My name is Matteo and I'm Software Engineer at SysDig, working on SysDig Secure, Kubernetes security for enterprise cloud-native stacks.
Previously Research Assistant at Department of Control and Computer Engineering of Politecnico di Torino, Italy, where in 2016 I obtained the MS.c in Computer Engineer with the highest mark.
I've touched networking topics, dealing with eXpress Data Path (XDP) and eBPF technology, with particular attention to high performance, network programmability, SDN and Cloud Computing.
I'm core developer of Polycube, an Open Source framework to provide fast, in-kernel, virtualized network functions. My focus was also directed to study the feasibility and implementation of an eBPF based iptables version.
I spent some time visiting and collaborating with tech companies in Silicon Valley, as part of my research work.
In 2010, I participated in the Italian Olympics in Computer Science and I secured a bronze medal. I also took part in the International Collegiate Programming Contest - SWERC 2014 in Porto (Portugal) and SWERC 2013 Valencia (Spain).
I love cooking and photography.
Working on Sysdig Secure, Kubernetes security for enterprise cloud-native stacks.
Working on eBPF (Extended Berkeley Packet Filter) and XDP (eXpress DataPath) to build high-performance and scalable networking solutions for linux. Studying an eBPF-based clone of iptables. I'm core developer of Polycube an open source framework for build network functions with eBPF.
I collaborated with Nebbiolo Technologies to study, provide and deploy a virtual network solutions, using eBPF.
As part of my Master thesis, I spent some months visiting PLUMgrid, in Silicon Valley. I collaborated with smart and nice guys, with first hand knowledge of BPF and networing. I've learned a lot from them, while developing iovisor-ovn.
Development of a network analysis and diagnostic tool for Fiat Chrysler Automobiles.
This paper presents an eBPF-based firewall, bpf-iptables, which emulates the iptables filtering semantic while guaranteeing higher throughput outperforming other Linux-based firewalls particularly when a high number of rules is involved.
This paper presents an eBPF-based prototype, bpf-iptables, which emulates the iptables filtering semantic and exploits a more efficient matching algorithm. Our prototype outperforms iptables, particularly when a high number of rules is involved, without requiring custom kernels or invasive software frameworks.
This paper reports the first results of a project that aims at creating a (partial) clone of iptables, using the eBPF/XDP technology. This project assumes unmodified Linux kernel and guarantees the full compatibility (in terms of semantics and synxtax) with current iptables.
In this paper we summarize the most important lessons learned while exploiting eBPF to create complex network functions, presenting the most promising characteristics of this technology and the main encountered limitations.
Polycube is an open source framework to build fast network functions with XDP and eBPF
On top of that we built couple of applications:
Website: https://github.com/polycube-network/polycube
Iovisor-ovn is a network plugin for OpenStack, that provides a network layer based on bpf.
Website: https://github.com/iovisor/iovisor-ovn
Netdev 0x12, The Technical Conference on Linux Networking, Montreal (Canada), July 2018. Site, Paper, Slides, Video.
IOVisor Summit, Mountain View, CA, Feb 27th, 2017. Site, Slides.
2016 Fall Open vSwitch Conference, San Jose (CA, USA), Nov 7th, 2016. Site, Slides, Video.
Apart from being a developer, and tech passionate, I enjoy most of my time being outdoors. I love long walks, in my city, Turin, and also on beautiful Mountains surrounding north Italy and my hometown.
I always bring my camera with me, I'm a passionate photographer! I love cooking, it's my favourite hobby, it makes me feel better and satisfied. A friend of mine once said: "Matteo, your pasta is the best pasta ever."