virtual machine fault tolerance
play

Virtual Machine Fault-tolerance Cheng Wang, Xusheng Chen, Weiwei - PowerPoint PPT Presentation

Sep 26, 2022 •356 likes •930 views

PLOVER: Fast, Multi-core Scalable Virtual Machine Fault-tolerance Cheng Wang, Xusheng Chen, Weiwei Jia, Boxuan Li, Haoran Qiu, Shixiong Zhao, and Heming Cui The University of Hong Kong 1 Virtual machines are pervasive in datacenters Physical

  1. PLOVER: Fast, Multi-core Scalable Virtual Machine Fault-tolerance Cheng Wang, Xusheng Chen, Weiwei Jia, Boxuan Li, Haoran Qiu, Shixiong Zhao, and Heming Cui The University of Hong Kong 1

  2. Virtual machines are pervasive in datacenters Physical machine Physical machine Guest VM Guest VM Guest VM Guest VM … … Hardware Failure VMM VMM … VM fault tolerance is crucial ! 2

  3. Classic VM replication - primary/backup approach Remus [NSDI’08] Primary memory ACK Guest VM pages service VMM 3 client

  4. Classic VM replication - primary/backup approach Remus [NSDI’08] Primary backup memory memory ACK Guest VM Guest VM pages pages service service VMM VMM 3 client

  5. Classic VM replication - primary/backup approach Remus [NSDI’08] Primary backup memory memory ACK Guest VM Guest VM pages pages service service VMM VMM 3 client

  6. Classic VM replication - primary/backup approach Remus [NSDI’08] Primary backup memory memory ACK Guest VM Guest VM pages pages Synchronize primary/backup every 25ms 1. Pause primary VM (every 25ms) and service service transmit all changed state (e.g., memory pages) to backup. VMM VMM 3 client

  7. Classic VM replication - primary/backup approach Remus [NSDI’08] Primary backup memory memory ACK Guest VM Guest VM pages pages Synchronize primary/backup every 25ms 1. Pause primary VM (every 25ms) and service service transmit all changed state (e.g., memory pages) to backup. VMM VMM 3 client

  8. Classic VM replication - primary/backup approach Remus [NSDI’08] Primary backup memory memory ACK Guest VM Guest VM pages pages Synchronize primary/backup every 25ms 1. Pause primary VM (every 25ms) and service service transmit all changed state (e.g., memory pages) to backup. VMM VMM 3 client

  9. Classic VM replication - primary/backup approach Remus [NSDI’08] Primary backup memory memory ACK Guest VM Guest VM pages pages Synchronize primary/backup every 25ms 1. Pause primary VM (every 25ms) and service service transmit all changed state (e.g., memory pages) to backup. VMM VMM Output buffer 3 client

  10. Classic VM replication - primary/backup approach Remus [NSDI’08] Primary backup memory memory ACK Guest VM Guest VM pages pages Synchronize primary/backup every 25ms 1. Pause primary VM (every 25ms) and service service transmit all changed state (e.g., memory pages) to backup. VMM VMM Output buffer 3 client

  11. Classic VM replication - primary/backup approach Remus [NSDI’08] Primary backup memory memory ACK Guest VM Guest VM pages pages Synchronize primary/backup every 25ms 1. Pause primary VM (every 25ms) and service service transmit all changed state (e.g., memory pages) to backup. VMM VMM Output buffer 3 client

  12. Classic VM replication - primary/backup approach Remus [NSDI’08] Primary backup memory memory ACK Guest VM Guest VM pages pages Synchronize primary/backup every 25ms 1. Pause primary VM (every 25ms) and service service transmit all changed state (e.g., memory pages) to backup. 2. Backup acknowledges to the primary when complete state has been VMM VMM received. Output buffer 3 client

  13. Classic VM replication - primary/backup approach Remus [NSDI’08] Primary backup memory memory ACK Guest VM Guest VM pages pages Synchronize primary/backup every 25ms 1. Pause primary VM (every 25ms) and service service transmit all changed state (e.g., ACK memory pages) to backup. 2. Backup acknowledges to the primary when complete state has been VMM VMM received. Output buffer 3 client

  14. Classic VM replication - primary/backup approach Remus [NSDI’08] Primary backup memory memory ACK Guest VM Guest VM pages pages Synchronize primary/backup every 25ms 1. Pause primary VM (every 25ms) and service service transmit all changed state (e.g., ACK memory pages) to backup. 2. Backup acknowledges to the primary when complete state has been VMM VMM received. 3. Primary’s buffered network output is Output buffer released. 3 client

  15. Classic VM replication - primary/backup approach Remus [NSDI’08] Primary backup memory memory ACK Guest VM Guest VM pages pages Synchronize primary/backup every 25ms 1. Pause primary VM (every 25ms) and service service transmit all changed state (e.g., ACK memory pages) to backup. 2. Backup acknowledges to the primary when complete state has been VMM VMM received. 3. Primary’s buffered network output is Output buffer released. 3 client

  16. Two limitations of primary/backup approach (1) • Too many memory pages have to be copied and transferred, greatly ballooned client-perceived latency Redis latency with varied # of clients (4 vCPUs per VM) # of concurrent clients Page transfer size (MB) unreplicated Remus (25ms synchronization interval) 16 20.9 600 48 68.4 500 80 110.5 400 Latency (us) 300 200 100 0 16 48 80 4 Number of concurrent clients

  17. Two limitations of primary/backup approach (2) • The split-brain problem Primary Backup ACK Guest VM Guest VM page page KVS KVS VMM VMM Output buffer 5 client1 client2

  18. Two limitations of primary/backup approach (2) • The split-brain problem Primary Backup ACK Guest VM Guest VM page page KVS KVS VMM VMM Output buffer 5 client1 client2

  19. Two limitations of primary/backup approach (2) • The split-brain problem Primary New primary Backup Outdated primary ACK Guest VM Guest VM page page KVS KVS VMM VMM Output buffer 5 client1 client2

  20. Two limitations of primary/backup approach (2) • The split-brain problem Primary New primary Backup Outdated primary ACK Guest VM Guest VM page page KVS KVS VMM VMM Output buffer X=5 x=7 5 client1 client2

  21. Two limitations of primary/backup approach (2) • The split-brain problem Primary New primary Backup Outdated primary ACK Guest VM Guest VM page page KVS KVS x=7 X=5 VMM VMM Output buffer 5 client1 client2

  22. Two limitations of primary/backup approach (2) • The split-brain problem Primary New primary Backup Outdated primary ACK Guest VM Guest VM page page KVS KVS x =5 x =7 x=7 X=5 VMM VMM Output buffer 5 client1 client2

  23. State Machine Replication (SMR): Powerful backup primary backup service service service consensus log consensus log consensus log client1 client2 6

  24. State Machine Replication (SMR): Powerful backup primary backup service service service consensus log consensus log consensus log client1 client2 6

  25. State Machine Replication (SMR): Powerful backup primary backup service service service consensus log consensus log consensus log client1 client2 6

  26. State Machine Replication (SMR): Powerful backup primary backup service service service consensus log consensus log consensus log client1 client2 • SMR systems: Chubby, Zookeeper, Raft [ATC’14], Consensus in a box [NSDI’15], NOPaxos[OSDI’16], APUS [SoCC’17] • Ensure same execution states 6

  27. State Machine Replication (SMR): Powerful backup primary backup service service service consensus log consensus log consensus log client1 client2 • SMR systems: Chubby, Zookeeper, Raft [ATC’14], Consensus in a box [NSDI’15], NOPaxos[OSDI’16], APUS [SoCC’17] • Ensure same execution states • Strong fault tolerance guarantee without split-brain problem 6

  28. State Machine Replication (SMR): Powerful backup primary backup service service service consensus log consensus log consensus log client1 client2 • SMR systems: Chubby, Zookeeper, Raft [ATC’14], Consensus in a box [NSDI’15], NOPaxos[OSDI’16], APUS [SoCC’17] • Ensure same execution states • Strong fault tolerance guarantee without split-brain problem • Need to handle non-determinism • Deterministic multithreading (e.g., CRANE [SOSP’15]) - slow 6 • Manually annotate service code to capture non- determinism (e.g., Eve [OSDI’12]) - error prone

  29. Making a choice State machine replication Pros: • Good performance by ensuring the same execution states • Solve the split-brain problem Cons: • Hard to handle non-determinism Primary/backup approach Pros: • Automatically handle non-determinism Cons: • Unsatisfactory performance due to transferring large amount of state 7 • Have the split-brain problem

  30. PLOVER: Combining SMR and primary/backup • Simple to achieve by carefully designing the consensus protocol • Step 1: Use Paxos to ensure the same total order of requests for replicas • Step 2: Invoke VM synchronization periodically and then release replies • Combines the benefits of SMR and primary/backup • Step 1 makes primary/backup have mostly the same memory (up to 97%), then PLOVER need only copy and transfer a small portion of the memory • Step 2 automatically addresses non-determinism and ensures external consistency • Challenges: • How to achieve consensus and synchronize VM efficiently? • When to do the VM synchronization for primary/backup to maximize the same memory pages? 8

  31. PLOVER architecture Primary Backup Witness VM VM Sync VM Sync VM page page service service VMM VMM log log consensus consensus consensus Output buffer Output buffer Client 9

Recommend

Roadmap for Section 10.1 The Notion of Fault-Tolerance Fault-Tolerance Support in NTFS Volume

Roadmap for Section 10.1 The Notion of Fault-Tolerance Fault-Tolerance Support in NTFS Volume

Unit OS10: Fault Tolerance Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 10.1 The Notion of Fault-Tolerance Fault-Tolerance Support in NTFS Volume Management - Striped

394 views • 25 slides
Distributed Systems (ICE 601) Fault Tolerance Dongman Lee ICU Class Overview Introduction

Distributed Systems (ICE 601) Fault Tolerance Dongman Lee ICU Class Overview Introduction

Distributed Systems (ICE 601) Fault Tolerance Dongman Lee ICU Class Overview Introduction Failure Model Fault Tolerance Models state machine primary-backup Distributed Systems - Fault Tolerance Introduction

146 views • 12 slides
Fault Tolerance in Message Passing Fault Tolerance in Message Passing and in Action and in

Fault Tolerance in Message Passing Fault Tolerance in Message Passing and in Action and in

Fault Tolerance in Message Passing Fault Tolerance in Message Passing and in Action and in Action Jack Dongarra, Innovative Computing Laboratory University of Tennessee and Computer Science and Mathematics Division Oak Ridge National

422 views • 14 slides
General Principles of Fault- Tolerance Daniel Gottesman Perimeter Institute Whats Left For

General Principles of Fault- Tolerance Daniel Gottesman Perimeter Institute Whats Left For

General Principles of Fault- Tolerance Daniel Gottesman Perimeter Institute Whats Left For Fault-Tolerance? Reduce the overhead (in space and in time) needed for fault-tolerance Better fault-tolerance in 1D? Better magic state

556 views • 22 slides
Rigorous fault-tolerance thresholds Ben Reichardt UC Berkeley N gate circuit 0/1 N gate

Rigorous fault-tolerance thresholds Ben Reichardt UC Berkeley N gate circuit 0/1 N gate

Rigorous fault-tolerance thresholds Ben Reichardt UC Berkeley N gate circuit 0/1 N gate circuit Need error 1/N 1/0 Quantum fault-tolerance problem Classical fault-tolerance: Von Neumann (1956) 0/1 Fault-tolerant, larger C High

846 views • 63 slides
Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault tolerant programming are: Fault Detection - Knowing that a fault exists Fault Recovery - having atomic instructions that can be rolled back in

361 views • 18 slides
Fault Tolerance via the State Machine Replication Approach Favian Contreras Implementing

Fault Tolerance via the State Machine Replication Approach Favian Contreras Implementing

Fault Tolerance via the State Machine Replication Approach Favian Contreras Implementing Fault-Tolerant Services Using the State Machine Approach: A Tutorial Written by Fred Schneider Why a Tutorial? The State Machine Approach was

743 views • 52 slides
CH NG 8: FAULT TOLERANCE TS. Tr n H i Anh Content 2 1. Introduction to fault

CH NG 8: FAULT TOLERANCE TS. Tr n H i Anh Content 2 1. Introduction to fault

1 Tr n H i Anh Distributed System CH NG 8: FAULT TOLERANCE TS. Tr n H i Anh Content 2 1. Introduction to fault tolerance 2. Process resilience 3. Reliable client-Server Communication 4. Reliable Group Communication 5.

966 views • 50 slides
Distributed Systems 5. Fault Tolerant Systems Fault-Tolerance - 1 Lszl Bszrmnyi

Distributed Systems 5. Fault Tolerant Systems Fault-Tolerance - 1 Lszl Bszrmnyi

Distributed Systems 5. Fault Tolerant Systems Fault-Tolerance - 1 Lszl Bszrmnyi Distributed Systems Fault tolerance A system or a component fails due to a fault Fault tolerance means that the system continues to provide its

428 views • 40 slides
CSci 5105 Introduction to Distributed Systems Fault Tolerance Last Time Replication and

CSci 5105 Introduction to Distributed Systems Fault Tolerance Last Time Replication and

CSci 5105 Introduction to Distributed Systems Fault Tolerance Last Time Replication and Consistency Today Fault tolerance Chapter 8 TVS Fault Tolerance Basics Availability short time horizon e.g down 1 msec every hour

292 views • 27 slides
Challenging Malicious Inputs with Fault Tolerance Techniques Bruno Luiz Agenda Threats

Challenging Malicious Inputs with Fault Tolerance Techniques Bruno Luiz Agenda Threats

Challenging Malicious Inputs with Fault Tolerance Techniques Bruno Luiz Agenda Threats Fault Tolerance Fault Injection for Fault Tolerance Assessment Basic and classic techniques Decision Mechanisms Implementation

962 views • 61 slides
Fibre bundle framework for unitary quantum fault tolerance Lucy Liuxuan Zhang University of

Fibre bundle framework for unitary quantum fault tolerance Lucy Liuxuan Zhang University of

Motivations and main idea Basics of quantum fault tolerance Geometric picture of QECCs and unitary fault tolerance Conclusion Fibre bundle framework for unitary quantum fault tolerance Lucy Liuxuan Zhang University of Toronto December 18,

795 views • 16 slides
Hypervisor-Based Fault-Tolerance Thomas C. Bressoud, Isis

Hypervisor-Based Fault-Tolerance Thomas C. Bressoud, Isis

Hypervisor-Based Fault-Tolerance Thomas C. Bressoud, Isis Distributed Systems Fred B. Schneider, Cornell University SOSP, 1995 Problem Fault tolerance

2.97k views • 8 slides
RSM & Paxos Consensus Trilogy - Episode II Replicated State Machine What is the problem?

RSM & Paxos Consensus Trilogy - Episode II Replicated State Machine What is the problem?

RSM & Paxos Consensus Trilogy - Episode II Replicated State Machine What is the problem? Fault Tolerance by Replication KV-Store Client Fault Tolerance by Replication KV-Store Client set("s0", ...) Fault Tolerance by

1.62k views • 125 slides
Adaptability and Fault Tolerance Adaptability and Fault Tolerance Rog rio rio de Lemos de

Adaptability and Fault Tolerance Adaptability and Fault Tolerance Rog rio rio de Lemos de

Adaptability and Fault Tolerance Adaptability and Fault Tolerance Rog rio rio de Lemos de Lemos Rog University of Kent, UK University of Kent, UK Context: self-* and dependability; Focus: adaptability and fault tolerance;

640 views • 19 slides
Towards an Efficient Fault-Tolerance Scheme for GLB Claudia Fohry, Marco Bungart and Jonas Posner

Towards an Efficient Fault-Tolerance Scheme for GLB Claudia Fohry, Marco Bungart and Jonas Posner

GLB Fault Tolerance Scheme Experimental Results Towards an Efficient Fault-Tolerance Scheme for GLB Claudia Fohry, Marco Bungart and Jonas Posner Programming Languages / Methodologies June 14, 2015 1 / 18 GLB Fault Tolerance Scheme

744 views • 18 slides
iQIM 5 December 2011 Quantum fault tolerance Error correction and fault tolerance will be

iQIM 5 December 2011 Quantum fault tolerance Error correction and fault tolerance will be

Protected gates for superconducting qubits V( ) John Preskill with Peter Brooks and Alexei Kitaev

511 views • 33 slides
Fault Tolerance For Sparse Linear Algebra Computations Implemented In A Grid Environment

Fault Tolerance For Sparse Linear Algebra Computations Implemented In A Grid Environment

Fault Tolerance For Sparse Linear Algebra Computations Implemented In A Grid Environment Experiments with Fault Tolerant Linear Algebra Algorithms Jack Dongarra Jeffery Chen Zhiao Shi Asim YarKhan University of Tennessee Fault Tolerance:

412 views • 22 slides
Detection of virtual machine monitor corruptions t Morgan , Eric Alata, Vincent Nicomette Beno

Detection of virtual machine monitor corruptions t Morgan , Eric Alata, Vincent Nicomette Beno

Problem statement Contributions Perspectives Detection of virtual machine monitor corruptions t Morgan , Eric Alata, Vincent Nicomette Beno LAAS-CNRS - Dependable Computing and Fault Tolerance (TSF) Team Journ ee SEC 2 - June 30th, 2015

617 views • 13 slides
Fault Tolerance and Robustness in Concurrent Systems Faults, errors, failures, and fault

Fault Tolerance and Robustness in Concurrent Systems Faults, errors, failures, and fault

Fault Tolerance and Robustness in Concurrent Systems Faults, errors, failures, and fault tolerance have many different definitions. What working definition should we use for fault? What does it mean to be fault-tolerant? 2 Faults, errors,

841 views • 16 slides
Byzantine Fault Tolerance CS 240: Computing Systems and Concurrency Lecture 11 Marco Canini

Byzantine Fault Tolerance CS 240: Computing Systems and Concurrency Lecture 11 Marco Canini

Byzantine Fault Tolerance CS 240: Computing Systems and Concurrency Lecture 11 Marco Canini Credits: Michael Freedman and Kyle Jamieson developed much of the original material. So far: Fail-stop failures Traditional state machine

989 views • 41 slides
Improving Scalability and Fault Improving Scalability and Fault Tolerance in an Application

Improving Scalability and Fault Improving Scalability and Fault Tolerance in an Application

Improving Scalability and Fault Improving Scalability and Fault Tolerance in an Application Tolerance in an Application Management Infrastructure Management Infrastructure Nikolay Topilski , Jeannie Albrecht, and Amin Vahdat Williams College

560 views • 18 slides
Fault Tolerance at Speed Todd L. Montgomery @toddlmontgomery About me What type of Fault

Fault Tolerance at Speed Todd L. Montgomery @toddlmontgomery About me What type of Fault

StoneTor Fault Tolerance at Speed Todd L. Montgomery @toddlmontgomery About me What type of Fault Tolerance? What is Clustering? Why Aeron? Design for Speeding Up? What type of Fault Tolerance? What is Clustering? Why Aeron? Design

979 views • 77 slides
Formal Verification of Automatic Circuit Transformations for Fault-Tolerance Dmitry Burlyaev

Formal Verification of Automatic Circuit Transformations for Fault-Tolerance Dmitry Burlyaev

Formal Verification of Automatic Circuit Transformations for Fault-Tolerance Dmitry Burlyaev Pascal Fradet 09/30/15, Austin, TX, USA @ FMCAD'15 Outline For a given (fault-tolerance) transformation T , we want to prove a property of the form

1.11k views • 79 slides

More recommend