Alan Shieh Cornell University Srikanth Kandula Albert Greenberg Changhoon Kim Bikas Saha Microsoft Research, Azure, Bing Sharing the Datacenter Network.

Slides:



Advertisements
Similar presentations
QoS Strategy in DiffServ aware MPLS environment Teerapat Sanguankotchakorn, D.Eng. Telecommunications Program, School of Advanced Technologies Asian Institute.
Advertisements

Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)
Towards Predictable Datacenter Networks
Traffic Engineering with Forward Fault Correction (FFC)
Jennifer Rexford Princeton University MW 11:00am-12:20pm Network Virtualization COS 597E: Software Defined Networking.
CSIT560 Internet Infrastructure: Switches and Routers Active Queue Management Presented By: Gary Po, Henry Hui and Kenny Chong.
Alan Shieh Cornell University Srikanth Kandula Microsoft Research Emin Gün Sirer Cornell University Sidecar: Building Programmable Datacenter Networks.
Towards Virtual Routers as a Service 6th GI/ITG KuVS Workshop on “Future Internet” November 22, 2010 Hannover Zdravko Bozakov.
Course Name- CSc 8320 Advanced Operating Systems Instructor- Dr. Yanqing Zhang Presented By- Sunny Shakya Latest AOS techniques, applications and future.
Scalable Network Virtualization in Software-Defined Networks
Congestion Control An Overview -Jyothi Guntaka. Congestion  What is congestion ?  The aggregate demand for network resources exceeds the available capacity.
Scalable Flow-Based Networking with DIFANE 1 Minlan Yu Princeton University Joint work with Mike Freedman, Jennifer Rexford and Jia Wang.
XCP: Congestion Control for High Bandwidth-Delay Product Network Dina Katabi, Mark Handley and Charlie Rohrs Presented by Ao-Jan Su.
Receiver-driven Layered Multicast S. McCanne, V. Jacobsen and M. Vetterli SIGCOMM 1996.
Trusted End Host Monitors for Securing Cloud Datacenters Alan Shieh †‡ Srikanth Kandula ‡ Albert Greenberg ‡ †‡
Alan Shieh Cornell University Srikanth Kandula Albert Greenberg Changhoon Kim Microsoft Research Seawall: Performance Isolation for Cloud Datacenter Networks.
Profiling Network Performance in Multi-tier Datacenter Applications
Congestion control in data centers
Virtual Layer 2: A Scalable and Flexible Data-Center Network Work with Albert Greenberg, James R. Hamilton, Navendu Jain, Srikanth Kandula, Parantap Lahiri,
Defense: Christopher Francis, Rumou duan Data Center TCP (DCTCP) 1.
School of Information Technologies IP Quality of Service NETS3303/3603 Weeks
Tesseract A 4D Network Control Plane
Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks TCP.
Congestion Control for High Bandwidth-delay Product Networks Dina Katabi, Mark Handley, Charlie Rohrs.
Jennifer Rexford Princeton University MW 11:00am-12:20pm Data-Center Traffic Management COS 597E: Software Defined Networking.
ICTCP: Incast Congestion Control for TCP in Data Center Networks∗
Didier Van Hoye Technical FGIA MVP – Virtual Machine Microsoft Extended Experts Team
Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.
1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Public IP Telephony Introduction to VoIP Cisco Networking Academy Program.
Practical TDMA for Datacenter Ethernet
Sharing the Data Center Network Alan Shieh, Srikanth Kandula, Albert Greenberg, Changhoon Kim, Bikas Saha Microsoft Research, Cornell University, Windows.
Hosting Virtual Networks on Commodity Hardware VINI Summer Camp.
Curbing Delays in Datacenters: Need Time to Save Time? Mohammad Alizadeh Sachin Katti, Balaji Prabhakar Insieme Networks Stanford University 1.
Adaptive Packet Marking for Providing Differentiated Services in the Internet Wu-chang Feng, Debanjan Saha, Dilip Kandlur, Kang Shin October 13, 1998.
1 Enabling Large Scale Network Simulation with 100 Million Nodes using Grid Infrastructure Hiroyuki Ohsaki Graduate School of Information Sci. & Tech.
Voice over IP in the Enterprise. What is VOIP? The use of data networks to carry voice without a loss of sound quality The use of data networks to carry.
Improving Network I/O Virtualization for Cloud Computing.
1 Liquid Software Larry Peterson Princeton University John Hartman University of Arizona
Cloud Scale Performance & Diagnosability Comprehensive SDN Core Infrastructure Enhancements vRSS Remote Live Monitoring NIC Teaming Hyper-V Network.
Windows Server 2012 Hyper-V Networking
Congestion Control for High Bandwidth-Delay Product Networks D. Katabi (MIT), M. Handley (UCL), C. Rohrs (MIT) – SIGCOMM’02 Presented by Cheng.
The Only Constant is Change: Incorporating Time-Varying Bandwidth Reservations in Data Centers Di Xie, Ning Ding, Y. Charlie Hu, Ramana Kompella 1.
Analysis of QoS Arjuna Mithra Sreenivasan. Objectives Explain the different queuing techniques. Describe factors affecting network voice quality. Analyse.
Consolidation and Optimization Best Practices: SQL Server 2008 and Hyper-V Dandy Weyn | Microsoft Corp. Antwerp, March
Hyper-V Performance, Scale & Architecture Changes Benjamin Armstrong Senior Program Manager Lead Microsoft Corporation VIR413.
SECURING SELF-VIRTUALIZING ETHERNET DEVICES IGOR SMOLYAR, MULI BEN-YEHUDA, AND DAN TSAFRIR PRESENTED BY LUREN WANG.
Symbiotic Routing in Future Data Centers Hussam Abu-Libdeh Paolo Costa Antony Rowstron Greg O’Shea Austin Donnelly MICROSOFT RESEARCH Presented By Deng.
Network Virtualization in Multi-tenant Datacenters Author: VMware, UC Berkeley and ICSI Publisher: 11th USENIX Symposium on Networked Systems Design and.
SecondNet: A Data Center Network Virtualization Architecture with Bandwidth Guarantees Chuanxiong Guo 1, Guohan Lu 1, Helen J. Wang 2, Shuang Yang 3, Chao.
NC STATE UNIVERSITY / MCNC Protecting Network Quality of Service Against Denial of Service Attacks Douglas S. Reeves  S. Felix Wu  Fengmin Gong Talk:
Providing QoS in IP Networks
An Analysis of AIMD Algorithm with Decreasing Increases Yunhong Gu, Xinwei Hong, and Robert L. Grossman National Center for Data Mining.
1 Lecture 15 Internet resource allocation and QoS Resource Reservation Protocol Integrated Services Differentiated Services.
BDTS and Its Evaluation on IGTMD link C. Chen, S. Soudan, M. Pasin, B. Chen, D. Divakaran, P. Primet CC-IN2P3, LIP ENS-Lyon
R2C2: A Network Stack for Rack-scale Computers Paolo Costa, Hitesh Ballani, Kaveh Razavi, Ian Kash Microsoft Research Cambridge EECS 582 – W161.
Level 300 Windows Server 2012 Networking Marin Franković, Visoko učilište Algebra.
T3: TCP-based High-Performance and Congestion-aware Tunneling Protocol for Cloud Networking Satoshi Ogawa† Kazuki Yamazaki† Ryota Kawashima† Hiroshi Matsuo†
VL2: A Scalable and Flexible Data Center Network
Low-Latency Software Rate Limiters for Cloud Networks
Heitor Moraes, Marcos Vieira, Italo Cunha, Dorgival Guedes
HyGenICC: Hypervisor-based Generic IP Congestion Control for Virtualized Data Centers Conference Paper in Proceedings of ICC16 By Ahmed M. Abdelmoniem,
Managing Data Transfer in Computer Clusters with Orchestra
Congestion-Aware Load Balancing at the Virtual Edge
DDoS Attack Detection under SDN Context
Issues in Ad Hoc Wireless Networks
COS 461: Computer Networks
Congestion-Aware Load Balancing at the Virtual Edge
Subject Name: Adhoc Networks Subject Code: 10CS841
Elmo Muhammad Shahbaz Lalith Suresh, Jennifer Rexford, Nick Feamster,
Towards Predictable Datacenter Networks
Presentation transcript:

Alan Shieh Cornell University Srikanth Kandula Albert Greenberg Changhoon Kim Bikas Saha Microsoft Research, Azure, Bing Sharing the Datacenter Network - Seawall Presented by WANG Ting

Ability to multiplex is a key driver for the datacenter business Diverse applications, jobs, and tenants share common infrastructure Congestion Control at flow granularity (TCP) The de-facto way to share the network is

Monopolize shared resource Use many TCP flows Use more aggressive variants of TCP Do not react to congestion (UDP) Denial of service attack on VM or rack Place a malicious VM on the same machine (rack) as victim Flood traffic to that VM Normal Traffic Malicious or Selfish tenant Problem: Performance interference

Problem: Hard to achieve cluster objectives Even with well-behaved applications, no good way to Allocate disjoint resources coherently: Reduce slot != Map slot due to differing # of flows Adapt allocation as needed: Boost task that is holding back job due to congestion

Decouple network allocation from application’s traffic profile Have freedom to do this in datacenters

Requirements Provide simple, flexible service interface for tenants Support any protocol or traffic pattern Need not specify bandwidth requirements Scale to datacenter workloads O(10^5) VMs and tasks, O(10^4) tenants O(10^5) new tasks per minute, O(10^3) deployments per day Use network efficiently (e.g., w ork conserving) Operate with commodity network devices

< x Mbps In-network queuing and rate limiting Existing mechanisms are insufficient Not scalable. Slow, cumbersome to reconfigure switches < x Mbps Does not provide end-to-end protection; Wasteful in common case Hard to specify. Overhead. Wasteful in common case. End host rate limits Reservations HV

Basic ideas in Seawall Leverage congestion control loops to adapt network allocation Utilizes network efficiently Can control allocations based on policy Needs no central coordination Implemented in the hypervisor to enforce policy Isolated from tenant code Avoids scalability, churn, and reconfiguration limitations of hardware

Weights: Simple, flexible service model Weights enable high level policies Performance isolation Differentiated provisioning model Increase priority of stragglers Small VM: CPU = 1 core Memory = 1 GB Network weight = 1 Every VM is associated with a weight Seawall allocates bandwidth share in proportion to weight

Tunnel Components of Seawall To control the network usage of endpoints Shims on the forwarding paths at the sender and receiver One tunnel per VM Periodic congestion feedback (% lost, ECN marked...) Controller adapts allowed rate on each tunnel Hypervisor Congestion feedback (once every 50ms) Tunnel Rate controller

Path-oriented congestion control is not enough Weight 1

Seawall (link-oriented congestion control) TCP (path-oriented congestion control) Weight 1 75% 25% Weight 1 50% Effective share increases with # of tunnels No change in effective weight Path-oriented congestion control is not enough

Seawall = Link-oriented congestion control Builds on standard congestion control loops AIMD, CUBIC, DCTCP, MulTCP, MPAT,... Run in rate limit mode Extend congestion control loops to accept weight parameter Allocates bandwidth according to per-link weighted fair share Works on commodity hardware Will show that the combination achieves our goal

50% For every source VM 1. Run a separate distributed control loop (e.g., AIMD) instance for every active link to generate per-link rate limit 2. Convert per-link rate limits to per-tunnel rate limits 100% Weight 1

50% For every source VM 1. Run a separate distributed control loop (e.g., AIMD) instance for every active link to generate per-link rate limit 2. Convert per-link rate limits to per-tunnel rate limits Weight 1

50% For every source VM 1. Run a separate distributed control loop (e.g., AIMD) instance for every active link to generate per-link rate limit 2. Convert per-link rate limits to per-tunnel rate limits Weight 1 Greedy + exponential smoothing 10% 25% 15%

Achieving link-oriented control loop 1. How to map paths to links? Easy to get topology in the data center Changes are rare and easy to disseminate 2. How to obtain link-level congestion feedback? Such feedback requires switch mods that are not yet available Use path-congestion feedback (e.g., ECN, losses)

Implementation Userspace rate controller Kernel datapath shim (NDIS filter) Prototype runs on Microsoft Hyper-V root partition and native Windows

Achieving line-rate performance How to add congestion control header to packets? Naïve approach: Use encapsulation, but poses problems More code in shim Breaks hardware optimizations that depend on header format Bit-stealing: reuse redundant/predictable parts of existing headers Other protocols: might need paravirtualization. IPIP-ID TCPTimestamp option 0x080x0aTSvalTSecr Seq # # packets Seq # Constant Unused

Evaluation 1. Evaluate performance 2. Examine protection in presence of malicious nodes Testbed Xeon L Ghz (4 core Nehalem) 1 Gb/s access links IaaS model: entities = VMs

Performance Minimal overhead beyond null NDIS filter (metrics = cpu, memory, throughput) At Sender

Protection against DoS/selfish traffic Strategy: UDP flood (red) vs TCP (blue) Equal weights, so ideal share is 50/50 UDP flood is contained 1000 Mbps 430 Mbps 1.5 Mbps

Strategy: Open many TCP connections Flow-level: increasing allocation to attacker Protection against DoS/selfish traffic Attacker sees little increase with # of flows Seawall

Strategy: Open connections to many destinations Non-Seawall: increasing allocation to attacker Protection against DoS/selfish traffic Allocation see little change with # of destinations Seawall

Related work (Datacenter) Transport protocols DCTCP, ICTCP, XCP, CUBIC Network sharing systems SecondNet, Gatekeeper, CloudPolice NIC- and switch- based allocation mechanisms WFQ, DRR, MPLS, VLANs Industry efforts to improve network / vswitch integration Congestion Manager

Conclusion Shared datacenter network are vulnerable to selfish, compromised & malicious tenants Seawall uses hypervisor rate limiters + end-to-end rate controller to provide performance isolation while achieving high performance and efficient network utilization We develop link-oriented congestion control Use parameterized control loops Compose congestion feedback from many destinations

Thank You!