PlanetLab: An Overlay Testbed for Broad-Coverage ServicesOverviewWhat Is PlanetLab?PlanetLab GoalPrioritiesPlanetLab ArchitectureServices Run in SlicesSlide 8Slide 9Slide 10Node Architecture GoalsOne Extreme: Software Runtime (e.g., Java Virtual Machine)Other Extreme: Complete Virtual Machine (e.g., VMware)Mainstream Operating SystemPlanetLab Virtualization: VServersPlanetLab Network ArchitectureSlide 17Slide 18Obtaining a SliceSlide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27Slide 28Slide 29Slide 30Slide 31PlanetLab Virtual Machines: VServersScalabilityProtected Raw SocketsResource LimitsLinux and CPU Resource ManagementPlanetLab Network ManagementDynamic Slice CreationUser Logs in to PlanetLab NodePlanetLab TodaySlide 41PlanetLab: An Overlay Testbed for Broad-Coverage ServicesBavier, Bowman, Chun, Culler, Peterson, Roscoe, WawrzoniakPresented by Jason WaddleOverview1. What is PlanetLab?2. Architecture1. Local: Nodes2. Global: Network3. Details1. Virtual Machines2. MaintenanceWhat Is PlanetLab?•Geographically distributed overlay network•Testbed for broad-coverage network servicesPlanetLab Goal“…to support seamless migration of an application from an early prototype,through multiple design iterations,to a popular service that continues to evolve.”Priorities•Diversity of Network–Geographic–Links•Edge-sites, co-location and routing centers, homes (DSL, cable-modem)•Flexibility–Allow experimenters maximal control over PlanetLab nodes–Securely and fairlyPlanetLab Architecture•Node-level–Several virtual machines on each node, each running a different service•Resources distributed fairly•Services are isolated from each other•Network-level–Node managers, agents, brokers, and service managers provide interface and maintain PlanetLabServices Run in SlicesPlanetLab NodesServices Run in SlicesPlanetLab NodesVirtual MachinesService / Slice AServices Run in SlicesPlanetLab NodesVirtual MachinesService / Slice AService / Slice BServices Run in SlicesPlanetLab NodesVirtual MachinesService / Slice AService / Slice BService / Slice CNode Architecture Goals•Provide a virtual machine for each service running on a node•Isolate virtual machines•Allow maximal control over virtual machines•Fair allocation of resources–Network, CPU, memory, diskOne Extreme: Software Runtime (e.g., Java Virtual Machine)•High level API•Depend on OS to provide protection and resource allocation•Not flexibleOther Extreme: Complete Virtual Machine (e.g., VMware)•Low level API (hardware)–Maximum flexibility•Excellent protection•High CPU/Memory overhead–Cannot share common resources among virtual machines•OS, common filesystemMainstream Operating System•API and protection at same level (system calls)•Simple implementation (e.g., Slice = process group)•Efficient use of resources (shared memory, common OS)•Bad protection and isolation•Maximum Control and Security?PlanetLab Virtualization: VServers•Kernel patch to mainstream OS (Linux)•Gives appearance of separate kernel for each virtual machine–Root privileges restricted to activities that do not affect other vservers•Some modification: resource control (e.g., File handles, port numbers) and protection facilities addedPlanetLab Network Architecture•Node manger (one per node)–Create slices for service managers •When service managers provide valid tickets–Allocate resources for vservers•Resource Monitor (one per node)–Track node’s available resources–Tell agents about available resourcesPlanetLab Network Architecture•Agents (centralized)–Track nodes’ free resources–Advertise resources to resource brokers–Issue tickets to resource brokers•Tickets may be redeemed with node managers to obtain the resourcePlanetLab Network Architecture•Resource Broker (per service)–Obtain tickets from agents on behalf of service managers•Service Managers (per service)–Obtain tickets from broker–Redeem tickets with node managers to acquire resources–If resources can be acquired, start serviceObtaining a SliceAgentService ManagerBrokerObtaining a SliceAgentService ManagerBrokerResource MonitorObtaining a SliceAgentService ManagerBrokerResource MonitorObtaining a SliceAgentService ManagerBrokerResource MonitorticketObtaining a SliceAgentService ManagerBrokerticketResource MonitorResource MonitorObtaining a SliceAgentService ManagerBrokerticketResource MonitorResource MonitorticketticketObtaining a SliceAgentService ManagerBrokerticketticketticketObtaining a SliceAgentService ManagerBrokerticketticketticketObtaining a SliceAgentService ManagerBrokerticketticketticketObtaining a SliceAgentService ManagerBrokerticketticketticketObtaining a SliceAgentService ManagerBrokerticketticketticketNode ManagerNode ManagerObtaining a SliceAgentService ManagerBrokerticketObtaining a SliceAgentService ManagerBrokerticketPlanetLab Virtual Machines: VServers•Extend the idea of chroot(2)–New vserver created by system call–Descendent processes inherit vserver–Unique filesystem, SYSV IPC, UID/GID space–Limited root privilege•Can’t control host node–IrreversibleScalability•Reduce disk footprint using copy-on-write–Immutable flag provides file-level CoW–Vservers share 508MB basic filesystem•Each additional vserver takes 29MB•Increase limits on kernel resources (e.g., file descriptors)–Is the kernel designed to handle this? (inefficient data structures?)Protected Raw Sockets•Services may need low-level network access–Cannot allow them access to other services’ packets•Provide “protected” raw sockets–TCP/UDP bound to local port–Incoming packets delivered only to service with corresponding port registered–Outgoing packets scanned to prevent spoofing•ICMP also supported–16-bit identifier placed in ICMP headerResource Limits•Node-wide cap on outgoing network bandwidth–Protect the world from PlanetLab services•Isolation between vservers: two approaches–Fairness: each of N vservers gets 1/N of the resources during contention–Guarantees: each slice reserves certain amount of resources (e.g., 1Mbps bandwidth, 10Mcps CPU)•Left-over resources distributed fairlyLinux and CPU Resource Management•The scheduler in Linux provides fairness by process, not by vserver–Vserver with many processes hogs CPU•No current way for scheduler to provide guaranteed slices of CPU timePlanetLab Network Management1. PlanetLab Nodes boot a small Linux OS
View Full Document
Unlocking...