P2P streaming application must realize network address translation (NAT) traversal. To handle low success ratio of the existing NAT traversal algorithm, UPnP-STUN (UPUN) and port-mapping sample estimation (PMSE)...P2P streaming application must realize network address translation (NAT) traversal. To handle low success ratio of the existing NAT traversal algorithm, UPnP-STUN (UPUN) and port-mapping sample estimation (PMSE) algorithm are recommended in this paper. UPUN is the combination of UPnP and STUN, and PMSE utilizes port mapping samples added by symmetric NAT for different sessions to estimate regularity of port mapping of symmetric NAT, which takes advantage of the Bernoulli law of large numbers. Besides, for the situation that both peers are behind NAT, and to handle heavy relay server load when many inner peers want to communicate with each other, a peer auxiliary-relay (PAR) algorithm is presented. PAR lets outer peers with sufficient bandwidth act as relay servers to alleviate pressure of real server, which could avoid NAT traversal failure caused by single point failure of relay server. Finally, experiments show that the proposed algorithms could improve the success ratio significantly for NAT traversal in P2P streaming application as well as improve P2P streaming application applicability.展开更多
Malicious attacks can be launched by misusing the network address translation technique as a camouflage.To mitigate such threats,network address translation identification is investigated to identify network address t...Malicious attacks can be launched by misusing the network address translation technique as a camouflage.To mitigate such threats,network address translation identification is investigated to identify network address translation devices and detect abnormal behaviors.However,existingmethods in this field are mainly developed for relatively small-scale networks and work in an offline manner,which cannot adapt to the real-time inference requirements in high-speed network scenarios.In this paper,we propose a flexible and efficient network address translation identification scheme based on actively measuring the distance of a round trip to a target with decremental time-tolive values.The basic intuition is that the incoming and outgoing traffic froma network address translation device usually experiences the different number of hops,which can be discovered by probing with dedicated time-to-live values.We explore a joint effort of parallel transmission,stateless probes,and flexible measuring reuse to accommodate the efficiency of the measuring process.We further accelerate statistical countingwith a new sublinear space data structure Bi-sketch.We implement a prototype and conduct real-world deployments with 1000 volunteers in 31 Chinese provinces,which is believed to bring insight for ground truth collection in this field.Experiments onmulti-sources datasets show that our proposal can achieve as high precision and recall as 95%with a traffic handling throughput of over 106 pps.展开更多
The transition from IPv4 to IPv6 is doomed to be a long process. The network Address translation (NAT) technology is used very popularly in IPv4 network to make up the shortage of network address. It is a desiderate...The transition from IPv4 to IPv6 is doomed to be a long process. The network Address translation (NAT) technology is used very popularly in IPv4 network to make up the shortage of network address. It is a desiderated problem to make the users behind NAT gateway to access to IPv6 networks. By studying the transition technology from IPv4 to IPv6 and introducing NAT technology in IPv6, a scenario is put forward through 6to4 tunnel The scenario is implemented and the gateway system's performance is analyzed.展开更多
This paper presents a creative wireless LAN (WLAN) bridging solution, concentrating on the overall realization of a well designed interconnection. This solution integrates effective traffic insulation, intended access...This paper presents a creative wireless LAN (WLAN) bridging solution, concentrating on the overall realization of a well designed interconnection. This solution integrates effective traffic insulation, intended access control, and required address translation without interfering with the vested interest of internet service provider (ISP). The specific solution can be widely applied on the campus-dorm (off campus)-ISP internetworking mode, where it is hard to implement wired link between campus network and dorm network in terms of cost and existing environmental constraints.展开更多
GPUs are widely used in modem high-performance computing systems.To reduce the burden of GPU programmers,operating system and GPU hardware provide great supports for shared virtual memory,which enables GPU and CPU to ...GPUs are widely used in modem high-performance computing systems.To reduce the burden of GPU programmers,operating system and GPU hardware provide great supports for shared virtual memory,which enables GPU and CPU to share the same virtual address space.Unfortunately,the current SIMT execution model of GPU brings great challenges for the virtual-physical address translation on the GPU side,mainly due to the huge number of virtual addresses which are generated simultaneously and the bad locality of these virtual addresses.Thus,the excessive TLB accesses increase the miss ratio of TLB.As an attractive solution,Page Walk Cache(PWC)has received wide attention for its capability of reducing the memory accesses caused by TLB misses.However,the current PWC mechanism suffers from heavy redundancies,which significantly limits its efficiency.In this paper,we first investigate the facts leading to this issue by evaluating the performance of PWC with typical GPU benchmarks.We find that the repeated L4 and L3 indices of virtual addresses increase the redundancies in PWC,and the low locality of L2 indices causes the low hit ratio in PWC.Based on these observations,we propose a new PWC structure,namely Compressed Page Walk Cache(CPWC),to resolve the redundancy burden in current PWC.Our CPWC can be organized in either direct-mapped mode or set-associated mode.Experimental results show that CPWC increases by 3 times over TPC in the number of page table entries,increases by 38.3%over PWC in L2 index hit ratio and reduces by 26.9%in the memory accesses of page tables.The average memory accesses caused by each TLB miss is reduced to 1.13.Overall,the average IPC can improve by 25.3%.展开更多
End hopping is one of the good methods to defend against network attack,but has problems with network address translation(NAT) because packets sent from an unknown endpoint would be dropped by NAT.To avoid the dropp...End hopping is one of the good methods to defend against network attack,but has problems with network address translation(NAT) because packets sent from an unknown endpoint would be dropped by NAT.To avoid the dropping of packets,we propose a punching scheme:a client sends a punching packet to create mapping rules in NAT,so that the packets from the server would be able to pass through effectively with such rules.In this paper,some preliminaries and definitions are provided for building the model of end hopping.Then we discuss the main reason of such packet dropping and specify all the failure situations based on the model.What's more,we analyze how the punching scheme helps end hopping cross NAT.Finally,we validate the feasibility of this scheme with empirical results:if the client is behind a NAT and with punching scheme,the service rate increases to 100%.Therefore,our proposed scheme can greatly improve the performance of crossing NAT in end hopping with little security and computational overhead.展开更多
Page migration has long been adopted in hybrid memory systems comprising dynamic random access memory(DRAM)and non-volatile memories(NVMs),to improve the system performance and energy efficiency.However,page migration...Page migration has long been adopted in hybrid memory systems comprising dynamic random access memory(DRAM)and non-volatile memories(NVMs),to improve the system performance and energy efficiency.However,page migration introduces some side effects,such as more translation lookaside buffer(TLB)misses,breaking memory contiguity,and extra memory accesses due to page table updating.In this paper,we propose superpagefriendly page table called SuperPT to reduce the performance overhead of serving TLB misses.By leveraging a virtual hashed page table and a hybrid DRAM allocator,SuperPT performs address translations in a flexible and efficient way while still remaining the contiguity within the migrated pages.展开更多
基金Supported by the Nat/onal Science and Technology Support Projects of China(No. 2008BAH28B04) and the National Natural Science Foundation of China _(No..60903218F0208) andthe National High Technology Research and Development Programme of China (No. 2008AA01A317)
文摘P2P streaming application must realize network address translation (NAT) traversal. To handle low success ratio of the existing NAT traversal algorithm, UPnP-STUN (UPUN) and port-mapping sample estimation (PMSE) algorithm are recommended in this paper. UPUN is the combination of UPnP and STUN, and PMSE utilizes port mapping samples added by symmetric NAT for different sessions to estimate regularity of port mapping of symmetric NAT, which takes advantage of the Bernoulli law of large numbers. Besides, for the situation that both peers are behind NAT, and to handle heavy relay server load when many inner peers want to communicate with each other, a peer auxiliary-relay (PAR) algorithm is presented. PAR lets outer peers with sufficient bandwidth act as relay servers to alleviate pressure of real server, which could avoid NAT traversal failure caused by single point failure of relay server. Finally, experiments show that the proposed algorithms could improve the success ratio significantly for NAT traversal in P2P streaming application as well as improve P2P streaming application applicability.
基金The work is supported by the National Key Research and Development Program of China(2018YFB1800202)the NUDT Research Grants(No.ZK19-38).
文摘Malicious attacks can be launched by misusing the network address translation technique as a camouflage.To mitigate such threats,network address translation identification is investigated to identify network address translation devices and detect abnormal behaviors.However,existingmethods in this field are mainly developed for relatively small-scale networks and work in an offline manner,which cannot adapt to the real-time inference requirements in high-speed network scenarios.In this paper,we propose a flexible and efficient network address translation identification scheme based on actively measuring the distance of a round trip to a target with decremental time-tolive values.The basic intuition is that the incoming and outgoing traffic froma network address translation device usually experiences the different number of hops,which can be discovered by probing with dedicated time-to-live values.We explore a joint effort of parallel transmission,stateless probes,and flexible measuring reuse to accommodate the efficiency of the measuring process.We further accelerate statistical countingwith a new sublinear space data structure Bi-sketch.We implement a prototype and conduct real-world deployments with 1000 volunteers in 31 Chinese provinces,which is believed to bring insight for ground truth collection in this field.Experiments onmulti-sources datasets show that our proposal can achieve as high precision and recall as 95%with a traffic handling throughput of over 106 pps.
文摘The transition from IPv4 to IPv6 is doomed to be a long process. The network Address translation (NAT) technology is used very popularly in IPv4 network to make up the shortage of network address. It is a desiderated problem to make the users behind NAT gateway to access to IPv6 networks. By studying the transition technology from IPv4 to IPv6 and introducing NAT technology in IPv6, a scenario is put forward through 6to4 tunnel The scenario is implemented and the gateway system's performance is analyzed.
文摘This paper presents a creative wireless LAN (WLAN) bridging solution, concentrating on the overall realization of a well designed interconnection. This solution integrates effective traffic insulation, intended access control, and required address translation without interfering with the vested interest of internet service provider (ISP). The specific solution can be widely applied on the campus-dorm (off campus)-ISP internetworking mode, where it is hard to implement wired link between campus network and dorm network in terms of cost and existing environmental constraints.
基金This paper was supported by the National Natural Science Fundation of China(Grant No.61972407).
文摘GPUs are widely used in modem high-performance computing systems.To reduce the burden of GPU programmers,operating system and GPU hardware provide great supports for shared virtual memory,which enables GPU and CPU to share the same virtual address space.Unfortunately,the current SIMT execution model of GPU brings great challenges for the virtual-physical address translation on the GPU side,mainly due to the huge number of virtual addresses which are generated simultaneously and the bad locality of these virtual addresses.Thus,the excessive TLB accesses increase the miss ratio of TLB.As an attractive solution,Page Walk Cache(PWC)has received wide attention for its capability of reducing the memory accesses caused by TLB misses.However,the current PWC mechanism suffers from heavy redundancies,which significantly limits its efficiency.In this paper,we first investigate the facts leading to this issue by evaluating the performance of PWC with typical GPU benchmarks.We find that the repeated L4 and L3 indices of virtual addresses increase the redundancies in PWC,and the low locality of L2 indices causes the low hit ratio in PWC.Based on these observations,we propose a new PWC structure,namely Compressed Page Walk Cache(CPWC),to resolve the redundancy burden in current PWC.Our CPWC can be organized in either direct-mapped mode or set-associated mode.Experimental results show that CPWC increases by 3 times over TPC in the number of page table entries,increases by 38.3%over PWC in L2 index hit ratio and reduces by 26.9%in the memory accesses of page tables.The average memory accesses caused by each TLB miss is reduced to 1.13.Overall,the average IPC can improve by 25.3%.
基金Supported by the National Natural Science Foundation of China (60973141,61272423)the Specialized Research Fund for the Doctoral Program of Higher Education of China (20100031110030)the Funds of Key Lab of Fujian Province University Network Security and Cryptology (2011004)
文摘End hopping is one of the good methods to defend against network attack,but has problems with network address translation(NAT) because packets sent from an unknown endpoint would be dropped by NAT.To avoid the dropping of packets,we propose a punching scheme:a client sends a punching packet to create mapping rules in NAT,so that the packets from the server would be able to pass through effectively with such rules.In this paper,some preliminaries and definitions are provided for building the model of end hopping.Then we discuss the main reason of such packet dropping and specify all the failure situations based on the model.What's more,we analyze how the punching scheme helps end hopping cross NAT.Finally,we validate the feasibility of this scheme with empirical results:if the client is behind a NAT and with punching scheme,the service rate increases to 100%.Therefore,our proposed scheme can greatly improve the performance of crossing NAT in end hopping with little security and computational overhead.
文摘Page migration has long been adopted in hybrid memory systems comprising dynamic random access memory(DRAM)and non-volatile memories(NVMs),to improve the system performance and energy efficiency.However,page migration introduces some side effects,such as more translation lookaside buffer(TLB)misses,breaking memory contiguity,and extra memory accesses due to page table updating.In this paper,we propose superpagefriendly page table called SuperPT to reduce the performance overhead of serving TLB misses.By leveraging a virtual hashed page table and a hybrid DRAM allocator,SuperPT performs address translations in a flexible and efficient way while still remaining the contiguity within the migrated pages.