WIXLIB

Flow Monitoring Services eIr-Ne- r- v-ic-e'l- r-v-at- io-n-- - e-se- R- t-w-o-rk- - c-k- u- I------ ta'I-----o - p-e-n S.-DTenant's(admin) En(dis)ableFlow DataMonitoringRESTDemand PredictorFlow Monitoring ServiceTenant-Port InfoRESTQuantumNetwork [MonitoringEnabled, ColiectorlP]jEnable NetFlow/SFlowthrough OVS pluginRaw Flow Data[on the bridge]Network ElementsFig. 1.Equinox Architecture: Flow Monitoring Service - Traffic Monitoring and Demand PredictionNetwork Reservation Service1'- '- - - '-'- '- '-'- - - - - '- - - '- ' - - - '- ' - - -'- '- - - '--- - - '--- - - '--- - - '- ' - - - '- ' - - - '- - - - - '- '1r--1.Flow Monitoring ServiceIDemand Update TriggerIRESTrVM Placement,DemandStore demandsRESTQuantumPort [ReservedRate, Demand]VM PlacementIr---- IIIOPENFLOW r-NovaTopology UpdateTriggerOPENF LOWTopologyMigrate VMsquantum OVS agentIRESTIApply Rates per portOPENFLOWnova-compute RPCRPCFig. 2.MigrationsInstall RoutesRESTIIRates,I ListenerMigrationsRatesRESTDemandRoutes,Network R eservation Service (Open Daylight) REST1Decision EngineTopology,.----------------Compute ---Network ElementsEquinox Architecture: Network Reservation Service - Bandwidth Reservation, Rate-Limiting, Re-Routing and YM Migrationsall end hosts. Based on this, the Flow Monitoring Service alsoexposes an API through which the admin can configure themonitoring on the compute nodes. Once the compute nodesare configured to export the flow statistics and the service hasstarted the flow collector at the specified location, the collectorstarts getting the monitoring data. The collector analyzes theraw data received from the Open vSwitch instances at thecompute nodes and stores the monitored flow data in anappropriate format so that flow statistics can be calculatedefficiently [30]. The Flow Monitoring Service can access thisdata and exposes APIs for various types of queries such as top k flows for a tenant, average demand of a VM over the lasttime interval etc. The monitoring service also communicateswith OpenStack for various tenant specific information such asidentifying the VMs belonging to a tenant, setting the demandof a VM etc. OpenStack can query these APIs through RESTand uses it to show information such as network usage of theVMs to a tenant.In addition to monitoring flows and exposing APIs to queryflow statistics, this service also implements demand predictionand triggers the Network Reservation Service with updated in formation. For each VM, the demands over the last n specifiedtime-intervals can be queried and used to predict the demandfor the next interval. Many numerical methods and techniquescan be used to estimate the demand. The most commonlyused ones include moving average, exponential smoothing,ARMA, ARIMA and GARCH models [28] [33]. The servicepredicts demands for each of the VMs based on the monitoreddata and updates the port 2 in the Quantum database withthe estimated demand using the extended Quantum UpdatePort API. The service also periodically notifies the NetworkReservation Service to update the network reservations.2a port in Quantum refers to a YM's network interface

B. Network Reservation ServiceThe Network Reservation Service is responsible for com puting and enforcing reservation through routing and end-hostrate limits in the network. We have implemented this service asan Opendaylight [29] controller module. The service exposes aREST API to listen for triggers it will need to update the reser vations. Whenever the service gets such a trigger, it will fetchthe required information from various components and call theDecision Engine with the information. The Decision Engine isthe core of the Network Reservation Service and is responsiblefor calculating the reservation. It needs the demands of allthe VMs, the VM placement and the topology information tocompute the reservation. The VM demands are fetched fromQuantum, the VM placement information is gathered fromNova and the topology information of the compute nodes andswitches is available from the Opendaylight topology manager.To map VM placement information from Nova to the networktopology obtained from Opendaylight OpenFlow controller, theservice processes packet-ins from the VMs. Based on the in port of the packet-in, it identifies which compute nodes in theOpenStack world corresponds to which host in the OpenFlowtopology. Once this mapping is done, the service has the entirenetwork topology including the VMs.The Decision Engine is based on the scheme proposed in ourearlier work in [20]. For routing, it tries to provide the VirtualCluster (V C) [2] abstraction to the tenant. In a VC abstractiona tenant sees the logical abstraction that all the tenant's VMare connected directly to a Logical Switch with dedicated linksof given capacity. The logical switch is mapped to a switch inthe physical topology and the required bandwidth is reservedon the path from each VM to the mapped switch.The Decision Engine uses the information provided tocalculate the new reservation, which is a set of end-host ratelimits, routes and VM migrations. A reservation request issaid to be satisfied if for all tenants: all the VMs of a tenantcan be connected to the Logical Switch for that tenant and abandwidth equal to the demand of each VM can be reservedon a path from the VM to the Logical Switch. The Decision Engine first tries to find if the requestcan be satisfied using the existing routing rules andplacement. If it can be, then it just updates the rate limits equal to the demands.Else, it tries to migrate the Logical Switches so thatthe demands can be satisfied. If the Logical Switchmigration succeeds, in addition to the new rate-limitsthe output will have the new set of OpenFlow baserouting rules to update the routes for the VMs whichwere connected to the migrated Logical Switches.Else, in addition to Logical Switch migration, the Deci sion Engine also checks if migrating some of the VMscan satisfy the request. And if so, then it also suggeststhe VMs to be migrated and their destination hosts. Else,the request cannot be satisfied.d More details about Logical Switch migration and Virtual Clus ter abstraction can be found in [20]. The Network ReservationService, then, processes the output of the Decision Engineand enforces it on the network. To apply the end-host ratelimits, it uses the Quantum REST API as mentioned in III-C.In order to handle Logical Switch migrations, re-routing needsto be performed as described in III-D. The VM migrations arehandled by Nova as mentioned in III-EC. End -Host Rate ControlOnce the end-host rate limits are computed by the DecisionEngine, the system needs to enforce these limits for theVMs on the compute nodes. The Opendaylight module usesQuantum REST APIs to notify the OpenStack compute nodesto update the rate-limits for the VMs. In our OpenStack setup,we use Open vSwitch based networking with Quantum. Thecurrent version of Quantum Open vSwitch plugin does notsupport specifying and setting QoS values for the Ports. Inorder to support QoS with Quantum, we have extended thePort entity in Quantum to store rate limits and demands. Wehave also extended the Quantum APIs to handle the QoS values(demand and rate limit). Whenever the update API is calledwith rate limit or demand, the database entry for the port getsupdated. In addition, whenever there is an update on the ratelimit of a port, the rate limit is enforced on that port. For theend-host rate-control [34], we leverage the QoS policing [35]which is supported by Open vSwitch. Open vSwitch uses theLinux traffic-control capability for rate-limiting. The ovs -vsctlutility allows one to specify the ingress policing rate and burstsize as follows:ovs-vsctl set Interface vnetlingress policing rate lOOOOingress policing burst lOOOThe ingress-policingJate is the maximum rate in kbpsthat the VM connected to the interface vnetl can send whileingress-policing burst specifies the burst size which is themaximum data in kb that the VM can send in addition tothe ingress-policingJate. The Quantum Open vSwitch agentrunning at the end host, on getting an update request on theport rate-limit, applies the rate-limit on the interface.D. Re -routingIn a VC abstraction, since every VM is assumed to beconnected to a Logical Switch and sufficient bandwidth hasbeen reserved along that path, appropriate routing rules needto be installed on switches so that a VM's traffic uses links onwhich bandwidth has been reserved for that VM. The NetworkReservation Service installs bi-directional rules on all theswit hes on the path between the VM and the correspondingLogIcal Switch. The priority of the rule for a flow from aLogical Switch to a VM is set to be higher than the priorityof the rule from a VM to the Logical Switch. This is done sothat the traffic from one VM to another need not go all theway to the Logical Switch in case the reserved routes for thetwo VMs intersect at a switch other than the Logical Switch.Whenever a Logical Switch migration happens, the routesneed to be changed for all the VMs belonging to that tenant.However, this doesn't mean removing all the existing flowrules and installing new rules. It is possible that some of theflow rules required for the new Logical Switch location are thesame as those used before the migration happened. In sucha case, the Network Reservation Service uninstalls only theunneeded flow rules and installs only the new flow rules.

5 50 ,------,---,,---,Tenant A 300Mbps -- -500 Tenant B 200Mbps --x-:;:.Tenant C 450 - 300Mbps . . ·· lIE · · .***JI( **** lIE***450:I:,}, ", )I(,)jE'*,.,* {.,400350300250150 L------L-- L--- -- -- o50150100200Time(s)Fig, 3,Rate limiting: A rate limit of 300Mbps is applied to the Tenant CVM at t 130s1000Tenant900No rate limit800 .0 ;'0300Mbps) -- - Tenant C(UDP)- -.x- lIE .700600rate limit500'j;400III300'0c:A(TCPTenant B(TCP 200Mbps) 400MbpsilE · . . · )I( · ·)I( · . . · lIE . . · ·)I(· . .· lIE . . · · )I(. · · lIE . . · ·)I( . . · ·)I( .· · )I( . . · · )I(. . · ·f200100o '050,- * -* -,-*.x- -x100150-x .x- -x- -x-2001ime(s)Fig. 4, Rate limiting in case of a bandwidth-hogging UDP traffic : A ratelimit of 400Mbps is applied to the Tenant C VM at t 70sSimulations: In a real scenario, a cloud provider creates a setof categories or classes (such as Platinum, Gold, etc.) basedon the QoS guarantees and varying rates. A tenant can opt forone of the categories which will decide the QoS that will beprovided to the VMs. Each category here implies a specificvalue of the maximum bandwidth that a VM can use. Sincewe are evaluating only the network performance under varioustypes of reservations, we do not take into account the otherparameters such as CPU and memory that may be assignedfor a category. Further, since we use the actual flow data thatwe get from the Hadoop testbed as described in IV-B andIV-C, we adjust the QoS guarantees for the different categoriesaccordingly.To ensure that the comparison between the reservationschemes is fair, we record all the flows every second in case ofuncapped (or unreserved) bandwidths and use the same datato simulate the behavior of all the reservation schemes.In case of the dynamic reservation schemes, there are manytechniques that can be used to predict the demand, Since theobjective of this paper is not to draw a comparison betweenvarious demand prediction methods, we show the results usingjust the exponential smoothing with varying a in case ofdynamic reservations. The average bandwidth demand for theVMs is lOMbps. We consider two categories - I and II.For category I, the bandwidth is capped at 10Mbps and forcategory II, the bandwidth is capped at twice the averagedemand, i,e. 20Mbps, The various reservation schemes thatwe compare are: E. VM MigrationThe Nova REST API for VM live - migration is used bythe Network Reservation Service to migrate the VMs to asuitable compute node, On receiving a packet-in by a VMfrom the destination host, the service deduces a VM migrationis complete and updates its topology information, To preventthe overhead of too many migrations, the number of allowedconcurrent migrations can be configured on the DecisionEngine, STAvg : Static reservation - The average demand foreach VM is reservedST2Avg: Static reservation - Twice the average demandfor each VM is reservedDYcx,cat: Dynamic reservation - Bandwidth reserved isbased on exponential smoothing a E {0.25, 0.5, 0.75}and cat E {I, 2} depending on the category (lor II),ratet a x demandt-I (I-a) x ratet-I, t 0(1)The results shown in IV-E, IV-F, IV-G and IV-H are based onthese simulations,F.Topology UpdatesThe Network Reservation Service registers with the topol ogy service of Opendaylight and is notified whenever thereis a change in the topology of the network, On receivingsuch notifications, the Network Reservation Service calls theDecision Engine with the updated information and applies theresultIVEVALUAT IONA. Experiment ModelHardware Testbed: We run Equinox on an OpenStack setupas described in IV-B, The results in IV-D are based on thissetup, We also ran Hadoop on a larger hardware testbed andcollected flow level data using NetFlow, Remaining results inthis section are based on simulations performed on this flowlevel data, Both these testbeds are described in more details inIV-B.B. Hardware Testbed DetailsWe use two different setups on our hardware to performour experiments, Our testbed consists of 6 IBM x3650 M2servers. Each server has a 12-core Intel Xenon CPU E5675@ 3.07GHz processor and 128 GB of RAM. All the serversrun 64-bit Ubuntu 12.04.1 server with Linux 3.2.0-29-generickerneL These servers are connected through I Gbps NICs toa network of three inter-connected IBM BNT RackSwitchG8264 switches with lOGbps link capacities.Hadoop Setup: We evaluate the performance of static anddynamic network reservations on traffic data collected froma testbed running various MapReduce jobs, For this, we runHadoop 1.1.1 [36] on a cluster with 60-nodes and measurethe traffic data. The 6 servers host 10 VMs each and each ofthe VMs is assigned 2GB of RAM and one CPU core, Everyphysical host has an Open vSwitch (OVS) running and all thenodes placed on the host are connected to it The traffic isgenerated and measured as explained in Sec.IV-c.

5040 l)E""c:030 CiE0u;;:0u:::201001002030405060VMFig. 5.Average flow completion times for all the 60 VMs over 24 hours when using different reservation schemes2.Se 007STAvg - ST2Avg DYO.25,1 - -* DY0.25,2 -B DYO.5,1 - -G DYO.s,2 -e- DYO 75 I - -8 DYO:75:2 - -2.6e 0072.4e 007'Vi'a.2.2e 007e.'0 l)2e 0071:l.Se 007 ,5'0. 1.6e 007 l)Vl'0c:coco1.4e 0071.2e 0071e 007Se 0066e 0060102030405060VMFig. 6.Average bandwidth reserved for different VMs over a duration of 24 hours when using different reservation schemesOpenStack Setup: To validate the working of Equinox, wedeploy OpenStack Grizzly setup on our testbed. The setupconsists of one control node and four compute nodes. The FlowMonitoring Service runs on a server with similar hardwarewhile the Network Reservation Service which is built on theOpendaylight controller runs on a separate server which has a2-core Intel Xenon CPU @ 3.40GHz processor and 4 GB ofRAM.C.Traffic generationWe deploy Statistical Workload Injector (SWIM) forMapReduce [37] , [38] on our cluster to generate a realdata center representative workload. SWIM provides a set ofMapReduce workloads from real production systems and a toolto generate representative test workloads by sampling historicalMapReduce cluster traces. These workloads are reproducedfrom the original trace that maintains the distribution of input,shuffle, and output data sizes, and the mix of job submissionrates, job sequences and job types [38] . Using SWIM, wepre-populate HDFS (Hadoop Distributed File System) on ourcluster using synthetic data, scaled to the 60-node cluster,and replay the workload using synthetic MapReduce jobs.Once the replay is started, the jobs keep getting submittedautomatically to Hadoop at varying time intervals as calculatedby SWIM and are handled by the default Hadoop scheduler.For our evaluation, we use the traces available in the SWIMworkload repository which are based on Facebook's productiondata center. To measure the bandwidth utilization during theprocess, we enable NetFlow on the Open vSwitch bridges withan active timeout of 1 second and monitor the traffic using ourNetFlow collector.D. Network Reservation Validation on Hardware TestbedFig. 3 shows the bandwidth attained by three VMs belongingto different tenants when using the same 1 Gbps physical link.The VMs belonging to tenants A, B and C have demands of

2e 007\/ ,' AI '--J\ STAv9 ---1-------fl-----fflf- - t-; .,.---JI-- t--'----"""- l.t - t -ST2Av9 --OY02S1OYO:2S:2OYO.S,lOYOS2OYO;S'l ---OYO:7S:2 ---- - - - - 1.5e 007- 1e 0075e 006oFig. 7.I-l - - - - - - - - - -,I, j # -.r---"",.""i,: - - - .J: "!.'!.--"!. !:-\; --- .- .-. -. -. - -\-- .- --1---." ',,",, \ , ,, ,f.v'I., v,"tt f ' 'j,: .f-':- -,I,:L -1 J L L o515102025Time (hours)Bandwidth reserved (csplines smoothed) for one VM with time during 24 hours when using different reservation schemes1.2e 009Cumulative costl.le 009ST2Avg, DYO.25,2, DYO.5,2 and DYO.75,2 result in best flowcompletion times.le 009'gjuge 008F8e 008Fig. 6 shows the average bandwidth reserved for differentVMs over a duration of 24 hours in case of all the reservationschemes.The average bandwidth reserved in case of dynamic reserva tions belonging to category II is significantly less than that forST2Avg. Thus, the dynamic reservation schemes seem to utilizethe reservation judiciously and save on unutilized reservationswhile ensuring the same flow completion times as that in caseof over-provisioned static reservations.7e 0086e 0085e 0084e 008STAvgST2AvgDYO.2S,1 DYO.2S,2DYo.s,1DYO.s,2DYO.7s,1 DYO.7S,2Reservation TypeFig. 8.Cumulative bandwidth cost for 24 hours when using differentreservation schemes300, 200 and 450 Mbps respectively and initially, they get therequired throughput. At t130s, a network reservation of300 Mbps is applied on the tenant C VM and its measuredthroughput reduces to the assigned bandwidth.Fig. 4 shows how network reservation helps in isolating theperformance for each tenant. Th

and Open vSwitch at the compute nodes. The Open vSwitch at the compute nodes is configured to monitor and export traffic statistics to a flow collector. NetFlow [31] and sFlow [32] are the two most commonly used techniques for flow monitoring. Open vSwitch and the Equinox flow collector support monitor ing using both these methods.