References of "Mathy, Laurent"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailA Trie Merging Approach with Incremental Updates for Virtual Routers
Luo, LAYONG; Xie, Gaogang; Salamatian, Kavé et al

in Annual International Conference on Computer Communications (2013)

Virtual routers are increasingly being studied, as an important building block to enable network virtualization. In a virtual router platform, multiple virtual router instances coexist, each having its ... [more ▼]

Virtual routers are increasingly being studied, as an important building block to enable network virtualization. In a virtual router platform, multiple virtual router instances coexist, each having its own FIB (Forwarding Information Base). In this context, memory scalability and route updates are two major challenges. Existing approaches addressed one of these challenges but not both. In this paper, we present a trie merging approach, which compactly represents multiple FIBs by a merged trie and a table of next-hop-pointer arrays to achieve good memory scalability, while supporting fast incremental updates by avoiding the use of leaf pushing during merging. Experimental results show that storing the merged trie requires limited memory space, e.g., we only need 10MB memory space to store the merged trie for 14 full FIBs from IPv4 core routers, achieving a memory reduction by 87% when compared to the total size of the individual tries. We implement our approach in an SRAM (Static Random Access Memory)-based lookup pipeline. Using our approach, an on-chip SRAM-based lookup pipeline with 5 external stages is sufficient to store the 14 full IPv4 FIBs. Furthermore, our approach can guarantee a minimum update overhead of one write bubble per update, as well as a high lookup throughput of one lookup per clock cycle, which corresponds to a throughput of 251 million lookups per second in the implementation. [less ▲]

Detailed reference viewed: 12 (2 ULg)
Full Text
Peer Reviewed
See detailToward Predictable Performance in Decision Tree-based Packet Classification Algorithms
He, Peng; Guan, Hongtao; Mathy, Laurent ULg et al

in IEEE LANMAN 2013 (2013)

Detailed reference viewed: 8 (0 ULg)
Full Text
Peer Reviewed
See detailFlowOS: A Programmable Platform for Commodity Hardware Middleboxes
Abdul, Alim; Bezahaf, Mehdi; Mathy, Laurent ULg

in Proceedings of CFI 2013 (2013)

Detailed reference viewed: 17 (3 ULg)
Full Text
Peer Reviewed
See detailFlowOS: a Flow-Based Platform for Middleboxes
Abdul, Alim; Bezahaf, Mehdi; Mathy, Laurent ULg

in Proceedings of CoNEXT Workshops 2013 (2013)

Middleboxes are heavily used in the Internet to process the network tra c for a speci c purpose. As there is no open standards, these proprietary boxes are expensive and di - cult to upgrade. In this ... [more ▼]

Middleboxes are heavily used in the Internet to process the network tra c for a speci c purpose. As there is no open standards, these proprietary boxes are expensive and di - cult to upgrade. In this paper, we present a programmable platform for middleboxes called FlowOS to run on commod- ity hardware. It provides an elegant programming model for writing ow processing software, which hides the complexi- ties of low-level packet processing, process synchronisation, and inter-process communication. We show that FlowOS itself does not add any signi cant overhead to ows by pre- senting some preliminary test results. [less ▲]

Detailed reference viewed: 26 (1 ULg)
Full Text
Peer Reviewed
See detailScalable High-Performance Parallel Design for Network Intrusion Detection Systems on Many-Core Processors
Jiang, Hayang; Xie, Gaogang; Salamatian, Kavé et al

in Proceedings of ANCS 2013 (2013)

Network Intrusion Detection Systems (NIDSes) face significant challenges coming from the relentless network link speed growth and increasing complexity of threats. Both hardware accelerated and parallel ... [more ▼]

Network Intrusion Detection Systems (NIDSes) face significant challenges coming from the relentless network link speed growth and increasing complexity of threats. Both hardware accelerated and parallel software-based NIDS solutions, based on commodity multi-core and GPU processors, have been proposed to overcome these challenges. Network Intrusion Detection Systems (NIDSes) face significant challenges coming from the relentless network link speed growth and increasing complexity of threats. Both hardware accelerated and parallel software-based NIDS solutions, based on commodity multi-core and GPU processors, have been proposed to overcome these challenges. This work explores new parallel opportunities afforded by many-core processors for high performance, scalable and inexpensive NIDS. We exploit the huge many-core computational power by adopting a hybrid parallel architecture combining data and pipeline parallelism. We also design a hybrid load balancing scheme, using both ruleset and flow space partitioning. Furthermore, the proposed design leverages particular features of the processor to break the bottlenecks. We have integrated the open source NIDS Suricata into our proposed design and evaluated its performance with synthetic traffic. The prototype exhibits almost linear speedup and can handle up to 7.2 Gbps traffic with 100-bytes packets. [less ▲]

Detailed reference viewed: 13 (3 ULg)
Full Text
Peer Reviewed
See detailA Hybrid Hardware Architecture for High-speed IP Lookups and Fast Route Updates
Luo, Layong; Xie, Gaogang; Xie, Yingke et al

in IEEE/ACM Transactions on Networking (2013)

As network link rates are being pushed beyond 40 Gb/s, IP lookup in high-speed routers is moving to hardware. The ternary content addressable memory (TCAM)-based IP lookup engine and the static random ... [more ▼]

As network link rates are being pushed beyond 40 Gb/s, IP lookup in high-speed routers is moving to hardware. The ternary content addressable memory (TCAM)-based IP lookup engine and the static random access memory (SRAM)-based IP lookup pipeline are the two most common ways to achieve high throughput. However, route updates in both engines degrade lookup performance and may lead to packet drops. Moreover, there is a growing interest in virtual IP routers where more frequent updates happen. Finding solutions that achieve both fast lookup and low update overhead becomes critical. In this paper, we propose a hybrid IP lookup architecture to address this challenge. The architecture is based on an efficient trie partitioning scheme that divides the forwarding information base (FIB) into two prefix sets: a large disjoint leaf prefix set mapped into an external TCAM-based lookup engine and a small overlapping prefix set mapped into an on-chip SRAM-based lookup pipeline. Critical optimizations are developed on both IP lookup engines to reduce the update overhead. We show how to extend the proposed hybrid architecture to support virtual routers. Our implementation shows a throughput of 250 million lookups per second (equivalent to 128 Gb/s with 64-B packets). The update overhead is significantly lower than that of previous work, the memory consumption is reasonable, and the utilization ratio of most external TCAMs is up to 100%. [less ▲]

Detailed reference viewed: 13 (3 ULg)
Full Text
Peer Reviewed
See detailA Hybrid IP Lookup Architecture with Fast Updates
Luo, Layong; Xie, Gaogang; Xie, Yingke et al

in Annual International Conference on Computer Communications (2012, March)

As network link rates are being pushed beyond 40 Gbps, IP lookup in high-speed routers is moving to hardware. The TCAM (Ternary Content Addressable Memory)-based IP lookup engine and the SRAM (Static ... [more ▼]

As network link rates are being pushed beyond 40 Gbps, IP lookup in high-speed routers is moving to hardware. The TCAM (Ternary Content Addressable Memory)-based IP lookup engine and the SRAM (Static Random Access Memory)- based IP lookup pipeline are the two most common ways to achieve high throughput. However, route updates in both engines degrade lookup performance and may lead to packet drops. Moreover, there is a growing interest in virtual IP routers where more frequent updates happen. Finding solutions that achieve both fast lookup and low update overhead becomes critical. In this paper, we propose a hybrid IP lookup architecture to address this challenge. The architecture is based on an efficient trie partitioning scheme that divides the Forwarding Information Base (FIB) into two prefix sets: a large disjoint leaf prefix set mapped into an external TCAM-based lookup engine and a small overlapping prefix set mapped into an on-chip SRAM-based lookup pipeline. Critical optimizations are developed on both IP lookup engines to reduce the update overhead. We show how to extend the proposed hybrid architecture to support virtual routers. Our implementation shows a throughput of 250 million lookups per second (MLPS). The update overhead is significantly lower than that of previous work and the utilization ratio of most external TCAMs is up to 100%. [less ▲]

Detailed reference viewed: 78 (17 ULg)
Full Text
See detailEditorial for Computer Networks special issue on “Measurement-based optimization of P2P networking and applications”
Fu, Xiaoming; Chen, Yang; Leduc, Guy ULg et al

in Computer Networks (2012), 26(3), 1077-1079

Detailed reference viewed: 49 (11 ULg)
Peer Reviewed
See detailFlowOS: a pure flow-based vision of network traffic
Abdul, Alim; Bezahaf, Mehdi; Mathy, Laurent ULg

in Proceedings of ANCS 2012 (2012)

Detailed reference viewed: 9 (2 ULg)
Full Text
Peer Reviewed
See detailTowards TCAM-based Scalable Virtual Routers
Luo, Layong; Xie, Gaogang; Uhlig, Steve et al

in ACM CoNEXT 2012 Proceedings (2012)

Detailed reference viewed: 35 (7 ULg)
Full Text
Peer Reviewed
See detailTowards Large-Scale Network Virtualization
Papadimitriou, Panagiotis; Houidi, Ines; Louati, Wajdi et al

in Proceedings of WWIC 2012 (2012)

Most existing virtual network (VN) provisioning approaches assume a single administrative domain and therefore, VN deployments are limited to the geographic footprint of the substrate provider. To enable ... [more ▼]

Most existing virtual network (VN) provisioning approaches assume a single administrative domain and therefore, VN deployments are limited to the geographic footprint of the substrate provider. To enable wide-area VN provisioning, network virtualization architectures need to address the intricacies of inter-domain aspects, i.e., how to provi- sion VNs with limited control and knowledge of any aspect of the physical infrastructure. To this end, we present a framework for large-scale VN provisioning. We decompose VN provisioning into multiple steps to overcome the impli- cations of limited information on resource discovery and allocation. We present a new resource selection algorithm with simultaneous node and link mapping to assign resources within each domain. We use a signaling protocol that integrates resource reservations for virtual link setup with Quality-of-Service guarantees. Our experimental results show that small VNs can be provisioned within a few seconds. [less ▲]

Detailed reference viewed: 9 (1 ULg)
Full Text
Peer Reviewed
See detailImproved parallelism and scheduling in multi-core software routers
Egi, Norbert; Iannaccone, Gianluca; Manesh, Maziar et al

in Journal of Supercomputing (2011)

Recent technological advances in commodity server architectures, with multiple multi-core CPUs, integrated memory controllers, high-speed interconnects, and enhanced network interface cards, provide ... [more ▼]

Recent technological advances in commodity server architectures, with multiple multi-core CPUs, integrated memory controllers, high-speed interconnects, and enhanced network interface cards, provide substantial computational capacity, and thus an attractive platform for packet forwarding. However, to exploit this available capacity, we need a suitable software platform that allows effective parallel packet processing and resource management. In this paper, we at first introduce an improved forwarding architecture for software routers that enhances parallelism by exploiting hardware classification and multi-queue support, already available in recent commodity network interface cards. After evaluating the original scheduling algorithm of the widely-used Click modular router, we propose solutions for extending this scheduler for improved fairness, throughput, and more precise resource management. To illustrate the potential benefits of our proposal, we implement and evaluate a few key elements of our overall design. Finally, we discuss how our improved forwarding architecture and resource management might be applied in virtualized software routers. [less ▲]

Detailed reference viewed: 17 (3 ULg)
Full Text
Peer Reviewed
See detailBuilding virtual networks across multiple domains
Werle, C.; Bless, R.; Papadimitriou, P. et al

in Proceedings of the ACM SIGCOMM 2011 conference poster session (2011)

Detailed reference viewed: 16 (0 ULg)
Full Text
Peer Reviewed
See detailForwarding Path Architectures for Multicore Software Routers
Egi, Norbert; Greenhalgh, Adam; Handley, Mark et al

in ACM CoNEXT 2010 Workshop Proceedings (2010, November)

Multi-core CPUs, along with recent advances in memory and buses, render commodity hardware a strong candidate for building fexible and high-performance software routers. With a forwarding plane physically ... [more ▼]

Multi-core CPUs, along with recent advances in memory and buses, render commodity hardware a strong candidate for building fexible and high-performance software routers. With a forwarding plane physically composed of many packet processing components and operations, resource allocation in multi-core systems is not trivial. Indeed, packets crossing cache hierarchies degrade forwarding performance, since the bottleneck is main memory access. Therefore, forwarding path allocation and input/output processing become challenging, especially when states and data structures have to be shared among multiple cores. In this context, we investigate a set of input/output processing architectures, as well as resource allocation strategies for forwarding paths. For each packet processing operation, we uncover the gains and possible implications by either running different components concurrently or replicating the same components across different cores. [less ▲]

Detailed reference viewed: 13 (1 ULg)
Full Text
Peer Reviewed
See detailAdaptive Virtual Network Provisioning
Houidi, Ines; Louati, Wajdi; Zeghlache, Djamal et al

in ACM SIGCOMM Workshops Proceedings (2010, September)

In the future, virtual networks will be allocated, maintained and managed much like clouds offering flexibility, extensibility and elasticity with resources acquired for a limited time and even on a lease ... [more ▼]

In the future, virtual networks will be allocated, maintained and managed much like clouds offering flexibility, extensibility and elasticity with resources acquired for a limited time and even on a lease basis. Adaptive provisioning is required to maintain virtual network topologies, comply with established contracts, expand initial allocations on demand, release resources no longer useful, optimise resource utilisation and respond to anomalies, faults and evolving demands. In this paper, we elaborate on adaptive virtual resource provisioning to maintain virtual networks, allocated initially on demand, in response to a virtual network creation request. We propose a distributed fault-tolerant embedding algorithm, which relies on substrate node agents to cope with failures and severe performance degradation. This algorithm coupled with dynamic resource binding is integrated and evaluated within a medium-scale experimental infrastructure. [less ▲]

Detailed reference viewed: 18 (0 ULg)
Full Text
Peer Reviewed
See detailA Platform for High Performance and Flexible Virtual Routers on Commodity Hardware
Egi, Norbert; Greenhalgh, Adam; Handley, Mark et al

in ACM SIGCOMM Computer Communication Review (2010, January)

Multi-core CPUs, along with recent advances in memory and buses, render commodity hardware a strong candidate for software router virtualization. In this context, we present the design of a new platform ... [more ▼]

Multi-core CPUs, along with recent advances in memory and buses, render commodity hardware a strong candidate for software router virtualization. In this context, we present the design of a new platform for virtual routers on modern PC hardware. We further discuss our design choices in order to achieve both high performance and flexibility for packet processing. [less ▲]

Detailed reference viewed: 50 (1 ULg)
Full Text
Peer Reviewed
See detailImproved Forwarding Architecture and Resource Management for Multi-Core Software Routers
Egi, Norbert; Greenhalgh, Adam; Handley, Mark et al

in NPC 2009 Proceedings (2009, October)

Recent technological advances in commodity server architectures, with multiple multi-core CPUs, integrated memory controllers, high-speed interconnects and enhanced network interface cards, provide ... [more ▼]

Recent technological advances in commodity server architectures, with multiple multi-core CPUs, integrated memory controllers, high-speed interconnects and enhanced network interface cards, provide substantial computational capacity and thus an attractive platform for packet forwarding. However, to exploit this available capacity, we need a suitable software platform that allows effective parallel packet processing and resource management. In this paper, we at first introduce an improved forwarding architecture for software routers that enhances parallelism by exploiting hardware classification and multi-queue support, already available in recent commodity network interface cards. After evaluating the original scheduling algorithm of the widely-used Click modular router, we propose solutions for extending this scheduler for improved fairness, throughput and more precise resource management. To illustrate the potential benefits of our proposal, we implement and evaluate a few key elements of our overall design. [less ▲]

Detailed reference viewed: 9 (1 ULg)
Full Text
Peer Reviewed
See detailCommutation de paquets logicielle sur routeurs PC multi-coeurs
Egi, Norbert; Greenhalgh, Adam; Handley, Mark et al

in Actes de CFIP 2009 (2009, October)

Les processeurs multi-coeurs sur PC, en même temps que les progrès récents sur la performance de la mémoire et des bus, suggèrent un candidat idéal pour la construction d’architectures de routeurs ... [more ▼]

Les processeurs multi-coeurs sur PC, en même temps que les progrès récents sur la performance de la mémoire et des bus, suggèrent un candidat idéal pour la construction d’architectures de routeurs purement logicielles qui soient flexibles et en même temps performantes. Dans cet article, nous présentons une architecture de commutation de paquets pour les routeurs logiciels ou virtuels dont l’objectif principal est de prévenir des accès mémoire coûteux tout en utilisant les ressources CPU disponibles au mieux pour traiter et commuter les paquets. Nous présentons premièrement le principe d’arbre de commutation dont la fonction est de garder les paquets commutés dans la même hiérarchie de cache du processeur. Nous identifions ensuite la source de contention principale des performances de commutation comme l’accès concurrent aux interfaces de sorties puis analysons les gains potentiels de performance en utilisant un verrou sur les interfaces de sortie ainsi qu’un mécanisme de retour sur l’état des queues du routeur. Finalement, nous proposons et évaluons une modification des arbres de commutation qui permet de contourner la contention due au partage des interfaces de sortie par les arbres [less ▲]

Detailed reference viewed: 10 (0 ULg)
Full Text
Peer Reviewed
See detailExtending Routers Utilisability and Life Cycle through Automated Configuration Management
Rodriguez, Francisco; Hoerdt, Mickael; Mathy, Laurent ULg

in IPOM '09 Proceedings (2009, October)

We present the design of a distributed router platform aimed at consolidating multiple hardware routers. The goal of the approach is twofold: firstly decouple the logical routing and forwarding ... [more ▼]

We present the design of a distributed router platform aimed at consolidating multiple hardware routers. The goal of the approach is twofold: firstly decouple the logical routing and forwarding functionality from the limitations of the hardware that runs it, through automated configuration management only; and secondly, give component routers a longer lease of life, as constituting parts of a larger router system. We focus on the logical intra-domain routing function provided by routers, and show the need for a centralized intra-domain route server. [less ▲]

Detailed reference viewed: 3 (0 ULg)
Full Text
Peer Reviewed
See detailNetwork Virtualization Architecture: Proposal and Initial Prototype
Schaffrath, Gregor; Werle, Christoph; Papadimitriou, Panagiotis et al

in ACM SIGCOMM Workshops Proceedings (2009, August)

The tussle between reliability and functionality of the Internet is firmly biased on the side of reliability. New enabling technologies fail to achieve traction across the majority of ISPs. We believe ... [more ▼]

The tussle between reliability and functionality of the Internet is firmly biased on the side of reliability. New enabling technologies fail to achieve traction across the majority of ISPs. We believe that the greatest challenge is not in finding solutions and improvements to the Internet's many problems, but in how to actually deploy those solutions and re-balance the tussle between reliability and functionality. Network virtualization provides a promising approach to enable the coexistence of innovation and reliability. We describe a network virtualization architecture as a technology for enabling Internet innovation. This architecture is motivated from both business and technical perspectives and comprises four main players. In order to gain insight about its viability, we also evaluate some of its components based on experimental results from a prototype implementation. [less ▲]

Detailed reference viewed: 23 (1 ULg)