260 likes | 274 Views
This paper presents Cataclysm, a comprehensive approach for handling extreme overloads in internet applications. It introduces a novel policer that can scale during overloads, dynamic provisioning for both application and policer, and SLA-based performance adaptation.
E N D
Cataclysm: Policing Extreme Overloads in Internet Applications Bhuvan Urgaonkar and Prashant Shenoy University of Massachusetts
Motivation • Internet applications used in a variety of domains • Online banking, online brokerage, online music store, e-commerce • Internet usage continues to grow rapidly • Broadband deployment is accelerating • Outages of Internet applications more common “Site not responding” “connection timed out”
Internet Application Outages Holiday Shopping Season 2000: Down for 30 minutes Periodic outages over 4 days Average download time ~ 260 sec 9/11: site inaccessible for brief periods Cause: Too many users leading to overload
Internet Data Centers • Internet applications run on data centers • Server farms • Provide computational and storage resources • Applications share data center resources • Problem: How can the platform handle extreme overloads seen by applications?
Handling Extreme Overloads • Existing work is based on three approaches • Request policing [Kanodia00, Li00, Verma03, Welsh03, …] • Dynamic capacity provisioning [Chase01, Ranjan04] • Degrade performance of admitted requests [Abdelzaher99] • Shortcomings of existing work: • Does not attempt to integrate these three approaches • Does not address scalability of the policer! • The policer itself may become the bottleneck during overloads
Our Contribution: Cataclysm • Comprehensive approach • Novel policer that can scale during overloads • Dynamic provisioning for both application and policer • SLA-based performance adaptation • Implementation and evaluation on a Linux cluster • Focus of this talk: design of the policer
Talk Outline • Motivation • Internet data center model • Request policing • Cataclysm Server Platform • Experimental results • Summary
Data Center Model Retail Web site streaming • Dedicated hosting: each application runs on a subset of servers in the data center • Subsets are mutually exclusive: no server sharing • Data center hosts multiple applications • Free server pool: unused servers
Internet Application Model load balancing sentry • Internet applications replicated on multiple servers • E.g., clustered HTTP • Each application employs a sentry • Load balancing and request policing • One or more request classes • Service-level agreement • Specifies certain guaranteed request admission rate per class • Specifies allowed degradation in response time with arrival rate requests dropped requests http
Talk Outline • Motivation • Internet data center model • Request policing • Cataclysm Server Platform • Experimental results • Summary
Policer: Design Goals • Class-based differentiation • Each class should sustain its guaranteed admission rate • Revenue maximization • Challenging due to online nature of the problem • An admitted request may cause a more important request arriving later to be dropped • Approach: Preferential admission to higher class requests • Scalability • The policer should remain operational even under extremely high arrival rates
Overview of Policer Design Admission control dgold • Cataclysm policer has three components • Request classifier and per-class leaky buckets • Class-specific queues • Admission control Class gold admitted dsilver Class silver Classifier dropped dbronze Class bronze Leaky buckets Class-specific queues
Class-based Differentiation Admission control dgold Class gold admitted dsilver Class silver Classifier dropped dbronze Class bronze Leaky buckets Class-specific queues • Each incoming request undergoes classification • Per-class leaky buckets used to ensure that rates guaranteed in SLA are admitted
Revenue Maximization Admission control dgold Class gold admitted dsilver Class silver Classifier dropped dbronze Class bronze Leaky buckets Class-specific queues • Idea: Add different delays in processing of requests of different classes • More important requests processed more frequently • Methodology to compute delay values in online manner • Bounds probability of a request denying admission to a more important request
Admission Control Admission control dgold Class gold admitted dsilver Class silver Classifier dropped dbronze Class bronze Leaky buckets Class-specific queues • Goal: Ensure that an admitted request meets its response time target • Measurement-based admission control algorithm • Use information about current load on servers and estimated size of new request to make decision
Scalability of Admission Control • Idea #1: Reduce the per-request admission control cost • Admission control on every request may be expensive • Bursty arrivals during overloads => batches get formed • Delays for class-based differentiation => batches get formed • Admission control test that operates on batches instead of requests • Idea #2: Sacrifice accuracy for computational overhead • When batch-based processing becomes prohibitive • Threshold-based scheme • E.g., Admit all Gold requests, drop all Silver and Bronze requests • Thresholds chosen based on observed arrival rates and service times • Extremely efficient • Wrong threshold => bad response times or fewer requests admitted
Scaling Even Further … • Protocol processing overheads will saturate sentry resources at extremely high arrival rates • Indiscriminate dropping of requests will occur • Important requests may be turned away without even undergoing the admission control test • Loss in revenue! • Sentry should still be able to process each arriving request! • Idea: Dynamic capacity provisioning for sentry • Pull in an additional sentry if CPU utilization of existing sentries exceeds a threshold (e.g., 90%) • Round-robin DNS to load balance among sentries
Talk Outline • Motivation • Internet data center model • Request policing • Cataclysm Server Platform • Experimental results • Summary
Cataclysm Server Platform • Prototype data center • 20 Pentium servers • Gigabit switches • Linux-based platform • Sentry implemented in Layer-7 switch • Linux module ktcpvs • Replicated Web server applications using Apache • Dynamic content using PHP
Fraction admitted 1 0.8 Fraction admitted Gold 0.6 Silver 0.4 Bronze 0.2 0 0 100 200 300 400 500 Time (sec) Class-based Differentiation • Three classes of requests: Gold, Silver, Bronze • Policer successful in providing preferential admission to important requests
Threshold-based: Higher Scalability • Threshold-based processing allows the policer to handle upto 4 times higher arrival rate • Single sentry can handle about 19000 req/s
Threshold-based: Loss of Accuracy • Higher scalability comes at a loss in accuracy of admission control • Occasional violations of response time targets
Arrical rate 50000 40000 30000 Total arrival Arrival rate (req/s) Arival at sentry 1 20000 10000 0 0 100 200 300 400 500 600 Time (sec) Sentry Provisioning
Summary • Cataclysm: a comprehensive overload management technique consisting of • Request policing • Dynamic capacity provisioning • SLA-based performance adaptation • Cataclysm achieves the following • Class-based differentiation • Revenue maximization • Ability to scale to extreme overloads • More information: http://lass.cs.umass.edu