2017-06-12.
GN4-JRA2 T1 - T6 Monthly status report for May.
T1:




T2:









T3:
















T4:







OpenNSA deployment in GEANT core
Deployment of GTSv4
Development and bug fixing of OpenNSA
Attending TNC17
Weekly task VCs
Weekly VCs
2 day F2F meeting in Skopje
Finalized Customer management API
Analysis of potential TMF Open APIs (Qoute, Service Qualification, Agreement)
Partial implementation of service fulfillment business process
Adding additional parameters in the e-line service specification
Expanding the service inventory
Participation in the TMF Live conference
Prepared usage report for April
Prepared whitepaper: "GTS V5.0 Strategic Planning: Proposals for GTS Business Models"
Adjusted and finalized quote for Dell servers
User support and tickets
Studied and commented on GTS code review; received final report
Investigated per-flow shaping and policing option for Juniper hardware
Attended TNC17
Connected with new Japanese project "SD-WAN" for future collaboration; email list [email protected]
Attended f2f meeting in Copenhagen
Bug fixes and system tests (e.g. connection management of BMS; issue with SQ injections; double
click issue; issue on multithreading; GUI fix; host monitoring fix)
Discussed the future format of configuration files for the management of network endpoints
Continued work to improve the admin interface of GTS regarding the management of network
endpoints
Released GTS v4.1.2 and started to deploy to locations; prepared demo for TNC17
Produced new version of gts_components_v4-0_v10.pptx document for SA1/Fotis
PLM meeting for GTS v5 planning; business development call
Revised document for Features Planning
Lab extended with two new virtual machines for Message Queue and Monitoring Correlator
Message Queue installed and operational
InfluxDB and Grafana installed, waiting for the data to feed them
Mode 3 first setup prepared and presented at the f2f meeting
Prepared with SA3T5 and SA2T3 two proposals for Geant symposium about the performance
monitoring and verification
Discussion with Geant org about the way 100G NICs are going to be used, procurement justification
Regular task videoconference May 8th
1





T5:

Task face to face meeting in Amsterdam, May 16th
TL presented T4 work at the SIG-PMV meeting, Amsterdam, May 17th
Participation at the TNC – agreed the procurement of the servers and 100G NICs
Contact with Xavier Jeanin about the monitoring solution for EOSC pilot
Contact with JRA2T2 about the integration of Service Inventory and PVM solution
Regular videoconference meetings.

NMaaS Platform development:
- Research on PostgreSQL deployment in the K8s cluster (in high availability mode - Stolon)
- Research on Helm (package system for K8s). Prepared Helm chart for Oxidized application.
- Separated DCN/VPN deployment from NMaaS application deployment process (one DCN/VPN
deployment per client)
- Implemented function to re-use existing DCN/VPN for new NMaaS application deployment by the
same client
- Implemented support for Docker Compose - tool for defining and running multi-container Docker
applications

NMass Portal development:
- Extended user management mechanisms
- Research on supporting eduGAIN-federated login

NMass tools development:
- Added LibreNMS to NMaaS tools portfolio.

Testbed:
- Prepared another server for second K8s cluster deployment (with advanced networking setup)
- Deployed complete Kubernetes (K8s) cluster in the testbed (with simple Docker image registry
and NFS server for persistent storage)
- Deployed Oxidized application in the K8s cluster
- Prepared GTSv4 testbed DSL which is a mirror of lab testbed
T6:


Regular task VCs: 2016-05-05 (https://wiki.geant.org/display/gn42jra2/2017-05-03+VC+Notes)
FOD:
- Refocusing of development man power in JRA2-T6 in upcoming months to FOD
- GRNET developers are not ready with new FoD version compatible with new Django lib
- T6 will no longer wait on them, and not delay the testing and production testing and longer
because of this; instead we well merge later when their code is ready
- VC with CORSA about REST API of NSE7000 box for mitigation control and statistics
- Testing of new FOD features on FOD test machines:
* Fully tested the port range feature developed by Tomáš (with real traffic)
* Multi-tenant REST API (tested, but has issues which need a fix promised by GRNET)
* Current mitigation statistics
* Tomáš has started preliminary code for this based on JavaScript canvas and own SNMP collector
for visualizing current statistics per rule
* Already working, but performance needs to be improved and some details added
* More precise value calculation
* E.g. graph labels
* Support for bytes, not only packets
* Multiple graphs (per router, not only summary)
2
* For historic statistics, plan to use data/images from CACTI of GÉANT
- VC with Richard Sanigar/Robert Latta, responsible at GEANT for CACTI (SNMP poll + visualization),
to check whether it can be used for historic mitigation statistics
- REST APIs available for controlling the polling as well as fetching created graph images
- Richard/Robert agreed to provide us info about that
- Making new FoD version (not packaged yet, only in github; new python version needed)
compatible with GEANT installation procedures/requirements (e.g. puppet)

CT server development:
- Still working on CT Server v1.0: user/operator documentation, minor operational aspects (e.g.
time zone support), bug fixes
- Preparation of Demo/Presentation (user view of CT)
- Actual users of CT have been more clearly identified: domain owners (= owners of a certificate)
- Various threat cases (= use cases) for owners of a certificate for a domain have been
differentiated:
- CA incompetently issues a wrong certificate for the domain
- Incompetent CA being tricked by a malicious party to issue a wrong certificate for the domain
- Certificate for domain issued by malicious party after having stolen key from CA
- Malicious CA issues a wrong certificate for the domain
- Any of these results in unwanted/wrong certificates for the domain (e.g., with wrong IP addresses,
one to the malicious site), i.e. one which the legitimate owner did not ask for and is NOT aware of
- CT approach is making it possible for the domain owner to detect this over time by monitoring
certificates for his domain(s)
Summary for the RAG update on the web
Comments:
For the period January 2017 through April 2017 (Q3) the JRA2 Network Service Development task is RED.
This alarming status is due to the continuing delays in deploying both OpenNSA (as part of JRA2-T1
Consolidated Connection Services), and GTS version 4 (JRA2-T3 GTS). These two Tasks, T1 and T3 are Red,
and thus the JRA2 activity is Red. The other four JRA2 tasks are green.
Highlights:
 GTS Code release of version 4.01
 GTS version 4 demo was successfully conducted at TNC17.
Free Text:
Monthly reports on WIKI: https://wiki.geant.org/display/gn42jra2/GN4-2+JRA2
https://wiki.geant.org/display/gn42jra2/JRA2+Monthly+status+reports
Presented GTS at:
TNC17.
Attended:
TNC17.
3