Vimalkumar Jeyakumar : 2013 Security Workshop
Monday, April 15, 2013
Location: Fisher Conference Center, Arrillaga Alumni Center
"Protecting Network Performance in the Cloud from Malicious Traffic Interference"
Today, a data centre hosts diverse applications and not all of them can be trusted, especially in the public cloud (e.g., Amazon AWS, Windows Azure). While "virtualisation" has made significant advances in isolating CPU performance, there's little to no protection for network bandwidth. Bandwidth contention between VMs can occur even if they do not communicate with each other. Moreover, this contention can manifest itself at timescales of a few milliseconds, invisible on human timescales, and we show how this can degrade long term performance. This talk is about one practical approach to "virtualise" network bandwidth and protect a tenant's network performance even in the presence of highly bursty traffic. Our system, EyeQ, works completely at end hosts with minimal network requirements, with low CPU overhead at high line rates (10Gb/s), even with adversarial and bursty UDP traffic. We show how EyeQ protects a memcached cluster from a collocated bursty UDP tenant, bringing the 99.9th percentile response latency close to bare-metal performance.
EyeQ is open-source and is available for Linux: http://jvimal.github.com/eyeq.
Vimalkumar Jeyakumar is a PhD candidate in the Computer Science department advised by Profs. David Mazieres and Balaji Prabhakar. He has worked on flow scheduling in high speed networks, network performance virtualisation, verifiable network emulation and principled approaches to network debugging.