Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Hybrid Resource Control for Active Extensions Parveen Patel Jay Lepreau University of Utah.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Hybrid Resource Control for Active Extensions Parveen Patel Jay Lepreau University of Utah."— Presentation transcript:

1 1 Hybrid Resource Control for Active Extensions Parveen Patel Jay Lepreau University of Utah

2 2 The Problem Resource-greedy active code Resource control of untrusted code  CPU, memory, network bandwidth Context: Active Extensions  Code downloaded via the control channel  Examples: Application Layer Gateways, Multicast scoping agents

3 3 Current Solution #1: Dynamic “Sandbox” the active code Run-time checks in the critical path Asynchronous termination  Requires checks at the “user-kernel” boundary to protect integrity of the “kernel” code Flexible Examples: Janos, Smart Packets, RCANE, OKE Corral

4 4 Current Solution #2: Static Analysis Constrained programming model bounds resource consumption Admission control == Resource control Examples: PLAN, SNAP, PCC Issue: Existing work does not yet address the problem with pessimistic estimates, valid code gets rejected.

5 5 Current Solutions - Summary dynamic checking dynamic checking  run-time overhead  asynchronous termination static checking is very conservative static checking is very conservative

6 6 Hybrid Resource Control #1 Static checking  Constrained programming model to bound the resources and guarantee termination  Static analysis rejects resource greedy code from the “kernel” fast-path environment  Liberal resource limits

7 7 Hybrid resource control #2 Dynamic resource accounting  Detects misbehavior  Misbehaving code is detected and unloaded only when idle (between packets)  Limits overall resource consumption

8 8 Poll points Extension could cause packet drops at device input queue Split the active extension code and poll network interfaces Adds some runtime cost

9 9 Merits of Hybrid Resource Control No asynchronous termination  Implies no runtime checks at the “user-kernel” boundary Reduced runtime overhead  Runtime accounting checks are inexpensive Flexibility via “poll points” DoS prevention

10 10 Outline Prototype: resource bounded Click or RBClick  Building blocks  The big picture  Preliminary evaluation

11 11 Cyclone Cyclone: typesafe C-like language from Cornell and AT&T  Region-based memory management  control over data-representation  Easy to interface with C  Namespaces

12 12 Resource-bounded Cyclone Namespace control Restricted programming constructs (bounded loops) Memory management via 4 distinct dynamic regions  Per-packet  Packet-cache  Inter-packet  Global memory

13 13 Click Modular router toolkit from MIT Data-flow programming model Has an increasingly large base of router extensions FromDeviceClassifier ToDeviceARPResponder CounterDrop

14 14 Prototype: Architecture An active extension is a special Click graph  Mix of trusted and untrusted elements  Statically analyzed Admitted to kernel fast-path

15 15 An Active Extension Untrusted RBCyclone Element D Trusted C++ Element C AB E

16 16 The big picture D C AB E Code Analysis Tool Element Resource bounds

17 17 The big picture D C AB E Graph Analysis Tool Overall Resource bounds Element Resource bounds C AB E D P Poll Element

18 18 Loop configuration D C AB E Graph Analysis Tool Overall Resource bounds Element Resource bounds C AB E D L Loop Element

19 19 Evaluation Flexibility of programming model Experimental performance gains

20 20 Classification of Click elements Categorized all 234 Click v1.2.1 elements into 7 different classes based on their resource use  E1 - Constant resource consumption  E2 - ~ length of the packet  E3 - ~ length of some protocol header  E4 - ~ length of element configuration  E5 - ~ some value in the configuration of an element.  E6 - ~ field in a protocol header  E7 - Potentially unbounded

21 21 Evaluation: flexibility Results:  88% resource-bounded  The rest can be easily rewritten to be bounded Demonstrates that RBClick can reuse a rich set of Click elements Strongly suggests that RBCyclone programming model is sufficiently expressive

22 22 Prototype Context Janos

23 23 Evaluation – experiment configurations

24 24 Evaluation: performance

25 25 Conclusion Hybrid resource control  Static analysis reduces runtime overhead  Dynamic accounting allows liberal admission control RBCyclone is expressive and practical (“tastes great”) RBClick doubles forwarding rate in Janos (“less filling”)

Download ppt "1 Hybrid Resource Control for Active Extensions Parveen Patel Jay Lepreau University of Utah."

Similar presentations

NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)

NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)
1 Building a Fast, Virtualized Data Plane with Programmable Hardware Bilal Anwer Nick Feamster.

1 Building a Fast, Virtualized Data Plane with Programmable Hardware Bilal Anwer Nick Feamster.
Middleware and Management Support for Programmable QoS-Network Architectures Miguel Rio (joint work with Hermann De Meer, Wolfgang Emmerich, Cecilia Mascolo,

Middleware and Management Support for Programmable QoS-Network Architectures Miguel Rio (joint work with Hermann De Meer, Wolfgang Emmerich, Cecilia Mascolo,
Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,

Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
01/05/2015Leiden Institute of Advanced Computer Science 1 The Open Kernel Environment - spinning Linux - Herbert Bos Bart Samwel

01/05/2015Leiden Institute of Advanced Computer Science 1 The Open Kernel Environment - spinning Linux - Herbert Bos Bart Samwel
Binary Component Adaptation Ralph Keller and Urs Hölzle Dept. of Computer Science University of California, Santa Barbara 1998.

Binary Component Adaptation Ralph Keller and Urs Hölzle Dept. of Computer Science University of California, Santa Barbara 1998.
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.

Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
Janos A Java-oriented Active Network Operating System Jay Lepreau, Patrick Tullmann, Kristin Wright Wilson Hsieh, Godmar Back, many more... University.

Janos A Java-oriented Active Network Operating System Jay Lepreau, Patrick Tullmann, Kristin Wright Wilson Hsieh, Godmar Back, many more... University.
UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.

UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.
Song Han, Xiuming Zhu, Al Mok University of Texas at Austin

Song Han, Xiuming Zhu, Al Mok University of Texas at Austin
Static Analysis of Embedded C Code John Regehr University of Utah Joint work with Nathan Cooprider.

Static Analysis of Embedded C Code John Regehr University of Utah Joint work with Nathan Cooprider.
4 July 2005 overview Traineeship: Mapping of data structures in multiprocessor systems Nick de Koning 0513849 1.

4 July 2005 overview Traineeship: Mapping of data structures in multiprocessor systems Nick de Koning
VIA and Its Extension To TCP/IP Network Yingping Lu Based on Paper “Queue Pair IP, …” by Philip Buonadonna.

VIA and Its Extension To TCP/IP Network Yingping Lu Based on Paper “Queue Pair IP, …” by Philip Buonadonna.
Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.

Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.
CS 268: Active Networks Ion Stoica May 6, 2002 (* Based on David Wheterall presentation from SOSP ’99)

CS 268: Active Networks Ion Stoica May 6, 2002 (* Based on David Wheterall presentation from SOSP ’99)
Attacks on Three Tank System Three Tank System Testing Model-Based Security Features Experimental Platform for Model-Based Design of Embedded Systems Matt.

Attacks on Three Tank System Three Tank System Testing Model-Based Security Features Experimental Platform for Model-Based Design of Embedded Systems Matt.
Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.

Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.
G22.3250-001 Robert Grimm New York University Extensibility: SPIN and exokernels.

G Robert Grimm New York University Extensibility: SPIN and exokernels.
Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Understanding Linux Kernel to Build Software Routers (Qualitative Discussion) Shiv Kalyanaraman,

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Understanding Linux Kernel to Build Software Routers (Qualitative Discussion) Shiv Kalyanaraman,

Similar presentations

Ads by Google