About me! I was born in a small regional town in Sicily, Italy in 1992. At the University of Catania, I gained a Bachelor’s Degree and I completed my Master’s degree in Computer Engineering at Politecnico di Torino. In November 2016 I started a Ph.D. in Computer Science focused on programmable data planes and high-speed Network Function Virtualizations. In particular, I'm mostly working with XDP (eXpress Data Path) and eBPF (extended Berkley Packet Filter) as foundation technologies to build a new model of flexible and efficient VNFs and how to exploit them on new container-based cloud environments (e.g., k8s). Apart from my research interests, I love anything to do with technology, music (I love playing trumpet), as well as volleyball and football.
download cv[SIGCOMM-CCR] Securing Linux with a Faster and Scalable Iptables
Creating Complex Network Services with eBPF: Experience and Lessons Learned
Automatic optimization of virtual network functions for next-generation high-speed networks
Automatic optimization of virtual network functions for next-generation high-speed networks
Thesis title: Optimized Traffic Control Using SDN in a Business LAN EnvironmentFinal degree mark: 110/110 cum laude - GPA: 4.0/4.0
Thesis title: Mobile Management System of Academic Report Cards: Mobile ApplicationFinal degree mark: 110/110 cum laude - GPA: 3.85/4.0
Polycube: an eBPF/XDP-based software framework for fast network services running in the Linux kernel
In the last years I have been working on an eBPF/XDP-based software framework for fast network services in the Linux kernel, called Polycube. Polycube provides a set of complex networking applications that can be easily managed and configured through an apposite CLI or a REST-based daemon, called polycubed. Furthermore, it provides the possibility to build arbitrary service chains and hence the possiblity to customize the network connectivity to namespace, containers, virtual machines and physical hosts.
Polycube is available on github at this URL:
https://github.com/polycube-network/polycubeI am really interested in new technologies, such us eBPF and XDP, as enablers for next-generation high-speed networks.
BPF-iptables is a faster and scalable eBPF-based clone of iptables
This work starts from the consideration that the current version of iptables suffers from the linear search algorithm adopted as filtering model, which is not suitable in an environmente where a large set of rules are deployed. eBPF-iptables provide a faster and more scalable clone of iptables by preserving the original iptables filtering semantic. Our results showed the bpf-iptables outperforms the current version of iptables and nftables by an order of magnitude; in particular when a high number of rules is used.
BPF-iptables is available on github at this URL:
https://github.com/polycube-network/polycube/tree/master/src/services/pcn-iptables
Draft, 20 March 2019
In this paper, proposes a new architecture enhancing the mitigation capabilities of edge servers by transparently offloading a portion of DDoS mitigation rules in the SmartNIC, thus achieving a balanced combination of the XDP flexibility in operating traffic sampling and aggregation in the kernel with the performance of hardware-based filtering.
Draft, 1 March 2019
In this paper, we point out the main shortcomings of legacy security models when applied to VNF, and we advocate the transition to a new architectural pattern that decouples context management from the detection logic.
ACM SIGCOMM Computer Communication Review, 49(3), July 2019
This paper presents an eBPF-based firewall, bpf-iptables, which emulates the iptables filtering semantic while guaranteeing higher throughput outperforming other Linux-based firewalls particularly when a high number of rules is involved.
ACM SIGCOMM 2018 Conference Posters and Demos, Budapest (H), 20-25 August 2018
This paper presents an eBPF-based prototype that emulates the iptables filtering semantic and exploits a more efficient matching algorithm, without requiring custom kernels or invasive software frameworks.
Netdev 0x12, The Technical Conference on Linux Networking, Montréal (Canada), 11-13 July 2018
This paper reports the first results of a project that aims at creating a eBPF-based (partial) clone of iptables. This project assumes unmodified Linux kernel and guarantees the full compatibility with current iptables.
IEEE International Conference on High Performance Switching and Routing, Bucharest (RO), 17-20 June 2018
In this paper we summarize the most important lessons learned while exploiting eBPF to create complex network functions, presenting the most promising characteristics of this technology and the main encountered limitations.
In: 3rd IEEE International Conference on Network Softwarization (NetSoft), Bologna (IT), 3-7 July 2017
This paper presents our findings about selectively offloading OpenFlow rules into a non-OpenFlow compatible hardware switch silicon, which enables existing (legacy) hardware ASICs to become compatible with the SDN paradigm.
In: 5th IEEE International Conference on Cloud Networking (CloudNet), Pisa (IT), 3-5 October 2016
In this paper we propose and validate an architecture that integrates native software components in a Network Function Virtualization (NFV) platform, making their use transparent from the user’s point of view.