Internet2

close
Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Your organization not listed? Create a local account to use Internet2 services.

Create SiteID

Layer 2 Services

overview

AL2S

Internet2's Advanced Layer 2 Service delivers a strategic advantage for leaders in research and education (R&E) by providing effective and efficient wide area 100 gigabit Ethernet technology. CIOs and IT staff can now provide a turnkey solution for balancing long-term or short-term global big data science collaborations and production services.

Enabling scalable and flexible global access to an open exchange network, members can build Layer 2 circuits (VLANs) between endpoints on the Internet2 Network and beyond. The service meets the wide-ranging needs of the research and education community—both now and into the future.

AL2S allows users to create their own VLANs on the Internet2 AL2S backbone. Static or Dynamic, point-to-point or multipoint, intra-domain or inter-domain, AL2S puts control of the backbone VLANs into the users' hands for the creation of purpose-built private circuits using infrastructure already in place.

AL2S Local

AL2S Local allows a Member to purchase a standard AL2S port at normal fees for out of region access, along with “local” AL2S ports at a lower fee for local/regional access, and as an economical alternative to deploying their own aggregation switch.

features

Advanced Layer 2 Services

AL2S

Some features of Internet2's Advanced Layer 2 Service are:

  • STATIC VLANs: point-to-point or multipoint, configured on demand by the user through a portal.
  • DYNAMIC VLANs: point-to-point or multipoint. The option to configure VLANs dynamically using software-defined networking (SDN) through technologies such as OpenFlow. Please see here for more details.
  • INTERDOMAIN CONNECTIVITY: global R&E and Global Optical Lightpath Exchange fabrics enable Ethernet VLANs throughout the U.S. on Internet2 and around the world through partner networks to intercommunicate.

Links to an Advanced Layer 2 Network map and Infosheet can be found in the box to the right.

A Roadmap listing AL2S features that have been Completed, Committed, Possible, On Hold / Canceled, and On Hold / Blocked can be found here.

Internet2 produces reports detailing the availability and bandwidth of the AL2S network. These reports along with spreadsheets listing the values for metrics related to Change Management and Incident Management can be found here.

A link to documentation, presentations, and copies of slides and recordings of webinars can be found here.

AL2S Local

AL2S Local is envisioned as an optional, add-on feature to the standard community AL2S offering. Its primary purpose is to provide a local/regional connectivity alternative where Members can share the AL2S switch rather than deploying their own. It provides a card that’s dedicated to the Member. The Member can use one, several or all of the ports on the card. It supports local/regional, intra-switch traffic, as well as out of region access through a standard AL2S port purchased by the Member. However, the combined throughput of the local and standard AL2S port leaving the box may not exceed the capacity of the standard AL2S port(s) purchased. Key attributes include:

  • Member funds the one-time hardware costs of an 8 or 16 port card on the AL2S box and receives access to all the ports on that card.
  • The AL2S Local card is dedicated to the Member. “Partial” cards are not offered in order to ensure full cost recovery of the card. In other words, Member needs to pay for the entire card.
  • All features available with standard AL2S will be available with AL2S Local.
  • Member must purchase at least one standard 10/100G AL2S port to which their out-of-box bandwidth will be assigned.
  • The combined throughput out of the AL2S box should not exceed the capacity of the standard AL2S ports purchased. For example, with one standard 100G AL2S port, the total backbone bandwidth consumed by the standard port and all AL2S Local ports for traffic leaving that box cannot exceed 100Gbps.

A list of organizations connected to AL2S at both 100GE and 10GE is available here.

fees
Service Annual Fee
Advanced Layer 2 Services 100G - $165,000
10G - $40,000

To request a quote for AL2S Local, contact networkdevelopment@internet2.edu.

faq

General

What is the advantage of AL2S?

In a word, VLANs. AL2S allows an organization to create either long-term static or ad hoc on demand VLANs between interfaces owned by that Workgroup or interfaces that other organizations make available. This allows layer 2 links to be created as needed between interfaces on the AL2S network.

Where is AL2S available?

City City City
Albany, NY Denver, CO Philadelphia, PA
Ashburn, VA El Paso, TX Phoenix, AZ
Atlanta, GA Houston, TX Pittsburgh, PA
Baton Rouge, LA Jackson, MS Portland, OR
Boston, MA Jacksonville, FL Raleigh, NC
Charlotte, NC Kansas City, MO Salt Lake City, UT
Chicago, IL Los Angeles, CA Seattle, WA
Chicago, IL-Starlight McLean, VA Sunnyvale, CA
Cleveland, OH Minneapolis, MN Tulsa, OK
Dallas, TX New York, NY  

What is the physical infrastructure of AL2S?

AL2S consists of a set of switches interconnected by at least two 100 GE links to other switches. The current vendors used are Brocade and Juniper. The map on the right shows the locations of the switches.

How can my organization connect to AL2S?

Connections are available at 100 GE and 10 GE bandwidths.

Do I need to be running OpenFlow to use AL2S?

No, OpenFlow isn't needed to connect to AL2S. Please see this link for more information.

Can I create my own logical Layer 3 network on top of several AL2S connections?

Yes, by creating a set of VLANs you can interconnect your routers over the AL2S infrastructure.

Can you provide pointers to documentation?

Yes, you can find links to documentation, videos, presentations, and webinars (slides and audio recordings) here.

Is there a Roadmap of AL2S features?

Yes, a Roadmap listing AL2S features that have been Completed, Committed, Possible, On Hold / Canceled, and On Hold / Blocked can be found here.

Are there any AL2S reports available.

Yes, Internet2 produces reports detailing the availability and bandwidth of the AL2S network. These reports along with spreadsheets listing the values for metrics related to Change Management and Incident Management can be found here.

Is there an AL2S cap on my port(s)?

No, both 100 GE and 10 GE ports have access to the full bandwidth.

What is AL2S-Local?

AL2S Local allows a Member to purchase a standard AL2S port at normal fees for out of region access, along with “local” AL2S ports in groups of 4 x 10 GE at a lower fee for local/regional access, and as an economical alternative to deploying their own aggregation switch.

If my organization is behind a regional connector, who has rights to assign VLANs?

The organization with Administrator rights to the Workgroup has the ability to designate VLANs to other Workgroups created by the Administrator.

Static VLANs

What is OESS?

OESS is a set of software used to configure and control dynamic (user-controlled) layer 2 virtual circuit (VLAN) networks on OpenFlow enabled switches. OESS provides sub-second circuit provisioning, automatic circuit failover, per-interface permissions, and automatic per-VLAN statistics. It includes simple and user friendly web-based user interface as well as a web services API.

Please see http://globalnoc.iu.edu/sdn/oess.html for more information.

A demo of the OESS user interface is available here. Use GRNOC as the suggested selection then sign in using Login: os3e with Password: os3edemo.

How do I get permission to build a circuit to another port that I do not own?

At this time, you can request that the Internet2 NOC contact the owner of the other port for permission to add that port to your workgroup.

Can I connect to all other AL2S ports?

Conceptually this is possible but to do this you must get the permission of the owners of destination ports and have those ports added to your workgroup.

Are multipoint vlans available?

Yes, they are available but at this time MAC learning isn't available. Multipoint-multipoint VLANs with up to a few dozen endpoints are supported. Users can provision these through the normal OESS web interface. Please see this link for more details.

Dynamic VLANs

What is SDN?

From https://www.opennetworking.org:

"Software-Defined Networking (SDN) is an emerging architecture that is dynamic, manageable, cost-effective, and adaptable, making it ideal for the high-bandwidth, dynamic nature of today's applications. This architecture decouples the network control and forwarding functions enabling the network control to become directly programmable and the underlying infrastructure to be abstracted for applications and network services."

What is the difference between SDN and OpenFlow?

From the Open Networking Foundation's OpenFlow Whitepaper:

"Software Defined Networking (SDN) is an emerging network architecture where network control is decoupled from forwarding and is directly programmable."

"OpenFlow is the first standard communications interface defined between the control and forwarding layers of an SDN architecture."

I have a different controller I want to try, can I do that?

Not at this time. However, the soon to be released Flowpoint Firewall would allow this.

Is the use of OESS software required?

No, it's not required. To create circuits you would need to either manually create them or use software supporting OSCARS to create circuits using the built-in api. You are, of course, free to use OESS software on your local infrastructure to control your OpenFlow enabled switches. Then you can again use OSCARS to create a circuit through the AL2S infrastructure.

How does GENI fit in?

AL2S is being integrated into the GENI mesoscale backbone, to become a GENI backbone. GENI tries to provide Layer2 paths between resources, and the Advanced Layer 2 Service can be used to access GENI resources. Currently this is allocating VLANs that terminate on GENI equipment. In the near future, GENI Credentials will be able to be used with GENI standard interfaces to create VLANs over AL2S to connect resources. Longer term, GENI researchers will also be able to use software defined networking to control the backbone paths, and install their own controllers for backbone paths over AL2S, as they can with the original GENI mesoscale backbone.

GENI resources on campuses and in regionals can be accessed directly using AL2S, thus it can tie together multiple resources (e.g., compute instances on GENI Racks). AL2S also has four 10G connections into the GENI mesoscale backbone being operated by Internet2, to access existing resources.

Interdomain Connectivity

I have a GENI researcher; can he or she use AL2S to get access to GENI resources?

Yes. Today this involves creating a VLAN either to the existing GENI mesoscale backbone, and using GENI interfaces to allocate the rest of the resources or alternatively VLANs can be set up directly to GENI resources at campus and regional sites. The researcher would need to work with those sites, perhaps with the GENI Project Office (help@geni.net) to ensure connectivity to the sites. For further information about GENI and GENI resources please see this link.

What is the FlowSpace Firewall?

FlowSpace Firewall provides the ability to run multiple OpenFlow applications/controllers on the same switches providing a form of network multi-tennancy. It operates as a proxying OpenFlow firewall, restricting which part of the flow space a controller can manipulate. It provides the ability to enforce VLAN Tag based flow space restrictions and provides controll channel rate limiting.

Details will be available at http://globalnoc.iu.edu/software/sdn.html.

Can I run OpenFlow in my local infrastructure?

Yes, please see https://www.opennetworking.org for more details.
participate

Internet2's Advanced Layer 2 Services are available to:

Please contact networkdevelopment@internet2.edu for more information.