as the "Fish Problem." The essence is that a routing decision at G must be made on some other criteria than just the destination IP address.

A couple of solutions to the fish problem have been used in the past, but they tend to have problems with either speed or scalability. For example, "policy routing," which usually includes a method to look at both source and destination address, has historically shown low performance. Inserting ATM switches and using virtual circuits has been used in some cases, but this solution has scaling problems and requires extra equipment. Today, many Internet2 gigapops use a separate router per policy. In the case of needing two policies in the example above, this means two routers. This solution is expensive, but does have high performance.

One promising idea is to implement enough of the "policy routing" process in hardware to allow high-speed source+destination+other-bits lookups. While straightforward in concept, some point out that even with line-rate source-address routing capability, the method is flawed because it requires significant manual configuration, and is prone to creating black holes for traffic upon link failure. Proponents suggest that these shortcomings can be overcome.

Another promising mechanism is becoming available as a result of work done to facilitate Multiprotocol Label Switching (MPLS) in routers and switches. The idea here is that one of the underlying pieces of technology required for MPLS is "multi-FIB" (multiple Forwarding Information Bases). Instead of the traditional "single-FIB," which always uses "the best" route to a destination, multi-FIB allows multiple forwarding tables to exist in a single router. This setup will allow a gigapop to implement multiple policies in one router, rather than the "one box per policy" that several gigapops have used previously. Note that in the case of a gigapop with a single router on which all members converge, multiple policies can be achieved with multi-FIB without actually using MPLS Label-Switched Paths (LSPs). For more complex gigapops, where members themselves may converge high-performance-eligible and ineligible traffic before forwarding on a single link to the gigapop, one might consider using simple LSPs to present the gigapop with traffic that is predifferentiated.

Multicast
Many of the applications in Internet2 schools use multicast. In addition to flows for videoconferencing or distance learning that use MPEG-1 (or slower) rates, a wide variety of applications require high-performance, scalable multicast. Examples include high-resolution immersive environments, collaborative real-time medical image diagnosis, and high-fidelity conferencing or distance learning (for instant, digital video camera rates of 30 mbps). When the Internet2 project began, many schools were on the Multicast Backbone (Mbone), and used Distance Vector Multicast Routing Protocol (DVMRP) tunnels to participate in multicast. Over the past year, one of the strong areas of collaboration between the Internet2 schools and the vendor community has been to develop and implement a migration strategy that allows Internet2 backbones, gigapops, and schools to move toward high-performance, scalable, native multicast support.

At the Internet2 conference in San Francisco in September 1998, the vBNS backbone was exposed to unprecedented levels of multicast stress. In a somewhat painful, but worthwhile, learning experience, it was concluded that Protocol Independent Multicast-Dense Mode (PIM-DM) did not scale well in highly meshed, high bitrate backbones. As a result, the vBNS has shifted to PIM-Sparse Mode (PIM-SM), and Abilene is being constructed with PIM-SM.

The current set of multicast components being applied in Internet2 (and leading ISPs) include: PIM-SM, Multicast Border Gateway Protocol (MBGP), and the Multicast Source Discovery Protocol (MSDP). MBGP allows distribution of routing information such that unicast and multicast routing can use noncongruent topologies.

MSDP allows independent domains to exchange information about multicast sources without creating interdomain Rendezvous Point (RP) dependencies. As they become standardized, it is expected that the Border Gateway Multicast Protocol (BGMP) and Multicast Address Set Claim (MASC) will be added to this infrastructure set.

Quality of Service
An area of broad interest in the Internet2 community centers on Quality of Service (QoS). The heart of QoS involves establishing strategies through which applications can be assured access to appropriate network resources when required. Typical examples of resources include end-to-end bandwidth, latency, or jitter. Of course, collateral issues and dimensions abound, including end-to-end vs. segment-only QoS; signaled vs. static provisioning; amount of state required by various approaches; level of granularity, precision, and strength of QoS "guarantee;" AAA issues; and reliability and recovery dynamics.

In an effort to start small, but make concrete progress, the Internet2 QoS working group [18] has launched an experiment called the Qbone [19]. Participants include backbone networks, gigapops, and individual schools and research labs worldwide. The Qbone will focus on deploying and using components developed by the Internet Engineering Task Force's (IETF) Differentiated Services working group (Diffserv) [20].

The initial Qbone plan is to deploy an approximation to the Expedited Forwarding (EF) [21] forwarding behavior. The Qbone will start by statically allocating a small amount of EF bandwidth across boundaries between Autonomous Systems (ASs) to allow small EF flows among arbitrary combinations of schools/labs. Large flows, in these early stages, will have to be handled manually (much as they are today). In later stages the plan is to use Bandwidth Brokers (BBs) currently under development [22] to aid in the automation of adjusting resource commitments between ASs (using interdomain BBs), and to aid in accepting application resource requests (using intradomain BBs, combined with policy servers and AAA mechanisms). The precise mechanics for BB interaction, trade-offs among signaling frequency, amount of state, scalability, and so on are certainly topics of research, but that's part of what makes Qbone participation fun!

Summary
There is no single application or technology that makes Internet2 unique or exciting. Rather, the effort required to enable new applications that have strong bandwidth, latency, jitter, and coordination requirements has resulted in an infusion of energy from a variety of disciplines. Internet2 requires stretching existing technologies (ATM, POS, multicast, measurement), nurturing developing technologies (Quality of Service, explicit routing, Dense Wave-Division Multiplexing [DWDM], mobility), and participating in the invention of new technologies (all-optical infrastructures, extending AAA, and other resource allocation and scheduling middleware). Internet2 requires attention to maturing components in backbone, gigapop, and campus environments in order to deliver on the promise of speedy transference of lessons learned to the commodity Internet. The effort so far has resulted in demonstration of truly stunning, impactful, and useful applications. It is the convergence of effort and rapid rate of change that makes Internet2 a challenging and rewarding endeavor.

Other Initiatives
Although this article has focused on aspects of Internet2 in the United States, there are many advanced Internet activities around the world. A partial list includes: http://www.dante.net/ten-155.html (Europe)
http://www.ukerna.ac.uk (UK)
http://www.dfn.de (Germany)
http://www.renater.fr (France)
http://www.surfnet.nl (The Netherlands)
http://apan.or.kr (Asia/Pacific)
http://www.singaren.net.sg (Singapore)
http://www.canet3.net (Canada)
http://www.cudi.edu.mx (Mexico)
http://www.reuna.cl (Chile)
http://www.ngi.gov (U.S. Federal)
http://www.startap.net (International peering)
A more complete list of advanced Internet initiatives is maintained at:
http://www.cisco.com/aii

References

  1. http://www.internet2.edu
  2. http://www.vbns.net
  3. See latest press release at:
    http://www.nsf.gov/od/lpa/news/press/99/pr9915.htm
    ...and updated program announcement at:
    http://www.nsf.gov/pubs/1998/nsf98102/nsf98102.txt
  4. http://apps.internet2.edu
  5. http://i2dv.nwu.icair.org/
    and http://www.icair.org/
  6. http://dsi.internet2.edu/
  7. http://evlweb.eecs.uic.edu/pape/CAVE ...has a great introduction to CAVE technology.
    Also see the Electronic Visualization Laboratory homepage at:
    http://www.evl.uic.edu/EVL/index.html
  8. http://www.caida.org
  9. http://www.ucaid.org , and Abilene specifics at:
    http://www.internet2.edu/abilene
    Abilene router details are at:
  10. http://www.cisco.com/warp/public/cc/cisco/ mkt/core/12000/index.shtml
    ...and Nick McKeown's paper is at:
    http://www.cisco.com/warp/public/cc/pd/rt/12000/
    tech/fasts_wp.pdf
  11. http://tiny-tera.stanford.edu/tiny-tera/index.html
  12. http://www.abilene.iu.edu
  13. http://hydra.uits.iu.edu/~abilene/traffic
  14. Following are several gigapop sites:
    California's CENIC/CalREN2: http://www.cenic.org ,
    The Pacific/Northwest gigapop: http://www.pnw-gigapop.net
    The Great Plains Network: http://www.greatplains.net
    The Southern Crossroads, with members from Southeastern Universities Research Association: http://www.sox.net
    MidAtlantic Crossroads: http://www.networkvirginia.net/MAX
    MREN: http://www.mren.org
    WestNet: http://www.scd.ucar.edu/nets/Projects/Westnet
    North Carolina Gigapop: http://www.ncni.net
    The Texas Gigapop: http://noc.gigapop.gen.tx.us
    Northern Crossroads: http://www.nox.org
    Philadelphia area Magpi: http://www.magpi.net
    Pittsburgh-based NCNE: http://www.ncne.net
    New York: http://www.nysernet.org
  15. http://www.mren.org
  16. http://www.aads.net and http://nap.aads.net/main.html
  17. http://www.cenic.org
  18. http://www.internet2.edu/qos/wg
  19. http://www.internet2.edu/qos/qbone
  20. http://www.ietf.org/html.charters/diffservcharter.html
  21. http://www.ietf.org/rfc/rfc2598.txt
  22. http://www.merit.edu/working.groups/i2-qbone-bb


LARRY DUNN is the Technology Development Manager in the Advanced Internet Initi-atives Division at Cisco Systems. He serves on the Internet2 Quality of Service and Routing working groups. After receiving his PhD from the University of Minnesota (Elec-trical Engineering '92), he served as Director of Networking there, and subsequently as Director of Strategic Markets and Applications (Education) for FORE Systems. He periodically teaches Advanced Networking courses at the University of Minnesota. Research interests include test vector generation for combinational logic, network design and analysis,and Quality of Service techniques and deployment strategies.
E-mail: ldunn@cisco.com