Advance reservation access control using software-defined networking and tokens

Chung, Joaquin; Jung, Eun-Sung; Kettimuthu, Rajkumar; Rao, Nageswara S. V.; Foster, Ian T.; Clark, Russ; Owen, Henry

doi:10.1016/j.future.2017.03.010

Title: Advance reservation access control using software-defined networking and tokens

Journal Article · Thu Mar 09 00:00:00 EST 2017 · Future Generations Computer Systems

DOI:https://doi.org/10.1016/j.future.2017.03.010· OSTI ID:1394409

Chung, Joaquin ^[1];

^[2]; Kettimuthu, Rajkumar ^[3]; Rao, Nageswara S. V. ^[4];

^[3]; Clark, Russ ^[1]; Owen, Henry ^[1]

Georgia Inst. of Technology, Atlanta, GA (United States)
Hongik Univ., Seoul (Korea, Republic of)
Argonne National Lab. (ANL), Argonne, IL (United States)
Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)

Advance reservation systems allow users to reserve dedicated bandwidth connection resources from advanced high-speed networks. A common use case for such systems is data transfers in distributed science environments in which a user wants exclusive access to the reservation. However, current advance network reservation methods cannot ensure exclusive access of a network reservation to the specific flow for which the user made the reservation. We present here a novel network architecture that addresses this limitation and ensures that a reservation is used only by the intended flow. We achieve this by leveraging software-defined networking (SDN) and token-based authorization. We use SDN to orchestrate and automate the reservation of networking resources, end-to-end and across multiple administrative domains, and tokens to create a strong binding between the user or application that requested the reservation and the flows provisioned by SDN. We conducted experiments on the ESNet 100G SDN testbed, and demonstrated that our system effectively protects authorized flows from competing traffic in the network.

View Accepted Manuscript (DOE)

View Accepted Manuscript (Publisher)

Cite

Export

Save

Research Organization:: Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States); Argonne National Laboratory (ANL), Argonne, IL (United States)

Sponsoring Organization:: USDOE Office of Science (SC), Advanced Scientific Computing Research (ASCR); National Science Foundation (NSF)

Grant/Contract Number:: AC05-00OR22725; AC02-06CH11357; ACI-1440761; DEAC02-06CH11357

OSTI ID:: 1394409

Alternate ID(s):: OSTI ID: 1421947; OSTI ID: 1435193; OSTI ID: 1550544

Journal Information:: Future Generations Computer Systems, Vol. 79; ISSN 0167-739X

Publisher:: ElsevierCopyright Statement

Country of Publication:: United States

Language:: English

Citation Metrics:

Cited by: 9 works

Citation information provided by
Web of Science

References (14)

Advance reservation frameworks in hybrid IP-WDM networks Charbonneau, Neal; Vokkarane, Vinod; Guok, Chin IEEE Communications Magazine, Vol. 49, Issue 5 https://doi.org/10.1109/MCOM.2011.5762809	journal	May 2011
Hybrid networks: lessons learned and future challenges based on ESnet4 experience Monga, Inder; Guok, Chin; Johnston, William IEEE Communications Magazine, Vol. 49, Issue 5 https://doi.org/10.1109/MCOM.2011.5762807	journal	May 2011
Benefits brought by the use of OpenFlow/SDN on the AmLight intercontinental research and education network Ibarra, Julio; Bezerra, Jeronimo; Morgan, Heidi 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM) https://doi.org/10.1109/INM.2015.7140415	conference	May 2015
Software-Defined Networking: A Comprehensive Survey Kreutz, Diego; Ramos, Fernando M. V.; Esteves Verissimo, Paulo Proceedings of the IEEE, Vol. 103, Issue 1 https://doi.org/10.1109/JPROC.2014.2371999	journal	January 2015
OpenFlow: enabling innovation in campus networks McKeown, Nick; Anderson, Tom; Balakrishnan, Hari ACM SIGCOMM Computer Communication Review, Vol. 38, Issue 2 https://doi.org/10.1145/1355734.1355746	journal	March 2008
Ultrascience net: network testbed for large-scale science applications Rao, N. S. V.; Wing, W. R.; Carter, S. M. IEEE Communications Magazine, Vol. 43, Issue 11 https://doi.org/10.1109/MCOM.2005.1541694	journal	November 2005
Control Plane for Advance Bandwidth Scheduling in Ultra High-Speed Networks Rao, Nageswara S. V.; Wu, Qishi; Ding, Song Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications https://doi.org/10.1109/INFOCOM.2006.35	conference	April 2006
The DYNES Instrument: A Description and Overview Zurawski, Jason; Ball, Robert; Barczyk, Artur Journal of Physics: Conference Series, Vol. 396, Issue 4 https://doi.org/10.1088/1742-6596/396/4/042065	journal	December 2012
Lark: Bringing Network Awareness to High Throughput Computing Zhang, Zhe; Bockelman, Brian; Carder, Dale W. 2015 15th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid) https://doi.org/10.1109/CCGrid.2015.116	conference	May 2015
Developing Applications with Networking Capabilities via End-to-End SDN (DANCES) Hazlewood, Victor; Benninger, Kathy; Peterson, Greg XSEDE16: Diversity, Big Data, and Science at Scale, Proceedings of the XSEDE16 Conference on Diversity, Big Data, and Science at Scale https://doi.org/10.1145/2949550.2949557	conference	July 2016
FlowNAC: Flow-based Network Access Control Matias, Jon; Garay, Jokin; Mendiola, Alaitz 2014 Third European Workshop on Software Defined Networks (EWSDN) https://doi.org/10.1109/EWSDN.2014.39	conference	September 2014
FlowIdentity: Software-defined network access control Yakasai, Sadiq T.; Guy, Chris G. 2015 IEEE Conference on Network Function Virtualization and Software-Defined Networks (NFV-SDN), 2015 IEEE Conference on Network Function Virtualization and Software Defined Network (NFV-SDN) https://doi.org/10.1109/NFV-SDN.2015.7387415	conference	November 2015
Multi-domain lightpath authorization, using tokens Gommans, Leon; Xu, Li; Demchenko, Yuri Future Generation Computer Systems, Vol. 25, Issue 2 https://doi.org/10.1016/j.future.2008.07.013	journal	February 2009
CUBIC: a new TCP-friendly high-speed TCP variant Ha, Sangtae; Rhee, Injong; Xu, Lisong ACM SIGOPS Operating Systems Review, Vol. 42, Issue 5 https://doi.org/10.1145/1400097.1400105	journal	July 2008

Cited By (1)

Graph-Based Policy Change Detection and Implementation in SDN Hussain, Mudassar; Shah, Nadir; Tahir , Ali Electronics, Vol. 8, Issue 10 https://doi.org/10.3390/electronics8101136	journal	October 2019