Menu

Web Browser Interface (WBUI)

1. Login

Before you can access the server you must login using the user name that you were given by the domain administrator and your password. OSCARS will then issue a cookie to your browser that will keep you authenticated for 8 hours. Once you are logged in, you will see a row of tabs from which you can select the desired action.

The parts of the WBUI that you will see depends on what authorizations you have. A normal OSCARS-user will only be able to create a reservation, list and see the details of his own reservations and modify his own profile. More privileged users, e.g. OSCARS-engineers and OSCARS-operators can see all the reservations. Users with admin privileges, OSCARS-administrator can add and authorize new users and modify and delete users. See Authorization Policy for more information about the different levels of privileges.

2. Create Reservation

Allows the creation of new reservation. Reservations can be made at network layer 3 only between hosts that are within ESnet. Layer 2 specifications must be used for all interdomain reservations.

Note that ISPs use both abstract topology node names and actual topology node names. Only abstract topology names will be seen outside the ISP, so a user will always be dealing with the abstract names. The actual hosts that will be used may vary and there may be multiple hosts between two abstract hops.

Hops are specified using the topology identifier defined by the Open Grid Forum (OGF) Network Measurement Working Group (NMWG) control plane topology schema. A topology identifier is a URN that may consist of as many as four hierarchical components: domain:node:port:link. See Topology components notes for more about the topology naming scheme.

Common parameters

Source and Destination hosts may be specified by a DNS host name, IP address or as a topology link identifier.

Example for layer 3 reservation:

source: 198.124.220.135

destination: tera03.ultralight.org

Example for layer 2 reservation using link identifiers:
 

source: urn:ogf:network:domain=es.net:node=bnl-mr1:port=TenGigabitEthernet1/3:link=*
destination: urn:ogf:network:domain=dcn.internet2.edu:node=newy-vlsr:port=10.100.80.193-104:link=1

For layer3 reservations the hosts are the machines on which the data resides. If a host name is specified, the DNS will be used to resolve it to an IPaddr. If a topology identifier is specified, the associated IPaddr will be found from the topology database. For layer2 reservations, they are the ingress and egress links to the ISP. If they are input as a host names or IPaddrs the DNS and a lookup server are used to resolve them to topology identifiers. Alternatively, a user may communicate with the ISP administrators to find out what topology identifiers to use.

Path is a list of topology identifiers for ingress and egress links/routers. In general a path should not be specified except by someone who knows how to traffic engineer the traffic, and wishes to specify an non-default interdomain peering point, e.g. if peering between ESnet/I2 in Sunnyvale is congested, one might set ESnet/I2's address in New York to bypass the congestion. Setting the routers may change the default path for the data flow. However, currently for layer 2 reservations starting at ESnet sites the ingress and egress links for each domain that is traversed must be input. This may change in the future.

The hops that you specify are a considered a Loose Interdomain Path (LIDP) are are taken as suggestions. If they are not available, other nodes may be substituted. By the time the path has been passed through all the domains, an ingress and egress link for each domain will have been added and the path becomes a Strict Interdomain Path (SIDP). The path that is stored with the reservation and displayed by the reservation details page is a confirmed (all the resources have been reserved) SIDP. For example the hops for the layer 2 example above are:
   

path:

    urn:ogf:network:domain=es.net:node=bnl-mr1:port=TenGigabitEthernet1/3:link=*
urn:ogf:network:domain=es.net:node=bnl-mr1:port=TenGigabitEthernet1/1:link=TenGigabitEthernet1/1.101
urn:ogf:network:domain=es.net:node=aofa-mr1:port=TenGigabitEthernet2/3:link=TenGigabitEthernet2/3.101
urn:ogf:network:domain=es.net:node=aofa-mr1:port=TenGigabitEthernet4/3:link=*
urn:ogf:network:domain=dcn.internet2.edu:node=newy-vlsr:port=10.100.80.189-103:link=1
urn:ogf:network:domain=dcn.internet2.edu:node=newy-vlsr:port=10.100.80.193-104:link=1

Note that the first and last hops are the same as the source and destination hosts. Currently this is required for layer 2 reservations, but may change in the future.

Bandwidth - maximum bandwidth to reserve in Mbps

Purpose - stored with your reservation as part of our records.

Production circuit - check this box only if the reservation is to be used for moving production level data.The circuits used by these reservations will be monitored by the Network Operators and if they go down efforts will be made to fix the problems as quickly as possible, or to reroute the traffic.

Start date, Start time - the values default to the current time. Type in new values in the format shown.

End date, End time - the values default to 4 minutes from the current time. Type in new values in the format shown.

 

Layer 3 parameters (only supported by ESnet)

Source port - the port on the source host from which the data will originate.

Destination port - the port on the destination host to which the data will be delivered

Protocol - If you specify the protocol your data will be using, e.g. UDP/TCP, ESnet can police the circuit and allow only traffic using that protocol to use the reserved bandwidth.

DSCP (Differentiated service code point) is essentially QoS bits. Currently BNL's Terapaths sets the DSCP code point so that it can indicate to ESnet which flow (out of a bunch) that have the same src/dst will use the L3 circuit.

Layer 2 parameters

VLAN tag - A VLAN tag allows a user to tie a certain VLAN (or sub-interface) on a port to the transit circuit. Untagged circuits, essentially tie the entire port (or interface) to the transit circuit. Tagging allows multiplexing multiple VLANs over the same physical port and therefore servicing more then one partial reservation (e.g. VLAN3000 = 5Gb/s, VLAN3001 = 2.5Gb/s, VLAN3002 = 2.5Gb/s on a 10Gb/s link). Vtags should be chosen in the 3K-4K range or may be set to "any" , in which case the originating IDC will assign an unused tag in an appropriate range. At this time the same VLAN tag must be used at all the transited links, but this will eventually change.


3. List Reservations

Depending on your privileges, list reservations will display only your reservations, reservations starting or ending at your site, or all the reservations in the system. We keep a record of all the reservations that have ever been made, so the interface allows you to specify the statuses, the time periods, the links involved and the description of the reservations to display. In addition once a list of reservations has been displayed, you can click a column header to have the reservations sorted by that column. The column values are:

GRI (Global Reservation Identifier) - a unique identifier assigned by the initial IDC. It is used across domains to identify a reservation, and by the user when querying or modifying a reservation.

User - login name of the user who created the reservation

Status - one or more of

SUBMITTED- reservation request has been submitted and a reply has been sent to the requester

ACCEPTED - reservation request has been accepted and the reservation is scheduled to be processed

INCREATE - reservation creation is in process

PENDING - reservation processing is complete and resources have been reserved, but the scheduled start time has not arrived yet (may have required inter-domain operations)

INSETUP - the circuits are being provisioned - (may require inter-domain operations)

ACTIVE - circuit is currently provisioned

INMODIFY - a modification requested by the user is in process (inter-domain operation)

INTEARDOWN - the end-to-end circuit is in the process of being torn-down (inter-domain operation)

FINISHED - end time has past, and circuit has been torn down

CANCELLED - reservation was canceled, circuit is not active

FAILED - Path may have failed to be setup because the required resources were not available, or a link that the circuit uses is down and the circuit may still be provisioned

See reservation state diagram

Start Time - Date and time at which the reservation circuit will be provisioned (times are displayed in the local time zone of the browser)

Bandwidth reserved bandwidth in Mbits per second

VLAN used to identify a flow across domains

End Time - Date and time at which the reservation circuit will be torn down

Source - Node at which the data flow starts - user host for layer 3, ingress link for layer 2

Destination - Node at which the data flow ends - user host for layer 3, egress link for layer 2

Local Source - Local ingress node at which the data flow starts

Local Destination - Local egress node at which the data leaves this domain

If you click on a GRI and you have the required authorization, you will see the details of the reservation.

 


4. Reservation Details

The fields that are displayed in the list reservation page are repeated. The additional fields are:

description - the description that the user specified

created time - time the reservation was created (local time zone of the browser)

intradomain hops - the abstract nodes in the confirmed SIDP (Strict Interdomain Path) within this domain.

interdomain path - the abstract nodes in the confirmed SIDP from the source to the destination. It will include an ingress and egress link for each domain in the path.

source, destination port - for layer 3 reservations only

protocol - for layer 3 reservations (if set)

burstlimit - for layer 3, in bits per second (if set)

lsp class - for layer 3 (if set)

 


5. Cancel Reservation

The Reservation Details page provides a button to allow you to cancel the reservation.


6. User Profile

Displays the information we keep about the user. Use this page to modify information about yourself.

login name - can not be altered since it is your primary identification

password/password confirmation - used to change your password (type in your new password in both fields)

First Name

Last Name

x.509 subject name - if you are going to use the web services api which requires that you sign all the messages, you must input the subject name of the certificate that you will use for signing.

x.509 issuer name - this is the subject name of the issuer of your signing certificate. If you are only going to use the WBUI, these items are not required

Organization - choose one from the pull-down menu

Roles - These can only be modified by an administrator. Currently seven default attribute roles defined. It it recommended to choose one from the first four choices. The administrator should be given to whoever is going to manage the users and authorizations for your site.

OSCARS-user - make reservations, query, modify and signal own reservations, modify own profile

OSCARS-operator - list and query all reservations, list all users, modify own profile

OSCARS-site-administrator - list and control all reservations that start or end at his site, modify own profile

OSCARS-engineer - make reservations, query, modify and signal all reservations, modify own profile

OSCARS-service - make reservations where the GRI and path elements are specified, list, query, modify and signal own reservations (granted to IDC services in co-operating domains, not to be given to human users)

OSCARS-administrator - create new users, modify profiles, including roles, for all users

OSCARS-publisher - publish events to the OSCARS notification server

see Attributes for a more complete description of the roles.

personal description - for our information

email (primary)

email (secondary)

phone (primary) If something fails during a active production reservation, we may need to contact you.

phone (secondary)

User with administration privileges will also see the following two tabs:


7. User List

Gives a list of all the users with columns for loginId, First and Last names, Organization and phone number: clicking on a user will bring up the complete profile for that user, if you have the privileges to do so.


8. Add User

This page presents an empty version of the user profile which can be filled in to add a new user to the system. See User Profile for a description of the fields.


9. Attributes

This page can only be seen by holders of the OSCARS-administrator role. It lists all the current attributes and allows the addition, deletion and modification of attributes. Each attribute has a name, a type and a short description. Attributes of type role are intended to provide all the authorizations that a class of users will need. Attribues of type privilege are used to add a specific privilege to a user, that his normal role does  not provide.

An attribute can only be deleted if there are no users currently holding that attribute. To see all the users who have an attribute, go to the User List page and select the attribute from the Attributes menu.


10. Institutions

This page can only be seen by holders of the OSCARS-administrator role. It lists all the current institutions and allows the addition, deletion and modification of institutions. An institution can only be deleted if there are currently no registered using belonging to that institution.


11. Authorizations

This page can only be seen by holders of the OSCARS-administrator role. It lists all the current authorizations and allows the selection of an authorization to be deleted or modified.

The list of authorizations can be limited to those belonging to a specified attribute. Any column can be sorted alphabetically by clicking on the column title.


12. Authorization Details

This page can only be seen by holders of the OSCARS-administrator role.  It allows the addition, deletion and modification of authorizations. If an existing authorization is modified, it previous value is deleted and replaced by the modified value. It is also possible to clone and then modify an authorization, in which case both the old and new values exist.