I work as a researcher with the Open Networking Lab as an architect and designer of XOS. I also teach at Comenius University and run Gee Whiz Stuff, an App Development Company, with a team scattered around the world. Previously, I spent eight years as a Researcher in the Computer Science department at Princeton University where I worked on Planet-Lab and related projects. Prior to that, I was a graduate student in PHOENIX, an INRIA research team. Still earlier, I worked on service architectures for the SIP protocol at Nokia Networks in Helsinki, Finland. In my days as an undergrad, I explored the subject of dietary abnormalities in Sciuridae Rodentia at the Indian Institute of Technology, Delhi.


XOS: An Extensible Cloud Operating System. Larry Peterson, Scott Baker, Andy Bavier, Sapan Bhatia, Jude Nelson, Mike Wawrzoniak, John Hartman BigSystem 2015

Wanted: Systems abstractions for SDN. Sapan Bhatia, Andy Bavier, Larry Peterson. HotOS XIV (2013)

Vsys: A programmable sudo. Sapan Bhatia, Andy Bavier, Larry Peterson, Thom Haddow, Steve Muir, Giovanni Di Stasi. Proceedings of the 2011 USENIX conference on USENIX annual technical conference. USENIX Association, 2011.
Featured on Slashdot.

sfatables: A Firewall-like Policy Engine for Federated Systems. Sapan Bhatia, Andy Bavier, Larry Peterson. Distributed Computing Systems (ICDCS), 2011 31st International Conference on. IEEE, 2011.

Lightweight, high-resolution monitoring for troubleshooting production systems. Sapan Bhatia, Abhishek Kumar, Marc Fiuczynski, Larry Peterson. Proceedings of the 8th USENIX conference on Operating Systems Design and Implementation (OSDI). USENIX Association, 2008.

Trellis: A platform for building flexible, fast virtual networks on commodity hardware. Sapan Bhatia, Murtaza Motiwala, Wolfgang Mühlbauer, Yogesh Mundada, Vytautas Valancius, Andy Bavier, Larry Peterson, Jennifer Rexford. Proceedings of the 2008 ACM CoNEXT Conference. ACM, 2008.

Remote specialization for efficient embedded operating systems. Sapan Bhatia, Charles Consel, and Calton Pu. ACM Transactions on Programming Languages and Systems (TOPLAS) 30.4 (2008): 22.

For older publications, please visit here.


XOS is an Operating System for distributed services.

PlanetLab recently switched over to using LXC, a container-based virutalization mechanism implemented natively in the Linux kernel. In the process of migrating our system, we have implemented some tools and kernel extensions to support the PlanetLab environment. If you use LXC in a production environment, then you might want to pay this page a visit. One of our goals was to avoid maintaining a custom kernel. Accordingly, all kernel extensions are implemented as loadable modules.

Lnprof is a log analysis tool that runs in the cloud. It is designed to aggregate ad-hoc log data from a large number of hosts and convert it into a format amenable to human inspection. Information can be navigated as a time series, with the number of nodes associated with a particular error or execution state on the y axis. Users can also "drill down" into states (e.g. kernel issues) and see specific details (e.g. networking issues in the kernel) as a time series.

Sfatables is a firewall-like administrative tool for federated systems. If you have resources in any form (host resources, bandwidth) and you would like to make them available to a third party without losing control over their use, then sfatables is for you.

Patch dependency analyzer. You specify the set of patches that you would like in your kernel, along with the set that you don't support and patchdep will compute the minimal subset of patches that you need along with the conflicts you need to resolve.

PlanetFlow2 is PlanetLab's Netflow collection and query system. It uses an extended version of fprobe to collect and store data, and silk-tools to archive and query it. Audits between 5-10 Terabytes of data every day.

VNET+ consists of an iptables match that associates packets with VM ids on PlanetLab; as well as additions to the network stack for using this association to filter traffic. The iptables match is available to all iptables targets and can be used for slice-specific filtering, policy routing etc.

vsys is to PlanetLab, what the /sys directory is to a Linux server. It is a mechanism to export privileged scripts to PlanetLab slices. vsys has a backend directory, located in root context on the node, and a frontend directory, which appears in the context of a slice. Scripts stored at the backend appear at the frontend as FIFO pipes, which slices can use to invoke and manage the scripts. vsys is written in ocaml and can be checked out of the Planet-Lab CVS.

We found that bridging ethernet devices has a high overhead and can reduce the throughput of forwarding experiments by up to a factor of 5. Shortbridge (abbr. for 'short-circuit bridge') overcomes this problem for pairs of devices, by cross-wiring the corresponding device objects. Implemented as a kernel module + patch for linux 2.6.20. New It looks like the macvlan module for Linux, released recently, subsumes the above functionality, and will probably replace shortbridge.


My favorite apps...
Handwriting App for the iPhone/iPad


I'm going to start collecting bugs that I have a hard time finding, in the hope that somebody looking for the same information will find it.
Inotify sometimes misses events because it coalesces them