Advance reservation access control using software-defined networking and tokens
Abstract
Advance reservation systems allow users to reserve dedicated bandwidth connection resources from advanced high-speed networks. A common use case for such systems is data transfers in distributed science environments in which a user wants exclusive access to the reservation. However, current advance network reservation methods cannot ensure exclusive access of a network reservation to the specific flow for which the user made the reservation. We present here a novel network architecture that addresses this limitation and ensures that a reservation is used only by the intended flow. We achieve this by leveraging software-defined networking (SDN) and token-based authorization. We use SDN to orchestrate and automate the reservation of networking resources, end-to-end and across multiple administrative domains, and tokens to create a strong binding between the user or application that requested the reservation and the flows provisioned by SDN. We conducted experiments on the ESNet 100G SDN testbed, and demonstrated that our system effectively protects authorized flows from competing traffic in the network.
- Authors:
-
- Georgia Inst. of Technology, Atlanta, GA (United States)
- Hongik Univ., Seoul (Korea, Republic of)
- Argonne National Lab. (ANL), Argonne, IL (United States)
- Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
- Publication Date:
- Research Org.:
- Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States); Argonne National Laboratory (ANL), Argonne, IL (United States)
- Sponsoring Org.:
- USDOE Office of Science (SC), Advanced Scientific Computing Research (ASCR); National Science Foundation (NSF)
- OSTI Identifier:
- 1394409
- Alternate Identifier(s):
- OSTI ID: 1421947; OSTI ID: 1435193; OSTI ID: 1550544
- Grant/Contract Number:
- AC05-00OR22725; AC02-06CH11357; ACI-1440761; DEAC02-06CH11357
- Resource Type:
- Accepted Manuscript
- Journal Name:
- Future Generations Computer Systems
- Additional Journal Information:
- Journal Volume: 79; Journal ID: ISSN 0167-739X
- Publisher:
- Elsevier
- Country of Publication:
- United States
- Language:
- English
- Subject:
- 97 MATHEMATICS AND COMPUTING; advance reservation system; admission control; software-defined networking; tokens
Citation Formats
Chung, Joaquin, Jung, Eun-Sung, Kettimuthu, Rajkumar, Rao, Nageswara S. V., Foster, Ian T., Clark, Russ, and Owen, Henry. Advance reservation access control using software-defined networking and tokens. United States: N. p., 2017.
Web. doi:10.1016/j.future.2017.03.010.
Chung, Joaquin, Jung, Eun-Sung, Kettimuthu, Rajkumar, Rao, Nageswara S. V., Foster, Ian T., Clark, Russ, & Owen, Henry. Advance reservation access control using software-defined networking and tokens. United States. https://doi.org/10.1016/j.future.2017.03.010
Chung, Joaquin, Jung, Eun-Sung, Kettimuthu, Rajkumar, Rao, Nageswara S. V., Foster, Ian T., Clark, Russ, and Owen, Henry. Thu .
"Advance reservation access control using software-defined networking and tokens". United States. https://doi.org/10.1016/j.future.2017.03.010. https://www.osti.gov/servlets/purl/1394409.
@article{osti_1394409,
title = {Advance reservation access control using software-defined networking and tokens},
author = {Chung, Joaquin and Jung, Eun-Sung and Kettimuthu, Rajkumar and Rao, Nageswara S. V. and Foster, Ian T. and Clark, Russ and Owen, Henry},
abstractNote = {Advance reservation systems allow users to reserve dedicated bandwidth connection resources from advanced high-speed networks. A common use case for such systems is data transfers in distributed science environments in which a user wants exclusive access to the reservation. However, current advance network reservation methods cannot ensure exclusive access of a network reservation to the specific flow for which the user made the reservation. We present here a novel network architecture that addresses this limitation and ensures that a reservation is used only by the intended flow. We achieve this by leveraging software-defined networking (SDN) and token-based authorization. We use SDN to orchestrate and automate the reservation of networking resources, end-to-end and across multiple administrative domains, and tokens to create a strong binding between the user or application that requested the reservation and the flows provisioned by SDN. We conducted experiments on the ESNet 100G SDN testbed, and demonstrated that our system effectively protects authorized flows from competing traffic in the network.},
doi = {10.1016/j.future.2017.03.010},
journal = {Future Generations Computer Systems},
number = ,
volume = 79,
place = {United States},
year = {Thu Mar 09 00:00:00 EST 2017},
month = {Thu Mar 09 00:00:00 EST 2017}
}
Web of Science
Figures / Tables:
Works referenced in this record:
Advance reservation frameworks in hybrid IP-WDM networks
journal, May 2011
- Charbonneau, Neal; Vokkarane, Vinod; Guok, Chin
- IEEE Communications Magazine, Vol. 49, Issue 5
Hybrid networks: lessons learned and future challenges based on ESnet4 experience
journal, May 2011
- Monga, Inder; Guok, Chin; Johnston, William
- IEEE Communications Magazine, Vol. 49, Issue 5
Benefits brought by the use of OpenFlow/SDN on the AmLight intercontinental research and education network
conference, May 2015
- Ibarra, Julio; Bezerra, Jeronimo; Morgan, Heidi
- 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM)
Software-Defined Networking: A Comprehensive Survey
journal, January 2015
- Kreutz, Diego; Ramos, Fernando M. V.; Esteves Verissimo, Paulo
- Proceedings of the IEEE, Vol. 103, Issue 1
OpenFlow: enabling innovation in campus networks
journal, March 2008
- McKeown, Nick; Anderson, Tom; Balakrishnan, Hari
- ACM SIGCOMM Computer Communication Review, Vol. 38, Issue 2
Ultrascience net: network testbed for large-scale science applications
journal, November 2005
- Rao, N. S. V.; Wing, W. R.; Carter, S. M.
- IEEE Communications Magazine, Vol. 43, Issue 11
Control Plane for Advance Bandwidth Scheduling in Ultra High-Speed Networks
conference, April 2006
- Rao, Nageswara S. V.; Wu, Qishi; Ding, Song
- Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications
The DYNES Instrument: A Description and Overview
journal, December 2012
- Zurawski, Jason; Ball, Robert; Barczyk, Artur
- Journal of Physics: Conference Series, Vol. 396, Issue 4
Lark: Bringing Network Awareness to High Throughput Computing
conference, May 2015
- Zhang, Zhe; Bockelman, Brian; Carder, Dale W.
- 2015 15th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid)
Developing Applications with Networking Capabilities via End-to-End SDN (DANCES)
conference, July 2016
- Hazlewood, Victor; Benninger, Kathy; Peterson, Greg
- XSEDE16: Diversity, Big Data, and Science at Scale, Proceedings of the XSEDE16 Conference on Diversity, Big Data, and Science at Scale
FlowNAC: Flow-based Network Access Control
conference, September 2014
- Matias, Jon; Garay, Jokin; Mendiola, Alaitz
- 2014 Third European Workshop on Software Defined Networks (EWSDN)
FlowIdentity: Software-defined network access control
conference, November 2015
- Yakasai, Sadiq T.; Guy, Chris G.
- 2015 IEEE Conference on Network Function Virtualization and Software-Defined Networks (NFV-SDN), 2015 IEEE Conference on Network Function Virtualization and Software Defined Network (NFV-SDN)
Multi-domain lightpath authorization, using tokens
journal, February 2009
- Gommans, Leon; Xu, Li; Demchenko, Yuri
- Future Generation Computer Systems, Vol. 25, Issue 2
CUBIC: a new TCP-friendly high-speed TCP variant
journal, July 2008
- Ha, Sangtae; Rhee, Injong; Xu, Lisong
- ACM SIGOPS Operating Systems Review, Vol. 42, Issue 5
Works referencing / citing this record:
Graph-Based Policy Change Detection and Implementation in SDN
journal, October 2019
- Hussain, Mudassar; Shah, Nadir; TahirĀ , Ali
- Electronics, Vol. 8, Issue 10
Figures / Tables found in this record: