Advance reservation access control using software-defined networking and tokens

Abstract Advance reservation systems allow users to reserve dedicated bandwidth connection resources from advanced high-speed networks. A common use case for such systems is data transfers in distributed science environments in which a user wants exclusive access to the reservation. However, current advance network reservation methods cannot ensure exclusive access of a network reservation to the specific flow for which the user made the reservation. We present here a novel network architecture that addresses this limitation and ensures that a reservation is used only by the intended flow. We achieve this by leveraging software-defined networking (SDN) and token-based authorization. We use SDN to orchestrate and automate the reservation of networking resources, end-to-end and across multiple administrative domains, and tokens to create a strong binding between the user or application that requested the reservation and the flows provisioned by SDN. We conducted experiments on the ESNet 100G SDN testbed, and demonstrated that our system effectively protects authorized flows from competing traffic in the network.

[1]  Eli Dart,et al.  The Science DMZ: A network design pattern for data-intensive science , 2013, 2013 SC - International Conference for High Performance Computing, Networking, Storage and Analysis (SC).

[2]  Zhe Zhang,et al.  Lark: Bringing Network Awareness to High Throughput Computing , 2015, 2015 15th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing.

[3]  Sadiq T. Yakasai,et al.  FlowIdentity: Software-defined network access control , 2015, 2015 IEEE Conference on Network Function Virtualization and Software Defined Network (NFV-SDN).

[4]  Martín Casado,et al.  The Design and Implementation of Open vSwitch , 2015, NSDI.

[5]  Andrew Adams,et al.  Developing Applications with Networking Capabilities via End-to-End SDN (DANCES) , 2016, XSEDE.

[6]  Leon Gommans,et al.  Multi-domain lightpath authorization, using tokens , 2009, Future Gener. Comput. Syst..

[7]  Russell J. Clark,et al.  Resonance: dynamic access control for enterprise networks , 2009, WREN '09.

[8]  Injong Rhee,et al.  CUBIC: a new TCP-friendly high-speed TCP variant , 2008, OPSR.

[9]  Steven Tuecke,et al.  GridFTP: Protocol Extensions to FTP for the Grid , 2001 .

[10]  Malathi Veeraraghavan,et al.  A multi-domain SDN for dynamic layer-2 path service , 2015, NDM '15.

[11]  Chase Qishi Wu,et al.  Control Plane for Advance Bandwidth Scheduling in Ultra High-Speed Networks , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[12]  Nerea Toledo,et al.  FlowNAC: Flow-based Network Access Control , 2014, 2014 Third European Workshop on Software Defined Networks.

[13]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[14]  Chase Qishi Wu,et al.  Ultrascience net: network testbed for large-scale science applications , 2005, IEEE Communications Magazine.

[15]  William E. Johnston,et al.  Hybrid networks: lessons learned and future challenges based on ESnet4 experience , 2011, IEEE Communications Magazine.

[16]  Ian Foster,et al.  A quality of service architecture that combines resource reservation and application adaptation , 2000, 2000 Eighth International Workshop on Quality of Service. IWQoS 2000 (Cat. No.00EX400).

[17]  Neal Charbonneau,et al.  Advance reservation frameworks in hybrid IP-WDM networks , 2011, IEEE Communications Magazine.

[18]  Robert Brown,et al.  The DYNES Instrument: A Description and Overview , 2012 .

[19]  Jim Esch,et al.  Software-Defined Networking: A Comprehensive Survey , 2015, Proc. IEEE.

[20]  Donald A. Cox,et al.  Benefits brought by the use of OpenFlow/SDN on the AmLight intercontinental research and education network , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[21]  Obi Akonjang,et al.  SANE: A Protection Architecture For Enterprise Networks , 2007 .

[22]  Joe Mambretti,et al.  Software-Defined Network Exchanges (SDXs): Architecture, services, capabilities, and foundation technologies , 2014, 2014 26th International Teletraffic Congress (ITC).