Fine-Grained Isolation for Scalable, Dynamic, Multi-tenant Edge Clouds Yuxin Ren, Guyue Liu, Vlad Nitu, Wenyuan Shao, Riley Kennedy, Gabriel Parmer, Timothy Wood, Alain Tchana Presented by: Vlad Nitu
Edge Cloud • 40 million IoT devices in 2027 • CPSs require real-time reaction • “code moving to data” -> edge computing • Edge clouds: tiny datacenters deployed close to the user EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 2
Edge cloud • Application requirements: • “Bump-in-the-wire” -> 5G Cellular processing, network middleboxes… Firewall • Predictable low latency -> Edge caches, IoT/CPS control… • Edge Cloud requirements: • Serve a large number of clients with high churn • Efficiently use limited resources • Guarantee strong isolation: between untrusted services and clients EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 3
Edge Cloud: Isolation TLS Termination Firewall Inference IDS Memcached EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 4
Edge Cloud: Isolation TLS Termination Service isolation Firewall Inference IDS Memcached EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 5
Edge Cloud: Isolation TLS Termination Client Firewall Inference isolation IDS Memcached EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 6
Existing Solutions • Process • Container • Virtual machine EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 7
Existing Solutions Isolation Scalability Startup time High performance networking û ○ ○ ü process û ○ ○ ○ container û û Virtual û ü machine EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 8
Existing Solutions Isolation Scalability Startup time High performance networking û ○ ○ ü process û ○ ○ ○ container û û Virtual û ü machine ü EdgeOS ü ü ü EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 9
EdgeOS Isolation Scalability Startup time High performance networking process û û ○ ○ container EdgeOS: Isolation, Predictability, and Scale → Based on Composite microkernel OS, designed for Real-Time guarantees û û Virtual → High speed data movement (10Gbps+) without sacrificing isolation û ü → Startup 170X faster than fork+exec and 84,000X faster than containers! machine → Scales to 1000s of services per host = 1 service per user! EdgeOS ü EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 10
How is this possible? 1. Feather Weight Processes 2. Memory Movement Accelerator FWP FWP FWP FWP FWP MMA FWP Lightweight process abstraction Mediates FWP communication Minimal memory footprint Securely copies data Recycle FWP for fast startup Efficiently manages buffers 3. uKernel and Control Plane Manages lifecycle and scheduling Defines FWP data flow Capability-based access control EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 11
EdgeOS architecture • FWP (Feather-Weight Processes): In ring Out ring • Minimal abstractions: memory + a Firewall small set of kernel resources FWP • Input and output message rings • Library-based OS services • Small enough to instantiate one per incoming client or group of clients • Recycled to clean state for fast startup Https Proxy FWP EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 12
EdgeOS architecture • MMA (Memory Movement Accelerator): Firewall • Enables chains of FWP services FWP • Enforce isolation through data copying • Executed on dedicated cores MMA • Sustain throughput competitive with data sharing • Optimized buffer allocation and integration Https Https with the FWP scheduler Proxy Proxy FWP FWP EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 13
EdgeOS architecture • Data plane: • FWPs and MMA • DPDK-based networking • Control plane: • The EdgeOS controller • The FWP Manager • The Scheduler EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 14
EdgeOS: packet processing steps (2) (7) (1) (6) (3) (4) (5) EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 15
Evaluation: start time • Docker: the execution time of “docker start” • Firecracker: the start time of the recommended “hello” image • Linux: fork() + exec() 521 1000 126 100 Start Time (ms) 10 1.058 1 0.048 0.1 0.0062 0.01 0.001 Docker Fire fork EOS EOS start cracker +exec create activate EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 16
Evaluation: start time • EdgeOS creates an FWP 20x faster than a Linux process 521 1000 126 100 Start Time (ms) 10 1.058 1 20x 0.048 0.1 0.0062 0.01 0.001 Docker Fire fork EOS EOS start cracker +exec create activate EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 17
Evaluation: start time • EdgeOS creates an FWP 20x faster than a Linux process • When the FWP is cached, the activation time is 170x faster than Linux 521 1000 126 100 Start Time (ms) 10 1.058 1 170x 0.048 0.1 0.0062 0.01 0.001 Docker Fire fork EOS EOS start cracker +exec create activate EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 18
Evaluation: start time • EdgeOS creates an FWP 20x faster than a Linux process • When the FWP is cached, the activation time is 170x faster than Linux • FWP activation is ~10 5 faster than “docker start” 521 1000 126 100 Start Time (ms) 10 1.058 ~10 5 1 0.048 0.1 0.0062 0.01 0.001 Docker Fire fork EOS EOS start cracker +exec create activate EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 19
Evaluation: memcopy overhead • EdgeOS provides isolation and adds negligible overheads ONVM-64 EOS-64 ONVM-1024 EOS-1024 10 Throughput(Gbps) 8 6 4 2 0 1 2 3 4 5 6 Chain Length EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 20
Evaluation: scalability FPWs as middleboxes 30 ONVM-chain 25 ONVM-chain Latency (100us) ONVM-single 20 ONVM-single 15 EOS-chain EOS-chain 10 EOS-single EOS-single 5 0 0 400 800 1200 1600 2000 #Clients EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 21
Evaluation: scalability FPWs as middleboxes 30 ONVM-chain 25 ONVM-chain Latency (100us) ONVM-single 20 ONVM-single 15 EOS-chain EOS-chain 10 EOS-single EOS-single 25x 5 0 0 400 800 1200 1600 2000 #Clients EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 22
Evaluation: scalability FPWs as middleboxes 30 ONVM-chain 25 ONVM-chain Latency (100us) ONVM-single 20 ONVM-single 15 EOS-chain EOS-chain 10 2x EOS-single EOS-single 5 0 0 400 800 1200 1600 2000 #Clients EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 23
Evaluation: scalability FWPs as TLS proxys EOS throughput Linux throughput 80 Throughput (10K reqs/sec) 60 40 20 0 0 200 400 600 800 1000 #Instances EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 24
Conclusion • EdgeOS: an OS for Edge clouds • Strong copy-based isolation • Minimalistic execution instances • Optimized for high churn and dense multi-tenancy • Start-up times up to 170x faster than Linux processes and 10 5 x faster than Docker containers • Maintain line rate even with chains of 6 FWPs • Substantially improved scalability EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 25
Thank you for your attention! Vlad Nitu: vlad.nitu@insa-lyon.fr Yuxin Ren: ryx@gwmail.gwu.edu Gabriel Parmer: gparmer@gwu.edu Timothy Wood: timwood@gwu.edu EdgeOS: Fine-Grained Isolation for Scalable, Dynamic, Multi-Tenant Edge Clouds – USENIX ATC 2020 26
Recommend
More recommend
