Search Menu
DOE PAGES title logo U.S. Department of Energy
Office of Scientific and Technical Information
Search Scholarly Publications

Title: Advance reservation access control using software-defined networking and tokens

Abstract

Advance reservation systems allow users to reserve dedicated bandwidth connection resources from advanced high-speed networks. A common use case for such systems is data transfers in distributed science environments in which a user wants exclusive access to the reservation. However, current advance network reservation methods cannot ensure exclusive access of a network reservation to the specific flow for which the user made the reservation. We present here a novel network architecture that addresses this limitation and ensures that a reservation is used only by the intended flow. We achieve this by leveraging software-defined networking (SDN) and token-based authorization. We use SDN to orchestrate and automate the reservation of networking resources, end-to-end and across multiple administrative domains, and tokens to create a strong binding between the user or application that requested the reservation and the flows provisioned by SDN. We conducted experiments on the ESNet 100G SDN testbed, and demonstrated that our system effectively protects authorized flows from competing traffic in the network.

Authors:
 [1]; ORCiD logo [2];  [3];  [4]; ORCiD logo [3];  [1];  [1]
+ Show Author Affiliations
  1. Georgia Inst. of Technology, Atlanta, GA (United States)
  2. Hongik Univ., Seoul (Korea, Republic of)
  3. Argonne National Lab. (ANL), Argonne, IL (United States)
  4. Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
Publication Date:
Research Org.:
Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States); Argonne National Laboratory (ANL), Argonne, IL (United States)
Sponsoring Org.:
USDOE Office of Science (SC), Advanced Scientific Computing Research (ASCR); National Science Foundation (NSF)
OSTI Identifier:
1394409
Alternate Identifier(s):
OSTI ID: 1421947; OSTI ID: 1435193; OSTI ID: 1550544
Grant/Contract Number:  
AC05-00OR22725; AC02-06CH11357; ACI-1440761; DEAC02-06CH11357
Resource Type:
Accepted Manuscript
Journal Name:
Future Generations Computer Systems
Additional Journal Information:
Journal Volume: 79; Journal ID: ISSN 0167-739X
Publisher:
Elsevier
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING; advance reservation system; admission control; software-defined networking; tokens

Citation Formats

Chung, Joaquin, Jung, Eun-Sung, Kettimuthu, Rajkumar, Rao, Nageswara S. V., Foster, Ian T., Clark, Russ, and Owen, Henry. Advance reservation access control using software-defined networking and tokens. United States: N. p., 2017. Web. doi:10.1016/j.future.2017.03.010.
Copy to clipboard
Chung, Joaquin, Jung, Eun-Sung, Kettimuthu, Rajkumar, Rao, Nageswara S. V., Foster, Ian T., Clark, Russ, & Owen, Henry. Advance reservation access control using software-defined networking and tokens. United States. https://doi.org/10.1016/j.future.2017.03.010
Copy to clipboard
Chung, Joaquin, Jung, Eun-Sung, Kettimuthu, Rajkumar, Rao, Nageswara S. V., Foster, Ian T., Clark, Russ, and Owen, Henry. Thu . "Advance reservation access control using software-defined networking and tokens". United States. https://doi.org/10.1016/j.future.2017.03.010. https://www.osti.gov/servlets/purl/1394409.
Copy to clipboard
@article{osti_1394409,
title = {Advance reservation access control using software-defined networking and tokens},
author = {Chung, Joaquin and Jung, Eun-Sung and Kettimuthu, Rajkumar and Rao, Nageswara S. V. and Foster, Ian T. and Clark, Russ and Owen, Henry},
abstractNote = {Advance reservation systems allow users to reserve dedicated bandwidth connection resources from advanced high-speed networks. A common use case for such systems is data transfers in distributed science environments in which a user wants exclusive access to the reservation. However, current advance network reservation methods cannot ensure exclusive access of a network reservation to the specific flow for which the user made the reservation. We present here a novel network architecture that addresses this limitation and ensures that a reservation is used only by the intended flow. We achieve this by leveraging software-defined networking (SDN) and token-based authorization. We use SDN to orchestrate and automate the reservation of networking resources, end-to-end and across multiple administrative domains, and tokens to create a strong binding between the user or application that requested the reservation and the flows provisioned by SDN. We conducted experiments on the ESNet 100G SDN testbed, and demonstrated that our system effectively protects authorized flows from competing traffic in the network.},
doi = {10.1016/j.future.2017.03.010},
journal = {Future Generations Computer Systems},
number = ,
volume = 79,
place = {United States},
year = {Thu Mar 09 00:00:00 EST 2017},
month = {Thu Mar 09 00:00:00 EST 2017}
}
Copy to clipboard
Journal Article:
Free Publicly Available Full Text
Publisher's Version of Record
https://doi.org/10.1016/j.future.2017.03.010
Copyright Statement
Other availability
Search WorldCat Search WorldCat to find libraries that may hold this journal
Citation Metrics:
Cited by: 9 works
Citation information provided by
Web of Science

Figures / Tables:

Fig. 1 Fig. 1: Histogram of OSCARS reservations duration. Source: Data from https://my.es.net/oscars on August 1, 2016.
All figures and tables (6 total)
Save / Share:
Export Metadata
Save to My Library
You must Sign In or Create an Account in order to save documents to your library.

Works referenced in this record:

Advance reservation frameworks in hybrid IP-WDM networks
journal, May 2011

  • Charbonneau, Neal; Vokkarane, Vinod; Guok, Chin
  • IEEE Communications Magazine, Vol. 49, Issue 5
  • DOI: 10.1109/MCOM.2011.5762809

Hybrid networks: lessons learned and future challenges based on ESnet4 experience
journal, May 2011

Benefits brought by the use of OpenFlow/SDN on the AmLight intercontinental research and education network
conference, May 2015

  • Ibarra, Julio; Bezerra, Jeronimo; Morgan, Heidi
  • 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM)
  • DOI: 10.1109/INM.2015.7140415

Software-Defined Networking: A Comprehensive Survey
journal, January 2015

  • Kreutz, Diego; Ramos, Fernando M. V.; Esteves Verissimo, Paulo
  • Proceedings of the IEEE, Vol. 103, Issue 1
  • DOI: 10.1109/JPROC.2014.2371999

OpenFlow: enabling innovation in campus networks
journal, March 2008

  • McKeown, Nick; Anderson, Tom; Balakrishnan, Hari
  • ACM SIGCOMM Computer Communication Review, Vol. 38, Issue 2
  • DOI: 10.1145/1355734.1355746

Ultrascience net: network testbed for large-scale science applications
journal, November 2005

Control Plane for Advance Bandwidth Scheduling in Ultra High-Speed Networks
conference, April 2006

  • Rao, Nageswara S. V.; Wu, Qishi; Ding, Song
  • Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications
  • DOI: 10.1109/INFOCOM.2006.35

The DYNES Instrument: A Description and Overview
journal, December 2012

Lark: Bringing Network Awareness to High Throughput Computing
conference, May 2015

  • Zhang, Zhe; Bockelman, Brian; Carder, Dale W.
  • 2015 15th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid)
  • DOI: 10.1109/CCGrid.2015.116

Developing Applications with Networking Capabilities via End-to-End SDN (DANCES)
conference, July 2016

  • Hazlewood, Victor; Benninger, Kathy; Peterson, Greg
  • XSEDE16: Diversity, Big Data, and Science at Scale, Proceedings of the XSEDE16 Conference on Diversity, Big Data, and Science at Scale
  • DOI: 10.1145/2949550.2949557

FlowNAC: Flow-based Network Access Control
conference, September 2014

  • Matias, Jon; Garay, Jokin; Mendiola, Alaitz
  • 2014 Third European Workshop on Software Defined Networks (EWSDN)
  • DOI: 10.1109/EWSDN.2014.39

FlowIdentity: Software-defined network access control
conference, November 2015

  • Yakasai, Sadiq T.; Guy, Chris G.
  • 2015 IEEE Conference on Network Function Virtualization and Software-Defined Networks (NFV-SDN), 2015 IEEE Conference on Network Function Virtualization and Software Defined Network (NFV-SDN)
  • DOI: 10.1109/NFV-SDN.2015.7387415

Multi-domain lightpath authorization, using tokens
journal, February 2009

CUBIC: a new TCP-friendly high-speed TCP variant
journal, July 2008

  • Ha, Sangtae; Rhee, Injong; Xu, Lisong
  • ACM SIGOPS Operating Systems Review, Vol. 42, Issue 5
  • DOI: 10.1145/1400097.1400105
    Sort by:
    [ × clear filter / sort ]

    Works referencing / citing this record:

    Graph-Based Policy Change Detection and Implementation in SDN
    journal, October 2019

      Sort by:
      [ × clear filter / sort ]

      Figures / Tables found in this record:

      Fig. 1 (p. 2)figure
      Fig. 2 (p. 5)figure
      Fig. 3 (p. 6)figure
      Fig. 4 (p. 6)figure
      Fig. 5 (p. 7)figure
      Fig. 6 (p. 8)figure
        [ × clear filter / sort ]
        Figures/Tables have been extracted from DOE-funded journal article accepted manuscripts.

        Similar Records in DOE PAGES and OSTI.GOV collections: