performance isolation across virtual machines in xen
play

Performance isolation across virtual machines in Xen Diwaker Gupta , - PowerPoint PPT Presentation

Jan 30, 2024 •30 likes •410 views

Performance isolation across virtual machines in Xen Diwaker Gupta , Lucy Cherkasova, Amin Vahdat Robert Gardner University of California, Hewlett-Packard Laboratories, Palo Alto & Fort Collins San Diego Middleware Software that

  1. Performance isolation across virtual machines in Xen Diwaker Gupta , Lucy Cherkasova, Amin Vahdat Robert Gardner University of California, Hewlett-Packard Laboratories, Palo Alto & Fort Collins San Diego

  2. Middleware  Software that connects software components or applications, often to support complex, distributed systems (source: Wikipedia )  All about virtualization of resources and abstracting out hardware heterogeneity  Goal is to efficiently utilize a shared infrastructure  It is critical to protect users from one another Diwaker Gupta Middleware ’06 2 12/01/2006

  3. Virtual Machines  Software that creates a virtualized environment for the end-user (source: Wikipedia)  Abstract out hardware heterogeneity  Provides isolated execution environment for users Virtual machines seem like good technology for building Middleware Diwaker Gupta Middleware ’06 3 12/01/2006

  4. HP SoftUDC, Amazon EC2 Diwaker Gupta Middleware ’06 4 12/01/2006

  5. Requirements from VM platform  Fault isolation  Performance isolation  Performance of one VM should not impact performance of another VM  Related concept: resource isolation  Resource isolation is necessary for performance isolation, but is it sufficient? This work focuses on the performance isolation in Xen [SOSP 2003] Diwaker Gupta Middleware ’06 5 12/01/2006

  6. Evolution of I/O Model in Xen Xen 1.x: Device Xen 3.x: Device drivers drivers in hypervisor in driver domains Dom-0 Dom-0 VM VM IDD netback netfront Pseudo Pseudo NIC Disk blkback blkfront Xen N/W Driver Disk Driver Xen NIC Disk NIC Disk Diwaker Gupta Middleware ’06 6 12/01/2006

  7. Driver Domains  Execution container vs. resource principle Dom-0 VM  Resource consumption of IDD a VM may span several netback netfront driver domains blkback blkfront  Accurate accounting and resource allocation Xen Hypervisor  Resource consumption by an IDD on behalf of a NIC Disk VM Diwaker Gupta Middleware ’06 7 12/01/2006

  8. Two concrete problems  How does one control the aggregate resource consumption of a VM (including resources consumed in a driver domain on its behalf)?  How does one control the resource consumed by a VM within a driver domain? Diwaker Gupta Middleware ’06 8 12/01/2006

  9. General Strategy  Measure  Profiling tools  Allocate  Modifications to the CPU scheduler  Control  Mechanisms to control resource usage Our work focuses on CPU and network I/O. Diwaker Gupta Middleware ’06 9 12/01/2006

  10. XenMon  Events: anything “interesting” (domain started running, a packet was sent, domain woke up etc)  Events analyzed in user space to generate meaningful metrics (e.g. blocking time, waiting time etc)  Flexible measurement granularity: over 10s, over 1s, avg per execution period  Included in the official Xen code tree Diwaker Gupta Middleware ’06 10 12/01/2006

  11. XenMon Architecture VM Dom-0 xenmon Xenbaked: process events Events logged in trace buffers Xentrace: generate events Xen More details on XenMon available in HP Labs tech report HPL-2005-187 Diwaker Gupta Middleware ’06 11 12/01/2006

  12. Two concrete problems  How does one control the aggregate resource consumption of a VM (including resources consumed in a driver domain on its behalf)?  How does one control the resource consumed by a VM within a driver domain? Diwaker Gupta Middleware ’06 12 12/01/2006

  13. Problem: Controlling aggregate CPU  Example  Single CPU system  SEDF (Simple Earliest Deadline First) in non work-conserving mode (hard reservations)  VM-1: web server, 60%  Dom-0: driver domain, 40%  How to control aggregate CPU consumption? General scenario: Two workloads with different characteristics (I/O vs. CPU intensive) are given equal shares. Do they really get equal shares? Diwaker Gupta Middleware ’06 13 12/01/2006

  14. Aggregate CPU consumption Aggregate Ideal Diwaker Gupta Middleware ’06 14 12/01/2006

  15. Controlling aggregate CPU  Goal: allocate CPU shares accounting for aggregate CPU consumption  Steps:  Partition CPU consumption in IDD for different VMs  Charge this debt back to the VM  Partitioning: timing code paths vs. heuristics  Heuristic for partitioning: CPU overhead is proportional to the amount of I/O Diwaker Gupta Middleware ’06 15 12/01/2006

  16. Packet counting in netback CPU overhead is proportional to rate of packets CPU overhead is independent of packet size • CPU overhead is different for send and receive paths • But send:receive cost is constant Diwaker Gupta Middleware ’06 16 12/01/2006

  17. SEDF Debt Collector (SEDF-DC)  Count packets corresponding to each VM  Compute weighted packet count (using the send:receive factor)  Partition CPU consumed by IDD using weighted packet counts  Charge debt of each VM to its CPU consumption in the scheduler Diwaker Gupta Middleware ’06 17 12/01/2006

  18. SEDF-DC Example VM-2 r =10ms r =8ms Service time = 6ms Dom-0 r =6ms r =10ms VM-1 t =0: Both VM-1 and VM-2 have remaining time 10ms t= 10ms: Dom-0 ran for 6ms to service VM traffic SEDF-DC reduces remaining time of VM-1 by 2ms and VM-2 by 4ms respectively Diwaker Gupta Middleware ’06 18 12/01/2006

  19. SEDF-DC in action Aggregate Diwaker Gupta Middleware ’06 19 12/01/2006

  20. SEDF-DC Summary  SEDF-DC addresses problem for SEDF in single processor case  Idea can be extended to other CPU schedulers in Xen (such as Credit)  Spread debt across multiple execution periods to avoid starvation But still no QoS in the driver domain Diwaker Gupta Middleware ’06 20 12/01/2006

  21. Two concrete problems  How does one control the aggregate resource consumption of a VM (including resources consumed in a driver domain on its behalf)?  How does one control the resource consumed by a VM within a driver domain? Diwaker Gupta Middleware ’06 21 12/01/2006

  22. Problem: Controlling resource consumption in driver domain  Scenario  SEDF, dual processor machine, non work-conserving mode  Dom-1: Web server, 33% on CPU-2 (10KB files)  Dom-2: Web server, 33% on CPU-2 (100KB files)  Dom-3: File transfer, 33% on CPU-2  Dom-0: 60% on CPU-1  File transfer begins 20s into the experiment  Goal: file transfer in VM-3 should not affect web servers in VM-1 and VM-2 Diwaker Gupta Middleware ’06 22 12/01/2006

  23. No QoS in driver domain Webserver throughput CPU utilization Dom-0 CPU utilization Diwaker Gupta Middleware ’06 23 12/01/2006

  24. Providing Qos in driver domains  Problem: No way to control how much CPU each VM consumes in Dom-0  ShareGuard  Periodically monitor CPU usage using XenMon  IP tables in Dom-0 turn off traffic for offenders  Added similar functionality to netback  Repeated experiment, with VM-3 restricted to 5% CPU in Dom-0 Diwaker Gupta Middleware ’06 24 12/01/2006

  25. ShareGuard in action Webserver throughput CPU utilization CPU in Dom-0 for Dom-3 is 4.42% over the run Dom-0 CPU utilization Diwaker Gupta Middleware ’06 25 12/01/2006

  26. The big picture  Both SEDF-DC, ShareGuard depend on XenMon  ShareGuard only works for network I/O, SEDF-DC is workload agnostic  ShareGuard is independent of the CPU scheduler  ShareGuard is intrusive (actively blocks traffic) whereas SEDF-DC is more passive and transparent Diwaker Gupta Middleware ’06 26 12/01/2006

  27. Conclusion  Performance isolation is crucial in multi- user environments  Current I/O model in Xen breaks performance isolation  Mantra: Measure, Allocate, Control  XenMon, SEDF-DC, ShareGuard are steps in this direction  Hardware support will (hopefully) enable more comprehensive solutions Diwaker Gupta Middleware ’06 27 12/01/2006

  28. Thanks! Questions? http://sysnet.ucsd.edu/~dgupta dgupta@cs.ucsd.edu Diwaker Gupta Middleware ’06 28 12/01/2006

  29. Resource Isolation  Common resources: CPU, Disk, Memory, Network  Spatial (disk, memory) vs. Temporal resources (CPU)  Partitioning vs. Time sharing  Quality of Service  Availability  Cost of access  CPU is special: now just how much, but also when? Diwaker Gupta Middleware ’06 29 12/01/2006

  30. Isolated Driver Domains  Are they happening?  We need accurate accounting. But how?  ShareGuard only works for network I/O. What about disk?  We’ve tried  Memory page exchanges [USENIX 05]  Weighted packet counts  Instrumentation? Diwaker Gupta Middleware ’06 30 12/01/2006

  31. Allocating resources for IDD  IDDs are critical for I/O performance  Scheduling parameters have significant impact  Different schedulers need different tuning  Example: on a uni-processor machine, for a web server under load, is it better to give more weight to the VM or to Dom-0? Diwaker Gupta Middleware ’06 31 12/01/2006

  32. Work Conserving Diwaker Gupta Middleware ’06 32 12/01/2006

  33. Non work conserving Diwaker Gupta Middleware ’06 33 12/01/2006

  34. Other challenges  Separating costs in presence of multiple drivers  CPU partitioning for other kinds of I/O traffic  Isolation of low level resources (PCI bus bandwidth, L1/L2 caches etc)  Choosing and configuring the right scheduler Diwaker Gupta Middleware ’06 34 12/01/2006

Recommend

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines: Virtual machine technology, often just called virtualization , makes one computer behave as several Running several operating systems simultaneously on

254 views • 10 slides
ISOLATION DEFENSES GRAD SEC OCT 03 2017 ISOLATION Running untrusted code in a trusted

ISOLATION DEFENSES GRAD SEC OCT 03 2017 ISOLATION Running untrusted code in a trusted

ISOLATION DEFENSES GRAD SEC OCT 03 2017 ISOLATION Running untrusted code in a trusted environment Possibly with multiple tenants Setting OS: users / processes Browser: webpages / browser extensions Cloud: virtual machines (VMs)

272 views • 25 slides
Virtual Machine Introspection Isolation Interpretation Interposition Isolation

Virtual Machine Introspection Isolation Interpretation Interposition Isolation

Virtual Machine Introspection Isolation Interpretation Interposition Isolation From in-guest kernel/userspace Provided by Xen Buggy emulation blurres the line From trusted computing base (TCB) Possible via Xen

286 views • 26 slides
System Virtual Machines Introduction Key concepts Resource virtualization

System Virtual Machines Introduction Key concepts Resource virtualization

System Virtual Machines Introduction Key concepts Resource virtualization processors memory I/O devices Performance issues Applications EECS 768 Virtual Machines 1 Introduction System virtual machine

621 views • 38 slides
Virtual machines COMP 520 Fall 2012 Virtual machines (2) Compilation and execution modes of

Virtual machines COMP 520 Fall 2012 Virtual machines (2) Compilation and execution modes of

COMP 520 Fall 2012 Virtual machines (1) Virtual machines COMP 520 Fall 2012 Virtual machines (2) Compilation and execution modes of Virtual machines: Abstract syntax trees AOT-compile Interpreter Virtual machine code

662 views • 40 slides
Virtual Machines Tom Goff & David Dufresne We have created virtual machines for both

Virtual Machines Tom Goff & David Dufresne We have created virtual machines for both

Motivation for using Virtual Machines Tom Goff & David Dufresne We have created virtual machines for both VirtualBox and Vmware Player. Both options are supported across several platforms, but experience says that some hardware plays

178 views • 5 slides
Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits?

Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits?

Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits? Virtualization Creation of an isomorphism that maps a virtual guest system to a real host: Maps guest state S to host state V(S) For any

271 views • 26 slides
A Case for High Performance Computing with Virtual Machines Wei Huang*, Jiuxing Liu + , Bulent

A Case for High Performance Computing with Virtual Machines Wei Huang*, Jiuxing Liu + , Bulent

A Case for High Performance Computing with Virtual Machines Wei Huang*, Jiuxing Liu + , Bulent Abali + , and Dhabaleswar K. Panda* *The Ohio State University +IBM T. J. Waston Research Center ICS'06 -- June 28th, 2006 Presentation Outline

407 views • 29 slides
Free Up Your Desktop! Using Research Virtual Machines For Research Martin Feller Centre for

Free Up Your Desktop! Using Research Virtual Machines For Research Martin Feller Centre for

Free Up Your Desktop! Using Research Virtual Machines For Research Martin Feller Centre for eResearch Research Compute - the long tail NeSI: NeSI Virtual Machines Linux only Batch scheduling Performance Complex for

414 views • 15 slides
Introduction to Virtual Machines Introduction Abstraction and interfaces Virtualization

Introduction to Virtual Machines Introduction Abstraction and interfaces Virtualization

Introduction to Virtual Machines Introduction Abstraction and interfaces Virtualization Computer system architecture Process virtual machines System virtual machines 1 EECS 768 Virtual Machines Abstraction Mechanism to

704 views • 31 slides
Virtual machines should be invisible (and might be augmented) Stephen Kell

Virtual machines should be invisible (and might be augmented) Stephen Kell

Virtual machines should be invisible (and might be augmented) Stephen Kell stephen.kell@cs.ox.ac.uk some joint work with Conrad Irwin (University of Cambridge) Virtual machines should be. . . p.1/37 Spot the virtual machine (1) Virtual

963 views • 40 slides
Virtual Machines Disclaimer: some slides are adopted from book authors slides with permission 1

Virtual Machines Disclaimer: some slides are adopted from book authors slides with permission 1

Virtual Machines Disclaimer: some slides are adopted from book authors slides with permission 1 Recap: Virtual Machines Enabling technology of cloud computing Basic idea: Provide machine abstractions 2 Recap: Virtual Machines

465 views • 23 slides
Virtual Machines Should Be Invisible Stephen Kell stephen.kell@cs.ox.ac.uk joint work with

Virtual Machines Should Be Invisible Stephen Kell stephen.kell@cs.ox.ac.uk joint work with

Virtual Machines Should Be Invisible Stephen Kell stephen.kell@cs.ox.ac.uk joint work with Conrad Irwin (University of Cambridge) Virtual machines should be. . . p.1/20 Spot the virtual machine (1) Virtual machines should be. . .

897 views • 20 slides
Secure Computer Organization and System Design (lecture 11) Jean-Pierre Seifert Quality

Secure Computer Organization and System Design (lecture 11) Jean-Pierre Seifert Quality

Secure Computer Organization and System Design (lecture 11) Jean-Pierre Seifert Quality Engineering University of Innsbruck 1 30.01.14 Virtual Machines and Security 1. The Confinement Problem and Isolation 2. What are Virtual Machines and

1.04k views • 81 slides
Xen Hypervisor security in VM isolation Yanick de Jong 4 February 2009 Research Question?

Xen Hypervisor security in VM isolation Yanick de Jong 4 February 2009 Research Question?

Xen Hypervisor security in VM isolation Yanick de Jong 4 February 2009 Research Question? What are the risks involved with merging Xen servers in different segments of the network and put all virtual machines together on one machine?

457 views • 14 slides
Harmonizing Performance and Isolation in Microkernels with Efficient Intra-kernel Isolation and

Harmonizing Performance and Isolation in Microkernels with Efficient Intra-kernel Isolation and

Harmonizing Performance and Isolation in Microkernels with Efficient Intra-kernel Isolation and Communication Jinyu Gu , Xinyue Wu, Wentai Li, Nian Liu, Zeyu Mi, Yubin Xia, Haibo Chen Monolithic Kernel and Microkernel 2 Monolithic Kernel and

336 views • 23 slides
1 2 The first set of slides will introduce the basics of virtualization and virtual machines.

1 2 The first set of slides will introduce the basics of virtualization and virtual machines.

So we will start the course with an introduction on virtual machines. 1 2 The first set of slides will introduce the basics of virtualization and virtual machines. Many of these concepts should be familiar to students from other classes,

487 views • 47 slides
CPI 2 : CPU performance isolation for shared compute clusters 1. Xiao Zhang 2. Eric Tune 3.

CPI 2 : CPU performance isolation for shared compute clusters 1. Xiao Zhang 2. Eric Tune 3.

CPI 2 : CPU performance isolation for shared compute clusters 1. Xiao Zhang 2. Eric Tune 3. Robert Hagmann 4. Rohit Jnagal 5. Vrigo Gokhale 6. John Wilkes Class Presentation : Siddhartha Biswas 1 Abstract: 1. Performance isolation is

803 views • 26 slides
Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives

Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives

Virtual Machines & Security Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives the illusion of a real machine VMM/Hypervisor: host software which provides this capability Pioneered by IBM

75 views • 5 slides
CHAPTER 3: Virtual Machines and Virtualization of Clusters and Data Centers Presented by Faramarz

CHAPTER 3: Virtual Machines and Virtualization of Clusters and Data Centers Presented by Faramarz

CHAPTER 3: Virtual Machines and Virtualization of Clusters and Data Centers Presented by Faramarz Safi (Ph.D.) Islamic Azad University, Najafabad Branch 1 SUMMARY The reincarnation of virtual machines (VMs) presents a great opportunity for

849 views • 81 slides
Dynamic, Metamorphic (and opensource) Virtual Machines A. Desnos ESIEA - Operational Cryptology

Dynamic, Metamorphic (and opensource) Virtual Machines A. Desnos ESIEA - Operational Cryptology

Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Dynamic, Metamorphic (and opensource) Virtual Machines A. Desnos ESIEA - Operational Cryptology and Virology Laboratory (CVO) 38 rue des Dr Calmette et Gurin,

1.21k views • 75 slides
CSE 451 Section Assignment 3 Virtual Memory Important mechanism, enables: Isolation and

CSE 451 Section Assignment 3 Virtual Memory Important mechanism, enables: Isolation and

CSE 451 Section Assignment 3 Virtual Memory Important mechanism, enables: Isolation and protection Virtualization: physical memory layout hidden OS sets up mapping: virtual -> physical address Page table: translation

345 views • 10 slides
Xen and the Art of Virtualization - Barham et. al. CSE 598c - Spring 2006 William Enck CSE598c

Xen and the Art of Virtualization - Barham et. al. CSE 598c - Spring 2006 William Enck CSE598c

Xen and the Art of Virtualization - Barham et. al. CSE 598c - Spring 2006 William Enck CSE598c - Spring 2006 - Virtual Machines - Prof. Urgaonkar Page 1 Xens Goals Isolation Access Control Performance Heterogeneity

461 views • 21 slides
Introduction to Virtual Machines Michael Jantz Acknowledgements Slides adapted from Chapter 1

Introduction to Virtual Machines Michael Jantz Acknowledgements Slides adapted from Chapter 1

Introduction to Virtual Machines Michael Jantz Acknowledgements Slides adapted from Chapter 1 in Virtual Machines: Versatile Platforms for Systems and Processes by James E. Smith and Ravi Nair Credit to Prasad A. Kulkarni some slides

698 views • 33 slides

More recommend