Presentation is loading. Please wait.

Presentation is loading. Please wait.

Alan Shieh Cornell University Srikanth Kandula Albert Greenberg Changhoon Kim Bikas Saha Microsoft Research, Azure, Bing Sharing the Datacenter Network.

Published byElwin Hensley Modified over 9 years ago

Similar presentations

Presentation on theme: "Alan Shieh Cornell University Srikanth Kandula Albert Greenberg Changhoon Kim Bikas Saha Microsoft Research, Azure, Bing Sharing the Datacenter Network."— Presentation transcript:

1 Alan Shieh Cornell University Srikanth Kandula Albert Greenberg Changhoon Kim Bikas Saha Microsoft Research, Azure, Bing Sharing the Datacenter Network - Seawall Presented by WANG Ting

2 Ability to multiplex is a key driver for the datacenter business Diverse applications, jobs, and tenants share common infrastructure Congestion Control at flow granularity (TCP) The de-facto way to share the network is

3 Monopolize shared resource Use many TCP flows Use more aggressive variants of TCP Do not react to congestion (UDP) Denial of service attack on VM or rack Place a malicious VM on the same machine (rack) as victim Flood traffic to that VM Normal Traffic Malicious or Selfish tenant Problem: Performance interference

4 Problem: Hard to achieve cluster objectives Even with well-behaved applications, no good way to Allocate disjoint resources coherently: Reduce slot != Map slot due to differing # of flows Adapt allocation as needed: Boost task that is holding back job due to congestion

5 Decouple network allocation from application’s traffic profile Have freedom to do this in datacenters

6 Requirements Provide simple, flexible service interface for tenants Support any protocol or traffic pattern Need not specify bandwidth requirements Scale to datacenter workloads O(10^5) VMs and tasks, O(10^4) tenants O(10^5) new tasks per minute, O(10^3) deployments per day Use network efficiently (e.g., w ork conserving) Operate with commodity network devices

7 < x Mbps In-network queuing and rate limiting Existing mechanisms are insufficient Not scalable. Slow, cumbersome to reconfigure switches < x Mbps Does not provide end-to-end protection; Wasteful in common case Hard to specify. Overhead. Wasteful in common case. End host rate limits Reservations HV

8 Basic ideas in Seawall Leverage congestion control loops to adapt network allocation Utilizes network efficiently Can control allocations based on policy Needs no central coordination Implemented in the hypervisor to enforce policy Isolated from tenant code Avoids scalability, churn, and reconfiguration limitations of hardware

9 Weights: Simple, flexible service model Weights enable high level policies Performance isolation Differentiated provisioning model Increase priority of stragglers Small VM: CPU = 1 core Memory = 1 GB Network weight = 1 Every VM is associated with a weight Seawall allocates bandwidth share in proportion to weight

10 Tunnel Components of Seawall To control the network usage of endpoints Shims on the forwarding paths at the sender and receiver One tunnel per VM Periodic congestion feedback (% lost, ECN marked...) Controller adapts allowed rate on each tunnel Hypervisor Congestion feedback (once every 50ms) Tunnel Rate controller

11 Path-oriented congestion control is not enough Weight 1

12 Seawall (link-oriented congestion control) TCP (path-oriented congestion control) Weight 1 75% 25% Weight 1 50% Effective share increases with # of tunnels No change in effective weight Path-oriented congestion control is not enough

13 Seawall = Link-oriented congestion control Builds on standard congestion control loops AIMD, CUBIC, DCTCP, MulTCP, MPAT,... Run in rate limit mode Extend congestion control loops to accept weight parameter Allocates bandwidth according to per-link weighted fair share Works on commodity hardware Will show that the combination achieves our goal

14 50% For every source VM 1. Run a separate distributed control loop (e.g., AIMD) instance for every active link to generate per-link rate limit 2. Convert per-link rate limits to per-tunnel rate limits 100% Weight 1

15 50% For every source VM 1. Run a separate distributed control loop (e.g., AIMD) instance for every active link to generate per-link rate limit 2. Convert per-link rate limits to per-tunnel rate limits Weight 1

16 50% For every source VM 1. Run a separate distributed control loop (e.g., AIMD) instance for every active link to generate per-link rate limit 2. Convert per-link rate limits to per-tunnel rate limits Weight 1 Greedy + exponential smoothing 10% 25% 15%

17 Achieving link-oriented control loop 1. How to map paths to links? Easy to get topology in the data center Changes are rare and easy to disseminate 2. How to obtain link-level congestion feedback? Such feedback requires switch mods that are not yet available Use path-congestion feedback (e.g., ECN, losses)

18 Implementation Userspace rate controller Kernel datapath shim (NDIS filter) Prototype runs on Microsoft Hyper-V root partition and native Windows

19 Achieving line-rate performance How to add congestion control header to packets? Naïve approach: Use encapsulation, but poses problems More code in shim Breaks hardware optimizations that depend on header format Bit-stealing: reuse redundant/predictable parts of existing headers Other protocols: might need paravirtualization. IPIP-ID TCPTimestamp option 0x080x0aTSvalTSecr Seq # # packets Seq # Constant Unused

20 Evaluation 1. Evaluate performance 2. Examine protection in presence of malicious nodes Testbed Xeon L5520 2.26Ghz (4 core Nehalem) 1 Gb/s access links IaaS model: entities = VMs

21 Performance Minimal overhead beyond null NDIS filter (metrics = cpu, memory, throughput) At Sender

22 Protection against DoS/selfish traffic Strategy: UDP flood (red) vs TCP (blue) Equal weights, so ideal share is 50/50 UDP flood is contained 1000 Mbps 430 Mbps 1.5 Mbps

23 Strategy: Open many TCP connections Flow-level: increasing allocation to attacker Protection against DoS/selfish traffic Attacker sees little increase with # of flows Seawall

24 Strategy: Open connections to many destinations Non-Seawall: increasing allocation to attacker Protection against DoS/selfish traffic Allocation see little change with # of destinations Seawall

25 Related work (Datacenter) Transport protocols DCTCP, ICTCP, XCP, CUBIC Network sharing systems SecondNet, Gatekeeper, CloudPolice NIC- and switch- based allocation mechanisms WFQ, DRR, MPLS, VLANs Industry efforts to improve network / vswitch integration Congestion Manager

26 Conclusion Shared datacenter network are vulnerable to selfish, compromised & malicious tenants Seawall uses hypervisor rate limiters + end-to-end rate controller to provide performance isolation while achieving high performance and efficient network utilization We develop link-oriented congestion control Use parameterized control loops Compose congestion feedback from many destinations

27 Thank You!

Download ppt "Alan Shieh Cornell University Srikanth Kandula Albert Greenberg Changhoon Kim Bikas Saha Microsoft Research, Azure, Bing Sharing the Datacenter Network."

Similar presentations

QoS Strategy in DiffServ aware MPLS environment Teerapat Sanguankotchakorn, D.Eng. Telecommunications Program, School of Advanced Technologies Asian Institute.

QoS Strategy in DiffServ aware MPLS environment Teerapat Sanguankotchakorn, D.Eng. Telecommunications Program, School of Advanced Technologies Asian Institute.
Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)

Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)
Towards Predictable Datacenter Networks

Towards Predictable Datacenter Networks
Traffic Engineering with Forward Fault Correction (FFC)

Traffic Engineering with Forward Fault Correction (FFC)
Jennifer Rexford Princeton University MW 11:00am-12:20pm Network Virtualization COS 597E: Software Defined Networking.

Jennifer Rexford Princeton University MW 11:00am-12:20pm Network Virtualization COS 597E: Software Defined Networking.
CSIT560 Internet Infrastructure: Switches and Routers Active Queue Management Presented By: Gary Po, Henry Hui and Kenny Chong.

CSIT560 Internet Infrastructure: Switches and Routers Active Queue Management Presented By: Gary Po, Henry Hui and Kenny Chong.
Alan Shieh Cornell University Srikanth Kandula Microsoft Research Emin Gün Sirer Cornell University Sidecar: Building Programmable Datacenter Networks.

Alan Shieh Cornell University Srikanth Kandula Microsoft Research Emin Gün Sirer Cornell University Sidecar: Building Programmable Datacenter Networks.
Towards Virtual Routers as a Service 6th GI/ITG KuVS Workshop on “Future Internet” November 22, 2010 Hannover Zdravko Bozakov.

Towards Virtual Routers as a Service 6th GI/ITG KuVS Workshop on “Future Internet” November 22, 2010 Hannover Zdravko Bozakov.
Course Name- CSc 8320 Advanced Operating Systems Instructor- Dr. Yanqing Zhang Presented By- Sunny Shakya Latest AOS techniques, applications and future.

Course Name- CSc 8320 Advanced Operating Systems Instructor- Dr. Yanqing Zhang Presented By- Sunny Shakya Latest AOS techniques, applications and future.
Scalable Network Virtualization in Software-Defined Networks

Scalable Network Virtualization in Software-Defined Networks
Congestion Control An Overview -Jyothi Guntaka. Congestion  What is congestion ?  The aggregate demand for network resources exceeds the available capacity.

Congestion Control An Overview -Jyothi Guntaka. Congestion  What is congestion ?  The aggregate demand for network resources exceeds the available capacity.
Scalable Flow-Based Networking with DIFANE 1 Minlan Yu Princeton University Joint work with Mike Freedman, Jennifer Rexford and Jia Wang.

Scalable Flow-Based Networking with DIFANE 1 Minlan Yu Princeton University Joint work with Mike Freedman, Jennifer Rexford and Jia Wang.
XCP: Congestion Control for High Bandwidth-Delay Product Network Dina Katabi, Mark Handley and Charlie Rohrs Presented by Ao-Jan Su.

XCP: Congestion Control for High Bandwidth-Delay Product Network Dina Katabi, Mark Handley and Charlie Rohrs Presented by Ao-Jan Su.
Receiver-driven Layered Multicast S. McCanne, V. Jacobsen and M. Vetterli SIGCOMM 1996.

Receiver-driven Layered Multicast S. McCanne, V. Jacobsen and M. Vetterli SIGCOMM 1996.
Trusted End Host Monitors for Securing Cloud Datacenters Alan Shieh †‡ Srikanth Kandula ‡ Albert Greenberg ‡ †‡

Trusted End Host Monitors for Securing Cloud Datacenters Alan Shieh †‡ Srikanth Kandula ‡ Albert Greenberg ‡ †‡
Alan Shieh Cornell University Srikanth Kandula Albert Greenberg Changhoon Kim Microsoft Research Seawall: Performance Isolation for Cloud Datacenter Networks.

Alan Shieh Cornell University Srikanth Kandula Albert Greenberg Changhoon Kim Microsoft Research Seawall: Performance Isolation for Cloud Datacenter Networks.
Profiling Network Performance in Multi-tier Datacenter Applications

Profiling Network Performance in Multi-tier Datacenter Applications
Congestion control in data centers

Congestion control in data centers
Virtual Layer 2: A Scalable and Flexible Data-Center Network Work with Albert Greenberg, James R. Hamilton, Navendu Jain, Srikanth Kandula, Parantap Lahiri,

Virtual Layer 2: A Scalable and Flexible Data-Center Network Work with Albert Greenberg, James R. Hamilton, Navendu Jain, Srikanth Kandula, Parantap Lahiri,
Defense: Christopher Francis, Rumou duan Data Center TCP (DCTCP) 1.

Defense: Christopher Francis, Rumou duan Data Center TCP (DCTCP) 1.

Similar presentations

Ads by Google