IDC Network Design

Datacenter network design for private cloud and public cloud

MPLS-VPN MTU research in China Mobile IP private network

MPLS-VPN MTU research in China Mobile IP private network

OPEN-O in Novonet

NovoNet is the brand of future network in China Mobile. I works in this project to promote the field trail of OPEN-O in NoveNet

SDN Multi-tenancy and Serveice Chain

Design the SDN based DC Multi-tenancy and develop openation SDN App for VPC and Service Chain Services.

Traffic Engineering(TE) APP in SDN Controller

Design the SDN based DC Multi-tenancy and develop openation SDN App for VPC and Service Chain Services.

Zero Rating Service

Understanding Free-riding Attacks in Internet Zero-rating Services


enable end-to-end service agility across SDN, NFV, and legacy networks via a unified orchestration platform supporting NFV orchestration (NFVO and VNFM) and SDN orchestration.

Selected Publications

Zero-rating services provide users with free access to contracted or affiliated Content Providers (CPs), but also incur new types of free-riding attacks. Specifically, a malicious user can masquerade a zero-rating CP or alter an existing zero-rating communication to evade charges enforced by the Internet Service Provider (ISP). According to our study, major commercial ISPs, such as T-Mobile, China Mobile, and airport WiFi, are all vulnerable to such free-riding attacks. In this paper, we propose a secure, backward compatible, zero-rating framework, called ZFree, which only allows network traffic authorized by the correct CP to be zero-rated. We perform a formal security analysis using ProVerif, and the results show that ZFree is secure, i.e., preserving both packet integrity and CP server authenticity. We have implemented an open-source prototype of ZFree available at this repository ( A working demo is at this link ( Our evaluation shows that ZFree is lightweight, scalable and secure.
USENIX Security

Many Internet service providers offer zero-rating services for contracted or affiliated content providers to allow users to access specific contents via cellular or WiFi network free of charge. However, these kinds of servers are vulnerable and easy to compromise for free-riding. In this poster, we will focus on an analysis of the vulnerability of the mobile zero-rating network and introduces the demonstration of free-riding attack. In addition, we illustrate a survey of free-riding attack experiments on several real-world ISP via both unencrypted and encrypted traffic.

This document presents a Topology-Transparent Zone (TTZ) in an OSPF area. A TTZ comprises a group of routers and a number of links connecting these routers. Any router outside of the zone is not aware of the zone. A TTZ hides the internal topology of the TTZ from the outside. It does not directly advertise any internal information about the TTZ to a router outside of the TTZ. The information about the links and routers such as a link down inside the TTZ is not advertised to any router outside of the TTZ.


More Publications

Time Line