490dp Introduction

Download Report

Transcript 490dp Introduction

CSE 490dp
Resource Control
Robert Grimm
Problems
• How to access resources?
– Basic usage tracking
• How to measure resource consumption?
– Accounting
• How to limit resource consumption?
– Policy
• We only cover first two issues
Resource Access
• Issue
– How to track usage?
• Four models
– Don’t do it
– Explicit creation and deletion
– Automatic reclamation of unused
resources
– Leases
Don’t Do It
• Example: NFS
[Ousterhout 90]
– Most operations are idempotent
– No connection state
• “Stateless”
– Files persist
• “Stateful” by definition of a file system
Advantages
• Crash handling
– No recovery on server
– No reboots on client
• Simplicity
– No connection handling
– No recovery code
Problems
• Performance
– No client-side caching
• Consistency
– Clients don’t know about others modifying
same file
• Semantics
– Not implemented: locks
– Not idempotent: mkdir
Explicit Creation and Deletion
• Example: Connections in Sprite FS [Ousterhout 90]
• Advantages
– Consistency
• Server ensures only one writer per file
– Performance
• Client-side caching
– No synchronous writes to server
– Files may be overwritten / deleted
before they get sent to server
Problems
• Complexity
– More to do on server
• Recovery
– How to restore connections after failure?
• Performance
– Explicit open and close operations
• Space overheads
– Per-connection state
Pervasive Paradigm
• new / delete
– C, C++
• create / delete
– Files
– Tuples in T Spaces, one.world
• run / kill
– Applications, servers
Automatic Reclamation
• Garbage collection
• Basic idea
– Keep track of used resources
– Automatically reclaim unused resources
in background
• Examples
– Locally for Java
– Distributed for Java RMI
Discussion
• Advantage
– No need to worry about deletion
• Problem
– Complete and reliable usage information is
hard to come by
• Network connections and nodes fail
• May depend on human factors
–Hard to automate
Discussion
• Can we automate creation and deletion?
– Cluster-based service
• Automatically run and kill services
on individual nodes
Leases
• Basic idea
– Limit resource access by time-out
– Reclaim resource after time-out expires
• Operations
– Acquire (open)
– Renew
– Cancel (close)
Examples
• Remote resources
– Java RMI
– Jini’s remote events, transactions
• File cache
– V [Gray & Cheriton 89]
• Storage
– JavaSpaces
• Resource access in general
– one.world
Problem
• A resource can always vanish
– Lease renewal is delayed
• E.g., message may be delayed, is lost
– Lease expires
Tracking Usage
• Don’t do it
• Explicit creation and deletion
• Garbage collection
– Automate deletion based on usage
• Leases
– Automate deletion based on time-out
Resources
• Transient
– Objects, connections
• Services
– Applications
• User data
– Files, tuples
Summary
Don’t do it
Explicit
GC
Leases
Transient
Services
User data
?
No
No
OK
OK
OK
OK in
intranets
Fully
automated!
?
Across the
network
?
?
Break
Resource Accounting
• Problem
– Traditionally, process represents
• Protection domain
• Resource principal
– But, modern servers don’t follow this model
• [Banga et al., 99]
HTTP Server Implementations
• One process per connection
• Event-based server
• Multi-threaded server
One Process Per Connection
Event-Based Server
Multi-Threaded Server
Scheduling Entities and Activities
• Classical application
– Single process
– Mostly user space
• Modern applications
– Considerable kernel processing
– Multiple processes
– Multiple threads
Classical Application
Considerable Kernel Processing
Multiple Processes
Multiple Threads
How to Account for Resources?
• Introduce new abstraction
– Resource container
– Tracks usage information
• CPU time
• Memory
• Networking bandwidth
•…
– Orthogonal to scheduling entities
• Threads, processes have resource binding
Scheduler Binding
• Problem
– How to schedule threads that are bound to
several resource containers?
• E.g., event-based server
• Solution
– Scheduler binding
• Set of all resource containers
Operations
• Create
• Set parent
– Hierarchy of containers
• Release
– Reference counted
• Share
• Access attributes
• Access usage information
Operations
• Bind thread to a container
• Reset scheduler binding
• Bind socket, file to a container
Usage
• One resource container per logical job
– Create new container when accepting
connection
– Change thread’s container as necessary
• Example policy
– Different classes of clients, depending on
source IP address
• Low priority
• High priority
Performance
• Growing number of low priority clients
Performance
• Growing number of concurrent CGI requests
Performance
• Growing SYN-flood rate
Summary
• Resource accounting is orthogonal to
– Protection
– Scheduling
• Need explicit abstraction
– Resource containers
Issues
• How to express and enforce policies?
• How to make resource containers scale
across the network?