S. Pontarelli

• Ph. D.
• Università degli Studi di Roma "Tor Vergata" at University of Rome Tor Vergata

DPDK (Data Plane Development Kit) is arguably today's most employed framework for software packet processing. Its impressive performance however comes at the cost of precious CPU resources, dedicated to continuously poll the NICs. To face this issue, this paper presents Metronome, an approach devised to replace the continuous DPDK polling with a sl...

FPGA accelerators on the NIC enable the offloading of expensive packet processing tasks from the CPU. However, FPGAs have limited resources that may need to be shared among diverse applications, and programming them is difficult. We present a solution to run Linux's eXpress Data Path programs written in eBPF on FPGAs, using only a fraction of the a...

Bloom filters are used to perform approximate membership checking in a wide range of applications in both computing and networking, but the recently introduced cuckoo filter is also gaining popularity. Therefore, it is of interest to compare both filters and provide insights into their features so that designers can make an informed decision when i...

In a network it is interesting to know the different number of flows that traverse a switch or link or the number of connections coming from a specific sub-network. This is generally known as cardinality estimation or count distinct. The HyperLogLog (HLL) algorithm is widely used to estimate cardinality with a small memory footprint and simple per...

In many applications, there is a need to estimate the frequency of elements. For example, in networking to know the number of packets of each flow. This poses a challenge as the number of flows and packets per second can be very large and therefore an exact count would require a large amount of fast memory. In those cases, an alternative is to use...

XTRA (XFSM for Transport) aims at providing a first attempt towards a “ code-once-port-everywhere ” platform-agnostic programming abstraction tailored to the deployment of transport layer functions. XTRA’s programming abstraction not only fits SW platforms, but is specifically designed to harness, with no re-coding effort, the offloading opportuni...

Cuckoo filters (CFs) are an alternative to Bloom filters (BFs) that supports deletions and can often be configured to have a lower false positive rate. A drawback of cuckoo filters is that the insertion process is complex and requires a large number of memory accesses when the filter operates at high occupancy. Therefore, insertion complexity may l...

Packet classification is an important part of many networking devices, such as routers and firewalls. Software-defined networking (SDN) heavily relies on online packet classification which must efficiently process two different streams: incoming packets to classify and rules to update. This rules out many offline packet classification algorithms th...

Modern field-programmable gate arrays (FPGAs) provide a vast amount of logic resources that can be used to implement complex systems while providing the flexibility to modify the design once deployed. This makes them attractive for software-defined networks (SDNs) applications, and, in fact, most vendors provide the building blocks needed for those...

The ongoing network softwarization trend holds the promise to revolutionize network infrastructures by making them more flexible, reconfigurable, portable, and more adaptive than ever. Still, the migration from hard-coded/hard-wired network functions toward their software-programmable counterparts comes along with the need for tailored optimization...

This paper introduces CuCoTrack, a cuckoo hash based data structure designed to efficiently implement connection tracking. The proposed scheme exploits the fact that queries always match one existing connection to compress the 5-tuple that identifies the connection. This significantly reduces the amount of memory needed to store the connections and...

In the last decade, a number of frameworks started to appear that implement, directly in user-space with kernel-bypass mode, high-speed software data plane functionalities on commodity hardware. This may be the key to replace specific hardware-based middleboxes with custom pieces of software, as advocated by the recent Network Function Virtualizati...

Ternary content addressable memories (TCAMs) are widely used in network devices to implement packet classification. They are used, for example, for packet forwarding, for security, and to implement software-defined networks (SDNs). TCAMs are commonly implemented as standalone devices or as an intellectual property block that is integrated on networ...

In the last decade, a number of frameworks started to appear that implement, directly in user-space with kernel-bypass mode, high-speed software data plane functionalities on commodity hardware. Vector Packet Processor (VPP) is one of such frameworks, representing an interesting point in the design space in that it offers, in user-space networking,...

The eight papers in this special section examine fault tolerance and defect analysis in VLSI and nanotechnology.

Flow identification is commonly used in traffic monitoring applications as it provides valuable insights into the nature of the traffic. However, implementing it for high speed links is challenging due to the large number of both packets and flows that need to be analyzed. Flow identification can be implemented with Content Addressable Memories (CA...

Recently, with new hardware architectures such as Reconfigurable Match Tables and languages such as P4, the Software Defined Networking community has started to bring line‐rate data plane programmability inside switching chipsets. Starting from the original OpenFlow's match/action abstraction, most of the work has so far focused on key improvements...

XTRA (XFSM for TRAnsport) is a first step towards "code-once-port-everywhere" transport protocols. XTRA's platform-agnostic programming abstraction, based on an extended finite state machine formalization of a desired transport layer task, is amenable not only to SW engines, but can be directly executed in CPU-less custom HW, thus permits to harnes...

This chapter presents an overview of existing dependability solutions for multicore processing systems. In the first section, the existing techniques to protect processor cores both at the hardware and software level are discussed. Then the protection of the different memories that are present in a multicore is reviewed in the second section. Final...

This paper introduces CuCoTrack, a cuckoo hash based data structure designed to efficiently implement connection tracking. The proposed scheme exploits the fact that queries always match one existing connection to compress the 5-tuple that identifies the connection. This reduces significantly the amount of memory needed to store the connections and...

Fault tolerant systems are usually implemented with Triple Modular Redundancy (TMR) based protection techniques which has a huge area and power overhead. Previous works have shown that this overhead can be improved by using Reduced Precision Redundancy (RPR) based approaches for intrinsically precision-tolerant applications like image and video pro...

One of the most disruptive idea in the field of computer network design is the introduction of Software Defined Networking. The core of the idea is to enhance programmability of high speed network devices (such as switches and routers) without compromising the devices performance. Nowadays, the most diffused hardware architecture for packet forward...

An important function in modern routers and switches is to perform a lookup for a key. Hash-based methods, and in particular cuckoo hash tables, are popular for such lookup operations, but for large structures stored in off-chip memory, such methods have the downside that they may require more than one off-chip memory access to perform the key look...

In this paper we show how to realize a per-flow QoS (Quality of Service) policy based on the token bucket algorithm using OPP (Open Packet Processor), a recently proposed stateful programmable dataplane. OPP is configured as a switch that enforce a token bucket policy independently on each flow processed by the switch controlling their bandwidth an...

This book provides comprehensive coverage of the dependability challenges in today's advanced computing systems. It is an in-depth discussion of all the technological and design-level techniques that may be used to overcome these issues and analyzes various dependability-assessment methods. The impact of individual application scenarios on the defi...

In modern switches, a packet can go through a number of processing steps to determine, for example, if the packet has to be discarded due to security policies, if it needs to be marked for quality of service or to determine the next hop for the packet. Most of those steps can be modeled as a matching of some of the packet fields with a set of rules...

Soft errors that corrupt the value of bits stored in registers or memories are a major issue for modern electronic systems. To ensure that they do not cause failures, error detection and correction codes are commonly used to protect memories. When memories are used for a specific application, sometimes it is possible to optimize the protection base...

We introduce the adaptive cuckoo filter (ACF), a data structure for approximate set membership that extends cuckoo filters by reacting to false positives, removing them for future queries. As an example application, in packet processing queries may correspond to flow identifiers, so a search for an element is likely to be followed by repeated searc...

Supporting programmable states in the data plane of a forwarding element, e.g., a switch or a NIC, has recently attracted the interest of the research community, which is now looking for the right abstraction to enable the programming of stateful network functions in hardware at line rate. We challenge the conservative assumptions of state-of-the-a...

Supporting programmable stateful packet forwarding functions in hardware requires a tight balance between functionality and performance. Current state-of-the-art solutions are based on a very conservative model that assumes worst-case workloads. This finally limits the programmability of the system, even if actual deployment conditions may be very...

An effective packet processing abstraction that leverages software or hardware acceleration techniques can simplify the implementation of high-performance virtual network functions. In this paper, we explore the suitability of SDN switches' stateful forwarding abstractions to model accelerated functions in both software and hardware accelerators, s...

In many applications, there is a need to identify to which of a group of sets an element x belongs, if any. For example, in a router, this functionality can be used to determine the next hop of an incoming packet. This problem is generally known as set separation and has been widely studied. Most existing solutions make use of hash-based algorithms...

By leveraging the uneven distribution of traffic among network flows, the authors improve the query throughput of Cuckoo hashing. They achieve this by placing the most frequently used items in the table that's accessed first during the Cuckoo query operation. Their scheme is named Cuckoo cache, as it's conceptually similar to a cache but implemente...

This paper aims at contributing to the ongoing debate on how to bring programmability of stateful packet processing tasks inside the network switches, while retaining platform independency. Our proposed approach, named "Open Packet Processor" (OPP), shows the viability (via an hardware prototype relying on commodity HW technologies and operating in...

The papers in this special issue focus on defect and fault tolerance in VLSI and nanotechnology systems. With the increasing demand for ever smaller, portable, energy-efficient and high-performance electronic systems, scaling of CMOS technology continues. As CMOS scaling approaches physical limits, continued innovation in materials, manufacturing p...

Bloom filters (BFs) are used in many applications for approximate check of set membership. Counting Bloom filters (CBFs) are an extension of BFs that enable the deletion of entries at the cost of additional storage requirements. Several alternatives to CBFs can be used to reduce the storage overhead. For example schemes based on d-left hashing or C...

In recent years, energy efficiency has become an important design goal for routers, switches and other networking equipment. Traditionally, the energy consumption of these devices has been almost constant regardless of the traffic load and the device configuration. In computer networks, traffic loads typically present large variations and in many c...

Static random access memories (SRAMs) are key in electronic systems. They are used not only as standalone devices, but also embedded in application specific integrated circuits. One key challenge for memories is their susceptibility to radiation-induced soft errors that change the value of memory cells. Error correction codes (ECCs) are commonly us...

Bloom filters are used in many computing and networking applications where they provide a simple method to test if an element is present in a set. In some of those systems, reliability is a major concern and therefore the Bloom filters should be protected to ensure that errors do not affect the system behavior. One of the most common type of errors...

This paper presents a hardware implementation of Openstate, an extension of OpenFlow that allows performing stateful control functionalities directly inside the switch, without requiring the intervention of an external controller. The paper shows how, with a minimal reworking of the OpenFlow's basic architecture, and reusing the same building block...

Bloom filters (BFs) provide a fast and efficient way to check whether a given element belongs to a set. The BFs are used in numerous applications, for example, in communications and networking. There is also ongoing research to extend and enhance BFs and to use them in new scenarios. Reliability is becoming a challenge for advanced electronic circu...

Recent trends in emerging nonvolatile memory systems necessitate efficient read/write (R/W) schemes. Efficient solutions with zero sneak path current, nondestructive R/W operations, minimum area and low power are some of the key requirements. Toward this end, we propose a novel crossbar memory scheme using a configuration row of cells for assisting...

Cuckoo hashing has proven to be an efficient option to implement exact matching in networking applications. It provides good memory utilization and deterministic worst case access time. The continuous increase in speed and complexity of networking devices creates a need for higher throughput exact matching in many applications. In this paper, a new...

Memristors are considered among the most promising future building blocks of next-generation digital systems. This paper focuses on specific ways to implement logic and arithmetic unit using memristors. In particular, we present a set of complementary resistive switching (CRS)-based stateful logic operations that use material implication to provide...

This paper presents an efficient method for testing an array of reconfigurable RISC processors. The online testing method exploits the reconfiguration capabilities of the array to detect permanent faults and to identify which component of the RISC processors is affected by a fault. Based on a low cost hardware scheme, several testing procedures hav...

The fast evolving nature of modern cyber threats and network monitoring as well as the increasing interest in virtualization approaches for more complex network middlebox functionalities call for new, "software-defined", solutions to virtualize and simplify the programming and deployment of online (stream-based) traffic analysis functions. StreaMon...

One of the applications of network traffic monitoring is to detect anomalies and security threats. Due to the huge number of packets that traverse networks, monitoring is typically implemented by sampling the traffic. Sampling can be done per packet or per flow. For flow sampling, the decision to select a flow can be purely random or based on some...

Cache memories are very relevant components in modern processors, and therefore, their protection against soft errors is important to ensure reliability. One important element in caches is the tag fields, which are critical to keep data integrity and achieve a high hit ratio. To protect them against soft errors, a parity bit or a single error corre...

Single error correction–double error detection–double adjacent error correction (SEC-DED-DAEC) codes have been proposed to protect SRAM devices from multiple cell upsets (MCUs). The correction of double adjacent errors ensures that the most common types of MCUs are corrected. At the same time, SEC-DED-DAEC codes require the same number of parity ch...

The possibility to offload, via a platform-agnostic specification, the execution of (some/part of the) control functions down to the switch and operate them at wire speed based on packet level events, would yield significant benefits in terms of control latency and reaction times, meanwhile retaining the SDN-type ability to program and instantiate...

Error correction codes (ECCs) are commonly used to protect memories from errors. As multibit errors become more frequent, single error correction codes are not enough and more advanced ECCs are needed. The use of advanced ECCs in memories is, however, limited by their decoding complexity. In this context, one-step majority logic decodable (OS-MLD)...

Radiation-induced soft errors are a major reliability concern for memories. To ensure that memory contents are not corrupted, single error correction double error detection (SEC-DED) codes are commonly used, however, in advanced technology nodes, soft errors frequently affect more than one memory bit. Since SEC-DED codes cannot correct multiple err...

Energy efficiency has become an important design goal for networking equipment. Traditionally routers and switches have been designed to minimize peak power consumption but they operate most of the time with settings and traffic that is far from that peak. Therefore, many elements and functions of networking equipment are being redesigned to improv...

Memristor based logic and memories are increasingly becoming one of the fundamental building blocks for future system design. Hence, it is important to explore various methodologies for implementing these blocks. In this paper, we present a novel Complementary Resistive Switching (CRS) based stateful logic operations using material implication. The...

This article presents a survey on the dependability of multicore architectures in nanoscale technologies. The survey presents the view from one of Europe’s largest network of academic and industrial scientists collaborating in research and development in the topic. The article first summarizes the major dependability threats for multicore chips. In...

Skewed caches have been proposed to reduce the miss ratio on a cache by indexing the cache lines of a two way set associative cache not with the index but with a hash function of the index and the tag. This paper proposes to use ECC codes as the hashing functions that allow also correcting the stored data. It is shown that ECC behave very well as h...

The efficiency of standardmicroprocessors decreases when operations on short data are performed because they are optimized to perform operations on fixed size data. Short data processing and bit manipulation can be accelerated integrating a Reconfigurable Functional Unit (RFU) in parallel with the ALU. An RFU is a tightly coupled integrated Reconfi...

Error correction codes are commonly used in memories to ensure that data are not corrupted. Single error correction double error detection (SEC-DED) codes are among the most widely used codes to protect memories. One common technique to implement SEC-DED codes is to construct a parity check matrix with odd-weight columns. This ensures that double e...

Error correction codes (ECCs) are commonly used to protect memories against errors. Among ECCs, orthogonal latin squares (OLS) codes have gained renewed interest for memory protection due to their modularity and the simplicity of the decoding algorithm that enables low delay implementations. An important issue is that when ECCs are used, the encode...

The fast evolving nature of modern cyber threats and network monitoring needs calls for new, "software-defined", approaches to simplify and quicken programming and deployment of online (stream-based) traffic analysis functions. StreaMon is a carefully designed data-plane abstraction devised to scalably decouple the "programming logic" of a traffic...

Security of today's networks heavily rely on network intrusion detection systems (NIDSs). The ability to promptly update the supported rule sets and detect new emerging attacks makes field-programmable gate arrays (FPGAs) a very appealing technology. An important issue is how to scale FPGA-based NIDS implementations to ever faster network links. Wh...

This paper introduces a novel design for a multiple node upset tolerant flip-flop. This design uses the TDICE memory cell that was proposed in the technical literature for memory arrays and applies its principles of operation to a Master Slave flip-flop implemented at 65 nm CMOS technology. It is shown that the proposed design approach is particula...

This paper studies the problem of designing a low complexity Concurrent Error Detection (CED) circuit for the complex multiplication function commonly used in Digital Signal Processing circuits. Five novel CED architectures are proposed and their computational complexity, area, and delay evaluated in several circuit implementations. The most effici...

Error correction codes (ECCs) are commonly used to protect memory devices from errors. The most commonly used codes are a simple parity bit and single-error-correction (SEC) codes. A parity bit enables single-bit error detection, whereas a SEC code can correct one-bit errors. A SEC code requires more additional bits per word and also more complex d...

This brief presents a technique to efficiently correct single soft errors in serial shift registers. The proposed scheme uses two copies of the shift register. To achieve error correction, data are convolutionally encoded at the input of one of the copies and are decoded at its output. This processing ensures that in that copy, any error affecting...

Reliability is a major concern for memories. To ensure that errors do not affect the data stored in a memory, error correction codes (ECCs) are widely used in memories. ECCs introduce an overhead as some bits are added to each word to detect and correct errors. This increases the cost of the memory. Content addressable memories (CAMs) are a special...

This paper presents an innovative approach to detect soft errors in Ternary Content Addressable Memories (TCAMs) based on the use of Bloom Filters. The proposed approach is described in detail and its performance results are presented. The advantages of the proposed method are that no modifications to the TCAM device are required, the checking is d...

Error correction codes (ECCs) have been used for decades to protect memories from soft errors. Single error correction (SEC) codes that can correct 1-bit error per word are a common option for memory protection. In some cases, SEC codes are extended to also provide double error detection and are known as SEC-DED codes. As technology scales, soft er...

Invertible Bloom Lookup Tables (IBLTs) have been recently introduced as an extension of traditional Bloom filters. IBLTs store key-value pairs. Unlike traditional Bloom filters, IBLTs support both a lookup operation (given a key, return a value) and an operation that lists out all the key-value pairs stored. One issue with IBLTs is that there is a...

Soft errors that affect flip-flops are a major issue in advanced electronic circuits. As technology scales, multiple bit errors become more likely. This limits the applicability of traditional protection techniques like triplication with voting or single error correction codes that can correct only one error. Multiple errors tend to affect adjacent...

In this paper, the authors propose the implementation of a programmable Finite Impulse Response (FIR) filter based on the use of the Karatsuba formula. The Karatsuba formula is used to speed-up the multiplication of large numbers by splitting the operands in two parts of equal length. In the paper, experiments based on a STM 90 nm technology implem...

This paper reports the main contribution of a project devoted to the definition of techniques to design and evaluate fault tolerant systems implemented using the SoPC paradigm, suitable for missionand safety-critical application environments. In particular, the effort of the five involved research units has been devoted to address some of the main...

This paper proposes two new slave latches for improving the Single Event Upset (SEU) tolerance of a flipflop in scan delay testing. The two proposed slave latches utilize additional circuitry to increase the critical charge of the flip-flop compared to designs found in the technical literature. The first (second) latch design achieves a 5.6 (2.4) t...