Diciclo: Flexible User-level Services for Efficient Multitenant Isolation

IF 2 4区计算机科学 Q2 COMPUTER SCIENCE, THEORY & METHODS

ACM Transactions on Computer Systems Pub Date : 2023-12-30 DOI:10.1145/3639404

Giorgos Kappes, Stergios V. Anastasiadis

{"title":"Diciclo: Flexible User-level Services for Efficient Multitenant Isolation","authors":"Giorgos Kappes, Stergios V. Anastasiadis","doi":"10.1145/3639404","DOIUrl":null,"url":null,"abstract":"<p>Containers are a mainstream virtualization technique for running stateful workloads over persistent storage. In highly-utilized multitenant hosts, resource contention at the system kernel leads to inefficient container I/O handling. Although there are interesting techniques to address this issue, they incur high implementation complexity and execution overhead. As a cost-effective alternative, we introduce the Diciclo architecture with our assumptions, goals and principles. For each tenant, Diciclo isolates the control and data I/O path at user level and runs dedicated storage systems. Diciclo includes the libservice unified user-level abstraction of system services and the node structure design pattern for the application and server side. We prototyped a toolkit of user-level components that comprise the library to invoke the standard I/O calls, the I/O communication mechanism, and the I/O services. Based on Diciclo, we built Danaus, a filesystem client that integrates a union filesystem with a Ceph distributed filesystem client and configurable shared cache. Across different host configurations, workloads and systems, Danaus achieves improved performance stability because it handles I/O with reserved per-tenant resources and avoids intensive kernel locking. Based on having built and evaluated Danaus, we share valuable lessons about resource contention, file management, service separation and performance stability in multitenant systems.</p>","PeriodicalId":50918,"journal":{"name":"ACM Transactions on Computer Systems","volume":"9 1","pages":""},"PeriodicalIF":2.0000,"publicationDate":"2023-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Computer Systems","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3639404","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

Containers are a mainstream virtualization technique for running stateful workloads over persistent storage. In highly-utilized multitenant hosts, resource contention at the system kernel leads to inefficient container I/O handling. Although there are interesting techniques to address this issue, they incur high implementation complexity and execution overhead. As a cost-effective alternative, we introduce the Diciclo architecture with our assumptions, goals and principles. For each tenant, Diciclo isolates the control and data I/O path at user level and runs dedicated storage systems. Diciclo includes the libservice unified user-level abstraction of system services and the node structure design pattern for the application and server side. We prototyped a toolkit of user-level components that comprise the library to invoke the standard I/O calls, the I/O communication mechanism, and the I/O services. Based on Diciclo, we built Danaus, a filesystem client that integrates a union filesystem with a Ceph distributed filesystem client and configurable shared cache. Across different host configurations, workloads and systems, Danaus achieves improved performance stability because it handles I/O with reserved per-tenant resources and avoids intensive kernel locking. Based on having built and evaluated Danaus, we share valuable lessons about resource contention, file management, service separation and performance stability in multitenant systems.

查看原文本刊更多论文

Diciclo：灵活的用户级服务，实现高效的多租户隔离

容器是在持久存储上运行有状态工作负载的主流虚拟化技术。在高利用率的多租户主机中，系统内核的资源争用会导致容器 I/O 处理效率低下。虽然有一些有趣的技术可以解决这个问题，但它们会带来很高的实施复杂性和执行开销。作为一种具有成本效益的替代方案，我们引入了 Diciclo 架构，并提出了我们的假设、目标和原则。对于每个租户，Diciclo 在用户层隔离了控制和数据 I/O 路径，并运行专用的存储系统。Diciclo 包括统一的用户级系统服务抽象 libservice，以及应用和服务器端的节点结构设计模式。我们开发了一个用户级组件工具包原型，其中包括调用标准 I/O 调用的库，I/O 通信机制和 I/O 服务。在 Diciclo 的基础上，我们构建了文件系统客户端 Danaus，它将联合文件系统与 Ceph 分布式文件系统客户端和可配置的共享缓存集成在一起。在不同的主机配置、工作负载和系统中，Danaus 的性能稳定性都得到了提高，因为它使用为每个租户预留的资源处理 I/O，并避免了密集的内核锁定。基于对 Danaus 的构建和评估，我们分享了多租户系统中资源争用、文件管理、服务分离和性能稳定性方面的宝贵经验。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Transactions on Computer Systems 工程技术-计算机：理论方法

CiteScore

4.00

自引率

0.00%

发文量

审稿时长

1 months

期刊介绍： ACM Transactions on Computer Systems (TOCS) presents research and development results on the design, implementation, analysis, evaluation, and use of computer systems and systems software. The term "computer systems" is interpreted broadly and includes operating systems, systems architecture and hardware, distributed systems, optimizing compilers, and the interaction between systems and computer networks. Articles appearing in TOCS will tend either to present new techniques and concepts, or to report on experiences and experiments with actual systems. Insights useful to system designers, builders, and users will be emphasized. TOCS publishes research and technical papers, both short and long. It includes technical correspondence to permit commentary on technical topics and on previously published papers.