1 / 25

vCRIB: Virtual Cloud Rule Information Base

vCRIB: Virtual Cloud Rule Information Base. Masoud Moshref , Minlan Yu, Abhishek Sharma, Ramesh Govindan HotCloud 2012. Introduction. Datacenters use rules to implement management policies. Datacenters use rules to implement management policies.

chapa
Télécharger la présentation

vCRIB: Virtual Cloud Rule Information Base

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. vCRIB: Virtual Cloud Rule Information Base Masoud Moshref, Minlan Yu, Abhishek Sharma, Ramesh Govindan HotCloud2012

  2. Introduction Datacenters use rules to implement management policies Datacenters use rules to implement management policies Datacenters use rules to implement management policies An action on a hypercube of flow space An actionon a hypercube of flow space • Access control • Rate limiting • Traffic measurement • Traffic engineering • Flow fields examples: • Src IP / Dst IP • Protocol • Src Port / Dst Port • Examples: • Deny • Normal • Enqueue Src IP Dst IP • R1=Accept • SrcIP: 12.0.0.0/8 • DstIP: 10.0.0.0/16 R1

  3. Current Practice Rules are saved on predefined fixed machines • Machines have limited resources 1 • Datacenters have different resourceconstraints 2 • Multiple policies may compete for resources 3

  4. vCRIB Goal: Flexible Rule Placement Find the best feasible rule placement based on resource constraints A C B

  5. Future Datacenters will have many fine-grained rules • Regulating VM pair communication • Access control (CloudPolice) • Bandwidth allocation (Seawall) 100K – 1M • Per flow decision • Flow measurement for • traffic engineering (MicroTE, Hedera) 10 – 100M • VLAN per server • Traffic management (NetLord, Spain) 1M

  6. Where to place rules? Hypervisors vs. Switches Hypervisor Switch Software, Slow Hardware, Fast Performance Complex rules OpenFlow rules Flexibility Close to VMs External traffic, Aggregate traffic Entry point Limited CPU budget # TCAM entries Resources

  7. Rule Location Trade-off (Resource vs. Bandwidth Usage) Storing rules at hypervisor incurs CPU processing overhead

  8. Rule Location Trade-off (Resource vs. Bandwidth Usage) Move the rule to ToR switch and forward traffic Saving the rules at hypervisor uses all CPU budget

  9. Can we reduce Open vSwitch CPU usage? The set of ignore bits in the mask R1=Accept, DstIP: 10.0.0.0/16, SrcIP: 12.0.0.0/8 1111111111111111****************, 11111111************************ Handle same number of new flows with lower CPU budget

  10. Rule Location Trade-off (Resource vs. Bandwidth Usage) If rule memory is limited in one switch

  11. Rule Location Trade-off (Resource vs. Bandwidth Usage) Can tradeoff bandwidth within the switch fabric, in addition to trading-off bandwidth between hypervisors and switches just move the rule to another switch

  12. Our Approach: vCRIB, a Virtual Cloud Rule Information Base Proactive rule placement abstraction layer Flexible rule placement at hypervisors and switches • Allow operators to define fine-grained rules without worrying • about placement • Optimize performance given resource constraints Rules

  13. Challenges: Overlapping Rules Rules

  14. Challenges: Overlapping Rules Src IP Dst IP R0 R1 R1 R3 R2 R4

  15. Challenges: Overlapping Rules • Partitions rules to reduce overlapping rules dependency R5 R3 R1 R0 R1 R0 R5 R3 R0 R1 R3 R7 R2 R7 R2 R2 R6 R8 R6 R8 R4 R4 R4 • Splitting rules covering multiple partitions causes inflation

  16. vCRIB: Partitioning • Recursively cut partitions to create a BSP tree R5 R3 R1 R0 • Select a cut that • balances two partitions • creates fewest number of new rules R7 R2 R0 R1 R3 R3 R5 R2 R6 R8 R7 • Smaller partitions • are more flexible to place • match fewer communicating VMs R4 R4 R4 • Stop whenever a resource at a node is exhausted

  17. Challenges: Placement Complexity • Constraints • Functionality • Machine resources • Goal • Minimize traffic overhead • Minimize delay • Minimize cost of bandwidth usage vs. saved CPU R5 R3 R1 R0 R7 R2 R6 R8 T11 • Different partition sizes • Different machine capacities • Different traffic overhead for each partition location T21 R4 T22 T23 T32 • Generalized Assignment Problem T33

  18. vCRIB: Placement (Branch and Bound) Select the largest unassigned partition Place it on a switch/hypervisor • Capable of handling its rules • Functionality • Resources • Make minimum traffic overhead

  19. vCRIB Architecture vCRIB Manager Partitions Traffic and Topology information R5 R5 R3 R3 R1 R1 R0 R0 Partitioning Placement R7 R7 R2 R2 R0 R1 R3 R3 R5 R2 R6 R6 R8 R8 Rules R7 R4 R4 Rule Placement R4 R4

  20. Evaluation: Goal • Can partitioning algorithm achieve small partitions? • Can placement algorithm leverage resource availability to decrease traffic overhead? • Configuration • 100 VMs per machine • 10K flows (10KB) per machine • ClassBench rules • 1K rule capacity per switches

  21. Evaluation: Partitioning Maximum size of partitions goes down as resources increase Change rule capacity to show the effect of different CPU budgets

  22. Evaluation: Placement For each machine select VM addresses from a contiguous IP range R5 R3 R7 No traffic decrease Traffic decreases as resources increase • Aggregated addresses make lower traffic overhead • Replication

  23. Conclusion vCRIB provides an abstraction layer for placement of rules in datacenters Places the rules on both hypervisors and switches to achieve the best performance given the resource constraints

  24. Future Work • Exploit performance model of hypervisors & switches • Online Algorithm adjusting to traffic changes • Replication in the partitioning and placement algorithm

  25. vCRIB: Virtual Cloud Rule Information Base Masoud Moshref, Minlan Yu, Abhishek Sharma, Ramesh Govindan HotCloud2012

More Related