Marco Chiesa

Position:

Assistant Professor cv

E-mail:

mchiesakth.se

Office directions:

Electrum Building, 4th floor
Room 13.0 (in front of Reno)
How to reach Electrum? Maps
Where is my room? PDF

Regular mail:

Kistagången 16
164 40, Kista
Sweden

I am an Assistant Professor in the Network System Lab group of the Software and Computer Systems department at the KTH Royal Institute of Technology.

My research interests lie in computer networking and, more specifically, in aspects of Internet protocols and architectures ranging from security and privacy to network design and optimization, including Software Defined Networking (SDN) approaches to these challenges, next-generation Internet eXchange Points (IXPs), and beyond.

Prior to join KTH, I was a postdoctoral researcher in the INL networking group at the Université catholique de Louvain, supervised by Marco Canini, and a postdoctoral researcher at the Hebrew University of Jerusalem supervised by Michael Schapira. In 2013, I was a visiting scholar in the Berkeley NetSys Lab at the University of Berkeley supervised by Scott Shenker. I received my Ph.D. from Roma Tre University in 2014, advised by Prof. Giuseppe Di Battista. I was involved in the ENDEAVOUR (H2020 EU funded) project, intended to bring Software-Defined Networking (SDN) functionality to inter-domain routing on the Internet.

News


Key themes: Machine learning, programmable networks, high-speed forwarding, SDN, P4

Thwarting cyberattacks is a complex problem. Traditional network technologies are not designed to learn how to distinguish legitimate traffic from malicious one but rather to forward traffic towards their destinations at the highest possible speed. In this project, called EMERGENCE, we will overcome the aforementioned challenges by designing, implementing, and deploying the first ML framework tailored for high-speed real-time network cybersecurity applications. The project is highly interdisciplinary, requiring in-depth knowledge from the fields of machine learning and network systems. To analyze the inherent volatile nature of Internet traffic, EMERGENCE will study novel scientific approaches to extract information from high-speed network devices at increasing levels of granularity.

Start/end date: 01 Jan 2021 - 31 Dec 2022

Budget: 2M SEK (200K EUR)

Other partners: RISE

Funding body: KTH Digital Futures

Key themes: Machine learning, data lab, telecommunication digital data

The objective of SE-CAID is to deploy a national telecom and digitalization data lab that broadly supports industrial and academic R&D, allowing for industries, SMEs and academia to share a broad range of telecom data and AI models. SE-CAID will be focused on: 1) building a platform and API that allows for open and controlled access of data (in distributed and centralised way) and 2) developing a process to handle the legal aspects of sharing data that does not fall into the category of open data sets.

Start/end date: 06 Dec 2019 - 05 Dec 2021

Budget: 4.5M SEK (450K EUR)

Other partners: RISE, Lund University, Ericsson, STOKAB

Funding body: Vinnova

Key themes: Programmable switches, layer-4 load balancing, P4, SDN, QUIC, TCP

Large service providers use load balancers to dispatch millions of incoming connections per second towards thousands of servers. There are two basic yet critical requirements for a load balancer: uniform load distribution of the incoming connections across the servers and per-connection-consistency (PCC), i.e., the ability to map packets belonging to the same connection to the same server even in the presence of changes in the number of active servers and load balancers. Yet, meeting both these requirements at the same time has been an elusive goal. Today’s load balancers minimize PCC violations at the price of non-uniform load distribution.
Our objective is to build highly efficient load balancer mechanisms that enable arbitrary server selection mechanisms and guarantee PCC. Check our ongoing efforts below.

View on GitHub » Read about our Cheetah LB » Watch the Cheetah talk »

Read about our CrossRSS LB »

Key themes: Internet Exchange Point, SDN, BGP, Network Management

The focus of the project is to enable added-value services to be provided thanks to Software-Defined Networking (SDN), on top of Internet Exchange Points and other network interconnnection fabrics. The services would relate not only to the flexibility of the interconnection fabric, but most importantly to enable the content and data center ecosystem that is present at the interconnection fabric to collaborate. The ultimate goal is to create a service marketplace on top of the ecosystem composed of Cloud/data centers, networked applications, and the interconnection fabric.

The objective of ENDEAVOUR is to address current limitations of the Internet interconnection model, as well as to open the opportunity for novel services, creating the possibility for new economic models around the created ecosystems.

Read our use case paper »

Website: www.h2020-endeavour.eu

Start/end date: 01/01/2015 - 31/12/2017

Budget: 4.2M EUR

Other partners: Queen Mary University of London, University of Cambridge, DE-CIX, LAAS-CNRS, IBM Zurich

Funding body: EU Horizon 2020

Key themes: Internet Exchange Point, BGP, privacy preservation

Internet eXchange Points (IXPs), where a quickly increasing number of networks exchange routing information, play an ever growing role in Internet inter-connection. To facilitate the exchange of routes among their members, IXPs provide Route Server (RS) services to dispatch the routes according to each member's peering policies. Nowadays, to make use of RSes, these policies must be disclosed to the IXP. This poses fundamental questions regarding the privacy guarantees of route-computation on confidential business information. Indeed, as evidenced from interaction with IXP administrators, and survey of network operators, this state of affairs raises privacy concerns among network administrators and even deters some networks from subscribing to RS services. We design an RS service that leverages Secure Multi-Party Computation (SMPC) techniques to keep peering policies confidential, while maintaining, and even extending, the functionalities of today's RSes. We assess the effectiveness and scalability of our system by evaluating a prototype implementation using traces of data from one of the largest IXPs in the world. Our evaluation results indicate that our RS system can scale to support privacy-preserving route-computation even at IXPs with many hundreds of member networks.

View on BitBucket » Read our short paper » Watch our talk »

Join work with : Marco Canini (KAUST), Daniel Demmler (TU Darmstadt), Michael Schapira (HUJI), Thomas Schneider, (TU Darmstadt)

Key themes: Traffic Engineering, SDN, traffic uncertainty

To optimize the flow of traffic in IP networks, operators do traffic engineering (TE), i.e., tune routing-protocol parameters in response to traffic demands. TE in IP networks typically involves configuring static link weights and splitting traffic between the resulting shortest-paths via the Equal-Cost-MultiPath (ECMP) mechanism. Unfortunately, ECMP is a notoriously cumbersome and indirect means for optimizing traffic flow, often leading to poor network performance. Also, obtaining accurate knowledge of traffic demands as the input to TE is elusive, and traffic conditions can be highly variable, further complicating TE. We leverage recently proposed schemes for increasing ECMP's expressiveness via carefully disseminated bogus information ("lies") to design COYOTE, a readily deployable TE scheme for robust and efficient network utilization. COYOTE leverages new algorithmic ideas to configure (static) traffic splitting ratios that are optimized with respect to all (even adversarially chosen) traffic scenarios within the operator's "uncertainty bounds". Our experimental analyses show that COYOTE significantly outperforms today's prevalent TE schemes in a manner that is robust to traffic uncertainty and variation. We discuss experiments with a prototype implementation of COYOTE.

Read our short paper »

Joint work with: Gábor Rétvári (Budapest University of Technology and Economics), Michael Schapira (HUJI)

Key themes: SDN, robustness, resiliency, fast failover

Fast Reroute (FRR) and other forms of immediate failover have long been used to recover from certain classes of failures without invoking the network control plane. While the set of such techniques is growing, the level of resiliency to failures that this approach can provide is not adequately understood. In this paper, we embarked upon a systematic algorithmic study of the resiliency of forwarding tables in a variety of models (i.e., deterministic/probabilistic routing, with packet-header-rewriting, with packet-duplication). Our results show that the resiliency of a routing scheme depends on the ``connectivity'' $k$ of a network, i.e., the minimum number of link deletions that partition a network. We complement our theoretical result with extensive simulations. We show that resiliency to $4$ simultaneous link failures, with limited path stretch, can be achieved without any packet modification/duplication or randomization. Furthermore, our routing schemes provide resiliency against $k-1$ failures, with limited path stretch, by storing $\log(k)$ bits in the packet header, with limited packet duplication, or with randomized forwarding technique.

Read our full paper »

Joint work with: Andrei Gurtov (Linkoping), Aleksander Madry (MIT), Slobodan Mitrovic (EPFL), Ilya Nikolaevskiy (Aalto), Aurojit Panda (UC Berkeley), Michael Schapira (HUJI), Scott Shenker (ICSI/UC Berkeley)

Key themes: Traffic Engineering, ECMP, computational complexity

To efficiently exploit network resources operators do traffic engineering (TE), i.e., adapt the routing of traffic to the prevailing demands. TE in large IP networks typically relies on configuring static link weights and splitting traffic between the resulting shortest-paths via the Equal-Cost-MultiPath (ECMP) mechanism. Yet, despite its vast popularity, crucial operational aspects of TE via ECMP are still little-understood from an algorithmic viewpoint. We embark upon a systematic algorithmic study of TE with ECMP. We first consider the standard “splittable-flow” model of TE with ECMP, put forth in [18]. We settle a long-standing open question by proving that, in general, even approximating the optimal link-weight configuration for ECMP within any constant ratio is an intractable feat. We also initiate the analytical study of TE with ECMP on specific network topologies and, in particular, datacenter networks. We prove that while TE with ECMP remains suboptimal and computationallyhard for hypercube networks, ECMP can, in contrast, provably achieve optimal traffic flow for the important category of folded Clos networks. We next investigate the approximability of TE with ECMP in the more realistic “unsplittable-flow” model and present upper and lower bounds for scheduling “elephant” flows on top of ECMP (as in, e.g., Hedera [4]). Our results complement and shed new light on past experimental and empirical studies of the performance of TE with ECMP.

Read our full paper »

Joint work with: Guy Kindler (HUJI), Michael Schapira (HUJI)


  1. What you need to know about (Smart) Network Interface Cards
    In Passive and Active Measurement conference (PAM), 2021 . To Appear.
    G. Katsikas, T. Barbette, M. Chiesa, D. Kostic, G. Q. Maguire Jr
    [ Code]
  2. A Survey of Fast Recovery Mechanisms in the Data Plane
    In IEEE Communications Surveys and Tutorials (COMST), 2021. To appear.
    M. Chiesa, A. Kamisinski, J. Rak, G. Retvari, S. Schmid
    [ Technical report]
  3. Fast ReRoute on Programmable Switches
    In IEEE/ACM Transactions on Networking (ToN), 2021. To Appear
    M. Chiesa, R. Sedar, G. Antichi, M. Borokhovich, A. Kamisiński, G. Nikolaidis, S. Schmid
    [ Pre-print] [ Code]
  4. Extended abstract: Stateless CPU-aware Datacenter Load-Balancing
    In ACM International Conference on emerging Networking EXperiments and Technologies (Conext Posters), 2020
    T. Barbette, M. Chiesa, G. Q. Maguire Jr, D. Kostic.
    [ PDF]
  5. A High-Speed Load-Balancer Design with Guaranteed Per-Connection-Consistency
    In USENIX Symposium on Networked Systems Design and Implementation (NSDI), 2020
    T. Barbette, C. Tang, H. Yao, D. Kostic, G. Q. Maguire Jr., P. Papadimitratos, M. Chiesa
    [ PDF] [ Video] [Slides] [ Code] [ Facebook Networking Systems research runner-up award]
  6. A Survey on the Current Internet Interconnection Practices
    In ACM SIGCOMM Computer Communication Review (CCR), 2020
    P. Marcos, M. Chiesa, C. Dietzel, M. Canini, M. Barcellos.
    [ PDF]
  7. Path persistence in the cloud: A study of the effects of inter-region traffic engineering in a large cloud provider's network
    In ACM SIGCOMM Computer Communication Review (CCR), 2020
    W. Reda, K. Bogdanov, A. Milolidakis, H. Ghasemirahni, M. Chiesa, G. Q. Maguire Jr., D. Kostic.
    [ PDF] [Talk at RIPE] [ Code] [ APNIC coverage]
  8. Normal Forms for Match-Action Programs
    In ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT), 2019
    F. Nemeth, M. Chiesa, G. Retvari
    [ PDF]
  9. PURR: A Primitive for Reconfigurable Fast Reroute
    In ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT), 2019
    M. Chiesa, R. Sedar, G. Antichi, M. Borokhovich, A. Kamisiński, G. Nikolaidis, S. Schmid
    [ PDF] [ Code] [Slides]
  10. Dynam-IX: a Dynamic Interconnection eXchange
    In ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT), 2018
    P. Marcos, M. Chiesa, L. Muller, P. Kathiravelu, C. Dietzel, M. Canini, M. Barcellos
    [ PDF] [ Short video] [ Talk at RIPE] [ Code] [ Website]
  11. Prelude: Ensuring Inter-Domain Loop-Freedom in SDN-Enabled Networks
    In Asia-Pacific Workshop on Networking (APNet), 2018
    A. Dethise, M. Chiesa, M. Canini
    [ PDF]
  12. Supporting Emerging Applications With Low-Latency Failover in P4
    In ACM Workshop on Networking for Emerging Applications and Technologies (NEAT), 2018
    R. Sedar, M. Borokhovich, M. Chiesa, G. Antichi, S. Schmid
    [ PDF]
  13. Oblivious Routing in IP Networks
    In IEEE/ACM Transactions on Networking (ToN), 2018
    M. Chiesa, G. Retvari, M. Schapira
    [ PDF] [ Code]
  14. Moving Bits with a Fleet of Shared Virtual Routers
    In IEEE/IFIP Networking 2018
    P. Kathiravelu, M. Chiesa, P. Marcos, M. Canini, L. Veiga
    [ PDF]
  15. TI-MFA: Keep Calm and Reroute Segments Fast
    In IEEE Global Internet Symposium (GI), 2018
    K. Foerster, M. Parham, M. Chiesa, S. Schmid
    [ PDF] [Slides]
  16. SIXPACK: Securing Internet eXchange Points Against Curious onlooKers
    In ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT), 2017
    M. Chiesa, D. Demmler, M. Canini, M. Schapira, T. Schneider
    [ PDF] [ Slides PDF] [ Code] [ Website]
  17. ENDEAVOUR: A Scalable SDN Architecture for Real-World IXPs
    In IEEE Journal of Selected Areas in Communications (JSAC), Special issue on Emerging Technologies in Software-driven Communication, 2017
    G. Antichi, I. Castro, M. Chiesa, E. Fernandes, R. Lapeyrade, D. Kopp, J. Han, M. Bruyere, C. Dietzel, M. Gusat, A. W. Moore, P. Owezarski, S. Uhlig, M. Canini
    [ PDF] [ Code] [ Website]
  18. Extended abstract: Privacy-Preserving Detection of Inter-Domain SDN Rules Overlaps
    In ACM SIGCOMM Posters and Demos, 2017
    A. Dethise, M. Chiesa, M. Canini
    [ Extended Abstract] [ Poster]
  19. Demo: SDN-enabled Traffic Engineering and Advanced Blackholing at IXPs
    In ACM Symposium on SDN Research (SOSR) Posters and Demos, 2017
    C. Dietzel, G. Antichi, I. Castro, E. Fernandes, M. Chiesa
    [ Extended abstract] [ Poster]
  20. Decentralized Fast Consistent Updates
    In ACM Symposium on SDN Research (SOSR), 2017
    T. D. Nguyen, M. Chiesa, M. Canini
    [ PDF] [ Technical Report] [ Code]
  21. PrIXP: Preserving the Privacy of Routing Policies at Internet eXchange Points
    In IFIP/IEEE International Symposium on Integrated Network Management (IM), 2017
    M. Chiesa, R. di Lallo, G. Lospoto, H. Mostafaei, M. Rimondini, G. Di Battista
    [ Pre-print]
  22. On the Resiliency of Static Forwarding Tables
    In IEEE/ACM Transactions on Networking (ToN), 2017
    M. Chiesa, I. Nikolaevskiy, S. Mitrovic, A. Gurtov, A. Madry, M. Schapira, S. Shenker
    [ Pre-print]
  23. Traffic engineering with Equal-Cost-Multipath: An algorithmic perspective
    In IEEE/ACM Transactions on Networking (ToN), 2017
    M. Chiesa, G. Kindler, M. Schapira
    [ Pre-print] [ Code] [ IEEE William R. Bennett Prize]
  24. Lying Your Way to Better Traffic Engineering
    In ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT), 2016
    M. Chiesa, G. Retvari, M. Schapira
    [ PDF] [ Slides] [ Code]
  25. Towards Decentralized Fast Consistent Updates
    In IETF Applied Networking Research Workshop (ANRW), 2016
    T. D. Nguyen, M. Chiesa, M. Canini
    [ PDF] [ Slides]
  26. Extended abstract: Towards Securing Internet eXchange Points Against Curious onlooKers
    In IETF Applied Networking Research Workshop (ANRW) Posters, 2016
    M. Chiesa, D. Demmler, M. Canini, M. Schapira, T. Schneider
    [ PDF] [ Poster] [ Slides]
  27. Inter-domain Networking Innovation on Steroids: Empowering IXPs with SDN Capabilities
    In IEEE Communications Magazine (COMMAG) special issue on SDN Use Cases for Service Provider Networks, 2016
    M. Chiesa, C. Dietzel, G. Antichi, M. Bruyere, I. Castro, M. Gusat, T. King, A. W. Moore, T. D. Nguyen, P. Owezarski, S. Uhlig, M. Canini
    [ PDF]
  28. On the Resiliency of Randomized Routing Against Multiple Edge Failures
    In International Colloquium on Automata, Languages, and Programming (ICALP), 2016
    M. Chiesa, A. Gurtov, A. Madry, S. Mitrovic, I. Nikolaevskiy, M. Schapira, S. Shenker
    [ PDF] [ Technical Report on ArXiv] [ Slides]
  29. The Quest for Resilient (Static) Forwarding Tables
    In IEEE International Conference on Computer Communications (INFOCOM), 2016
    M. Chiesa, I. Nikolaevskiy, S. Mitrovic, A. Gurtov and A. Madry, A. Panda, M. Schapira, S. Shenker
    [ Pre-print] [ Technical Report on ArXiv] [ Slides]
  30. Computational Complexity of Traffic Hijacking under BGP and S-BGP
    In Theoretical Computer Science (TCS), 2015
    M. Chiesa, G. Di Battista, T. Erlebach, M. Patrignani
    [ Technical report]
  31. Analysis of Country-wide Internet Outages Caused by Censorship
    In IEEE/ACM Transactions on Networking (ToN), 2014
    A. Dainotti, C. Squarcella, E. Aben, K. C. Claffy, M. Chiesa, M. Russo, A. Pescape'
    [ PDF]
  32. The Role of Routing Policies in the Internet: Stability, Security, and Load-Balancing
    Doctoral Thesis, Universita' degli Studi di Roma ``Roma Tre'', Dottorato di Ricerca in Ingegneria, Sezione Informatica ed Automazione, XXVI Ciclo, 2014
    M. Chiesa
    [ Thesis (PDF)] [ Presentation (PDF)]
  33. Intra-Domain Routing with Pathlets
    In Computer Communications (COMCOM), 2014
    M. Chiesa, G. Lospoto, M. Rimondini, G. Di Battista
    [ Technical report]
  34. Traffic engineering with Equal-Cost-Multipath: An algorithmic perspective
    In IEEE International Conference on Computer Communications (INFOCOM), 2014
    M. Chiesa, G. Kindler, M. Schapira
    [ Full Paper] [ Presentation at INFOCOM'14 ]
  35. On the Area Requirements of Euclidean Minimum Spanning Trees
    In Computational Geometry: Theory and Applications (CGTA), 2014. Special Issue on Selected Papers from WADS '11.
    P. Angelini, T. Bruckdorfer, M. Chiesa, F. Frati, M. Kaufmann, C. Squarcella
  36. Using Routers to Build Logic Circuits: How Powerful is BGP?
    In IEEE International Conference on Network Protocols (ICNP), 2013
    M. Chiesa, L. Cittadini, L. Vanbever, S. Vissicchio, G. Di Battista
    [ Presentation at ICNP'13 ] [ Best Paper]
  37. Intra-Domain Pathlet Routing
    In IEEE International Conference on Computer Communications and Networks (ICCCN), 2013
    M. Chiesa, G. Lospoto, M. Rimondini, G. Di Battista
    [ Technical report] [ Presentation at ICCCN'13]
  38. Computational Complexity of Traffic Hijacking under BGP and S-BGP
    In International Colloquium on Automata, Languages and Programming (ICALP), 2012
    M. Chiesa, G. Di Battista, T. Erlebach, M. Patrignani
    [ Technical report] [ Presentation at ICALP'12]
  39. Analysis of Country-wide Internet Outages Caused by Censorship
    In ACM Internet Measurement Conference (IMC), 2011
    A. Dainotti, C. Squarcella, E. Aben, K. C. Claffy, M. Chiesa, M. Russo, A. Pescape'
    [ PDF] [ IETF/ANRP prize]
  40. On the Area Requirements of Euclidean Minimum Spanning Trees
    In Algorithms and Data Structures Symposium (WADS), 2011
    P. Angelini, T. Bruckdorfer, M. Chiesa, F. Frati, M. Kaufmann, C. Squarcella
  41. Local Transit Policies and the Complexity of BGP Stability Testing
    In IEEE International Conference on Computer Communications (INFOCOM), 2011
    M. Chiesa, L. Cittadini, G. Di Battista, S. Vissicchio
    [ Presentation at INFOCOM'11]

White to move. What is the best continuation to this brilliant chess puzzle?

You are forced to enter into a dark room. Inside the room, there is a table with $100$ non-overlapping coins placed on its surface. Each coin is either colored white or black. Once you enter the room, you cannot distinguish whether a coin has its upper side colored in black or white. You will be saved only if you will be able to partition the coins into two groups, each group with the same number of coins with the white side oriented upwards. You are allowed to flip the coins as many time as you want. Luckily, before entering the room, you overheard a vital information: 70 coins have their black side oriented upwards while the 30 remaining coins have their white side oriented upwards. Will you be able to survive?

There are $n$ prisoners serving a long-time sentence. One day, the director of the prison communicates them that the day after they will be disposed in a row in such a way that each prisoner will only be able to see the prisoners in front of him. Each prisoner will be wearing a hat, without knowing it color, which can be either black or white. As such, each prisoner does not know the color of its hat but he can see the color of the hats of the prisoners in front of him. Starting from the latter prisoner (the one that sees all the other prisoners), each prisoner will be asked to loudly guess the color of its hat by saying either "white" or black". Everyone can hear the answers. The prisoner will be killed if it fails to guess the color of its hat and it will be saved otherwise. The prisoners decides to agree on the strategy that guarantees the maximum number of survivors. How many people will survive for certain the day after?