massive multitenancy with v8 isolates
play

Massive Multitenancy with V8 Isolates Kenton Varda - Tech Lead, - PowerPoint PPT Presentation

Sep 25, 2023 •387 likes •813 views

Massive Multitenancy with V8 Isolates Kenton Varda - Tech Lead, Cloudflare Workers The Challenge 165 Locations and growing Scalability can mean... Traffic (requests) Easy: More locations = more capacity. Tenants (apps) Hard: Every tenant in

  1. Massive Multitenancy with V8 Isolates Kenton Varda - Tech Lead, Cloudflare Workers

  2. The Challenge

  3. 165 Locations and growing

  4. Scalability can mean... Traffic (requests) Easy: More locations = more capacity. Tenants (apps) Hard: Every tenant in every location. Some locations are small!

  5. Needed: Efficiency

  6. I, , made or led: ● Protobufs v2 ● Cap'n Proto ● Sandstorm.io ● Cloudflare Workers Warning - I am : ● An experienced speaker ● A graphics designer

  7. Efficiency... App Code Footprint Baseline Memory Usage VM: 10GB VM: 1GB Container: 100MB Container: 100MB Needed: < 1MB Needed: < 5MB Context Switching Startup Time VM: low VM: 10s Container: medium Container: 500ms Needed: extreme Needed: < 5ms

  8. Other use cases APIs Run client code directly on API server. Big Data Processing Run code where the data lives. Web Browsers Run code from visited sites.

  9. We built this already!

  10. Browsers are optimized for...

  11. V8 JavaScript Runtime: An Extreme Multitenancy Engine

  12. Isolates and APIs

  14. VMs Containers Isolates Application Application Application Uncommon libraries Libraries Libraries Web Platform APIs Language Runtime Language Runtime JS Runtime Operating System Operating System Operating System Hardware (virtualized) Hardware Hardware Provided by host Provided by guest

  15. HTTP client: HTTP server:

  16. WebAssembly? WASM Isolates Application Language Libraries Language Runtime Application API Bindings Uncommon libraries Web Platform APIs Web Platform APIs JS Runtime JS Runtime Operating System Operating System Hardware Hardware Missing a way to share common runtimes...

  17. Resource Management

  18. OOM Killing as a First Resort OOM priority Isolate Isolate Isolate Isolate Isolate Isolate Isolate Isolate Isolate Isolate Isolate Desired total memory usage. Evict these. Prioritize: LRU, high memory usage

  19. Resource limits Isolates run on separate threads. CPU timer_create(CLOCK_THREAD_CPUTIME_ID) isolate.TerminateExecution() RAM Monitor with isolate.GetHeapStatistics() Evict isolates that go over limit.

  20. Code Distribution

  21. Security

  22. Is V8 secure enough for servers?

  23. V8 bugs... Deep in v8/src/compiler/typer.cc … Optimizer: " Math.expm1() can return real number or NaN." Forgot: -0 (negative zero) Full sandbox breakout! Awesome writeup: Google "Andrea Biondo V8 bug" Link: https://abiondo.me/2019/01/02/exploiting-math-expm1-v8/

  24. NOTHING IS "SECURE" Security is Risk Management

  25. Relatively more bugs than VMs. Reasons: ● Larger attack surface (Bad) ● More research (Good) ○ Bug Bounty ○ Fuzzing ○ Important target

  26. Risk Management VS Browser Server

  27. Risk Management VS Browser Server Install updates fast.

  28. Risk Management VS Browser Server Install updates fast. Install updates faster.

  29. Risk Management VS Browser Server Install updates fast. Install updates faster. Use separate profiles for trusted vs "suspicious" sites.

  30. Risk Management VS Browser Server Install updates fast. Install updates faster. Use separate profiles for Use separate processes for trusted vs "suspicious" sites. trusted vs. "suspicious" tenants.

  31. Risk Management VS Server Browser

  32. Risk Management VS Server Browser Store all scripts ever uploaded for forensic purposes. No eval().

  33. Risk Management VS Server Browser Store all scripts ever uploaded for forensic purposes. No eval(). Watch for segfaults, inspect scripts that cause them.

  34. Risk Management VS Server Browser Store all scripts ever uploaded … can't, privacy violation. for forensic purposes. No eval(). Watch for segfaults, inspect scripts that cause them.

  35. What about Spectre?

  37. We have no solution We can neither confirm except process nor deny that process isolation. isolation is enough.

  38. Thread 1 Thread 2 No (local) timers No (local) Freedom to (at all!) concurrency reschedule

  39. Big Picture

  40. Granularity Units of Mainframe Compute Commodity Server Virtual Machine Container Isolate

  41. Questions?

Recommend

MULTITENANCY IN KUBERNETES WHAT COMPANIES CARE ABOUT Velocity Cost 2 Hello! I AM KATHARINA

MULTITENANCY IN KUBERNETES WHAT COMPANIES CARE ABOUT Velocity Cost 2 Hello! I AM KATHARINA

MULTITENANCY IN KUBERNETES WHAT COMPANIES CARE ABOUT Velocity Cost 2 Hello! I AM KATHARINA PROBST Im a Senior Engineering Manager at Google. You can find me at www.linkedin.com/in/katharina.probst 3 WHY MULTITENANCY 4 KUBERNETES AT

558 views • 35 slides
Flat no more! Hierarchical multitenancy and projects acting as domains in OpenStack Andrey

Flat no more! Hierarchical multitenancy and projects acting as domains in OpenStack Andrey

Flat no more! Hierarchical multitenancy and projects acting as domains in OpenStack Andrey Brito, Henrique Truta and Raildo Mascena Universidade Federal de Campina Grande 1 Presenters Andrey Brito Professor - Universidade Federal de Campina

969 views • 49 slides
Antifungal Susceptibility of Aspergillus Isolates from the Respiratory Tract of Patients in

Antifungal Susceptibility of Aspergillus Isolates from the Respiratory Tract of Patients in

1 Antifungal Susceptibility of Aspergillus Isolates from the Respiratory Tract of Patients in Canadian Hospitals: Results of the CANWARD 2016 Study. J. FULLER 1,3 , A. BULL 2 , S. SHOKOPLES 2 , T.C. DINGLE 2,3 , H. ADAM 4,5 , M. BAXTER 4 , D. J.

866 views • 25 slides
Resistant Isolates) Being Developed for the Treatment of Vulvovaginal Candidiasis Stephen A.

Resistant Isolates) Being Developed for the Treatment of Vulvovaginal Candidiasis Stephen A.

In Vitro Activity of the Novel Agent, Ibrexafungerp (formerly SCY-078) Against Candida spp. (Including Fluconazole- Resistant Isolates) Being Developed for the Treatment of Vulvovaginal Candidiasis Stephen A. Barat, PhD Vice-President

748 views • 13 slides
The FIFA Universe Massive scale, massive influence, massive corruption First, Some History.

The FIFA Universe Massive scale, massive influence, massive corruption First, Some History.

The FIFA Universe Massive scale, massive influence, massive corruption First, Some History. Football Association (FA) Formed 1863, governs association football in England Prior to this, football was just a school yard sport Rule

579 views • 35 slides
Discordant Tropism Determination for HIV-1 Isolates of CRF01_AE from Asia Wataru Sugiura 1 ,

Discordant Tropism Determination for HIV-1 Isolates of CRF01_AE from Asia Wataru Sugiura 1 ,

Discordant Tropism Determination for HIV-1 Isolates of CRF01_AE from Asia Wataru Sugiura 1 , Sverine Louvel 2 , Nico Pfeifer 3 , Masakazu Matsuda 2 , Yoshiyuki Yokomaku 2 , Rolf Kaiser 4 , Thomas Klimkait 5 rPhenotyping R5-tropic (TAK779)

211 views • 5 slides
Antifungal Susceptibility of Respiratory Aspergillus Isolates from Canadian Hospitals: Results of

Antifungal Susceptibility of Respiratory Aspergillus Isolates from Canadian Hospitals: Results of

1 Antifungal Susceptibility of Respiratory Aspergillus Isolates from Canadian Hospitals: Results of the CANWARD 2013 Study. J. FULLER 1 , S. SHOKOPLES 1 , L. TURNBULL 1 , R. RENNIE 1 , H. ADAM 2,3 , M. BAXTER 2 , D. J. HOBAN 2,3 and G. G. ZHANEL 2

396 views • 25 slides
Antifungal Susceptibility of Invasive Candida Isolates from Canadian Hospitals: Results of the

Antifungal Susceptibility of Invasive Candida Isolates from Canadian Hospitals: Results of the

1 Antifungal Susceptibility of Invasive Candida Isolates from Canadian Hospitals: Results of the CANWARD 2013 Study J. FULLER 1 , S. SHOKOPLES 1 , L. TURNBULL 1 , R. RENNIE 1 , H. ADAM 2,3 , M. BAXTER 2 , D. J. HOBAN 2,3 and G. G. ZHANEL 2 1

542 views • 26 slides
Cytotoxic Activity of Food Isolates of Cronobacter sakazakii and Cronobacter muytjensii from

Cytotoxic Activity of Food Isolates of Cronobacter sakazakii and Cronobacter muytjensii from

Cytotoxic Activity of Food Isolates of Cronobacter sakazakii and Cronobacter muytjensii from Indonesia Siti Nurjanah Supervised by: Prof. Maggy T. Suhartono Dr. Ratih Dewanti Dr. Sri Estuningsih Department of Food Science and Technology and

556 views • 17 slides
from environmental isolates Nicolas Kieffer* 1 , Julia Guzmn Puche 2 , Hyo Jung Kang 3 , Che Ok

from environmental isolates Nicolas Kieffer* 1 , Julia Guzmn Puche 2 , Hyo Jung Kang 3 , Che Ok

18.12.2018 ZHO-1, a novel B1 metallo-beta-lactamases identified from environmental isolates Nicolas Kieffer* 1 , Julia Guzmn Puche 2 , Hyo Jung Kang 3 , Che Ok Jeon 3 , Laurent Poirel 1 Patrice Nordmann 1 1 Medical and Molecular Microbiology

558 views • 19 slides
Source attribution of French clinical isolates of Campylobacter jejuni Pr Philippe Lehours E.

Source attribution of French clinical isolates of Campylobacter jejuni Pr Philippe Lehours E.

Source attribution of French clinical isolates of Campylobacter jejuni Pr Philippe Lehours E. Berthenet, A. Thpault, M. Chemaly, K. Rivoal, A. Ducournau, A. Buissonnire, L. Bnjat, E. Bessede, F. Megraud, SK Sheppard. CHU de Bordeaux,

453 views • 21 slides
Tropism Determination for HIV-1 Subtype C Isolates Alexandra Haas Jolle Bader Thomas Klimkait

Tropism Determination for HIV-1 Subtype C Isolates Alexandra Haas Jolle Bader Thomas Klimkait

Tropism Determination for HIV-1 Subtype C Isolates Alexandra Haas Jolle Bader Thomas Klimkait May 9 th 2015 Department of Biomedicine-Haus Petersplatz, Molecular Virology University of Basel HIV-1 entry and fusion Adapted from Moore et al.

146 views • 10 slides
A different look to massive MIMO Ana Garca Armada Communications Research Group (GCOM)

A different look to massive MIMO Ana Garca Armada Communications Research Group (GCOM)

A different look to massive MIMO Ana Garca Armada Communications Research Group (GCOM) Universidad Carlos III de Madrid, Spain GCOM-UC3M Agenda Introduction to Massive MIMO Wearable massive MMO Non-coherent massive MIMO

470 views • 15 slides
Massive Data Algorithmics Lecture 11: BFS and DFS Massive Data Algorithmics Lecture 11: BFS and

Massive Data Algorithmics Lecture 11: BFS and DFS Massive Data Algorithmics Lecture 11: BFS and

Massive Data Algorithmics Lecture 11: BFS and DFS Massive Data Algorithmics Lecture 11: BFS and DFS Breadth-First Search(BFS) One of the most basic graph-traversal methods - input: G ( V , E ) , undirected - one starting point: s - compute:

521 views • 22 slides
Massive number of services and massive number of stakeholders with local rules Pal Varga and

Massive number of services and massive number of stakeholders with local rules Pal Varga and

1 Massive number of services and massive number of stakeholders with local rules Pal Varga and Jerker Delsing www.arrowhead.eu 03/10/13 3 The society nervous system - the automation challenge 3 Annual growths more than 10% and over 40

494 views • 15 slides
Subsequent Tests with Isolates Terry Wheeler Texas A&amp;M AgriLife Research, Lubbock Field

Subsequent Tests with Isolates Terry Wheeler Texas A&amp;M AgriLife Research, Lubbock Field

Bacterial blight in Texas in 2015 and Subsequent Tests with Isolates Terry Wheeler Texas A&amp;M AgriLife Research, Lubbock Field Protocol for Bacterial Blight Inoculations 1) Grow bacteria in Trypticase Soy Broth for 1 days; 2) Add 1800

367 views • 13 slides
Holographically Viable Extensions of Topologically Massive and Minimal Massive Gravity? Emel

Holographically Viable Extensions of Topologically Massive and Minimal Massive Gravity? Emel

Holographically Viable Extensions of Topologically Massive and Minimal Massive Gravity? Emel Altas, Bayram Tekin Phys. Rev. D 93, 025033 (2016) 23.03.2016 PHYSICdl12 Introduction Research Problem/Open Questions 1) Quadratic Extensions of TMG

812 views • 28 slides
Massive Graviton Geons: self-gravitating massive gravitational waves Katsuki Aoki, Waseda

Massive Graviton Geons: self-gravitating massive gravitational waves Katsuki Aoki, Waseda

Massive Graviton Geons: self-gravitating massive gravitational waves Katsuki Aoki, Waseda University KA, K. Maeda, Y. Misonoh, and H. Okawa, PRD 97, 044005 (2018), [arXiv: 1710.05606]. 2018/03/03 Introduction Vacuum solutions to the Einstein

395 views • 27 slides
Minimal theory of massive gravity Minimal theory of massive gravity Antonio De Felice Yukawa

Minimal theory of massive gravity Minimal theory of massive gravity Antonio De Felice Yukawa

Minimal theory of massive gravity Minimal theory of massive gravity Antonio De Felice Yukawa Institute for Theoretical Physics, YITP, Kyoto U. 2-nd APCTP-TUS Workshop Tokyo, Aug 4, 2015 [with prof. Mukohyama] Introduction dRGT theory:

645 views • 23 slides
Summary Structures for Massive Data Graham Cormode G.Cormode@warwick.ac.uk 7 6 4 1 Massive

Summary Structures for Massive Data Graham Cormode G.Cormode@warwick.ac.uk 7 6 4 1 Massive

Summary Structures for Massive Data Graham Cormode G.Cormode@warwick.ac.uk 7 6 4 1 Massive Data Big data arises in many forms: Physical Measurements: from science (physics, astronomy) Medical data: genetic measurements,

601 views • 22 slides
Exploring the formation epoch of Exploring the formation epoch of massive galaxies massive

Exploring the formation epoch of Exploring the formation epoch of massive galaxies massive

Exploring the formation epoch of Exploring the formation epoch of massive galaxies massive galaxies Michele Cirasuolo Cirasuolo Michele Institute for Astronomy, University of Edinburgh Ross J. McLure, James S. Dunlop O.Almaini, S.

372 views • 22 slides
Generating Massive Amount of Generating Massive Amount of High- -Quality Random Numbers using

Generating Massive Amount of Generating Massive Amount of High- -Quality Random Numbers using

Generating Massive Amount of Generating Massive Amount of High- -Quality Random Numbers using GPU Quality Random Numbers using GPU High Wai-Man Pang, Tien-Tsin Wong, Pheng-Ann Heng The Computer Science and Engineering Department The Chinese

590 views • 20 slides
1. DOF counting for a Massive FP7/2007-2013 graviton ( la Fierz-Pauli) NIRG project

1. DOF counting for a Massive FP7/2007-2013 graviton ( la Fierz-Pauli) NIRG project

Gravity and Cosmology 2018 Massive and Kyoto, 2018 march 1st. Partially Massless (PM) Cdric Deffayet graviton (IAP and IHS, CNRS Paris) on curved space-times 1. DOF counting for a Massive FP7/2007-2013 graviton ( la Fierz-Pauli)

1.05k views • 89 slides
Massive Data Algorithmics Lecture 1: Introduction Massive Data Algorithmics Lecture 1:

Massive Data Algorithmics Lecture 1: Introduction Massive Data Algorithmics Lecture 1:

Introduction Models Massive Data Models Massive Data Algorithmics Lecture 1: Introduction Massive Data Algorithmics Lecture 1: Introduction Introduction Massive Data Models Examples Massive Data Models Massive Data Massive datasets are

408 views • 15 slides

More recommend