Satadal “Sata” Sengupta

Round-trip time (RTT) can reveal emerging congestion, application slowdown, and routing attacks, but end hosts alone are often too limited or too slow to act on it effectively. Endpoints see only their own flows, while the network can observe many flows together and control them from a broader vantage point. By the time endpoints react, the impact on user experience or security may already be done. However, measuring RTT continuously from within the network is difficult at scale. TCP presents a natural opportunity to compute RTT continuously because it acknowledges data packets as part of reliable delivery. Yet those same mechanisms for reliability and efficiency also complicate the task: some (retransmission, reordering) make it hard to match the right packets for RTT computation, while others (cumulative acknowledgments) make it hard to know when stale packet records can be evicted to reclaim memory. DART addresses both challenges by keeping a short summary for each flow and only a few detailed packet records, allowing it to measure RTT continuously within the tight memory limits of terabit-scale programmable switches. DART is the first system to measure RTT continuously, accurately, and at scale from within the network, enabling real-time intervention. Evaluated on campus traffic, DART recovered 99% of the RTT samples produced by an offline software baseline.

Long-distance BGP hijacks can reroute user traffic through unintended jurisdictions, exposing it to surveillance and bypassing legal privacy protections. Attackers often need only a few seconds of diverted traffic to infer browsing activity or steal credentials and other sensitive information, so rapid detection is essential. Yet existing control-plane-based defenses can miss these attacks or respond too slowly. HiDe instead detects long-distance hijacks from within the network by using passively monitored RTT as a real-time signal of suspicious route changes. This works because large geographic detours necessarily inflate propagation delay, and we show that this signal applies to most cross-country attacks in practice. However, turning RTT into an accurate detector is difficult: even benign conditions such as congestion can cause large delay variation. HiDe addresses this challenge by using the minimum RTT per prefix as a denoised signal and applying hardware-friendly change detection to identify suspicious route changes. Implemented on a programmable switch, HiDe detected ethically conducted real-world hijacks within 500 ms and maintained a false-positive rate below 0.012% on 12 hours of campus traffic.

Selective forwarding units (SFUs) are the core building block of modern video-conferencing systems: they relay media among participants and adapt media quality to match each receiver's network conditions. Their workloads are highly dynamic as users join or leave meetings, mute or unmute, start or stop screen sharing, and so on. As demand for video conferencing rises, today's software SFUs can become a bottleneck, introducing jitter and degraded media quality and threatening to become increasingly costly to scale in the future. Scallop starts from the observation that the most frequent, latency-sensitive SFU tasks—such as packet replication and selective forwarding—closely resemble traditional packet-processing operations. It leverages this insight through a hardware-software co-design implemented on programmable switches and SmartNICs: high-volume media operations run on network hardware, while infrequent control tasks such as rate control and session management remain in software. Despite the challenges of efficient replication, per-receiver media adaptation, and preserving backward compatibility with existing browser clients, Scallop's switch prototype handles 99% of bytes entirely in hardware, supports up to 128,000 concurrent meetings on a single switch, and improves scaling by 10-200x over a 32-core commodity server at the same cost.