VIP lanes: High-speed custom communication paths for authorized flows

James Griffioen; Kenneth Calvert; Zongming Fei; Sergio Rivera; Jacob Chappell; Mami Hayashida; Charles Carpenter; Yongwook Song; Hussamuddin Nasir

doi:10.1109/ICCCN.2017.8038429

VIP lanes: High-speed custom communication paths for authorized flows

James Griffioen, Kenneth Calvert, Zongming Fei, Sergio Rivera, Jacob Chappell, Mami Hayashida, Charles Carpenter, Yongwook Song, Hussamuddin Nasir

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

8 Scopus citations

Abstract

Campus networks and enterprise networks increasingly depend on middleboxes (e.g., firewalls, NAT, load balancers, IDS/IDP) to provide essential services or enforce network policies. These middleboxes often limit the performance of network applications, especially those involved in big data transfer. To address this problem, we propose a Software Defined Networking (SDN) campus network architecture, called VIP Lanes, that provides the ability for pre-authorized, trusted users to create flows that bypass middleboxes, thereby enabling those users to achieve substantially better performance while maintaining security and policy compliance for other network traffic. In this paper, we present the VIP Lanes abstraction and describe an authorization and policy-enforcement service used to establish trusted VIP Lanes. We describe an initial prototype implementation that not only demonstrates the viability of the VIP Lanes approach, but also gives an indication of the types of performance improvements that are possible - in some cases approaching a two order of magnitude reduction in transmission times.

Original language	English
Title of host publication	2017 26th International Conference on Computer Communications and Networks, ICCCN 2017
ISBN (Electronic)	9781509029914
DOIs	https://doi.org/10.1109/ICCCN.2017.8038429
State	Published - Sep 14 2017
Event	26th International Conference on Computer Communications and Networks, ICCCN 2017 - Vancouver, Canada Duration: Jul 31 2017 → Aug 3 2017

Publication series

Name	2017 26th International Conference on Computer Communications and Networks, ICCCN 2017

Conference

Conference	26th International Conference on Computer Communications and Networks, ICCCN 2017
Country/Territory	Canada
City	Vancouver
Period	7/31/17 → 8/3/17

Bibliographical note

Publisher Copyright:
© 2017 IEEE.

Keywords

Big data
Campus network
Middleboxes
Software defined networks

ASJC Scopus subject areas

Artificial Intelligence
Computer Networks and Communications
Software
Management of Technology and Innovation
Information Systems and Management
Safety, Risk, Reliability and Quality
Media Technology
Control and Optimization

Access to Document

10.1109/ICCCN.2017.8038429

Cite this

Griffioen, J., Calvert, K., Fei, Z., Rivera, S., Chappell, J., Hayashida, M., Carpenter, C., Song, Y., & Nasir, H. (2017). VIP lanes: High-speed custom communication paths for authorized flows. In 2017 26th International Conference on Computer Communications and Networks, ICCCN 2017 Article 8038429 (2017 26th International Conference on Computer Communications and Networks, ICCCN 2017). https://doi.org/10.1109/ICCCN.2017.8038429

@inproceedings{a88f73e917b6475298ba87cb4f4cef9d,

title = "VIP lanes: High-speed custom communication paths for authorized flows",

abstract = "Campus networks and enterprise networks increasingly depend on middleboxes (e.g., firewalls, NAT, load balancers, IDS/IDP) to provide essential services or enforce network policies. These middleboxes often limit the performance of network applications, especially those involved in big data transfer. To address this problem, we propose a Software Defined Networking (SDN) campus network architecture, called VIP Lanes, that provides the ability for pre-authorized, trusted users to create flows that bypass middleboxes, thereby enabling those users to achieve substantially better performance while maintaining security and policy compliance for other network traffic. In this paper, we present the VIP Lanes abstraction and describe an authorization and policy-enforcement service used to establish trusted VIP Lanes. We describe an initial prototype implementation that not only demonstrates the viability of the VIP Lanes approach, but also gives an indication of the types of performance improvements that are possible - in some cases approaching a two order of magnitude reduction in transmission times.",

keywords = "Big data, Campus network, Middleboxes, Software defined networks",

author = "James Griffioen and Kenneth Calvert and Zongming Fei and Sergio Rivera and Jacob Chappell and Mami Hayashida and Charles Carpenter and Yongwook Song and Hussamuddin Nasir",

note = "Publisher Copyright: {\textcopyright} 2017 IEEE.; 26th International Conference on Computer Communications and Networks, ICCCN 2017 ; Conference date: 31-07-2017 Through 03-08-2017",

year = "2017",

month = sep,

day = "14",

doi = "10.1109/ICCCN.2017.8038429",

language = "English",

series = "2017 26th International Conference on Computer Communications and Networks, ICCCN 2017",

booktitle = "2017 26th International Conference on Computer Communications and Networks, ICCCN 2017",

}

Griffioen, J , Calvert, K , Fei, Z, Rivera, S, Chappell, J, Hayashida, M, Carpenter, C, Song, Y & Nasir, H 2017, VIP lanes: High-speed custom communication paths for authorized flows. in 2017 26th International Conference on Computer Communications and Networks, ICCCN 2017., 8038429, 2017 26th International Conference on Computer Communications and Networks, ICCCN 2017, 26th International Conference on Computer Communications and Networks, ICCCN 2017, Vancouver, Canada, 7/31/17. https://doi.org/10.1109/ICCCN.2017.8038429

VIP lanes: High-speed custom communication paths for authorized flows. / Griffioen, James ; Calvert, Kenneth ; Fei, Zongming et al.
2017 26th International Conference on Computer Communications and Networks, ICCCN 2017. 2017. 8038429 (2017 26th International Conference on Computer Communications and Networks, ICCCN 2017).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - VIP lanes

T2 - 26th International Conference on Computer Communications and Networks, ICCCN 2017

AU - Griffioen, James

AU - Calvert, Kenneth

AU - Fei, Zongming

AU - Rivera, Sergio

AU - Chappell, Jacob

AU - Hayashida, Mami

AU - Carpenter, Charles

AU - Song, Yongwook

AU - Nasir, Hussamuddin

PY - 2017/9/14

Y1 - 2017/9/14

N2 - Campus networks and enterprise networks increasingly depend on middleboxes (e.g., firewalls, NAT, load balancers, IDS/IDP) to provide essential services or enforce network policies. These middleboxes often limit the performance of network applications, especially those involved in big data transfer. To address this problem, we propose a Software Defined Networking (SDN) campus network architecture, called VIP Lanes, that provides the ability for pre-authorized, trusted users to create flows that bypass middleboxes, thereby enabling those users to achieve substantially better performance while maintaining security and policy compliance for other network traffic. In this paper, we present the VIP Lanes abstraction and describe an authorization and policy-enforcement service used to establish trusted VIP Lanes. We describe an initial prototype implementation that not only demonstrates the viability of the VIP Lanes approach, but also gives an indication of the types of performance improvements that are possible - in some cases approaching a two order of magnitude reduction in transmission times.

AB - Campus networks and enterprise networks increasingly depend on middleboxes (e.g., firewalls, NAT, load balancers, IDS/IDP) to provide essential services or enforce network policies. These middleboxes often limit the performance of network applications, especially those involved in big data transfer. To address this problem, we propose a Software Defined Networking (SDN) campus network architecture, called VIP Lanes, that provides the ability for pre-authorized, trusted users to create flows that bypass middleboxes, thereby enabling those users to achieve substantially better performance while maintaining security and policy compliance for other network traffic. In this paper, we present the VIP Lanes abstraction and describe an authorization and policy-enforcement service used to establish trusted VIP Lanes. We describe an initial prototype implementation that not only demonstrates the viability of the VIP Lanes approach, but also gives an indication of the types of performance improvements that are possible - in some cases approaching a two order of magnitude reduction in transmission times.

KW - Big data

KW - Campus network

KW - Middleboxes

KW - Software defined networks

UR - http://www.scopus.com/inward/record.url?scp=85025816785&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85025816785&partnerID=8YFLogxK

U2 - 10.1109/ICCCN.2017.8038429

DO - 10.1109/ICCCN.2017.8038429

M3 - Conference contribution

AN - SCOPUS:85025816785

T3 - 2017 26th International Conference on Computer Communications and Networks, ICCCN 2017

BT - 2017 26th International Conference on Computer Communications and Networks, ICCCN 2017

Y2 - 31 July 2017 through 3 August 2017

ER -

Griffioen J , Calvert K , Fei Z, Rivera S, Chappell J, Hayashida M et al. VIP lanes: High-speed custom communication paths for authorized flows. In 2017 26th International Conference on Computer Communications and Networks, ICCCN 2017. 2017. 8038429. (2017 26th International Conference on Computer Communications and Networks, ICCCN 2017). doi: 10.1109/ICCCN.2017.8038429

VIP lanes: High-speed custom communication paths for authorized flows

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this