skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Advance reservation access control using software-defined networking and tokens

Abstract

Advance reservation systems allow users to reserve dedicated bandwidth connection resources from advanced high-speed networks. A common use case for such systems is data transfers in distributed science environments in which a user wants exclusive access to the reservation. However, current advance network reservation methods cannot ensure exclusive access of a network reservation to the specific flow for which the user made the reservation. We present here a novel network architecture that addresses this limitation and ensures that a reservation is used only by the intended flow. We achieve this by leveraging software-defined networking (SDN) and token-based authorization. We use SDN to orchestrate and automate the reservation of networking resources, end-to-end and across multiple administrative domains, and tokens to create a strong binding between the user or application that requested the reservation and the flows provisioned by SDN. We conducted experiments on the ESNet 100G SDN testbed, and demonstrated that our system effectively protects authorized flows from competing traffic in the network. (C) 2017 Elsevier B.V. All rights reserved.

Authors:
; ORCiD logo; ; ; ORCiD logo; ;
Publication Date:
Research Org.:
Argonne National Lab. (ANL), Argonne, IL (United States)
Sponsoring Org.:
National Science Foundation (NSF); USDOE Office of Science (SC)
OSTI Identifier:
1421947
DOE Contract Number:
AC02-06CH11357
Resource Type:
Journal Article
Resource Relation:
Journal Name: Future Generations Computer Systems; Journal Volume: 79; Journal Issue: P1
Country of Publication:
United States
Language:
English
Subject:
Admission control; Advance reservation system; Software-defined networking; Tokens

Citation Formats

Chung, Joaquin, Jung, Eun-Sung, Kettimuthu, Rajkumar, Rao, Nageswara S. V., Foster, Ian T., Clark, Russ, and Owen, Henry. Advance reservation access control using software-defined networking and tokens. United States: N. p., 2018. Web. doi:10.1016/j.future.2017.03.010.
Chung, Joaquin, Jung, Eun-Sung, Kettimuthu, Rajkumar, Rao, Nageswara S. V., Foster, Ian T., Clark, Russ, & Owen, Henry. Advance reservation access control using software-defined networking and tokens. United States. doi:10.1016/j.future.2017.03.010.
Chung, Joaquin, Jung, Eun-Sung, Kettimuthu, Rajkumar, Rao, Nageswara S. V., Foster, Ian T., Clark, Russ, and Owen, Henry. Thu . "Advance reservation access control using software-defined networking and tokens". United States. doi:10.1016/j.future.2017.03.010.
@article{osti_1421947,
title = {Advance reservation access control using software-defined networking and tokens},
author = {Chung, Joaquin and Jung, Eun-Sung and Kettimuthu, Rajkumar and Rao, Nageswara S. V. and Foster, Ian T. and Clark, Russ and Owen, Henry},
abstractNote = {Advance reservation systems allow users to reserve dedicated bandwidth connection resources from advanced high-speed networks. A common use case for such systems is data transfers in distributed science environments in which a user wants exclusive access to the reservation. However, current advance network reservation methods cannot ensure exclusive access of a network reservation to the specific flow for which the user made the reservation. We present here a novel network architecture that addresses this limitation and ensures that a reservation is used only by the intended flow. We achieve this by leveraging software-defined networking (SDN) and token-based authorization. We use SDN to orchestrate and automate the reservation of networking resources, end-to-end and across multiple administrative domains, and tokens to create a strong binding between the user or application that requested the reservation and the flows provisioned by SDN. We conducted experiments on the ESNet 100G SDN testbed, and demonstrated that our system effectively protects authorized flows from competing traffic in the network. (C) 2017 Elsevier B.V. All rights reserved.},
doi = {10.1016/j.future.2017.03.010},
journal = {Future Generations Computer Systems},
number = P1,
volume = 79,
place = {United States},
year = {Thu Feb 01 00:00:00 EST 2018},
month = {Thu Feb 01 00:00:00 EST 2018}
}