Qiang Wu

Bio: Qiang Wu is an academic researcher from University of Massachusetts Amherst. The author has contributed to research in topics: Packet processing & Network packet. The author has an hindex of 7, co-authored 12 publications receiving 136 citations. Previous affiliations of Qiang Wu include Juniper Networks.

On runtime management in multi-core packet processing systems

Abstract: Computer networks require increasingly complex packet processing in the data path to adapt to new functionality requirements. To meet performance demands, packet processing systems on routers employ multiple processor cores. We investigate the design of an efficient run-time management system that handles the allocation of processing tasks to processor cores. Using run-time profiling information about processing requirements and traffic characteristics, the system is able to adapt to dynamic changes in the workload and balance the utilization of all processing resources to maximize throughput. We present a prototype implementation of our system that is based on the Click modular router. Our results show that our prototype system can adapt to changing workloads and process computationally demanding packets at 1.32 times higher data rates than SMP Click.

Attacks on Network Infrastructure

Abstract: We present the first practical example of an entirely new class of network attacks -- attacks that target the network infrastructure. Modern routers in computer networks use general-purpose programmable packet processors. The software used for packet processing on these systems is potentially vulnerable to remote exploits. In this paper, we demonstrate a specific attack that can launch a devastating denial-of-service attack by sending just a single packet. We show that vulnerable packet processing code can be exploited on a Click modular router as well as on a custom packet processor on the NetFPGA platform. We also show that defense techniques based on processor monitoring that we have proposed in prior work can help in detecting and avoiding such attacks.

Runtime Task Allocation in Multicore Packet Processing Systems

Abstract: Computer networks require increasingly complex packet processing functions in the data plane to adapt to new requirements. To meet performance demands, packet processing systems on routers employ multiple processor cores. To efficiently utilize processing resources in such systems, we propose a novel methodology for allocating tasks to processors. The main idea is to obtain runtime profiling information and to duplicate tasks with heavy processing requirements. Using our duplication algorithm, a balanced workload can be obtained and the complexity of packing tasks with different processing requirements can be reduced. By translating traffic characteristics into processing requirements, the system is able to adapt to dynamic changes in the workload and balance the utilization of all processing resources to maximize system throughput. Our approach can adapt to any traffic change in a single iteration, whereas existing adaptive approaches may require multiple steps. Results from our prototype implementation based on the Click modular router show that our system only requires on average 5.3-31.5 percent of the adaptation steps that are necessary in iterative systems. In addition, our system achieves a throughput that is 1.32 times higher than the throughput achieved with symmetric multiprocessing support with general-purpose task allocation.

Dynamic workload profiling and task allocation in packet processing systems

Abstract: Computer networks require increasingly complex packet processing services on routers to adapt to new functionality, security, and performance requirements. Embedded multicore packet processing systems that can provide this capability are difficult to program and manage at runtime. We propose a novel way of representing processing tasks, obtaining runtime profiling information, and mapping tasks to processors. By duplicating processing tasks with heavy processing requirements, a more balanced workload can be obtained. The mapping algorithm considers that balance when assigning tasks to processors as well as the cost of inter-processor communication. Our evaluation results show that our approach can improve the system throughput by 2.39-2.89 times at a cost of 1.49-1.64 times higher inter-processor communication.

Benchmarking BGP Routers

Abstract: Determining which routes to use when forwarding traffic is one of the major processing tasks in the control plane of computer networks. We present a novel benchmark that evaluates the performance of the most commonly used Internet-wide routing protocol, the Border Gateway Protocol (BGP). Using this benchmark, we evaluate four different systems that implement BGP, including a uni-core and a dual-core workstation, an embedded network processor, and a commercial router. We present performance results for these systems under various loads of cross-traffic and explore the tradeoffs between different system architectures. Our observations help identify bottlenecks and limitations in current systems and can lead to next-generation router architectures that are better optimized for this important workload.

Accountable internet protocol (aip)

Abstract: This paper presents AIP (Accountable Internet Protocol), a network architecture that provides accountability as a first-order property. AIP uses a hierarchy of self-certifying addresses, in which each component is derived from the public key of the corresponding entity. We discuss how AIP enables simple solutions to source spoofing, denial-of-service, route hijacking, and route forgery. We also discuss how AIP's design meets the challenges of scaling, key management, and traffic engineering.

Virtual disk storage techniques

Abstract: This document describes techniques for storing virtual disk payload data. In an exemplary configuration, each virtual disk extent can be associated with state information that indicates whether the virtual disk extent is described by a virtual disk file. Under certain conditions the space used to describe a virtual disk extent can be reclaimed and state information can be used to determine how read and/or write operations directed to the virtual disk extent are handled. In addition to the foregoing, other techniques are described in the claims, figures, and detailed description of this document.

400 Gb/s Programmable Packet Parsing on a Single FPGA

Abstract: Packet parsing is necessary at all points in the modern networking infrastructure, to support packet classification and security functions, as well as for protocol implementation. Increasingly high line rates call for advanced hardware packet processing solutions, while increasing rates of change call for high-level programmability of these solutions. This paper presents an approach for harnessing modern Field Programmable Gate Array (FPGA) devices, which are a natural technology for implementing the necessary high-speed programmable packet processing. The paper introduces PP: a simple high-level language for describing packet parsing algorithms in an implementation-independent manner. It demonstrates that this language can be compiled to give high-speed FPGA-based packet parsers that can be integrated alongside other packet processing components to build network nodes. Compilation involves generating virtual processing architectures tailored to specific packet parsing requirements. Scalability of these architectures allows parsing at line rates from 1 to 400 Gb/s as required in different network contexts. Run-time programmability of these architectures allows dynamic updating of parsing algorithms during operation in the field. Implementation results show that programmable packet parsing of 600 million small packets per second can be supported on a single Xilinx Virtex-7 FPGA device handling a 400 Gb/s line rate.

Virtual network security: threats, countermeasures, and challenges

Abstract: Network virtualization has become increasingly prominent in recent years. It enables the creation of network infrastructures that are specifically tailored to the needs of distinct network applications and supports the instantiation of favorable environments for the development and evaluation of new architectures and protocols. Despite the wide applicability of network virtualization, the shared use of routing devices and communication channels leads to a series of security-related concerns. It is necessary to provide protection to virtual network infrastructures in order to enable their use in real, large scale environments. In this paper, we present an overview of the state of the art concerning virtual network security. We discuss the main challenges related to this kind of environment, some of the major threats, as well as solutions proposed in the literature that aim to deal with different security aspects.

Energy Efficiency in the Future Internet: The Role of Optical Packet Switching and Optical-Label Switching

Abstract: This paper reviews the energy efficiency of optical-packet-switching (OPS) systems in comparison with electronic packet switching and hybrid packet switching in the context of future networks. The paper will first discuss the energy efficiency metrics that should include considerations for life-cycle analysis, applications, and network-wide goodput. The state-of-the-art electronic packet switching router is currently energy-limited in scalability as it is difficult to implement a router with more than 1 MW power consumption. The OPS router that imitates electronic router's store-and-forward schemes is expected to suffer poor energy efficiency due to the complexity in the high-speed control plane necessary to control many optical buffer stages. The hybrid optical router achieves easier buffer management but its energy efficiency is still limited by the store-and-forward approach. The OPS router based on all-optical contention resolution without relying on store-and-forward method can keep the control plane very simple and achieve very high energy efficiency. Network-wide performance and energy efficiency in the context of generalized multiprotocol label switching (GMPLS)- and multiprotocol label switching (MPLS)-based networking are also discussed.