Laurent Mathy's research while affiliated with University of Liège and other places
What is this page?
This page lists the scientific contributions of an author, who either does not have a ResearchGate profile, or has not yet added these contributions to their profile.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
Publications (130)
Unikernels are on the rise in the cloud. These lightweight virtual machines (VMs) specialized to a single application offer the same level of isolation as full-blown VMs, while providing performance superior to standard Linux-based VMs or even to containers. However, their inherent specialization renders memory deduplication ineffective, causing un...
italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Network functions
such as firewalls, NAT, DPI, content-aware optimizers, and load-balancers are increasingly realized as software to reduce costs and enable outsourcing. To meet performance requirements these
virtual
network functions (VNFs) often by...
Article shepherded by: Rik Farrow Thanks to their excellent performance, unikernels have always had a great deal of potential for revolutionizing the efficiency of virtualization and cloud deployments. However, after many years and several projects, unikernels, for the most part, have not seen significant, real-world deployment. In this article we...
Unikernels are famous for providing excellent performance in terms of boot times, throughput and memory consumption, to name a few metrics. However, they are infamous for making it hard and extremely time consuming to extract such performance, and for needing significant engineering effort in order to port applications to them. We introduce Unikraf...
Unikernels are famous for providing excellent performance in terms of boot times, throughput and memory consumption, to name a few metrics. However, they are infamous for making it hard and extremely time consuming to extract such performance, and for needing significant engineering effort in order to port applications to them. We introduce Unikraf...
In this paper, we present the design and implementation of SplitBox, a system for privacy-preserving processing of network functions outsourced to cloud middleboxes—i.e., without revealing the policies governing these functions. SplitBox is built to provide privacy for a generic network function that abstracts the functionality of a variety of netw...
With the fast development of Internet, the forwarding tables in backbone routers have been growing fast in size. An ideal IP lookup algorithm should achieve constant, yet small, IP lookup time, and on-chip memory usage. However, no prior IP lookup algorithm achieves both requirements at the same time. In this paper, we first propose SAIL, a splitti...
Software-defined networking (SDN) envisions the support of multiple applications collaboratively operating on the same traffic. Policies of applications therefore require composition into a rule list that represents the union of application intents. In this context, ensuring the correctness and efficiency of composition for match fields as well as...
This paper presents SplitBox, a scalable system for privately processing network functions that are outsourced as software processes to the cloud. Specifically, providers processing the network functions do not learn the network policies instructing how the functions are to be processed. We first propose an abstract model of a generic network funct...
In recent years, we have witnessed the emergence of high speed packet I/O frameworks, bringing unprecedented network performance to userspace. Using the Click modular router, we rst review and quantitatively compare several such packet I/O frameworks, showing their superiority to kernel-based forwarding. We then reconsider the issue of software pac...
This is the PPT slides.
The source codes are available at
http://fi.ict.ac.cn/firg.php?n=PublicationsAmpTalks.OpenSource
We observe that a same rule set can induce very different memory requirement, as well as varying classification performance, when using various well known decision tree based packet classification algorithms. Worse, two similar rule sets, in terms of types and number of rules, can give rise to widely differing performance behaviour for a same class...
In this poster we explore the building of a flexible and performant virtual router architecture. We aim to provide an isolated and fair router entity assigned exclusively to one of multiple users sharing the same physical hardware platform. A classical router architecture is composed of two planes; the upper control plane where various routing prot...
The Forwarding Information Base (FIB) of backbone routers has been rapidly growing in size. An ideal IP lookup algorithm should achieve constant, yet small, IP lookup time and on-chip memory usage. However, no prior IP lookup algorithm achieves both requirements at the same time. In this paper, we first propose SAIL, a Splitting Approach to IP Look...
As network link rates are being pushed beyond 40 Gb/s, IP lookup in high-speed routers is moving to hardware. The ternary content addressable memory (TCAM)-based IP lookup engine and the static random access memory (SRAM)-based IP lookup pipeline are the two most common ways to achieve high throughput. However, route updates in both engines degrade...
Middleboxes are heavily used in the Internet to process the network traffic for a specific purpose. As there is no open standards, these proprietary boxes are expensive and difficult to upgrade. In this paper, we present a programmable platform for middleboxes called FlowOS to run on commodity hardware. It provides an elegant programming model for...
Network Intrusion Detection Systems (NIDSes) face significant challenges coming from the relentless network link speed growth and increasing complexity of threats. Both hardware accelerated and parallel software-based NIDS solutions, based on commodity multi-core and GPU processors, have been proposed to overcome these challenges. This work explore...
Middleboxes are heavily used in the Internet to process the network traffic for a specific purpose. As there is no open standards, these proprietary boxes are expensive and difficult to upgrade. In this paper, we present a programmable platform for middleboxes called FlowOS to run on commodity hardware. It provides an elegant programming model for...
Packet classification has been studied extensively in the past decade. While many efficient algorithms have been proposed, the lack of deterministic performance has hindered the adoption and deployment of these algorithms: the expensive and power-hungry TCAM is still the de facto standard solution for packet classification. In this work, in contras...
Virtual routers are increasingly being studied, as an important building block to enable network virtualization. In a virtual router platform, multiple virtual router instances coexist, each having its own FIB (Forwarding Information Base). In this context, memory scalability and route updates are two major challenges. Existing approaches addressed...
As the key building block for enabling network virtualization, virtual routers have attracted much attention recently. In a virtual router platform, multiple virtual router instances coexist, each with its own FIB (Forwarding Information Base). The small amount of high-speed memory in a physical router platform severely limits the number of FIBs su...
The original Internet architecture lacked the concept of a flow, and considered each traffic as a set of packets. In this short paper, we rethink this concept inside middlebox-based platform and handle each traffic as a whole block instead of packets. We design a whole system where each input packet matching some criteria is placed in a specific st...
Most existing virtual network (VN) provisioning approaches assume a single administrative domain and therefore, VN deployments are limited to the geographic footprint of the substrate provider. To enable wide-area VN provisioning, network virtualization architectures need to address the intricacies of inter-domain aspects, i.e., how to provision VN...
As network link rates are being pushed beyond 40 Gbps, IP lookup in high-speed routers is moving to hardware. The TCAM (Ternary Content Addressable Memory)-based IP lookup engine and the SRAM (Static Random Access Memory)-based IP lookup pipeline are the two most common ways to achieve high throughput. However, route updates in both engines degrade...
This paper presents a platform for virtual network (VN) provisioning across multiple domains. The platform decomposes VN provisioning into multiple steps to address the implications of limited information disclosure on resource discovery and allocation. A new VN embedding algorithm with simultaneous node and link mapping allows to assign resources...
This paper presents a platform for virtual network (VN) provisioning across multiple domains. The platform decomposes VN provisioning into multiple steps to address the implications of limited information disclosure on resource discovery and allocation. A new VN embedding algorithm with simultaneous node and link mapping allows to assign resources...
Recent technological advances in commodity server architectures, with multiple multi-core CPUs, integrated memory controllers, high-speed interconnects, and enhanced network interface cards, provide substantial computational capacity, and thus an attractive platform for packet forwarding. However, to exploit this avail-able capacity, we need a suit...
Multi-core CPUs, along with recent advances in memory and buses, render commodity hardware a strong candidate for building fexible and high-performance software routers. With a forwarding plane physically composed of many packet processing components and operations, resource allocation in multi-core systems is not trivial. Indeed, packets crossing...
In the future, virtual networks will be allocated, maintained and managed much like clouds offering flexibility, extensibility and elasticity with resources acquired for a limited time and even on a lease basis. Adaptive provisioning is required to maintain vir-tual network topologies, comply with established contracts, expand initial allocations o...
We have presented a method for malicious behavior detection to secure the embedding phase of Internet coordinate systems. Our method does not rely on the geometric properties of the coordinate space, and is therefore unaffected by potential triangular inequality violations which often occur in the Internet [11, 12]. Instead, our detection test is b...
Multi-core CPUs, along with recent advances in memory and buses, render commodity hardware a strong candidate for software router virtualization. In this context, we present the design of a new plat-form for virtual routers on modern PC hardware. We further discuss our design choices in order to achieve both high performance and flexibility for pac...
We present the design of a distributed router platform aimed at consolidating multiple hardware routers. The goal of the approach
is twofold: firstly decouple the logical routing and forwarding functionality from the limitations of the hardware that runs
it, through automated configuration management only; and secondly, give component routers a lon...
Les processeurs multi-coeurs sur PC, en même temps que les progrès récents sur la performance de la mémoire et des bus, suggèrent un candidat idéal pour la construction d'architectures de routeurs purement logicielles qui soient flexibles et en même temps performantes. Dans cet article, nous présentons une architec- ture de commutation de paquets po...
Recent technological advances in commodity server architectures, with multiple multi-core CPUs, integrated memory controllers, high-speed interconnects and enhanced network interface cards, provide substantial computational capacity and thus an attractive platform for packet forwarding. However, to exploit this available capacity, we need a suitabl...
We address the issue of asserting the accuracy of coordinates advertised by nodes of Internet coordinate systems during distance estimations. Indeed, some nodes may lie deliberately about their coordinates to mount various attacks against applications and overlays. Our proposed method consists in two steps: 1) establish the correctness of a node's...
The Internet has seen a proliferation of specialized middlebox devices that carry out crucial network functionality such as load balancing, packet inspection and intrusion detection. Recent advances in CPU power, memory, buses and network connectivity have turned commodity PC hardware into a powerful network platform. Furthermore, commodity switch...
This paper presents a detailed characterisation of user behaviour for a series of interactive video experiments over a 12
month period, in which we served popular sporting and musical content. In addition to generic VCR-like features, our custom-built
video-on-demand application provides advanced interactivity features such as bookmarking. The dram...
The Internet has seen a proliferation of specialized middlebox devices that carry out crucial network functionality such as load balancing, packet inspec- tion or intrusion detection, amongst others. Traditionall y, high performance network devices have been built on custom multi-core, specialized memory hierarchies, ar- chitectures which are well...
Future Internet is a clean-slate research activity in quest of new networking technologies to overcome the limits of the current Internet. In its experimental research, virtualization and federation are emerging as essential features, especially in the construction and operation of the testbeds. Moreover, they are believed to sustain as the fundame...
Multi-core CPUs, along with recent advances in memory and buses, render commodity hardware a strong candidate for software router virtualization. In this context, we present the design of a new platform for virtual routers on x86 hardware. We also elaborate on our design choices in order to achieve both high performance and flexibility for packet p...
The Internet has become an essential communi- cation medium upon which billions of people rely every day. However, necessary evolution of the Internet has been severely limited by reliability constrains and social-economic factors. Experts fear that current growth rates will threaten the future of the Internet as a whole, despite the fact that new...
In this paper we investigate the building of a virtual router plat- form that ensures isolation and fairness between concurrent virtual routers. Recent developments in commodity x86 hardware enable us to take advantage of the flexibility and wealth of resource s avail- able to a software router in order to build a virtual router pl atform. Using co...
Routing policies or path inflation can give rise to violations of the Triangle Inequality with respect to delay (RTTs) in the Internet. In network coordinate systems, such Triangle Inequality Violations (TIVs) will introduce inaccuracy, as nodes in this particular case could not be embedded into any metric space. In this paper, we consider these TI...
This paper claims that Shadow Technical Program Committee (TPC) should be organized on a regular basis for attractive conferences in the networking domain. It helps ensuring that young generations of researchers have experience with the process of reviewing and selecting papers before they actually become part of regular TPCs. We highlight several...
Les systèmes de coordonnées sont des systèmes distribués ayant pour but, à partir de mesures de distance (par exemple RTT) entre certaines paires de noeuds, d’associer des coordonnées à chaque noeud dans un espace métrique. Toutefois, de tels systèmes ne fonctionnent pas correctement lorsque les distances mesurées ne respectent pas les inégalités t...
The emergence of overlay network applications that rely on application-level decisions for many aspects of their operations (e.g. routing, content replication, etc) creates cross- layer interaction issues with ISP network operations. Indeed, the independent optimisation of a diverse set of objectives using layer-local information can lead to operat...
With the advent of numerous video distribution services, Content Distribution Networks (CDNs) are under increasing demand. Given the associated expenses, many organisations have made use of Peer-to-Peer (P2P) approaches to offset bandwidth costs. Unfortunately, using clients as part of the delivery process can vastly increase load on service provid...
Most existing DHT algorithms assume that all nodes have equal capabilities. This assumption has previously been shown to be untrue in real deployments, where the heterogeneity of nodes can actually have a detrimental ef- fect upon performance. In this paper, we acknowledge that nodes on the same overlay may also differ in terms of their trustworthi...
Modern commodity hardware architectures, with their mul- tiple multi-core CPUs and high-speed system interconnects, exhibit tremendous power. In this paper, we study perfor- mance limitations when building both software routers and software virtual routers on such systems. We show that the fundamental performance bottleneck is currently the mem- or...
Recent activities in the IRTF (Internet Research Task Force), and in particular in the Routing Research Group (RRG), fo- cus on defining a new Internet architecture, in order to solve scalability issues related to interdomain routing. The re- search community has agreed that the separation of the end- systems' addressing space (the identifiers) and...
Internet coordinate systems (e.g. [1,?]) have been proposed to allow for distance (Round-Trip Time, shortly RTT) estimation between nodes, in order to reduce the measurement overhead of many applications and overlay networks. Indeed, by embedding the Internet delay space into a metric space – an operation that only requires each node in the system...
This paper addresses the issue of the security of Internet Coordinate Systems,by proposing a general method for malicious behavior detection during coordinate computations. We first show that the dynamics of a node, in a coordinate system without abnormal or malicious behavior, can be modeled by a Linear State Space model and tracked by a Kalman fi...
In this paper, we evaluate the performance of a software IP router forwarding plane inside the Xen virtual machine monitor environment with a view to identifying (some) design issues in Virtual Routers. To this end, we evaluate and compare the forwarding performance of two identical Linux software router configurations, run either above the Xen hyp...
In this paper, we investigate how to incorporate an application met- ric into the construction of a multicast tree so as to facilitate the use of range constrained multicast. We first describe the construction and deliv- ery protocols, show through an analysis drawing on stochastic geometry that the protocol is scalable, and provide simulations sho...
This paper presents a detailed characterisation of user be-haviour for a series of interactive sport videos from the 2006 FIFA World Cup. In addition to generic VCR-like features, our custom-built Video-on-Demand architecture enabled us to provide advanced interactivity features such as book-marking. We illustrate how such functionality may have a...
We have analysed unidirectional delay traces of a diverse set of IPv6 microflows routed over W-LAN and W-WAN environments. Using a number of time-domain and frequency-domain estimators we have examined the existence and intensity of long-range dependence in packet delay when viewed as time-series data. The correlation structures of packet delay on...
We propose several models based on discrete-time Markov chains for the analysis of distributed hash tables (DHTs). Specifically, we examine the Pastry routing protocol, as well as a Stealth DHT adaptation of Pastry to compute their exact expressions for average number of lookup hops. We show that our analytical models match with the protocols' simu...
We address the issue of asserting the accuracy of Internet coordinates advertised by nodes of Internet coordinate systems during distance estimations. Indeed, some nodes may even lie deliberately about their coordinates to mount various attacks against applications and overlays. Our proposed method consists in two steps: 1) establish the correctnes...
This paper addresses the issue of the security of Internet Coordinate Systems, by proposing a general method for malicious behavior detection during coordinate computations. We first show that the dynamics of a node, in a coordinate system without abnormal or malicious behavior, can be modeled by a Linear State Space model and tracked by a Kalman f...
The provision and support of new distributed multimedia services are of prime concern for telecommunications operators and suppliers. Clearly, the potential of the latest Internet protocols to contribute communications components is of considerable interest to them. In this paper we present three of the major new protocols introduced into the Inter...
The recently proposed coordinates-based systems for network positioning have been shown to be accurate, with very low distance prediction error. However, these systems often rely on nodes coordination and assume that information reported by probed nodes is correct. In this paper, we identify different attacks against coordinates embedding systems a...
Significant progress has been made in the design and development of Grid middleware which, in its present form, is founded on Web services technologies. However, we argue that present-day Grid middleware is severely limited in supporting projected next-generation applications which will involve pervasive and heterogeneous networked infrastructures,...
In this paper, we present a thorough and realistic analysis of audio conferencing over application-level multicast (ALM).
Through flexibility and ease-of-deployment, ALM is a compelling alternative group-communication technique to IP Multicast
— which has yet to see wide-scale deployment in the Internet. However, proposed ALM techniques suffer fr...
In this paper, we present a thorough and realistic analysis of voice (i.e. audio conferencing) over application-level multicast (ALM). Through flexibility and ease-of-deployment, ALM is a compelling alternative group-communication technique to IP multicast-which has yet to see wide-scale deployment in the Internet. However, proposed ALM techniques...
The advances in wireless networking and the consequent emergence of new applications that wireless networks increasingly support inevitably leads to low capability mobile nodes connecting to peer-to-peer networks. However, the characteristics of mobile nodes and limitations of access point coverage often cause mobile nodes to lose connectivity, whi...
Dynamic overlay routing has been proposed as a way to enhance the reliability and performance of IP networks. The major premise is that overlay routing can bypass congestion, transient outages, or suboptimal paths, by forwarding traffic through one or ...
Due to the technical developments in electronics the amount of digital content is continuously increasing. In order to make digital content respectively multimedia content available to potentially large and geographically distributed consumer populations, Content Distribution Networks (CDNs) are used. The main task of current CDNs is the efficient...
This paper deals with the Quality of Service (QoS) negotiation for multicast connections. First, we show that in the multicast case, the QoS parameters may be separated into two classes, namely the parameters whose scope is the whole multicast connection and those whose scope is limited to each receiver separately. Then, after a brief presentation...
The recently proposed coordinates-based systems for network positioning have been shown to be accurate, with very low distance prediction error. However, these systems often rely on nodes coordination and assume that information reported by probed nodes is correct. In this paper, we identify different attacks against coordinates embedding systems a...
Most existing DHT algorithms assume that all nodes have equal capabilities. This assumption has previously been shown to be untrue in real deployments, where the heterogeneity of nodes can actually have a detrimental effect upon performance. We now acknowledge that nodes on the same overlay may also differ in terms of their trustworthiness. However...