FrameNet Dynamic VLAN Services/Sherpa FAQ
General Questions
Q: What’s the Difference Between Sherpa and the NLR Dynamic VLAN Service?
"Sherpa" is the Global Research NOC's name for a guided, secure, interactive dynamic circuit configuration tool. The NLR Dynamic VLAN Service uses Sherpa to allow authorized users in the NLR community to provision, modify, enable, and disable dedicated or non-dedicated VLANs on FrameNet in real time, without requiring intervention from the NLR NOC.
Q: Can I try it out?
Yes. A demonstration version ofthe Dynamic VLAN Service using Sherpa is available here (username: sherpademo password: nationwide). It will allow you to see exactly how the service and tool work on FrameNet without configuring the actual network or requiring accounts.
Q: What do I do if I’m having trouble using it?
Existing users of the Dynamic VLAN Service should contact the NLR NOC (noc@nlr.net) with any questions or problems.
Q: How can I get an account?
Those interested in using the Dynamic VLAN Service can contact NLR Experiments Support Services (ESS) at ess@nlr.net. The ESS will work with you to make sure DVS fits your needs, and shepherd the administrative and financial process.
Once this is complete, the NLR NOC (noc@nlr.net) will work with you to setup the appropriate accounts and access needed for your project.
Administrative/Financial Questions
Q: What does it Cost? How will I be billed?
The Dynamic VLAN Service costs and billing models are still being finalized. If you have questions about possible costs please contact ess@nlr.net
System Architecture Questions
Q: How does the Sherpa tool work?
Sherpa is built on top of a number of custom GRNOC database and database-aware tools that track FrameNet resources, what's already been committed on them, how they interconnect with each other, and the graphics tools to display the information.
- When you log into Sherpa, the GRNOC database knows what resources you're entitled to access, for instance the interface(s) that you're connected to.
- When you specify a VLAN ID to use, the system knows whether it's available or not.
- When you select which segments of the network your VLAN should traverse, the system knows where they go and how to interconnect them, and shows you on a map of the network where they will go.
- If you request a certain amount of 'dedicated' prioritized bandwidth for your VLAN, the system knows whether it's available on those segments and how much it would cost.
- When you commit your DVS VLAN request, the system will first examine the request as a pretest to ensure it will result in a usable VLAN, then it securely logs into each applicable switch and performs a second set of tests, then configures the VLAN, tests it end-to-end, and adds it to the database associated with your project, with the relevant business and technical information needed for administration and operational support. If a problem is discovered during verification or configuration, the configuration is undone and you are notified.
- Normally the VLAN is ready for use within seconds.
- You may also disable or modify the VLAN later; the database will show you all of the already-configured resources you have access to.
Q: How does Sherpa configure the network devices?
Sherpa uses a set of protected utilities to configure NLR FrameNet devices. These configurations are performed over SSH and are limited to actions conforming to NLR VLAN configuration standards.
Q: How does Sherpa verify the service when configuring?
After configuration Sherpa will add temporary addresses to the VLAN interfaces and perform ping tests to verify connectivity. If failure occurs, the configuration is undone.
Q: How was the interface built?
Sherpa combines the Altas network tool for visualization of the network with the Yahoo YUI widget set to create a highly interactive point and click provisioning tool.
Q: What is a “work group” in the context of Sherpa?
Sherpa has a concept of a work group. Multiple people can belong to each work group. These groups are used to define permissions on what sorts of resources can be used. For instance each workgroup has a defined set of interfaces upon which it is allowed to terminate VLANs. Typically, this means that any set of resources that has the same set of provisioners would be grouped as a work group.
Q: Does it support inter-domain circuits?
Sherpa is designed for intra-domain networks, operating under a single operational entity. It depends heavily on information in the Global Research NOC’s Network Database, and is not intended for heterogeneous networks.
While it would be possible architecturally for Sherpa to configure inter-domain circuits, this is not a current feature of the tool.
It should be possible, however, for other inter-domain provisioning projects to make requests of the NLR Dynamic VLAN Service using the Sherpa programmatic API.
Q: Is there a Programmatic Interface?
Yes. See this for detailed information on the Sherpa API interface.
Software Features
Q: If a feature is not currently supported, how do I request it?
NLR is committed to providing the features that would be most useful to its members. If there is a feature you’d like to see in DVS (or any other service or tool), you can send your request to noc@nlr.net. New features are chosen based on the level of interest in the membership, so your feedback is appreciated.
Q: Is Multipoint Supported?
Multipoint support will be added to Sherpa in a future release. Currently DVS supports multipoint VLANs manually through the NLR NOC.
Q: Is Q in Q supported?
The Dynamic VLAN Service and Sherpa will support Q n Q in a future release.
Q: Can I use it to schedule a start or end time for a VLAN?
Yes, you can schedule any provisioning action to happen at a future date.
Q: Can I set aside VLAN numbers ahead of time?
Yes, Sherpa now supports VLAN reservations.
Q: Does it support Spanning Tree for redundancy?
DVS allows users to fully configure VLANs with Spanning Tree for added redundancy. Primary root bridge selection is supported for this as well.
Spanning Tree for DVS, as with all FrameNet VLANs, is provided using fast per VLAN Spanning Tree (PVST+)
Q: Is there a way to edit VLANs without causing packet loss?
Sometimes, and the UI will let you know either way. Sherpa now has a feature called non-disruptive editing. In the past Sherpa would completely remove a VLAN then readd it on edit, now it examines the live config determining the set of actions required to make the existing config become the requested config. If the set of actions does not involve anything disruptive then edit will be non-disruptive. As an example, anything that would trigger a Spanning Tree recalculation would be considered disruptive.
Q: How much bandwidth can I dedicate?
Bandwidth can be dedicated in 100M increments, from 100M to 10G. However, actual bandwidth availability on the network will dictate what can be configured at any one time. Real-time available bandwidth is dependent on the bandwidth set aside by all static and dynamic VLAN users, and not by actual traffic. NLR does not overprovision dedicated bandwidth on any backbone links, to prevent congestion.
For instance, if only 1G is available on a link, the Sherpa interface will prevent a user from configuring any more than what is currently available. Real-time available bandwidth is shown during the configuration process to give immediate information to users.
Q: How is my bandwidth protected?
Bandwidth is protected using strict quality of service at the edge. All traffic below the dedicated limit is marked as priority traffic. All traffic exceeding this profile (and all non-dedicated traffic) is marked as best effort.
Dedicated traffic is never over-provisioned, so that there will never be more than 10G of high priority traffic on a link.
Security Questions
Q: Can I provision VLANs between any ports in FrameNet?
When a new group is created, ports related to that project are set aside for configuration by the group. Only those predefined edge ports, along with all of the FrameNet backbone ports will be configurable by that group. Other ports will not be configurable without being assigned to that group by the NLR NOC.
Q: What credentials do I need to login?
GRNOC Web Login is used for authentication.
GRNOC-WebService-Client-0.03.tar.gz