system support for elastic execution in virtual middleboxes · split / merge ! system support for...

Split / Merge !System Support for Elastic Execution !in Virtual Middleboxes!

Shriram RAJAGOPALAN Dan WILLIAMS

Hani JAMJOOM Andrew WARFIELD

IBM Research & UBC IBM Research IBM Research UBC

The Problem

Elastic Applications Need Elastic Middleboxes

Clients

Elastic Application Tier

Edge Switch

Software Defined Network!

IDS/IPS Firewall LB VPN Accelerator

Virtual Middleboxes

Hotspots Cannot be Alleviated Quickly

When M1 is overloaded, provision more middleboxes to serve new flows

Virtual Middleboxes

Scaling Inefficiencies Lead to Poor Utilization

In the worst case, active flows in each instance delay scale-in

M1 M3 M4 M2 Virtual Middleboxes

The Insight

Flow State is Naturally Partitioned

M1 FlowTable Virtual

Middleboxes

Enabling Elasticity in Virtual Middleboxes

M FlowTable

Dynamic partitioning of flow states among “replicas” enables elastic execution

M FlowTable Virtual

Middleboxes

Understanding the State Inside a Middlebox

Middlebox VM

Input!( Flows )!

Output!

Middlebox VM

Flow Table!Key! Value!

5-tuple! [Flow State]! Partitionable among replicas!

Input!( Flows )!

Output!

Middlebox VM

Threshold counters!

Non-critical statistics!

May be shared among replicas (coherent)!

Input!( Flows )!

Output!

Middlebox VM

Threshold counters!

Non-critical statistics!

May be shared among replicas (coherent)!

Caches! Other!processes! ...!

Input!( Flows )!

Output!

Internal to a replica (ephemeral)!

Our Contribution

Split/Merge: A State-Centric Approach to Elasticity

Ephemeral!VM!Coherent!

Partitionable !(Flow States)!

Virtual Network Interface!

Split!

VM! 1! VM! 2! VM! 3!

Replica 1! Replica 2! Replica 3!

Split!

VM! 1! VM! 2! VM! 3!Unchanged Interfaces!

Merge!

VM! 1! VM! 2!

Replica 1! Replica 2! Replica 3!

Replica 1! Replica 2+3!

Coherency is maintained!

Implementation

FreeFlow

�  A VMM based runtime that provides Split/Merge abstraction to applications!

�  Developers modify application code to annotate flow state!

�  FreeFlow takes care of the rest!!

FreeFlow: A Split/Merge Implementation

VMM!VMM!

VM!Replica 1!

VM!Replica 2!

Traffic to Middlebox!

Flow 2!Flow 1!

Ephemeral!Coherent!

�  Need to manage application state!

VMM!VMM!

VM!Replica 1!

VM!Replica 2!

Flow 2!Flow 1!

�  Need to ensure flows are routed to the correct replica!

VMM!VMM!

VM!Replica 1!

VM!Replica 2!

Controller!

Flow 1! Flow 2!

FreeFlow Module!

�  Need to ensure flows are routed to the correct replica!

�  Need to decide when to split or merge a replica!

VMM!VMM!

VM!Replica 1!

VM!Replica 2!

Controller!

Flow 1! Flow 2!

FreeFlow Module!

Orchestrator !

Annotating State using FreeFlow API

create_flow(flow_key, size)!delete_flow(flow_key)!!flow_state get_flow(flow_key)!

put_flow(flow_key)!!

flow_timer(flow_key, timeout, callback)!

create_shared(key, size, cb) !delete_shared(key)!!

state get_shared(key, flags) // synch | pull |local!put_shared(key, flags) // synch | push |local!

Partitioned State API

Coherent State API

Forwarding Flows Correctly using OpenFlow

OpenFlow Switch!

OpenFlow Table!

<a>! port 1!

! port 2!

<c>! port 2!

port 1! Virtual Switch!

OpenFlow Table!

<a>! port 1!

port 1!

Middlebox Replica 1!

Flow Table!<a>!

port 2!

Virtual Switch!

OpenFlow Table!

! port 1!

<c>! port 1!

port 1!

Flow Table!

1.1.1.1 (de:ad:be:ef:ca:fe)

Flow Migration

OpenFlow Switch!

OpenFlow Table!

<a>! port 1!

! port 2!

<c>! port 2!

OpenFlow Table!

<a>! port 1!

port 1!

Flow Table!<a>!

port 2!

Virtual Switch!

OpenFlow Table!

! port 1!

<c>! port 1!

port 1!

Flow Table!

Migrating from replica 2 to replica 1

Flow Migration

OpenFlow Switch!

OpenFlow Table!

<a>! port 1!

! controller!

<c>! port 2!

OpenFlow Table!

<a>! port 1!

port 1!

Flow Table!<a>!

port 2!

Virtual Switch!

OpenFlow Table!

<c>! port 1!

port 1!

Flow Table!

Suspend flow & buffer packets

Flow Migration

OpenFlow Switch!

OpenFlow Table!

<a>! port 1!

! controller!

<c>! port 2!

OpenFlow Table!

<a>! port 1!

port 1!

Flow Table!<a>!

port 2!

Virtual Switch!

OpenFlow Table!

<c>! port 1!

port 1!

Flow Table!

Move flow state to target

Flow Migration

OpenFlow Switch!

OpenFlow Table!

<a>! port 1!

! port 1!

<c>! port 2!

OpenFlow Table!

<a>! port 1!

! port 1!

port 1!

Flow Table!<a>!

port 2!

Virtual Switch!

OpenFlow Table!

<c>! port 1!

port 1!

Flow Table!

Release buffer & resume flow

Managing Coherent State

create_shared(key, size, cb) !delete_shared(key)!!

state get_shared(key, flags) // synch | pull |local!put_shared(key, flags) // synch | push |local!

create_shared(“foo”, 4, NULL)!

while (1)!

!process_packet()!

!p_foo = get_shared(“foo”, synch)!

!val = (*p_foo)++!

!put_shared(“foo”, synch)!

!if (val > threshold)!

! !bar()!

Strong Consistency

Middlebox applications rarely need strong consistency!

Distributed lock for every update

create_shared(“foo”, 4, merge_fn)!

while (1)!

!process_packet()!

!p_foo = get_shared(“foo”, local)!

!val = (*p_foo)++!

!put_shared(“foo”, local)!

!if (val > threshold)!

! bar()!

! put_shared(“foo”, push)!

Eventual Consistency

Hi frequency local updates

Periodic global updates

Evaluation

Evaluation Overview

�  Eliminating hotspots during scale-out!

�  Fast and efficient scale-in!

�  Split/Merge Bro during a load burst!

Hotspots Cannot be Alleviated Quickly

Virtual Middleboxes M2 M1

When M1 is overloaded, provision more middleboxes to serve new flows

Eliminating Hotspots by Shedding Load

(ms) w/ FreeFlow

0 20 40 60 80

0 20 40 60 80 100

Time (s)

w/o FreeFlow

13.2Av

s) w/ FreeFlow

50 55 60 65 70 75 80 85 90

Time (s)

w/o FreeFlow

Eliminating Hotspots by Shedding Load

Scaling-In a Deployment : Best Case Scenario

Virtual Middleboxes M1 M3 M4 M2

Scaling-In a Deployment : Best Case Scenario

M1 M3 M2 Virtual Middleboxes

20 40 60 80 100 120 140 160 180 200

Time (s)

Best Case

Scaling-In: Best Case Scenario

Scaling-In using kill : Worst Case Scenario

In the worst case, active flows in each instance delay scale-in

20 40 60 80 100 120 140 160 180 200

Time (s)

Best CaseWorst Case (No FreeFlow)

Scaling-In using kill : Slow & Inefficient

Scaling-In using merge : Worst Case Scenario

M M M M Virtual Middleboxes

FreeFlow

M M M M

FreeFlow

Virtual Middleboxes

M M M Virtual Middleboxes

FreeFlow

FreeFlow consolidates state and flows from multiple replicas into one

M 1+2+3+4

Virtual Middleboxes

FreeFlow

20 40 60 80 100 120 140 160 180 200

Time (s)

Best CaseWorst Case (No FreeFlow)

Worst Case w/ FreeFlow

Scaling-In using merge : Fast & Efficient

�  Ported the Event Engine to FreeFlow!

�  Support for UDP, TCP/HTTP protocols!

�  SQL Injection Detection plugin!

Splitting & Merging Bro IDS

Web Servers

SQL Injection Attacks

FreeFlow

Web Servers

Handling a Load Burst

0 10 20 30 40 50 60 70 80 90 100 110

Time (s)

Load Burst

Web Servers

Handling a Load Burst : No Scaling

0 10 20 30 40 50 60 70 80 90 100 110

Time (s)

Load Burst

Unscaled

Without enough capacity to handle the load burst, the system performance degrades severely

Handling a Load Burst : Pre-Scaled

0 10 20 30 40 50 60 70 80 90 100 110

Time (s)

Load Burst

Unscaled

Pre-scaled

Web Servers

Pre-scaled

Two instances are provisioned apriori, enough to handle a load burst, if any

Web Servers

Bro M2

Handling a Load Burst : Pre-Scaled

0 10 20 30 40 50 60 70 80 90 100 110

Time (s)

Load Burst

Unscaled

Pre-scaled

Load burst has no impact on system performance, as there is enough capacity to handle the load

Pre-scaled

Web Servers

Handling a Load Burst : Split/Merge

0 10 20 30 40 50 60 70 80 90 100 110

Time (s)

Load Burst

Unscaled

Pre-scaled

Dynamically scaledwith FreeFlow

FreeFlow

One replica handles the load well, before the load burst

0 10 20 30 40 50 60 70 80 90 100 110

Time (s)

Load Burst

Unscaled

Pre-scaled

Web Servers

FreeFlow

When load burst starts, the Orchestrator splits the replica and rebalances the load

Web Servers

FreeFlow

0 10 20 30 40 50 60 70 80 90 100 110

Time (s)

Load Burst

Unscaled

Pre-scaled

With the load rebalanced, performance returns to normal

Web Servers

FreeFlow

0 10 20 30 40 50 60 70 80 90 100 110

Time (s)

Load Burst

Unscaled

Pre-scaled

When system utilization drops after the load burst, the Orchestrator merges the two replicas

0 10 20 30 40 50 60 70 80 90 100 110

Time (s)

Load Burst

Unscaled

Pre-scaled

Web Servers

FreeFlow

Summary

Flow Migration Overhead - TCP

0 10 20 30 40 50 60

Time (s)

BaselineFreeFlow

Flow Migration

Flow Migration Overhead - UDP

0 1 2 3 4 5 6 7 8 9 10

Time (s)

150Mbps200Mbps250Mbps

0 2 4 6 8

10 12 14

0 1 2 3 4 5 6 7 8 9 10

Time (s)

150Mbps200Mbps250Mbps

system support for elastic execution in virtual middleboxes · split / merge ! system support for...

Documents

latency aware elastic streaming for estimating online...

detecting cellular middleboxes using passive … cellular...

middleboxes & network appliances ee122 tas past and present

elastic and efficient execution of data-intensive...

middleboxes in the internet: a http...

clonecloud: elastic execution between mobile device and...

shieldbox: secure middleboxes using shielded execution...

data center middleboxes - cs.cornell.edu · data center...

split/merge: system support for elastic execution in ... ·...

making middleboxes someone else’s problem: network...

investigating elastic cloud based rdf...

sdn: extensions middleboxes

slick: secure middleboxes using shielded execution ·...

middleboxes & network appliances

varied containers elastic efficient execution of ·...

anl 2014 - chicago elastic and efficient execution of data-...

an untold story of middleboxes in cellular...

detecting cellular middleboxes using passive measurement

table of contents - pivotal software · what is hawq? hawq...

a framework for elastic execution of existing mpi programs