Eric Keller, Evan Green Princeton University PRESTO 2008 8/22/08 Virtualizing the Data Plane Through Source Code Merging.

Slides:



Advertisements
Similar presentations
Operating Systems Components of OS
Advertisements

PlanetLab: An Overlay Testbed for Broad-Coverage Services Bavier, Bowman, Chun, Culler, Peterson, Roscoe, Wawrzoniak Presented by Jason Waddle.
User-Mode Linux Ken C.K. Lee
Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
PlanetLab Operating System support* *a work in progress.
Performance Evaluation of Open Virtual Routers M.Siraj Rathore
Xen , Linux Vserver , Planet Lab
Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.
Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
1/21/2008CSCI 315 Operating Systems Design1 Operating System Structures Notice: The slides for this lecture have been largely based on those accompanying.
DISTRIBUTED CONSISTENCY MANAGEMENT IN A SINGLE ADDRESS SPACE DISTRIBUTED OPERATING SYSTEM Sombrero.
Chapter 13 Embedded Systems
1/28/2004CSCI 315 Operating Systems Design1 Operating System Structures & Processes Notice: The slides for this lecture have been largely based on those.
A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.
HW/SW Co-Synthesis of Dynamically Reconfigurable Embedded Systems HW/SW Partitioning and Scheduling Algorithms.
1 Chapter 13 Embedded Systems Embedded Systems Characteristics of Embedded Operating Systems.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.
Copyright Arshi Khan1 System Programming Instructor Arshi Khan.
Stack Management Each process/thread has two stacks  Kernel stack  User stack Stack pointer changes when exiting/entering the kernel Q: Why is this necessary?
Eric Keller Oral General Exam 5/5/08 Multi-Level Architecture for Data Plane Virtualization.
Hosting Virtual Networks on Commodity Hardware VINI Summer Camp.
UNIX System Administration OS Kernal Copyright 2002, Dr. Ken Hoganson All rights reserved. OS Kernel Concept Kernel or MicroKernel Concept: An OS architecture-design.
1 COMPSCI 110 Operating Systems Who - Introductions How - Policies and Administrative Details Why - Objectives and Expectations What - Our Topic: Operating.
LiNK: An Operating System Architecture for Network Processors Steve Muir, Jonathan Smith Princeton University, University of Pennsylvania
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
Virtualization: Not Just For Servers Hollis Blanchard PowerPC kernel hacker.
INTRODUCTION SOFTWARE HARDWARE DIFFERENCE BETWEEN THE S/W AND H/W.
© Janice Regan, CMPT 300, May CMPT 300 Introduction to Operating Systems Operating Systems Overview Part 2: History (continued)
CE Operating Systems Lecture 3 Overview of OS functions and structure.
© Janice Regan, CMPT 300, May CMPT 300 Introduction to Operating Systems Memory: Relocation.
 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.
Writing Systems Software in a Functional Language An Experience Report Iavor Diatchki, Thomas Hallgren, Mark Jones, Rebekah Leslie, Andrew Tolmach.
Operating Systems Lecture November 2015© Copyright Virtual University of Pakistan 2 Agenda for Today Review of previous lecture Hardware (I/O, memory,
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM
CS533 - Concepts of Operating Systems 1 The Mach System Presented by Catherine Vilhauer.
Harmony: A Run-Time for Managing Accelerators Sponsor: LogicBlox Inc. Gregory Diamos and Sudhakar Yalamanchili.
A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.
Concurrency, Processes, and System calls Benefits and issues of concurrency The basic concept of process System calls.
1 Isolating Web Programs in Modern Browser Architectures CS6204: Cloud Environment Spring 2011.
Efficient software-based fault isolation Robert Wahbe, Steven Lucco, Thomas Anderson & Susan Graham Presented by: Stelian Coros.
1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.
Virtualization Neependra Khare
Computer System Structures
Deterministic Communication with SpaceWire
Operating System Structures
Kernel Design & Implementation
Muen Policy & Toolchain
Memory Protection: Kernel and User Address Spaces
CS 6560: Operating Systems Design
Container-based Operating System Virtualization: A scalable, High-performance Alternative to Hypervisors Stephen Soltesz, Herbert Potzl, Marc E. Fiuczynski,
The Mach System Sri Ramkrishna.
Operating System Structure
Presentation by Omar Abu-Azzah
Java programming lecture one
Modularity and Memory Clearly, programs must have access to memory
Memory Protection: Kernel and User Address Spaces
Chapter 4: Threads.
Page Replacement.
Chapter 15, Exploring the Digital Domain
CGS 3763 Operating Systems Concepts Spring 2013
Lecture Topics: 11/1 General Operating System Concepts Processes
Operating Systems Lecture 3.
Outline Chapter 2 (cont) OS Design OS structure
Mark McKelvin EE249 Embedded System Design December 03, 2002
System calls….. C-program->POSIX call
Operating Systems Structure
Operating System Concepts
Operating System Concepts
Presentation transcript:

Eric Keller, Evan Green Princeton University PRESTO /22/08 Virtualizing the Data Plane Through Source Code Merging

2 Custom functionality –Custom user environment on each node (for controlling virtual router) –Specify single node’s packet handling Isolated from others sharing same node –Allocated share of resources (e.g. CPU, memory, bandwidth) –Protected from faults in others (e.g. another virtual router crashing) Highest performance possible Config/Query interface User Control Environment Zooming In On a Virtual Router A1A2A3 A4A5 To devices From devices

3 General Virtualization Isolation: Namespace, Resource, Performance Full/Para Virtualization –Separate operating system –By emulating underlying hardware –Each OS has own network stack Container Virtualization –Separate data structures –By modifying kernel –Shared network stack, each container can configure

4 Packet Processing Configurability Goal: run custom code for packet processing Requires: isolation –Namespace, resource, performance Could run each instance of custom code in a VM –Isolation provided by virtual machine Lighter weight solution –Provide appearance of multiple instances –While, still providing isolation Click as platform for this lightweight solution

5 Click Background: Overview Software architecture for building configurable routers –Widely used – commercially and in research –Easy to use, flexible, high performance Routers assembled from packet processing modules (Elements) –Simple and Complex Processing specified as directed graph Includes a scheduler –Schedules tasks (a series of elements) FromDevice(eth0)DiscardCounter

6 Source Code Merging: Combine graphs –Each virtual router specifies custom graph –Can target hardware or software Add extra packet processing (e.g. mux/demux) –Needed to direct packets to the correct graph Add resource accounting Lightweight Virtualization Master graph Graph 1 Graph 2 combine Graph 1 Graph 2 Input port Output port Master Graph

7 Prototype Implementation: Linux-VServer + Click + NetFPGA (future) Click Coordinating Process Install/ Query Install/ Query Install/ Query Click on NetFPGA

8 Resource Accounting with VServer Purpose of Resource Accounting –Provides performance isolation between virtual routers VServer’s Token Bucket Extension to Linux Scheduler –Controls eligibility of processes/threads to run Integration with Click –Unified accounting for packet processing and control –Each Click configuration assigned to a thread –Each thread associated with a VServer context –~10% overhead of 10 virtual routers vs unshared node

9 Isolation Properties Performance Isolation –Associate each graph with virtual container –Assume library of “safe” elements that execute within a bounded amount of time Namespace Isolation –Coordinating process statically renames Resource Isolation –Memory: assume library of “safe” elements that do not access memory outside of element –Devices: Coordinating process adds mux/demuxing elements Next: examine relaxing to allow custom elements

10 Problem 1: Unyielding Threads Linux kernel threads are cooperative (i.e. must yield) –Token scheduler controls when eligible to start Single long task can have short term disruptions –Affecting delay and jitter on other virtual networks Token bucket does not go negative –Long term, a virtual network can get more than its share Tokens added (rate A) Min tokens to exec (M) Tokens consumed (1 per scheduler tick) Size of Bucket (S)

11 Problem 1: Unyielding Threads (soln.) Determine graph’s execution time –Standard N port router example - ~ 5400 cycles (1.8us) –RadixIPLookup (167k entries) - ~1000 cycles Option 1: Break up graph Option 2: Execute inside of container elem1elem2elem3 elem1elem2elem3 From Kern To User

12 Problem 2: Custom Elements in C++ Elements have access to global state –Kernel state/functions –Click global state Could… (and we did) –Pre-compile in user mode –Pre-compile with restricted header files Not perfect: –With C++, you can manipulate pointers Instead, custom elements are unknown (“unsafe”) –For absolute safety, execute in container

13 Future Work Safety –Modify source code to add checks (e.g. CCured) –Run-time monitoring –Explore alternative tradeoff points Add support for specialized devices (FPGAs) –Click to FPGA –Partitioning graph across FPGA and Software –Specification of elements  Language to target either HW or SW

14 Conclusion Goal: Enable custom data planes per virtual network Built prototype system for virtual Click in kernel –Merging Click graphs of different virtual routers –Adding elements to mux/demux packet to correct graph –Unified resource accounting with Linux-VServer Discussed issues of safety –Performance Isolation: Unyielding threads –Resource Isolation: Pointers Using source code –Enables a lightweight virtualization mechanism –Opens up compile time solutions to safety

15 Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.