Your search keyword '"Xiaozhe Shao"' showing total 11 results

1. CoNFV

Author

Xiaozhe Shao, Lixin Gao, Naveen Kumar Dumpala, Xuzhi Zhang, George Provelengios, and Russell Tessier

Subjects

General Computer Science, Network security, business.industry, Computer science, Distributed computing, Control reconfiguration, 020206 networking & telecommunications, 02 engineering and technology, Flow network, 020202 computer hardware & architecture, Resource (project management), Global network, Scalability, 0202 electrical engineering, electronic engineering, information engineering, Resource allocation, business, Virtual network

Abstract

Network function virtualization (NFV) is a powerful networking approach that leverages computing resources to perform a time-varying set of network processing functions. Although microprocessors can be used for this purpose, their performance limitations and lack of specialization present implementation challenges. In this article, we describe a new heterogeneous hardware-software NFV platform called CoNFV that provides scalability and programmability while supporting significant hardware-level parallelism and reconfiguration. Our computing platform takes advantage of both field-programmable gate arrays (FPGAs) and microprocessors to implement numerous virtual network functions (VNF) that can be dynamically customized to specific network flow needs. The most distinctive feature of our system is the use of global network state to coordinate NFV operations. Traffic management and hardware reconfiguration functions are performed by a global coordinator that allows for the rapid sharing of network function states and continuous evaluation of network function needs. With the help of state sharing mechanism offered by the coordinator, customer-defined VNF instances can be easily migrated between heterogeneous middleboxes as the network environment changes. A resource allocation and scheduling algorithm dynamically assesses resource deployments as network flows and conditions are updated. We show that our deployment algorithm can successfully reallocate FPGA and microprocessor resources in a fraction of a second in response to changes in network flow capacity and network security threats including intrusion.

Published

2020

2. Verifying Policy-based Routing at Internet Scale

Author

Lixin Gao and Xiaozhe Shao

Subjects

Routing protocol, business.industry, Computer science, Policy-based routing, 020206 networking & telecommunications, 02 engineering and technology, Network topology, Reachability, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, Pruning (decision trees), Routing (electronic design automation), business, Computer network

Abstract

Routing policy configuration plays a crucial role in determining the path that network traffic takes to reach a destination. Network administrators/operators typically decide the routing policy for their networks/routers independently. The paths/routes resulted from these independently configured routing policies might not necessarily meet the intent of the network administrators/operators. Even the very basic networkwide properties of the routing policies such as reachability between a pair of nodes need to be verified.In this paper, we propose a scheme that characterizes routingpolicy verification problems into a Satisfiability Modulo Theories (SMT) problems. The key idea is to formulate the SMT model in a policy-aware manner so as to reduce/eliminate the mutual dependencies between variables as much as possible. Further, we reduce the size of the generated SMT model through pruning. We implement and evaluate the policy-aware model through an outof-box SMT solver. The experimental results show that the policyaware model can reduce the time it takes to perform verification by as much as 100x even under a modest topology size. It takes only a few minutes to answer a query for a topology containing tens of thousands of nodes.

Published

2020

3. Improving Privacy in Graphs Through Node Addition

Author

Lixin Gao, Xiaozhe Shao, Hossein Pishro-Nik, and Nazanin Takbiri

Subjects

FOS: Computer and information sciences, Information privacy, Computer Science - Cryptography and Security, Degree (graph theory), Computer science, business.industry, Computer Science - Information Theory, Information Theory (cs.IT), Data_MISCELLANEOUS, 020206 networking & telecommunications, 02 engineering and technology, Adversary, 16. Peace & justice, Computer security, computer.software_genre, Graph, 0202 electrical engineering, electronic engineering, information engineering, Peer to peer computing, 020201 artificial intelligence & image processing, The Internet, business, computer, Cryptography and Security (cs.CR), Anonymity

Abstract

The rapid growth of computer systems which generate graph data necessitates employing privacy-preserving mechanisms to protect users' identity. Since structure-based de-anonymization attacks can reveal users' identity's even when the graph is simply anonymized by employing naive ID removal, recently, $k-$anonymity is proposed to secure users' privacy against the structure-based attack. Most of the work ensured graph privacy using fake edges, however, in some applications, edge addition or deletion might cause a significant change to the key property of the graph. Motivated by this fact, in this paper, we introduce a novel method which ensures privacy by adding fake nodes to the graph. First, we present a novel model which provides $k-$anonymity against one of the strongest attacks: seed-based attack. In this attack, the adversary knows the partial mapping between the main graph and the graph which is generated using the privacy-preserving mechanisms. We show that even if the adversary knows the mapping of all of the nodes except one, the last node can still have $k-$anonymity privacy. Then, we turn our attention to the privacy of the graphs generated by inter-domain routing against degree attacks in which the degree sequence of the graph is known to the adversary. To ensure the privacy of networks against this attack, we propose a novel method which tries to add fake nodes in a way that the degree of all nodes have the same expected value., Comment: Graph Privacy

Published

2019

4. Implementation of Location-Based Routing and ID-Based Forwarding Architecture for Internet of Things

Author

Abu Hena Al Muktadir, Yusuke Fukushima, Lixin Gao, Feng Wang, Ved P. Kafle, Xiaozhe Shao, Hiroaki Harai, and Kenji Fujikawa

Subjects

Routing protocol, business.industry, Computer science, Local area network, 020206 networking & telecommunications, 02 engineering and technology, Scalability, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, The Internet, Architecture, business, Location-based routing, Internet of Things, Computer network

Abstract

To enable billions of devices to communicate with each other simultaneously, small end-to-end latency and high scalability and reliability are the essential characteristics for the Internet of Things (IoT). The transition from today's Internet to IoT has demanded a new information and communications infrastructure. In this paper we implement and deploy a scalable and reliable inter-domain infrastructure, LORIF proposed in our previous work, to meet the requirements of IoT. Based on two local network testbeds and an intercontinental network testbed, we evaluate the scalability, resilience, and mobility of LORIF. The results demonstrate that LORIF can provide low end-to-end latency and high scalability and reliability.

Published

2017

5. CoGS: Enabling distributed network functions with global states

Author

Hao Zhang, Lixin Gao, and Xiaozhe Shao

Subjects

Computer science, business.industry, Network packet, media_common.quotation_subject, Distributed computing, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Packet processing, Process (computing), Middlebox, 020206 networking & telecommunications, 02 engineering and technology, Server, Scalability, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, State (computer science), business, Function (engineering), Computer network, media_common

Abstract

Network Functions (NFs) are deployed in networks for a variety of purposes, e.g. monitoring, security, or performance optimization. During packet processing, NF maintains the states of processed packets and/or manipulates packets based on these states. Some of these states are per-flow states while others are multi-flow states. With the emerging of network function virtualization (NFV), it is common to deploy an NF across multiple middleboxes for high processing capability. In this case, per-flow states can be maintained by each middlebox as its local states. The multi-flow states are global states that are shared among middleboxes. We propose a network function framework, Coordinator for Global States (CoGS), to scale a network function with global states across distributed middleboxes. A coordinator is adopted to manage global states for middleboxes. Meanwhile, each middlebox is able to access the states and process packets based on the global states. Our evaluation shows that the CoGS coordinator can handle more than 1 million state operations per second. With CoGS to manage the global states, the distributed NF achieves nearly linear scalability with a dozen of middleboxes.

Published

2017

6. Scalable Network Function Virtualization for Heterogeneous Middleboxes

Author

Xuzhi Zhang, Xiaozhe Shao, Naveen Kumar Dumpala, George Provelengios, Russell Tessier, and Lixin Gao

Subjects

Computer science, business.industry, Middlebox, Control reconfiguration, 020206 networking & telecommunications, 02 engineering and technology, Virtualization, computer.software_genre, Flow network, 020202 computer hardware & architecture, Software, Computer architecture, Scalability, 0202 electrical engineering, electronic engineering, information engineering, State (computer science), business, Field-programmable gate array, computer

Abstract

Over the past decade, a wide-ranging collection of network functions in middleboxes has been used to accommodate the needs of network users. Although the use of general-purpose processors has been shown to be feasible for this purpose, the serial nature of microprocessors limits network functional virtualization (NFV) performance. In this paper, we describe a new heterogeneous hardware-software approach to NFV construction that provides scalability and programmability, while supporting significant hardware-level parallelism and reconfiguration. Our computing platform uses both field-programmable gate arrays (FPGA) and microprocessors to implement numerous NFV operations that can be dynamically customized to specific network flow needs. As the number of required functions and their characteristics change, the hardware in the FPGA is automatically reconfigured to support the updated requirements. Traffic management and hardware reconfiguration functions are performed by a global coordinator which allows for the rapid sharing of middlebox state and continuous evaluation of network function needs. To evaluate our approach, a series of software tools and NFV modules have been implemented. Our system is shown to be scalable for collections of network functions exceeding one million shared states.

Published

2017

7. Labeling and Encoding Hierarchical Addressing for Scalable Internet Routing

Author

Kenji Fujikawa, Hiroaki Harai, Xiaozhe Shao, Feng Wang, and Lixin Gao

Subjects

Property (programming), business.industry, Address space, Computer science, Encoding (memory), Distributed computing, IP forwarding, Scalability, Variable-length code, The Internet, business, Hierarchical routing

Abstract

Hierarchical addressing and locator/ID separation solutions have been proposed to address the scalability issue of the Internet. However, how to combine the two addressing schemes has not been received much attention. In this paper, we present an address encoding method to integrate hierarchical addressing and locator/ID separation. Our analysis and evaluation results show that the proposed encoding method could guarantee the scalability property, and alleviate the inefficiency of address space.

Published

2017

8. Towards variable length addressing for scalable Internet routing

Author

Xiaozhe Shao, Lixin Gao, Kenji Fujikawa, Hiroaki Harai, and Feng Wang

Subjects

IPv6 address, business.industry, Address space, Computer science, Routing table, Distributed computing, 05 social sciences, IP forwarding, 050801 communication & media studies, 020206 networking & telecommunications, 02 engineering and technology, 0508 media and communications, Reserved IP addresses, 0202 electrical engineering, electronic engineering, information engineering, Default-free zone, The Internet, business, Hierarchical routing, Computer network

Abstract

The Internet is facing the accelerating growth of routing table size. Backbone routers' routing table has already reached 512k entries, which has a negative effect on the scalability of the Internet. Hierarchical addressing and locator/ID separation solutions have been proposed to address the scalability issue. However, there has been little focus on how to efficiently represent hierarchical location addresses for a large scale distributed network, such as today's Internet. In this paper, we present a variable-length address encoding method to represent hierarchical location addresses. Our analysis and evaluation results show that 1) it is difficult to use fixed-length encoding to represent hierarchical location addresses for a large scale network; and 2) the proposed variable-length addresses could guarantee the scalability property of hierarchical addressing, and alleviate the inefficiency of address space due to fixed-length addresses.

Published

2016

9. Distributed Encoding for Multiple-Inherited Locators to Accommodate Billions of Objects in the Internet

Author

Xiaozhe Shao, Lixin Gao, Feng Wang, Kenji Fujikawa, and Hiroaki Harai

Subjects

Computer science, business.industry, Distributed computing, IP forwarding, 020302 automobile design & engineering, 020206 networking & telecommunications, 02 engineering and technology, 0203 mechanical engineering, Locator/Identifier Separation Protocol, Reserved IP addresses, Encoding (memory), Scalability, 0202 electrical engineering, electronic engineering, information engineering, Table (database), The Internet, business, Computer network

Abstract

As the Internet of Things technologies evolve, billions of smart devices will be connected to the Internet. Therefore, the accelerated growth of users, applications and devices pose a great demand on the scalability of the Internet. In this paper, we develop a new Internet architecture -- Multiple-inherited Locators (MiL) -- to meet the future demand on addressing. MiL is based on Locator/ID addressing and hierarchical address allocation. The benefit of this new addressing scheme is the improved scalability of Internet routing by enhancing the prefix aggregation of locators. The number of locators which are needed grows with the Internet scale. In order to represent each locator as a unique binary representation by as few bits as possible, we develop a distributed encoding method to efficiently encode locators. As the Internet topology evolves, the distributed encoding method renumbering locators' codeword for the optimal encoding performance, and meanwhile endeavors to keep their codewords unchanged as much as possible. Because, we want to represent locators by fewer bits as well as keep addressing stable. We adopt an Encoding Table Adjustment algorithm to find a "sweet spot" that balances these two goals. According to our experiment, within a 2% increase on the expected locator length, our algorithm reduces the cost of renumbering locator by 99.9%.

Published

2016

10. Design and implementation of variable-length locator allocation protocol for scalable Internet addressing

Author

Abu Hena Al Muktadir, Xiaozhe Shao, Yusuke Fukushima, Kenji Fujikawa, Feng Wang, Hiroaki Harai, and Lixin Gao

Subjects

IPv6 address, Computer science, computer.internet_protocol, Address space, business.industry, Distributed computing, Internet layer, IPv4, Multihoming, Forwarding information base, business, computer, Internetworking, Hierarchical routing, Computer network

Abstract

Hierarchical address allocation and hierarchical routing design has long been suggested to reduce the forwarding information base (FIB) size in the Internet core. However, the hierarchical design is not put into practice. We implemented the hierarchical and automatic number allocation (HANA) protocol for allocation of IPv4 and IPv6 address spaces to autonomous systems (ASes) and the FIB size reduction. The HANA protocol allocates multiple address spaces to an AS from the upper ASes. Multihoming using multiple addresses provides an AS with multiple paths. That is, detour paths are inevitably prepared in advance, even when a network failure does not occur. In this paper, we provide the highest flexibility to HANA-based networking, namely, supporting variable-length addressing scheme. The variable-length addressing schemes suppress renumbering caused by the address space extension that occurs in the fixed-bit-length addressing schemes. In addition, we propose a new function of exchanging allocated numbers, and implement it in the current HANA system. The flexible HANA system provides locator allocation with low renumbering costs and realizes scalable addressing in future internetworking.

Published

2015

11. Compact location encodings for scalable Internet routing

Author

Feng Wang, Hiroaki Harai, Kenji Fujikawa, Xiaozhe Shao, and Lixin Gao

Subjects

Routing protocol, Dynamic Source Routing, Virtual routing and forwarding, Equal-cost multi-path routing, Computer science, Distributed computing, Routing table, IP forwarding, Enhanced Interior Gateway Routing Protocol, Geographic routing, Source routing, Forwarding plane, Destination-Sequenced Distance Vector routing, Hierarchical routing, Triangular routing, Static routing, business.industry, Network packet, Policy-based routing, Supernetwork, Link-state routing protocol, Multipath routing, Default-free zone, The Internet, business, Computer network

Abstract

The Internet is facing the double-challenge of accelerating growth of routing table size and ever higher reliability requirements. Considerable progress has been made toward the scalability and reliability of the Internet. However, most of the proposals are only partial solutions that address some of the challenges. In this paper, we present a new addressing encoding scheme and a corresponding forwarding mechanism for Internet routing to solve the aforementioned problems. Underlying our design is a succinct data structure that allows us to compactly embed a set of addresses into packet headers. At the same time, the structure allows the data plane to efficiently extract multiple address information for the same destination without decompression. We provide time and space complexity analysis, and present experimental results evaluating the performance of our encoding method. It shows that the proposed encoding method can achieve a good compression factor without degrading packet-forwarding performance.

Published

2015