Acila: attaching identities of workloads for efficient packet classification in a cloud data center network

Proceedings of the ACM SIGCOMM Workshop on Future of Internet Routing & Addressing Pub Date : 2021-09-17 DOI:10.1145/3527974.3545726

K. Ohnishi, Daisuke Kotani, Hirofumi Ichihara, Yohei Kanemaru, Y. Okabe

{"title":"Acila: attaching identities of workloads for efficient packet classification in a cloud data center network","authors":"K. Ohnishi, Daisuke Kotani, Hirofumi Ichihara, Yohei Kanemaru, Y. Okabe","doi":"10.1145/3527974.3545726","DOIUrl":null,"url":null,"abstract":"IP addresses and port numbers (network based identifiers) are major identifiers for network devices to identify systems and roles of hosts exchanging packets for access control lists, priority control, etc. However, in modern system design on cloud, such as microservice architecture, network based identifiers are inefficient to identify systems and roles of hosts because VMs and containers (workloads), which elastically change due to autoscaling and deployment of new codes, have only network based identifiers based on servers where workloads are running. We propose a new system, Acila, to classify packets based on the identity of a workload at network devices, by marking packets with necessary information extracted from the identity that is usually stored in cloud controllers. We implement Acila and show that packet filtering and priority control work with Acila, and entries for them with Acila is more efficient than network based identifiers approach, with little overhead on performance.","PeriodicalId":294749,"journal":{"name":"Proceedings of the ACM SIGCOMM Workshop on Future of Internet Routing & Addressing","volume":"208 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the ACM SIGCOMM Workshop on Future of Internet Routing & Addressing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3527974.3545726","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

IP addresses and port numbers (network based identifiers) are major identifiers for network devices to identify systems and roles of hosts exchanging packets for access control lists, priority control, etc. However, in modern system design on cloud, such as microservice architecture, network based identifiers are inefficient to identify systems and roles of hosts because VMs and containers (workloads), which elastically change due to autoscaling and deployment of new codes, have only network based identifiers based on servers where workloads are running. We propose a new system, Acila, to classify packets based on the identity of a workload at network devices, by marking packets with necessary information extracted from the identity that is usually stored in cloud controllers. We implement Acila and show that packet filtering and priority control work with Acila, and entries for them with Acila is more efficient than network based identifiers approach, with little overhead on performance.

查看原文本刊更多论文

Acila:在云数据中心网络中附加工作负载的身份，实现高效的数据包分类

IP地址和端口号(基于网络的标识符)是网络设备的主要标识符，用于标识系统和交换访问控制列表、优先级控制等数据包的主机角色。然而，在云上的现代系统设计中，例如微服务架构，基于网络的标识符对于识别系统和主机的角色是低效的，因为虚拟机和容器(工作负载)由于自动扩展和新代码的部署而有弹性地变化，只有基于运行工作负载的服务器的基于网络的标识符。我们提出了一个新的系统Acila，它根据网络设备上工作负载的身份对数据包进行分类，方法是从通常存储在云控制器中的身份中提取必要的信息来标记数据包。我们实现了Acila，并证明了包过滤和优先级控制可以在Acila中工作，并且使用Acila的条目比基于网络的标识符方法更有效，而且性能开销很小。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the ACM SIGCOMM Workshop on Future of Internet Routing & Addressing

自引率

0.00%

发文量