Performance Contracts For Software Network Functions
2y ago
57 Views
1 Downloads
8.31 MB
48 Pages
Report/dmca
Download PDF

Transcription

Performance Contracts forSoftware Network FunctionsRishabh Iyer, Luis Pedrosa, Arseniy Zaostrovnykh,Solal Pirelli, Katerina Argyraki, George Candea

Software Network Functions – Pros and Conso Increased flexibility o Reduced capital and operating expenses o Programming errors o Unexpected performance behaviour 2

Dealing with unexpected NF performanceo Goal: Comprehensive understanding of NF’s performance profilev Operators – capacity planning and anticipate attacksv Developers – informed development decisionso Previous work [NSDI’12, NSDI’18, SIGCOMM’18]v Focus on narrow subset of input workloadsv Offer few completeness guarantees3

Performance Contracts for NFso Abstraction for users to parameterize arbitrary input workloadso Predict performance for workload spec without running NFo Performance predicted as function of Performance Critical Variables (PCVs)o Per-packet metrics: Instruction count, memory accesses, latency (cycles)Performance ContractWorkloadPerformanceSpecPrediction4

Outlineo What is a performance contract?o How does Bolt generate contracts?o Evaluation & Use-Case5

Running example6

Running example7

Running example8

Running example9

Running exampleMACtable implementationHash 0Key AHash 1Hash 2Hash 3Key BKey CHash 4Hash 5Key D10

Performance Contracts ExamplePerformance Contract for MAC bridgeMetric: Lines of pseudo-codeTraffic ClassPerformance11

Performance Contracts ExamplePerformance Contract for MAC bridgeMetric: Lines of pseudo-codeTraffic ClassPerformanceInvalid HeaderValid, DestMAC knownValid, DestMAC unknown12

Performance Contracts ExamplePerformance Contract for MAC bridgeMetric: Lines of pseudo-codeTraffic ClassPerformanceInvalid Header3Valid, DestMAC known3! 20Valid, DestMAC unknown 3! 100! Number of hash collisions13

Using performance contractsSpec 1: Unconstrained trafficPerformance Contract for MAC bridgeMetric: Lines of pseudo-codeTraffic ClassPerformanceInvalid Header3Valid, DestMAC known3! 20Valid, DestMAC unknown 3! 100! Number of hash collisions14

Using performance contractsSpec 1: Unconstrained trafficPerformance Contract for MAC bridgeMetric: Lines of pseudo-code 0 max &'(()*)' *Predicted performance:3 max &'(()*)' * 100Traffic ClassPerformanceInvalid Header3Valid, DestMAC known30 20Valid, DestMAC unknown 30 1000 Number of hash collisions15

Using performance contractsSpec 2: No hash collisionsPerformance Contract for MAC bridgeMetric: Lines of pseudo-code ! 0Predicted performance:100Traffic ClassPerformanceInvalid Header3Valid, DestMAC known3! 20Valid, DestMAC unknown 3! 100! Number of hash collisions16

Using performance contractsSpec 3: Valid, no collisions,Performance Contract for MAC bridgeDestMAC knownMetric: Lines of pseudo-code ! 0Predicted performance:20Traffic ClassPerformanceInvalid Header3Valid, DestMAC known3! 20Valid, DestMAC unknown 3! 100! Number of hash collisions17

Using performance contractsSpec 3: Valid, no collisions,Performance Contract for MAC bridgeDestMAC knownMetric: Lines of pseudo-code ! 0Predicted performance:20Traffic ClassPerformanceInvalid Header3Valid, DestMAC known3! 20Valid, DestMAC unknown 3! 100! Number of hash collisionsContracts quantify performance for all traffic classes of the NFUsers query contract for performance of specific input workloads18

Outlineo What is a performance contract?o How does Bolt generate contracts?o Evaluation & Use-Case19

Generating performance contracts recursivelyNF chainFirewallNAT Bridge 20

Generating performance contracts recursivelyIndividual NFStateless CodeStateful NFdata structuresMACtableput(), get()21

Generating performance contracts recursivelyIndividual NFStateless Code(Simple to analyze)*Stateful NFdata structures(Hard to analyze)*MACtableput(), get()*A.Zaostrovnykh, S.Pirelli, L.Pedrosa, K.Argyraki, G.Candea “AFormally Verified NAT” SIGCOMM 201722

Generating performance contracts recursivelyo Well defined separation between stateful and stateless NF code*o NFs typically have well defined, isolated stateo Encapsulate NF state using a library of data structureso Stateful data structures – Base case of recursive processo Analyze once, reuse across NFs*A.Zaostrovnykh, S.Pirelli, L.Pedrosa, K.Argyraki, G.Candea “AFormally Verified NAT” SIGCOMM 201723

Analyzing stateful data structures!"# %#&'()"* -(./0 .')1"0, * 30'0", )%( -4, . .o Cannot account for all possible packet histories - Path explosiono BUT, performance of MACtable depends ONLY on number of hash collisions24

Performance Critical Variables (PCVs)o Abstract away NF state specificitieso Succinctly summarize impact of packet history, configuration on performanceo Tailor legibility and detail to audienceContract for MACtable putTraffic ClassUnconstrainedPerformance1! 2Contract for MACtable getTraffic ClassKey presentKey absentPerformance2! 122! 7! Number of hash collisionsOnly PCV required to summarize perf in terms of lines of pseudo-code25

Generating Performance Contracts for NFso Symbolically execute stateless code to traverse all execution pathso While traversing each pathv Keep track of performance metrics for stateless codev Plug in contracts for stateful code using path constraints26

Generating Performance Contracts for NFsInvalid3Valid127

Generating Performance Contracts for NFsInvalid3Valid11C 2Traffic ClassUnconstrainedPerformance1! 2Contract for MACtable put28

Generating Performance Contracts for NFsInvalid3Valid11C 2DestMAC knownDestMAC unknown2C 122C 7Traffic ClassKey presentKey absentPerformance2" 122" 7Contract for MACtable get29

Generating Performance Contracts for NFsInvalid3Valid11C 2DestMAC knownDestMAC unknown2C 1252C 79030

Generating Performance Contracts for NFsPerformance Contract for MAC bridgeTraffic ClassPerformanceInvalid Header3Valid, DestMAC known3! 20Valid, DestMAC unknown 3! 100! Number of hash collisionsInvalid3Valid11C 2DestMAC knownDestMAC unknown2C 1252C 79031

Performance Contracts for NF chainso Generate performance contracts for individual NFs in chaino Pair together traffic classes from communicating NFso For each pair - AND respective constraints togetherv Equate packet sent by first NF to packet received by second32

Performance Contract for NF chains - ExampleFirewallFirewallDrops packetswith IP optionsRouterFast path – No IPoptionsSlow path – IPoptionsRouterTraffic Class PerfF1IP opt20F2 No IP opt 50Traffic Class PerfIP opt500 R1No IP opt60 R2NF chainTraffic Class PerfIP opt20No IP opt 110 F1 F2, R2 33

Outlineo What is a performance contract?o How does Bolt generate contracts?o Evaluation and Use-Case34

Evaluation setup & methodologyo 4 NFs - NAT, Maglev-like LB, MAC bridge, LPM routero Analyze NF logic DPDK NIC driver*o Metrics – instructions executed, memory accesses, execution cycleso Testbed - Intel Xeon E5-2667v2 3.3GHz, 82599ES 10Gb NICso Compare predicted vs measured performance for various packet classesTester*S.Pirelli, A.Zaostrovnykh, G.Candea “ADevice under TestFormally Verified NAT Stack” KBNETS Workshop - SIGCOMM 201835

Predictions for Instruction Count, Memory AccessesResults for Maglev-like Load BalancerDescriptionLB1Unconstrained trafficLB2Client packet, new flowLB3Client packet, existing flow,unresponsive backendLB4Client packet, existing flow,existing backendLB5Heartbeat packetsInstruction Count (IC)Memory Accesses (MA)10Prediction Gap (%)Class86420LB1LB2LB3LB4LB5ClassMax prediction gap – 7.5% (IC) and 7.6% (MA)36

Why is there a prediction gap?o Source 1: Trade-off between precision and legibility in PCVsv Can be overcome by exposing more detailo Source 2: Differences between analyzed and production codev Disabled link time optimizations in analyzed code37

Use Case – Informed cost-benefit analysiso Example: Bridge with randomized hash tablev Incorporates random key into hash functionv Rehashes all entries with a new key when collisions greater than a thresholdo Question: Where to place threshold?v Avoid rehashing under normal operationv Should rehash under attack38

Use Case – Informed cost-benefit analysisPredicted IC1060.1CCDF1050.011040.0011031234567Predicted IC18Number of hash collisions39

Use Case – Informed cost-benefit analysisPredicted ICCCDF1060.1CCDF1050.011040.0011031234567Predicted IC18Number of hash collisionsBolt allows operators to visualize the consequences of their decisions 40

Performance Contracts for NFso Abstraction for users to parameterize arbitrary input workloadso Predict performance for workload spec without running NFo Performance predicted as function of Performance Critical Variables (PCVs)bolt-perf-contracts.github.io41

Backup Slideso Distillero Results – IC, MAo Results – NF chainso Results – Latencyo Full Blown Contract42

The Bolt Distillero Users need to know which traffic classes are likelyo Bolt is a static analysis tool, cannot know probabilities of each traffic classo The Bolt Distillerv Input – A representative packet tracev Output - Execution path taken by each packet & values of PCVsv Users can then extrapolate the likelihood and query contract accordinglyBack43

Predictions for Instruction Count, Memory AccessesResults for NAT, BridgeClassDescriptionNAT1Unconstrained traffic10NAT2Client packet, new flow8NAT3Existing flowNAT4External, dropped packetBR1Unconstrained trafficBR2Broadcast trafficBR3Unicast trafficPrediction Gap (%)Instruction Count (IC)Memory Accesses (MA)6420NAT1NAT2NAT3NAT4BR1BR2BR3ClassBackBolt predicts IC & MA accurately, irrespective of NF/Traffic Class44

Predictions for NF chainso NFs chained togetherv Firewall – drops packets with IP optionsv Router – Fast path (No IP options), Slow path (packets with IP options)Instruction Count (IC)Memory Accesses (MA)ClassDescriptionC1Packets with IP optionsC2Packets without IP optionsPrediction Gap (%)1086420C1BackClassC245

Predictions for Latency (Execution Cycles)Results for Maglev-like Load BalancerDescriptionLB1Unconstrained trafficLB2Client packet, new flowLB3Client packet, existing flow,unresponsive backendLB4LB5Client packet, existing flow,existing backendHeartbeat packetsExecution Cycles10Over-estimation RatioClass86420LB1LB2LB3ClassLB4LB5Back9x for pathological traffic, 3x for typical traffic46

Predictions for Execution CyclesResults for LB,NAT, Bridge,LPMBack47

Full Blown ContractBack48

Outline oWhat is a performance contract? oHow does Bolt generate contracts? oEvaluation & Use-Case 5. Running example 6. Running example 7. Running example 8. Running example 9. Key A Running example 10 Hash 0 Hash 1 Hash 2 Hash 3 Hash 4 Hash 5 Key B Key C Key D MACtable implementation. PerformanceContracts Example 11 Performance Contract for MAC_bridge Traffic Class Performance

Related Books

Construction Contracts, Questions and Answers

Construction Contracts, Questions and Answers

EPCM Contracts: Project delivery through engineering .

EPCM Contracts: Project delivery through engineering .

A Guide to Laundry Contracts - cdn.ymaws

A Guide to Laundry Contracts - cdn.ymaws

Contracts)Outline) - Harvard University

Contracts)Outline) - Harvard University

Writing Contracts for Architects - AIA Los Angeles

Writing Contracts for Architects - AIA Los Angeles

Sacred Contracts The Four Archetypes of Survival

Sacred Contracts The Four Archetypes of Survival

Contracts)Outline) - Santa Clara Law

Contracts)Outline) - Santa Clara Law

Scott Pearce's Master Essay Method Contracts

Scott Pearce's Master Essay Method Contracts

Short Paper: Formal Verification of Smart Contracts

Short Paper: Formal Verification of Smart Contracts

Contracts for Nurse Anesthetists

Contracts for Nurse Anesthetists

Infinite Visions Enterprise Edition (IVEE) Contracts

Infinite Visions Enterprise Edition (IVEE) Contracts

RESIDENTIAL CONSTRUCTION CONTRACTS AND THE TEXAS .

RESIDENTIAL CONSTRUCTION CONTRACTS AND THE TEXAS .

PopularTags

Recent Views