Masoud Moshref and Minlan Yu, University of Southern California; Abhishek Sharma, University of Southern California and NEC Labs America; Ramesh Govindan, University of Southern California
Abstract:
Cloud operators increasingly need more and more fine-grained rules to better control individual network flows for various traffic management policies. In this paper, we explore automated rule management in the context of a system called vCRIB (a virtual Cloud Rule Information Base), which provides the abstraction of a centralized rule repository. The challenge in our approach is the design of algorithms that automatically off-load rule processing to overcome resource constraints on hypervisors and/or switches, while minimizing redirection traffic overhead and responding to system dynamics. vCRIB contains novel algorithms for finding feasible rule placements and adapting traffic overhead induced by rule placement in the face of traffic changes and VM migration. We demonstrate that vCRIB can find feasible rule placements with less than 10% traffic overhead even in cases where the traffic-optimal rule placement may be infeasible with respect to hypervisor CPU or memory constraints.
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
BibTeX
@inproceedings {180302,
author = {Masoud Moshref and Minlan Yu and Abhishek Sharma and Ramesh Govindan},
title = {Scalable Rule Management for Data Centers},
booktitle = {10th USENIX Symposium on Networked Systems Design and Implementation (NSDI 13)},
year = {2013},
isbn = {978-1-931971-00-3},
address = {Lombard, IL},
pages = {157--170},
url = {https://www.usenix.org/conference/nsdi13/technical-sessions/presentation/moshref},
publisher = {USENIX Association},
month = apr
}
vCRIB is a logically centralized system to abstract and automate the placement of traffic management rules in a datacenter network. Increasingly, with trends such as virtualization and software-defined networking, datacenters have had to cope with large numbers of rules installed at hypervisors in the end hosts and/or in programmable switches in the network. These rules can consume limited resources, such as CPU cycles in the end hosts, and tableentries in the physical switches. Because of that, it is not always possible to place all required rules at the best possible place, and in some cases traffic has to be redirected so that it goes through a device that can hold applicable rules.
Much like virtual memory removed the burden of manual memory management from programmers, vCRIB presents an abstraction of a network-wide rule repository that removes operators or cloud tenants of having to manually place rules to enforce their desired policies and respect resource constraints of devices. When the best place to install a rule is at capacity, vCRIB offloads rules to another location. This introduces a traffic overhead, so the placement has to decide which rules to offload and to where. This is an NP-hard problem, and vCRIB uses heuristics to achieve feasible placements that is refined in a greedy way to take into account traffic overhead. Rules are partitioned according to the source of the flows they refer to, and overlapping rules are replicated rather than sliced, to reduce complexity and avoid an inflation of fine-grained rules. The algorithm also takes into account heterogeneous resources, traffic dynamics, and VM mobility.
The paper evaluates the design with a simulated large-scale datacenter topology, and a smaller deployment of a prototype. The design achieves feasible placements with very small increase in traffic due to rule offloading. In both cases the evaluation uses synthetically-generated traffic data from the CloudBench benchmark. This is a point in which the community, especially industry, could step forward and present characterizations of their traffic management rules, enabling follow on studies to vCRIB.
connect with us