PredCloud: Providing predictable network performance in large-scale OpenFlow-enabled cloud platforms through trust-based allocation of resources

Cloud computing allows tenants to run a wide range of applications without any upfront capital investment. However, providers lack mechanisms to provide fair and predictable bandwidth sharing among allocated applications, enabling selfish and malicious tenants to cause performance interference in the network (and denial of service in an extreme case). Such interference results in poor and unpredictable network performance for well-behaved applications. Recent research has proposed techniques that (i) cannot protect tenants against interference; (ii) result in under utilization of resources; or (iii) add substantial management overhead. In this paper, we describe a resource allocation strategy that aims at providing predictable network performance (i.e., minimizing performance interference) with bandwidth guarantees for tenant applications, while maintaining high network utilization and low management overhead. These benefits are achieved by grouping applications from mutually trusting users into logically isolated domains (virtual infrastructures - VIs) with bandwidth guarantees, while also considering the amount of traffic generated by applications. Despite the benefits, grouping may lead to fragmentation (i.e., available resources are dispersed among VIs and some requests may be unnecessarily declined). Therefore, we also study the associated trade-off (grouping to increase isolation versus resource fragmentation). To illustrate the feasibility of grouping applications inside VIs, we develop PredCloud, a system that implements the proposed strategy on SDN/OpenFlow-enabled networks. Through an extensive evaluation, we show that PredCloud significantly reduces performance interference and application exposure to attacks, while maintaining low resource fragmentation. Furthermore, provider revenue can be increased by efficiently managing and charging network resources.

[1]  Srikanth Kandula,et al.  Multi-resource packing for cluster schedulers , 2015, SIGCOMM.

[2]  Hai Jin,et al.  A cooperative game based allocation for sharing data center networks , 2013, 2013 Proceedings IEEE INFOCOM.

[3]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[4]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[5]  Luciana S. Buriol,et al.  Trust-based grouping for cloud datacenters: Improving security in shared infrastructures , 2013, 2013 IFIP Networking Conference.

[6]  Justine Sherry,et al.  Silo: Predictable Message Latency in the Cloud , 2015, Comput. Commun. Rev..

[7]  David Breitgand,et al.  Improving consolidation of virtual machines with risk-aware bandwidth oversubscription in compute clouds , 2012, 2012 Proceedings IEEE INFOCOM.

[8]  Ning Wang,et al.  IP Connectivity Provisioning Profile (CPP) , 2014, RFC.

[9]  Panos M. Pardalos,et al.  Handbook of Optimization in Telecommunications , 2006 .

[10]  Chen Liang,et al.  Participatory networking: an API for application control of SDNs , 2013, SIGCOMM.

[11]  Zhenhua Liu,et al.  HUG: Multi-Resource Fairness for Correlated and Elastic Demands , 2016, NSDI.

[12]  Gautam Kumar,et al.  FairCloud: sharing the network in cloud computing , 2011, CCRV.

[13]  Ankit Singla,et al.  Jellyfish: Networking Data Centers Randomly , 2011, NSDI.

[14]  Amin Vahdat,et al.  A scalable, commodity data center network architecture , 2008, SIGCOMM '08.

[15]  Robert N. M. Watson,et al.  Queues Don't Matter When You Can JUMP Them! , 2015, NSDI.

[16]  Haitao Wu,et al.  BCube: a high performance, server-centric network architecture for modular data centers , 2009, SIGCOMM '09.

[17]  Albert G. Greenberg,et al.  The nature of data center traffic: measurements & analysis , 2009, IMC '09.

[18]  Ankit Singla,et al.  High Throughput Data Center Topology Design , 2013, NSDI.

[19]  Albert G. Greenberg,et al.  A flexible model for resource management in virtual private networks , 1999, SIGCOMM '99.

[20]  Raymond H. Putra,et al.  Dependable virtual machine allocation , 2013, 2013 Proceedings IEEE INFOCOM.

[21]  Michael K. Reiter,et al.  HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis , 2011, 2011 IEEE Symposium on Security and Privacy.

[22]  Sujata Banerjee,et al.  Application-driven bandwidth guarantees in datacenters , 2014, SIGCOMM.

[23]  Ning Ding,et al.  The only constant is change: incorporating time-varying network reservations in data centers , 2012, SIGCOMM.

[24]  Huan Liu,et al.  A new form of DOS attack in a cloud and its avoidance mechanism , 2010, CCSW '10.

[25]  Feng Wang,et al.  A deep investigation into network performance in virtual machine based cloud environments , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[26]  Wei Bai,et al.  Information-Agnostic Flow Scheduling for Commodity Data Centers , 2015, NSDI.

[27]  Sujata Banerjee,et al.  ElasticSwitch: practical work-conserving bandwidth guarantees for cloud computing , 2013, SIGCOMM.

[28]  Helen J. Wang,et al.  SecondNet: a data center network virtualization architecture with bandwidth guarantees , 2010, CoNEXT.

[29]  Dennis Abts,et al.  A guided tour of data-center networking , 2012, Commun. ACM.

[30]  Lawrence Kreeger,et al.  Virtual eXtensible Local Area Network (VXLAN): A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks , 2014, RFC.

[31]  Lei Shi,et al.  Dcell: a scalable and fault-tolerant network structure for data centers , 2008, SIGCOMM '08.

[32]  Antony I. T. Rowstron,et al.  The price is right: towards location-independent costs in datacenters , 2011, HotNets-X.

[33]  Haiying Shen,et al.  New bandwidth sharing and pricing policies to achieve a win-win situation for cloud provider and tenants , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[34]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[35]  Albert G. Greenberg,et al.  EyeQ: Practical Network Performance Isolation at the Edge , 2013, NSDI.

[36]  Hai Jin,et al.  Falloc: Fair network bandwidth allocation in IaaS datacenters via a bargaining game approach , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[37]  Dorgival O. Guedes,et al.  Gatekeeper: Supporting Bandwidth Guarantees for Multi-tenant Datacenter Networks , 2011, WIOV.

[38]  David A. Maltz,et al.  Network traffic characteristics of data centers in the wild , 2010, IMC '10.

[39]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[40]  Wu-Hsiao Hsu,et al.  Virtual network mapping algorithm in the cloud infrastructure , 2013, J. Netw. Comput. Appl..

[41]  Dinan Gunawardena,et al.  Chatty Tenants and the Cloud Network Sharing Problem , 2013, NSDI.

[42]  Vasileios Pappas,et al.  Improving the Scalability of Data Center Networks with Traffic-aware Virtual Machine Placement , 2010, 2010 Proceedings IEEE INFOCOM.

[43]  Darrell M. West,et al.  Privacy and Security in Cloud Computing , 2010 .

[44]  Martín Casado,et al.  The Design and Implementation of Open vSwitch , 2015, NSDI.

[45]  Hai Jin,et al.  On efficient bandwidth allocation for traffic variability in datacenters , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[46]  Baochun Li,et al.  Pricing cloud bandwidth reservations under demand uncertainty , 2012, SIGMETRICS '12.

[47]  Dennis Abts,et al.  A Guided Tour of Datacenter Networking , 2012 .

[48]  Sujata Banerjee,et al.  CloudMirror: Application-Aware Bandwidth Reservations in the Cloud , 2013, HotCloud.

[49]  Rynson W. H. Lau,et al.  On Mitigating the Risk of Cross-VM Covert Channels in a Public Cloud , 2015, IEEE Transactions on Parallel and Distributed Systems.

[50]  Ning Wang,et al.  The AGAVE approach for network virtualization: differentiated services delivery , 2009, Ann. des Télécommunications.

[51]  Albert G. Greenberg,et al.  Sharing the Data Center Network , 2011, NSDI.

[52]  Ming-Jer Tsai,et al.  Optimal approximation algorithm of virtual machine placement for data latency minimization in cloud systems , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[53]  Shinji Kobayashi,et al.  DomainFlow: practical flow management method using multiple flow tables in commodity switches , 2013, CoNEXT.

[54]  王志明,et al.  Secure virtual network embedding to mitigate the risk of covert channel attacks , 2016 .

[55]  Albert G. Greenberg,et al.  The cost of a cloud: research problems in data center networks , 2008, CCRV.

[56]  Mourad Debbabi,et al.  A Survey and a Layered Taxonomy of Software-Defined Networking , 2014, IEEE Communications Surveys & Tutorials.

[57]  Minlan Yu,et al.  Rethinking virtual network embedding: substrate support for path splitting and migration , 2008, CCRV.

[58]  Martín Casado,et al.  Onix: A Distributed Control Platform for Large-scale Production Networks , 2010, OSDI.

[59]  Danny Goderis Service Level Specification Semantics and Parameters , 2002 .

[60]  Raouf Boutaba,et al.  Virtual Network Embedding with Coordinated Node and Link Mapping , 2009, IEEE INFOCOM 2009.

[61]  Nikos Tsikoudis,et al.  Adapting data-intensive workloads to generic allocation policies in cloud infrastructures , 2012, 2012 IEEE Network Operations and Management Symposium.

[62]  Hitesh Ballani,et al.  Towards predictable datacenter networks , 2011, SIGCOMM 2011.

[63]  Luciano Paschoal Gaspary,et al.  HIPER: Heuristic-based infrastructure expansion through partition reconnection for efficient Virtual Network Embedding , 2014, 10th International Conference on Network and Service Management (CNSM) and Workshop.

[64]  Bo Li,et al.  Towards performance-centric fairness in datacenter networks , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[65]  Zhiyang Li,et al.  Detecting DDoS attacks against data center with correlation analysis , 2015, Comput. Commun..

[66]  Qi Hao,et al.  A Survey on Software-Defined Network and OpenFlow: From Concept to Implementation , 2014, IEEE Communications Surveys & Tutorials.

[67]  Ahmed Karmouch,et al.  Resource Discovery and Allocation in Network Virtualization , 2012, IEEE Communications Surveys & Tutorials.

[68]  Rajkumar Buyya,et al.  SLA-based virtual machine management for heterogeneous workloads in a cloud datacenter , 2014, J. Netw. Comput. Appl..

[69]  George Varghese,et al.  Netshare and stochastic netshare: predictable bandwidth allocation for data centers , 2012, CCRV.

[70]  Zongpeng Li,et al.  Dynamic pricing and profit maximization for the cloud with geo-distributed data centers , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[71]  Bhaskar Prasad Rimal,et al.  A Framework of Scientific Workflow Management Systems for Multi-tenant Cloud Orchestration Environment , 2010, 2010 19th IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises.

[72]  Biswanath Mukherjee,et al.  Survivable multipath provisioning with differential delay constraint in telecom mesh networks , 2011, IEEE/ACM Trans. Netw..