Advance reservation access control using software-defined networking and tokens

Joaquin Chung, Eun Sung Jung, Rajkumar Kettimuthu, Nageswara S.V. Rao, Ian T. Foster, Russ Clark, Henry Owen

Research output: Contribution to journalArticlepeer-review

12 Scopus citations

Abstract

Advance reservation systems allow users to reserve dedicated bandwidth connection resources from advanced high-speed networks. A common use case for such systems is data transfers in distributed science environments in which a user wants exclusive access to the reservation. However, current advance network reservation methods cannot ensure exclusive access of a network reservation to the specific flow for which the user made the reservation. We present here a novel network architecture that addresses this limitation and ensures that a reservation is used only by the intended flow. We achieve this by leveraging software-defined networking (SDN) and token-based authorization. We use SDN to orchestrate and automate the reservation of networking resources, end-to-end and across multiple administrative domains, and tokens to create a strong binding between the user or application that requested the reservation and the flows provisioned by SDN. We conducted experiments on the ESNet 100G SDN testbed, and demonstrated that our system effectively protects authorized flows from competing traffic in the network.

Original languageEnglish
Pages (from-to)225-234
Number of pages10
JournalFuture Generation Computer Systems
Volume79
DOIs
StatePublished - Feb 2018

Funding

This work was supported in part by the US Department of Energy under contract number DEAC02-06CH11357 and SDN-SF project, and the National Science Foundation , under grant ACI-1440761 . We thank Eric Pouyoul from ESnet for his help in setting up the testbed. We also thank Sean Donovan, Leon Gommans, and the anonymous reviewers for their feedback. Nageswara (Nagi) S.V. Rao is a Corporate Fellow in Computer Science and Mathematics Division, Oak Ridge National Laboratory, where he joined in 1993. He was on assignment at Missile Defense Agency as the Technical Director, C2BMC Knowledge Center during 2008–2010. He received B.Tech from National Institute of Technology, Warangal, India in Electronics and Communications Engineering in 1982, M.E. in Computer Science and Automation from Indian Institute of Science, Bangalore, India in 1984, and Ph.D. in Computer Science from Louisiana State University in 1988. He published more than 350 technical conference and journal papers in the areas of sensor networks, information fusion and high-performance networking. He is a Fellow of IEEE, and received 2005 IEEE Technical Achievement Award for his contributions to information fusion area. His research projects have been funded by multiple federal agencies including National Science Foundation, Department of Energy, Department of Defense, Domestic Nuclear Detection Office, and Defense Advanced Research Projects Agency.

FundersFunder number
Domestic Nuclear Detection Office
SDN-SF
US Department of EnergyDEAC02-06CH11357
National Science FoundationACI-1440761
U.S. Department of Defense
U.S. Department of Energy
Defense Advanced Research Projects Agency

    Keywords

    • Admission control
    • Advance reservation system
    • Software-defined networking
    • Tokens

    Fingerprint

    Dive into the research topics of 'Advance reservation access control using software-defined networking and tokens'. Together they form a unique fingerprint.

    Cite this