Upload
evonne
View
16
Download
0
Embed Size (px)
DESCRIPTION
Resource containers: A new facility for resource management in server systems. G. Banga, P. Druschel and J. Mogul Rice University Presented by: Bhuvan Urgaonkar. Motivation. Web servers should be able to Provide resource guarantees Counter DoS attacks Do accurate billing - PowerPoint PPT Presentation
Citation preview
UUNIVERSITYNIVERSITY OFOF M MASSACHUSETTS, ASSACHUSETTS, AAMHERST MHERST – – Department of Computer ScienceDepartment of Computer Science
Resource containers: A new facility for resource
management in server systemsG. Banga, P. Druschel and J.
MogulRice University
Presented by:Bhuvan Urgaonkar
UUNIVERSITYNIVERSITY OFOF M MASSACHUSETTS, ASSACHUSETTS, AAMHERST MHERST – – Department of Computer ScienceDepartment of Computer Science 2
Motivation
Web servers should be able to Provide resource guarantees Counter DoS attacks Do accurate billing
Shortcomings in OS abstractions
Process is unit of resource management Apps have no control over resources
kernel consumes for them
=> achieving above goals difficult
UUNIVERSITYNIVERSITY OFOF M MASSACHUSETTS, ASSACHUSETTS, AAMHERST MHERST – – Department of Computer ScienceDepartment of Computer Science 3
Outline
Motivation Shortcomings of OS Abstractions Resource Containers Performance Evaluation Conclusions/Comments
UUNIVERSITYNIVERSITY OFOF M MASSACHUSETTS, ASSACHUSETTS, AAMHERST MHERST – – Department of Computer ScienceDepartment of Computer Science 4
Resource Principals and Protection Domains
Resource Principals Entities for which separate resource
allocation and accounting done Protection Domain
Entities that need to be isolated from each other
Popular Operating Systems Process = resource principal Process = protection domain
UUNIVERSITYNIVERSITY OFOF M MASSACHUSETTS, ASSACHUSETTS, AAMHERST MHERST – – Department of Computer ScienceDepartment of Computer Science 5
A classical application
Process appropriate resource principal
UUNIVERSITYNIVERSITY OFOF M MASSACHUSETTS, ASSACHUSETTS, AAMHERST MHERST – – Department of Computer ScienceDepartment of Computer Science 6
A network-intensive application
Resources consumed by kernel unaccounted => process inappropriate as resource principal
UUNIVERSITYNIVERSITY OFOF M MASSACHUSETTS, ASSACHUSETTS, AAMHERST MHERST – – Department of Computer ScienceDepartment of Computer Science 7
A multi-process application
The resource principal should be the set of all processes
UUNIVERSITYNIVERSITY OFOF M MASSACHUSETTS, ASSACHUSETTS, AAMHERST MHERST – – Department of Computer ScienceDepartment of Computer Science 8
Single-process MT application
Correct resource principal smaller than a process
UUNIVERSITYNIVERSITY OFOF M MASSACHUSETTS, ASSACHUSETTS, AAMHERST MHERST – – Department of Computer ScienceDepartment of Computer Science 9
OS shortcomings: summary
OS unit of resource mgt. (process) often different from desired unit Apps cannot control resource
allocation to their activities Inaccurate accounting and
charging of resources Incorrect scheduling decisions
UUNIVERSITYNIVERSITY OFOF M MASSACHUSETTS, ASSACHUSETTS, AAMHERST MHERST – – Department of Computer ScienceDepartment of Computer Science 10
Resource container
Contains all system resources used for an independent activity
E.g. For a HTTP connection served by a web server CPU time spent on the connection sockets, PCBs, network buffers etc
Mechanisms for accurate accounting Lazy Receiver Processing (LRP)
UUNIVERSITYNIVERSITY OFOF M MASSACHUSETTS, ASSACHUSETTS, AAMHERST MHERST – – Department of Computer ScienceDepartment of Computer Science 11
Containers and CPU scheduling
Applications associate containers with independent activities
Dynamic binding between threads and containers
Thread’s consumption charged to right container
UUNIVERSITYNIVERSITY OFOF M MASSACHUSETTS, ASSACHUSETTS, AAMHERST MHERST – – Department of Computer ScienceDepartment of Computer Science 12
Containers and CPU scheduling
Threads scheduled based on combined allocation and usage of all associated containers
Apps can associate scheduling info with activities
Threads within a container may be scheduled as the app pleases
Resource container hierarchy
UUNIVERSITYNIVERSITY OFOF M MASSACHUSETTS, ASSACHUSETTS, AAMHERST MHERST – – Department of Computer ScienceDepartment of Computer Science 13
Other resources
Similar accounting mechanism possible for other resources
Support required to account for resources consumed by the kernel on behalf of applications
UUNIVERSITYNIVERSITY OFOF M MASSACHUSETTS, ASSACHUSETTS, AAMHERST MHERST – – Department of Computer ScienceDepartment of Computer Science 14
Containers in a MT server
New container created for new connection Serving thread bound to this container
UUNIVERSITYNIVERSITY OFOF M MASSACHUSETTS, ASSACHUSETTS, AAMHERST MHERST – – Department of Computer ScienceDepartment of Computer Science 15
Containers in event-driven server
New container created for new connection Thread’s binding changed as it serves
different connections
UUNIVERSITYNIVERSITY OFOF M MASSACHUSETTS, ASSACHUSETTS, AAMHERST MHERST – – Department of Computer ScienceDepartment of Computer Science 16
More examples
Different priorities to requests from different sources
Restrict resource consumption of certain requests Defend against DoS attacks
Generating accurate bills
UUNIVERSITYNIVERSITY OFOF M MASSACHUSETTS, ASSACHUSETTS, AAMHERST MHERST – – Department of Computer ScienceDepartment of Computer Science 17
Prototype implementation
Modifications to Digital UNIX 4.0D CPU scheduler TCP/IP subsystem: LRP
Server software: single-process, event-driven
Clients used the S-Client software
UUNIVERSITYNIVERSITY OFOF M MASSACHUSETTS, ASSACHUSETTS, AAMHERST MHERST – – Department of Computer ScienceDepartment of Computer Science 18
Costs of new primitives
Throughput of server unchanged on modified kernel
UUNIVERSITYNIVERSITY OFOF M MASSACHUSETTS, ASSACHUSETTS, AAMHERST MHERST – – Department of Computer ScienceDepartment of Computer Science 19
Prioritized handling of clients
Number of concurrent low-priority clients
UUNIVERSITYNIVERSITY OFOF M MASSACHUSETTS, ASSACHUSETTS, AAMHERST MHERST – – Department of Computer ScienceDepartment of Computer Science 20
Controlling resource usage of
CGI processing
Number of concurrent CGI requests
UUNIVERSITYNIVERSITY OFOF M MASSACHUSETTS, ASSACHUSETTS, AAMHERST MHERST – – Department of Computer ScienceDepartment of Computer Science 21
Immunity against SYN-flooding
SYN-Flood Rate (1000s of SYNs/sec)
UUNIVERSITYNIVERSITY OFOF M MASSACHUSETTS, ASSACHUSETTS, AAMHERST MHERST – – Department of Computer ScienceDepartment of Computer Science 22
Conclusions
Resource container, an OS abstraction to explicitly identify a resource principal
Prototype implementation in Digital UNIX
Combined with accurate resource accounting (e.g., LRP) can help web servers provide differentiated QoS