Participatory NetworkingRodrigo Fonseca
trabalho conjunto com Andrew Ferguson, Arjun Guha, Jordan Place, and Shriram Krishnamurthi
UFMG, 25/5/2012
1
TCP Nice: A Mechanism for Background TransfersArun Venkataramani Ravi Kokku Mike Dahlin
Laboratory of Advanced Systems ResearchDepartment of Computer Sciences
University of Texas at Austin, Austin, TX 78712arun, rkoku, dahlin @cs.utexas.edu
Abstract
Many distributed applications can make use of largebackground transfers transfers of data that humansare not waiting for to improve availability, reliability,latency or consistency. However, given the rapid fluc-tuations of available network bandwidth and changingresource costs due to technology trends, hand tuning theaggressiveness of background transfers risks (1) compli-cating applications, (2) being too aggressive and inter-fering with other applications, and (3) being too timidand not gaining the benefits of background transfers.Our goal is for the operating system to manage networkresources in order to provide a simple abstraction of nearzero-cost background transfers. Our system, TCP Nice,can provably bound the interference inflicted by back-ground flows on foregroundflows in a restricted networkmodel. And our microbenchmarks and case study appli-cations suggest that in practice it interferes little withforeground flows, reaps a large fraction of spare net-work bandwidth, and simplifies application constructionand deployment. For example, in our prefetching casestudy application, aggressive prefetching improves de-mand performance by a factor of three when Nice man-ages resources; but the same prefetching hurts demandperformance by a factor of six under standard networkcongestion control.
1 Introduction
Many distributed applications can make use of largebackground transfers transfers of data that humans arenot waiting for to improve service quality. For exam-ple, a broad range of applications and services such asdata backup [29], prefetching [50], enterprise data dis-tribution [20], Internet content distribution [2], and peer-to-peer storage [16, 43] can trade increased network
This work was supported in part by an NSF CISE grant (CDA-9624082), the Texas Advanced Technology Program, the Texas Ad-vanced Research Program, and Tivoli. Dahlin was also supported byan NSF CAREER award (CCR-9733842) and an Alfred P. Sloan Re-search Fellowship.
bandwidth consumption and possibly disk space for im-proved service latency [15, 18, 26, 32, 38, 50], improvedavailability [11, 53], increased scalability [2], strongerconsistency [53], or support for mobility [28, 41, 47].Many of these services have potentially unlimited band-width demands where incrementally more bandwidthconsumption provides incrementally better service. Forexample, a web prefetching system can improve its hitrate by fetching objects from a virtually unlimited col-lection of objects that have non-zero probability of ac-cess [8, 10] or by updating cached copies more fre-quently as data change [13, 50, 48]; Technology trendssuggest that “wasting” bandwidth and storage to im-prove latency and availability will become increasinglyattractive in the future: per-byte network transport costsand disk storage costs are low and have been improv-ing at 80-100% per year [9, 17, 37]; conversely net-work availability [11, 40, 54] and network latencies im-prove slowly, and long latencies and failures waste hu-man time.
Current operating systems and networks do not providegood support for aggressive background transfers. Inparticular, because background transfers compete withforeground requests, they can hurt overall performanceand availability by increasing network congestion. Ap-plications must therefore carefully balance the benefitsof background transfers against the risk of both self-interference, where applications hurt their own perfor-mance, and cross-interference, where applications hurtother applications’ performance. Often, applications at-tempt to achieve this balance by setting “magic num-bers” (e.g., the prefetch threshold in prefetching algo-rithms [18, 26]) that have little obvious relationship tosystem goals (e.g., availability or latency) or constraints(e.g., current spare network bandwidth).
Our goal is for the operating system to manage net-work resources in order to provide a simple abstrac-tion of zero-cost background transfers. A self-tuningbackground transport layer will enable new classes ofapplications by (1) simplifying applications, (2) reduc-ing the risk of being too aggressive, and (3) making
8
17Based on “Delusional Boot: Securing Cloud Hypervisors without Massive Re-Engineering” (EuroSys 2012)
ProductionDatacenter
17Based on “Delusional Boot: Securing Cloud Hypervisors without Massive Re-Engineering” (EuroSys 2012)
ProductionDatacenter
17Based on “Delusional Boot: Securing Cloud Hypervisors without Massive Re-Engineering” (EuroSys 2012)
ProductionDatacenter
Serviçode Boot
17Based on “Delusional Boot: Securing Cloud Hypervisors without Massive Re-Engineering” (EuroSys 2012)
ProductionDatacenter
Serviçode Boot
18Based on “Delusional Boot: Securing Cloud Hypervisors without Massive Re-Engineering” (EuroSys 2012)
ProductionDatacenter
Serviço de Boot
19Based on “Delusional Boot: Securing Cloud Hypervisors without Massive Re-Engineering” (EuroSys 2012)
ProductionDatacenter
Serviço de Boot
19Based on “Delusional Boot: Securing Cloud Hypervisors without Massive Re-Engineering” (EuroSys 2012)
ProductionDatacenter
Serviço de Boot
20Based on “Delusional Boot: Securing Cloud Hypervisors without Massive Re-Engineering” (EuroSys 2012)
ProductionDatacenter
Serviço de Boot
28
ParticipatoryNetworking
•API para usuários de SDNs
•Expõe mecanismos existentes
•Sem impacto sobre aplicações não modificadas
30
Roteiro
1. Semântica de delegação de privilégios2. Esboço do protocolo3. Processamento online de flows
30
Roteiro
1. Semântica de delegação de privilégios2. Esboço do protocolo3. Processamento online de flows4. Estado atual
35
bandwidth100Mbps
bandwidth100Mbps
bandwidth100Mbps
PANE
Current: 0 Mbps Current: 0 Mbps
Current: 0 Mbps
35
bandwidth100Mbps
bandwidth100Mbps
bandwidth100Mbps
PANE
Current: 0 Mbps Current: 0 Mbps
Current: 0 Mbps
Reserve 80 Mbps?
35
bandwidth100Mbps
bandwidth100Mbps
bandwidth100Mbps
PANE
Current: 0 Mbps Current: 0 Mbps
Current: 0 Mbps
Current: 80 Mbps
Yes
Current: 80 Mbps
35
bandwidth100Mbps
bandwidth100Mbps
bandwidth100Mbps
PANE
Current: 0 Mbps Current: 0 Mbps
Current: 0 Mbps
Current: 80 Mbps
Current: 80 Mbps
Rese
rve 5
0 Mbp
s?
35
bandwidth100Mbps
bandwidth100Mbps
bandwidth100Mbps
PANE
Current: 0 Mbps Current: 0 Mbps
Current: 0 Mbps
Current: 80 Mbps
Current: 80 Mbps
No
35
bandwidth100Mbps
bandwidth100Mbps
bandwidth100Mbps
PANE
Current: 0 Mbps Current: 0 Mbps
Current: 0 Mbps
Current: 80 Mbps
Current: 80 Mbps
NewShare A for (user=Alice) [reserve <= 10Mb]
on rootShare.
37
PANE
OK
Grant A to Alice. OKRoot
Alice
reserve(user=Alice,dstPort=80) = 5Mb on Afrom now to +10min.
NewShare A for (user=Alice) [reserve <= 10Mb]
on rootShare.
37
PANE
OK
Grant A to Alice. OKRoot
Alice
reserve(user=Alice,dstPort=80) = 5Mb on Afrom now to +10min.
NewShare A for (user=Alice) [reserve <= 10Mb]
on rootShare.
37
PANE
OK
Grant A to Alice. OK
reserve(user=Alice,dstPort=80) = 5Mb on Afrom now to +10min.
Root
Alice
NewShare A for (user=Alice) [reserve <= 10Mb]
on rootShare.
37
PANE
OK
Grant A to Alice. OK
reserve(user=Alice,dstPort=80) = 5Mb on Afrom now to +10min.
reserve(user=Alice,dstPort=80) = 5Mb on Afrom now to +10min.
Root
Alice
NewShare A for (user=Alice) [reserve <= 10Mb]
on rootShare.
37
PANE
OK
Grant A to Alice. OK
reserve(user=Alice,dstPort=80) = 5Mb on Afrom now to +10min.
reserve(user=Alice,dstPort=80) = 5Mb on Afrom now to +10min.
Root
Alice
Time
Band
width
Reservation Limit
t
38
PANEreserve(user=Alice,
dstPort=80) = 5Mb on Afrom now to +10min.
Time
Band
width
Reservation Limit
t
39
PANEreserve(user=Alice,
dstPort=80) = 5Mb on Afrom now to +10min.
Time
Band
width
Reservation Limit
t
40
PANEreserve(user=Alice,
dstPort=80) = 5Mb on Afrom now to +10min.
Time
Band
width
Reservation LimitU
t
41
PANEreserve(user=Alice,
dstPort=80) = 5Mb on Afrom now to +10min.
Time
Band
width
Reservation LimitU
t
43
PANEreserve(user=Alice,
dstPort=80) = 5Mb on Afrom +20min to +30min.
Alice
Time
Band
width
Reservation LimitU
t
44
PANEreserve(user=Alice,
dstPort=80) = 5Mb on Afrom +20min to +30min.
Alice
Time
Band
width
Reservation LimitDU
t
45
PANEreserve(user=Alice,
dstPort=80) = 5Mb on Afrom +20min to +30min.
Alice
46
PANE
reserve(user=Alice,dstPort=80) = 5Mb on Afrom now to +10min.
NO
reserve(user=Alice,dstPort=80) = 5Mb on Afrom +20min to +30min.
OKAlice
46
PANE
reserve(user=Alice,dstPort=80) = 5Mb on Afrom now to +10min.
NO
reserve(user=Alice,dstPort=80) = 5Mb on Afrom +20min to +30min.
OKAlice
47
NewShare aAC for (dstHost=10.0.0.2) [deny = True]
on rootShare.
PANE
OK
Grant aAC to Alice.
10.0.0.2Alice
Root
47
NewShare aAC for (dstHost=10.0.0.2) [deny = True]
on rootShare.
PANE
OK
Grant aAC to Alice. OK
10.0.0.2Alice
Root
10.0.0.3 Eve
48
PANE10.0.0.2
deny(dstHost=10.0.0.2, srcHost=10.0.0.3) on aAC
from now to +5min.
Alice
10.0.0.3 Eve
48
PANE10.0.0.2
deny(dstHost=10.0.0.2, srcHost=10.0.0.3) on aAC
from now to +5min.
OK
Alice
10.0.0.3 Eve
48
PANE10.0.0.2
deny(dstHost=10.0.0.2, srcHost=10.0.0.3) on aAC
from now to +5min.
OK
Alice
Hierarquia de Políticas50
(dstPort = 22, Deny)
(dstIP=10.0.0.2, GMB=30)
(dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow)
Hierarquia de Políticas50
(dstPort = 22, Deny)
(dstIP=10.0.0.2, GMB=30)
(dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow)
Packet:src 10.0.0.1
dst 10.0.0.2:80
Hierarchical Flow Table (HFT)51
(dstPort = 22, Deny)
(dstIP=10.0.0.2, GMB=30)
(dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow)
Packet:src 10.0.0.1
dst 10.0.0.2:80
Hierarchical Flow Table (HFT)51
(dstPort = 22, Deny)
(dstIP=10.0.0.2, GMB=30)
(dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow)
Packet:src 10.0.0.1
dst 10.0.0.2:80
GMB=10
Hierarchical Flow Table (HFT)51
(dstPort = 22, Deny)
(dstIP=10.0.0.2, GMB=30)
(dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow)
Packet:src 10.0.0.1
dst 10.0.0.2:80
AllowGMB=10
Hierarchical Flow Table (HFT)51
(dstPort = 22, Deny)
(dstIP=10.0.0.2, GMB=30)
(dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow)
Packet:src 10.0.0.1
dst 10.0.0.2:80
AllowGMB=10?
Hierarchical Flow Table (HFT)51
(dstPort = 22, Deny)
(dstIP=10.0.0.2, GMB=30)
(dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow)
Packet:src 10.0.0.1
dst 10.0.0.2:80
AllowGMB=10?+S
Hierarchical Flow Table (HFT)51
(dstPort = 22, Deny)
(dstIP=10.0.0.2, GMB=30)
(dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow)
Packet:src 10.0.0.1
dst 10.0.0.2:80
AllowGMB=10?+S0 +P
Hierarchical Flow Table (HFT)51
(dstPort = 22, Deny)
(dstIP=10.0.0.2, GMB=30)
(dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow)
Packet:src 10.0.0.1
dst 10.0.0.2:80
AllowGMB=10?+S
GMB=10
0 +P
Hierarchical Flow Table (HFT)51
(dstPort = 22, Deny)
(dstIP=10.0.0.2, GMB=30)
(dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow)
Packet:src 10.0.0.1
dst 10.0.0.2:80
AllowGMB=10?+S
GMB=10GMB=30
0 +P
Hierarchical Flow Table (HFT)51
(dstPort = 22, Deny)
(dstIP=10.0.0.2, GMB=30)
(dstPort=80, GMB=10) (srcIP=10.0.0.1, Allow)
Packet:src 10.0.0.1
dst 10.0.0.2:80
AllowGMB=10?+S
GMB=10GMB=30
0 +P
GMB=30
Operadores HFT52
+D
+P
+S Sibling
Parent-Sibling
In node
Asso
ciat
ivo,
0 é
iden
tidad
e
Com
mut
ativo
Requerimentos
Operadores HFT52
+D
+P
+S Sibling
Parent-Sibling
In node
Asso
ciat
ivo,
0 é
iden
tidad
e
Com
mut
ativo
Requerimentos Em PANE
D e S idênticos. Deny domina Allow.
GMB combina como max
Filho domina Paipara Controle de Acesso
GMB combina como max
Código: https://github.com/brownsys/pane
57
Andrew D. Ferguson, Arjun Guha, Jordan Place, Rodrigo Fonseca, and Shriram Krishnamurthi. “Participatory Networking”. Hot-ICE, April 2012.
Andrew D. Ferguson, Arjun Guha, Chen Liang, Rodrigo Fonseca, and Shriram Krishnamurthi. “Hierarchical Policies for Software Defined Networks”. To appear, Hot-SDN, August 2012.
59
Protegendo Zookeeper61
5 servidores Zookeper com PANE1 cliente
Conectados via 1 OpenVSwitch (3.3Gbps)iPerf gerando carga em todos os links
Próximos Passos64
Implementar mais operadoresGarantia de Latência, Limite de Taxa, Propriedades de Caminhos
Próximos Passos64
Implementar mais operadoresGarantia de Latência, Limite de Taxa, Propriedades de Caminhos
Hints
Próximos Passos64
Implementar mais operadoresGarantia de Latência, Limite de Taxa, Propriedades de Caminhos
HintsQueries
Próximos Passos64
Implementar mais operadoresGarantia de Latência, Limite de Taxa, Propriedades de Caminhos
HintsQueries
Sua aplicação?
Próximos Passos64
Implementar mais operadoresGarantia de Latência, Limite de Taxa, Propriedades de Caminhos
HintsQueries
Sua aplicação?Criar um mercado
Próximos Passos64
Implementar mais operadoresGarantia de Latência, Limite de Taxa, Propriedades de Caminhos
HintsQueries
Sua aplicação?Criar um mercado
Escalabilidade
65
Conclusion
Informações do usuário podem trazer grandes benefícios para configuração de redes
PANE é nosso primeiro passo para alcançar essa visão
Perguntas?66
Rodrigo [email protected]
Andrew [email protected]
Arjun [email protected]
Shriram [email protected]