340 likes | 446 Views
NSDI’13. Scalable Rule Management for Data Centers. Masoud Moshref , Minlan Yu, Abhishek Sharma, Ramesh Govindan 4/3/2013. Introduction: Definitions. Datacenters use rules to implement management policies. Datacenters use rules to implement management policies.
E N D
NSDI’13 Scalable Rule Management for Data Centers Masoud Moshref, Minlan Yu, Abhishek Sharma, Ramesh Govindan 4/3/2013
Introduction: Definitions Datacenters use rules to implement management policies Datacenters use rules to implement management policies Datacenters use rules to implement management policies An actionon a set of ranges on flow fields An action on a set of ranges on flow fields • Access control • Rate limiting • Traffic measurement • Traffic engineering • Examples: • Deny • Accept • Enqueue • Flow fields examples: • Src IP / Dst IP • Protocol • Src Port / Dst Port
Introduction: Definitions Datacenters use rules to implement management policies An actionon a set of ranges on flow fields Src IP • R1: Accept • SrcIP: 12.0.0.0/7 • DstIP: 10.0.0.0/8 Dst IP R2 • R2: Deny • SrcIP: 12.0.0.0/8 • DstIP: 8.0.0.0/6 R1
Current practice Rules are saved on predefined fixed machines On hypervisors On switches
Machines have limited resources Top-of-Rack switch TCAM Network Interface Card Software switches on servers
Future datacenters will have many fine-grained rules • VLAN per server • Traffic management (NetLord, Spain) 1M rules • Per flow decision • Flow measurement for • traffic engineering (MicroTE, Hedera) 10M – 100M rules • Regulating VM pair communication • Access control (CloudPolice) • Bandwidth allocation (Seawall) 1B – 20B rules
Rule location trade-off (resource vs. bandwidth usage) TCAM R0 Storing rules at hypervisor incurs CPU overhead
Rule location trade-off (resource vs. bandwidth usage) TCAM R0 Move the rule to ToR switch and forward traffic Storing rules at hypervisor incurs CPU overhead
Challenges: Concrete example VM1 VM3 VM5 VM7 Src IP VM0 VM2 VM4 VM6 0 1 2 3 4 5 6 7 Dst IP 0 R0 R1 R3 1 R4 2 R5 3 4 R2 5 6 R6 7
Challenges: Overlapping rules 0 1 2 3 4 5 6 7 0 R0 R1 R3 • Source Placement: Saving rules on the source machine means minimum overhead 1 R4 2 3 Src IP 4 R2 5 0 1 2 3 4 5 6 7 Dst IP 6 0 R0 R1 R3 7 1 R4 2 R5 3 4 R2 5 6 R6 7 VM2 VM6
Challenges: Overlapping rules 0 1 2 3 4 5 6 7 0 R0 R1 R3 • If Source Placement is not feasible 1 2 3 Src IP 4 R2 5 0 1 2 3 4 5 6 7 Dst IP 6 0 R0 R1 R3 7 1 R4 R4 2 3 4 R2 5 6 7 VM2 VM6
Challenges Preserve the semantics of overlapping rules Respect resource constraints • Heterogeneous devices Minimize traffic overhead Handle Dynamics • Traffic changes • Rule changes • VM Migration
Contribution: vCRIB, a Virtual Cloud Rule Information Base Proactive rule placement abstraction layer Optimize traffic given resource constraints & changes Rules R1 R2 R3 R4 R3
vCRIB design Topology & Routing Source Partitioning with Replication • Overlapping Rules Rules Partitions Minimum Traffic Feasible Placement
Partitioning with replication Smaller partitions have more flexibility Cutting causes rule inflation R6 R2 R5 R0 R4 R2 R6 R5 R3 R3 R0 R0 R2 R5 R3 R8 0 0 0 0 1 1 1 1 2 2 2 2 3 3 3 3 4 4 4 4 5 5 5 5 6 6 6 6 7 7 7 7 0 0 0 0 R7 R 1 R7 R 1 1 1 1 1 2 2 2 2 R0 R4 3 3 3 3 R1 P2 P1 P3 R3 R4 R0 R6 4 4 4 4 R3 R3 5 5 5 5 R0 6 6 6 6 R8 7 7 7 7 R8 R 1 R 1 R7 R1 P1 P2 P3
Partitioning with replication • Introduce the concept of similarity to mitigate inflation P1 P2 (7 rules) R0 R0 R4 R6 0 0 0 1 1 1 2 2 2 3 3 3 4 4 4 5 5 5 6 6 6 7 7 7 R3 R3 R0 R2 R5 0 0 0 R3 1 1 1 2 2 2 R0 R6 R2 R5 R8 3 3 3 R3 4 4 4 A7 R1 R 1 5 5 5 R1 6 6 6 7 7 7 R7 R1 P2(5 rules) P3 (5 rules) P1 (5 rules)
Per-source partitions Src IP Dst IP 0 1 2 3 4 5 6 7 • Limited resource for forwarding • No need for replication to approximate source-placement • Closer partitions are more similar 0 R0 R1 R3 1 R4 2 R5 3 4 R2 5 6 R6 7
vCRIB design: Placement T11 Topology & Routing Source Partitioning with Replication T21 T22 Rules T23 Partitions T32 T33 • Resource Constraints • Traffic Overhead Placement Minimum Traffic Feasible Placement
vCRIB design: Placement Topology & Routing Source Partitioning with Replication Rules Partitions Resource-Aware Placement • Resource Constraints Feasible Placement • Traffic Overhead • Traffic Overhead Traffic-Aware Refinement Traffic-Aware Refinement Minimum Traffic Feasible Placement
FFDS (First Fit Decreasing Similarity) Put a random partition on an empty device Add the most similar partitions to the initial partition until the device is full • Find the lower bound for optimal solution for rules • Prove the algorithm is a 2-approximation of the lower bound
vCRIB design: Heterogeneous resources Topology & Routing Source Partitioning with Replication Rules Partitions Resource-Aware Placement • Resource Heterogeneity Resource Usage Function Feasible Placement Traffic-Aware Refinement Minimum Traffic Feasible Placement
vCRIB design: Traffic-Aware Refinement Topology & Routing Source Partitioning with Replication Rules Partitions Resource-Aware Placement Resource Usage Function Feasible Placement Traffic-Aware Refinement • Traffic Overhead Minimum Traffic Feasible Placement
Traffic-aware refinement • Overhead greedy approach • Pick maximum overhead partition • Put it where minimizes the overhead and maintains feasibility P4 P2 VM2 VM4
Traffic-aware refinement • Overhead greedy approach • Pick maximum overhead partition • Put it where minimizes the overhead and maintains feasibility • Problem: Local minima • Our approach: Benefit greedy P4 P2 VM2 VM4
vCRIB design: Dynamics Topology & Routing Source Partitioning with Replication Rules Partitions Resource-Aware Placement Rule/VM Dynamics Resource Usage Function Feasible Placement Traffic-Aware Refinement • Dynamics Major Traffic Changes Minimum Traffic Feasible Placement
vCRIB design Topology & Routing Source Partitioning with Replication • Overlapping Rules Rules • Resource Constraints Partitions Resource-Aware Placement Rule/VM Dynamics • Resource Heterogeneity Resource Usage Function Feasible Placement Traffic-Aware Refinement • Traffic Overhead Major Traffic Changes • Dynamics Minimum Traffic Feasible Placement
Evaluation • Comparing vCRIB vs. Source-Placement • Parameter sensitivity analysis • Rules in partitions • Traffic locality • VMs per server • Different memory sizes • Where is the traffic overhead added? • Traffic-aware refinement for online scenarios • Heterogeneous resource constraints • Switch-only scenarios
Simulation setup • 1k servers with 20 VMs per server in a Fat-tree network • 200k rules generated by ClassBench and random action • IPs are assigned in two ways: • Random • Range • Flows • Size follows long-tail distribution • Local traffic matrix (0.5 same rack, 0.3 same pod, 0.2 interpod) 0 1 2 3 4 5 6 7
Comparing vCRIB vs. Source-Placement • Maximum Load is 5K Capacity is 4K • Random: Average load is 4.2K • vCRIB finds low traffic feasible solution • Range is better as similar partitions are from the same source • Adding more resources helps vCRIB reduce traffic overhead
Parameter sensitivity analysis: Rules in partitions Total space vCRIB Feasible Source placement • Defined by maximum load on a server
Parameter sensitivity analysis: Rules in partitions Total space vCRIB A vCRIB <10% Traffic <10% Traffic A Source placement Lower traffic overhead for smaller partitions and more similar ones
Conclusion and future work • Conclusion vCRIB allows operators and users to specify rules, and manages their placement in a way that respects resource constraints and minimizes traffic overhead. • Future work • Support reactive placement by adding the controller in the loop • Break a partition for large number of rules per VM • Test for other rulesets
NSDI’13 Scalable Rule Management for Data Centers Masoud Moshref, Minlan Yu, Abhishek Sharma, Ramesh Govindan 4/3/2013