Use case ‘Network Service Interface – Connection Service’
In recent years, students, lecturers and researchers have been making ever-increasing use of cloud services. Part of the European education and research community uses the Microsoft Azure platform, for example, to spin up virtual machines off campus – in the cloud. SURFnet plays a key role in this, by providing a high-bandwidth extension of the campus network to its own area of the Microsoft cloud. We use the OGF-standardised protocol Network Service Interface – Connection Service (NSI-CS) for this. How can this ensure the delivery of fast, high-bandwidth cloud services throughout Europe?
ExpressRoute via light paths
When purchasing cloud services, as well as costs, availability and performance are key. In order to guarantee bandwidth and make availability predictable, SURFnet has dedicated connections to Microsoft ExpressRoute – at the time of writing, two 10G connections. These connections do not go over the public Internet, but via light paths. Amongst other things, this makes it possible to expand the institution’s network into the Microsoft cloud, which, in addition to bandwidth, also gives greater control over security.
Connection to NetherLight
Since 2016, we have been connecting the ExpressRoute connections to NetherLight, SURF’s international hub for ultra-high bandwidth connections. To provide bandwidth guarantees for ExpressRoute within Europe, NetherLight is connected to the pan-European education and research network GÉANT.
How do you apply?
An application for private connectivity to Microsoft’s virtual machines must always be made to the national research and education network (NREN) of the country concerned. If the application is technically possible, it will be forwarded to GÉANT. GÉANT can then request connectivity from Microsoft through the ExpressRoute portal. To set up the redundant connections, a request for bandwidth between NetherLight and GÉANT is made behind the scenes. SURFnet is the only exception of this scenario: in case connectivity to Microsoft is requested within the Netherlands, SURFnet connects institutes via NetherLight to Microsoft directly.
Automation and orchestration
Here at SURFnet, we manage the whole process automatically through a multi-domain process within our authorisation and orchestration environment. The protocol that we use for this is called Network Service Interface Connection Service – Connection Request (NSI-CS) and is standardised within OGF. This protocol enables interaction between different networks by sharing topological information and submitting requests for network services. Existing network services can also be terminated automatically through the protocol. As a result, human actions are no longer required to set up dedicated capacity. SURFnet has made prior agreements with GÉANT concerning the use of this protocol, e.g. concerning the names of network interfaces. Certificates have also been exchanged, so the automated network services cannot be accessed by unauthorised parties. If NSI-CS is used, when making a request, only the network interfaces, bandwidth and VLAN numbers need to be specified. The protocol sets up multi-domain network connectivity in all participating networks. In a nutshell: the use of NSI-CS allows multi-domain queries concerning network connectivity to be processed in real-time.
We make automated light paths available via the automation and orchestration framework APIs and via the SURFnet Network Dashboard.
The use of NSI-CS has obvious advantages in terms of throughput times and the reduction of human error, particularly between different backbone networks. In the partnership with GÉANT, the use of NSI-CS results in faster delivery of network services to the national education and research networks, so their institutions can use Microsoft ExpressRoute more quickly.
This blog was written by Gerben van Malenstein, Hans Trompert and Migiel de Vos