98 research outputs found
EbbRT: Elastic Building Block Runtime - case studies
We present a new systems runtime, EbbRT, for cloud hosted applications. EbbRT takes a different approach to the role operating systems play in cloud computing. It supports stitching application functionality across nodes running commodity OSs and nodes running specialized application specific software that only execute what is necessary to accelerate core functions of the application. In doing so, it allows tradeoffs between efficiency, developer productivity, and exploitation of elasticity and scale. EbbRT, as a software model, is a framework for constructing applications as collections of standard application software and Elastic Building Blocks (Ebbs). Elastic Building Blocks are components that encapsulate runtime software objects and are implemented to exploit the raw access, scale and elasticity of IaaS resources to accelerate critical application functionality. This paper presents the EbbRT architecture, our prototype and experimental evaluation of the prototype under three different application scenarios
Assessing the Performance of Virtualization Technologies for NFV: a Preliminary Benchmarking
The NFV paradigm transforms those applications executed for decades in dedicated appliances, into software images to be consolidated in standard server.
Although NFV is implemented through cloud computing technologies (e.g., virtual machines, virtual switches), the network traffic that such components have to handle in NFV is different than the traffic they process when used in a cloud computing scenario.
Then, this paper provides a (preliminary) benchmarking of the widespread virtualization technologies when used in NFV, which means when they are exploited to run the so called virtual network functions and to chain them in order to create complex services
Performance Benchmarking of State-of-the-Art Software Switches for NFV
With the ultimate goal of replacing proprietary hardware appliances with
Virtual Network Functions (VNFs) implemented in software, Network Function
Virtualization (NFV) has been gaining popularity in the past few years.
Software switches route traffic between VNFs and physical Network Interface
Cards (NICs). It is of paramount importance to compare the performance of
different switch designs and architectures. In this paper, we propose a
methodology to compare fairly and comprehensively the performance of software
switches. We first explore the design spaces of seven state-of-the-art software
switches and then compare their performance under four representative test
scenarios. Each scenario corresponds to a specific case of routing NFV traffic
between NICs and/or VNFs. In our experiments, we evaluate the throughput and
latency between VNFs in two of the most popular virtualization environments,
namely virtual machines (VMs) and containers. Our experimental results show
that no single software switch prevails in all scenarios. It is, therefore,
crucial to choose the most suitable solution for the given use case. At the
same time, the presented results and analysis provide a deeper insight into the
design tradeoffs and identifies potential performance bottlenecks that could
inspire new designs.Comment: 17 page
EbbRT: Elastic Building Block Runtime - overview
EbbRT provides a lightweight runtime that enables the construction of reusable, low-level system software which can integrate with existing, general purpose systems. It achieves this by providing a library that can be linked into a process on an existing OS, and as a small library OS that can be booted directly on an IaaS node
Enhancing HPC on Virtual Systems in Clouds through Optimizing Virtual Overlay Networks
Virtual Ethernet overlay provides a powerful model for realizing virtual distributed and parallel computing systems with strong isolation, portability, and recoverability properties. However, in extremely high throughput and low latency networks, such overlays can suffer from bandwidth and latency limitations, which is of particular concern in HPC environments. Through a careful and quantitative analysis, I iden- tify three core issues limiting performance: delayed and excessive virtual interrupt delivery into guests, copies between host and guest data buffers during encapsulation, and the semantic gap between virtual Ethernet features and underlying physical network features. I propose three novel optimizations in response: optimistic timer- free virtual interrupt injection, zero-copy cut-through data forwarding, and virtual TCP offload. These optimizations improve the latency and bandwidth of the overlay network on 10 Gbps Ethernet and InfiniBand interconnects, resulting in near-native performance for a wide range of microbenchmarks and MPI application benchmarks
Virtuoso: High Resource Utilization and {\mu}s-scale Performance Isolation in a Shared Virtual Machine TCP Network Stack
Virtualization improves resource efficiency and ensures security and
performance isolation for cloud applications. To that end, operators today use
a layered architecture that runs a separate network stack instance in each VM
and container connected to a separate virtual switch. Decoupling through
layering reduces complexity, but induces performance and resource overheads
that are at odds with increasing demands for network bandwidth, communication
requirements for large distributed applications, and low latency.
We present Virtuoso, a new software networking stack for VMs and containers.
Virtuoso performs a fundamental re-organization of the networking stack to
maximize CPU utilization, enforce isolation, and minimize networking stack
overheads. We maximize utilization by running one elastically shared network
stack instance on dedicated cores; we enforce isolation by performing central
and fine-grained per-packet resource accounting and scheduling; we reduce
overheads by building a single-layer data path with a one-shot fast-path
incorporating all processing from the TCP transport layer through network
virtualization and virtual switching. Virtuoso improves resource utilization by
up to 50%, latencies by up to 42% compared to other virtualized network stacks
without sacrificing isolation, and keeps processing overhead within 11.5% of
unvirtualized network stacks.Comment: Under submission for conference peer revie
Hardware IPC for a TrustZone-assisted Hypervisor
Dissertação de mestrado em Engenharia Eletrónica Industrial e ComputadoresIn this modern era ruled by technology and the IoT (Internet of Things),
embedded systems have an ubiquitous presence in our daily lives. Although they
do differ from each other in their functionalities and end-purpose, they all share the
same basic requirements: safety and security. Whether in a non-critical system
such as a smartphone, or a critical one, like an electronic control unit of any
modern vehicle, these requirements must always be fulfilled in order to accomplish
a reliable and trust-worthy system.
One well-established technology to address this problem is virtualization. It
provides isolation by encapsulating each subsystem in separate Virtual-Machines
(VMs), while also enabling the sharing of hardware resources. However, these
isolated subsystems may still need to communicate with each other. Inter-Process
Communication is present in most OSes’ stacks, representing a crucial part of
it, which allows, through a myriad of different mechanisms, communication be-
tween tasks. In a virtualized system, Inter-Partition Communication mechanisms
implement the communication between the different subsystems referenced above.
TrustZone technology has been in the forefront of hardware-assisted security
and it has been explored for virtualization purposes, since natively it provides sep-
aration between two execution worlds while enforcing, by design, different privi-
lege to these execution worlds. LTZVisor, an open-source lightweight TrustZone-
assisted hypervisor, emerged as a way of providing a platform for exploring how
TrustZone can be exploited to assist virtualization. Its IPC mechanism, TZ-
VirtIO, constitutes a standard virtual I/O approach for achieving communication
between the OSes, but some overhead is caused by the introduction of the mech-
anism. Hardware-based solutions are yet to be explored with this solution, which
could bring performance and security benefits while diminishing overhead.
Attending the reasons mentioned above, hTZ-VirtIO was developed as a way
to explore the offloading of the software-based communication mechanism of the
LTZVisor to hardware-based mechanisms.Atualmente, onde a tecnologia e a Internet das Coisas (IoT) dominam a so-
ciedade, os sistemas embebidos são omnipresentes no nosso dia-a-dia, e embora
possam diferir entre as funcionalidades e objetivos finais, todos partilham os mes-
mos requisitos básicos. Seja um sistema não crítico, como um smartphone, ou
um sistema crítico, como uma unidade de controlo de um veículo moderno, estes
requisitos devem ser cumpridos de maneira a se obter um sistema confiável.
Uma tecnologia bem estabelecida para resolver este problema é a virtualiza-
ção. Esta abordagem providencia isolamento através do encapsulamento de sub-
sistemas em máquinas virtuais separadas, além de permitir a partilha de recursos
de hardware. No entanto, estes subsistemas isolados podem ter a necessidade de
comunicar entre si. Comunicação entre tarefas está presente na maioria das pilhas
de software de qualquer sistema e representa uma parte crucial dos mesmos. Num
sistema virtualizado, os mecanismos de comunicação entre-partições implementam
a comunicação entre os diferentes subsistemas mencionados acima.
A tecnologia TrustZone tem estado na vanguarda da segurança assistida por
hardware, e tem sido explorada na implementação de sistemas virtualizados, visto
que permite nativamente a separação entre dois mundos de execução, e impondo
ao mesmo tempo, por design, privilégios diferentes a esses mundos de execução. O
LTZVisor, um hypervisor em código-aberto de baixo overhead assistido por Trust-
Zone, surgiu como uma forma de fornecer uma plataforma que permite a explo-
ração da TrustZone como tecnologia de assistência a virtualização. O TZ-VirtIO,
mecanismo de comunicação do LTZVisor, constitui uma abordagem padrão de
E/S virtuais, para permitir comunicação entre os sistemas operativos. No entanto,
a introdução deste mecanismo provoca sobrecarga sobre o hypervisor. Soluções
baseadas em hardware para o TZ-VirtIO ainda não foram exploradas, e podem
trazer benefícios de desempenho e segurança, e diminuir a sobrecarga.
Atendendo às razões mencionadas acima, o hTZ-VirtIO foi desenvolvido como
uma maneira de explorar a migração do mecanismo de comunicação baseado em
software do LTZVisor para mecanismos baseados em hardware
- …