A Hardware/Software Approach for Mitigating Performance Interference Effects in Virtualized Environments Using SR-IOV

Richter, Andre; Herber, Christian; Wallentowitz, Stefan; Wild, Thomas; Herkersdorf, Andreas

doi:10.1109/cloud.2015.129

Cited by 5 publications

(3 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As in our proposal, [37] uses the QoS-400 regulators, but with a different objective, i.e., regulating the memory interference generated by DMA-based inter-VM data transfers. Richter et al [38] implemented a scheduling mechanism for mitigating the interference generated by malicious VMs using the SRIO-V technology (not present in the Ultrascale+), and without considering real-time requirements and I/O-related memory contention. Pu et al [39] presented a thorough experimental comparison of average-case performance metrics of different solutions to run CPU-bound and I/O-bound workloads in different VMs for cloud computing.…”

Section: Related Workmentioning

confidence: 99%

An I/O Virtualization Framework With I/O-Related Memory Contention Control for Real-Time Systems

Borgioli

Zini

Casini

et al. 2022

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

View full text Add to dashboard Cite

Modern applications are often characterized by a tight interaction with I/O devices. At the same time, many application domains are also facing a shift towards an integrated approach where multiple applications with mixed levels of safety and security need to co-exist on top of a shared hardware platform, which is typically managed by a hypervisor. This gives rise to the need for a predictable mechanism allowing multiple virtual machines to share I/O devices, while at the same time controlling contention delays when they access global memory.To deal with these shortcomings, this paper proposes an I/O virtualization framework providing support for controlling the I/O-related memory contention by leveraging the ARM QoS-400 regulators. Extensive experiments are performed to compare the proposed solution with the Xen hypervisor, showing improvements up to 8x when controlling the I/O-related memory contention.

show abstract

Section: Related Workmentioning

confidence: 99%

An I/O Virtualization Framework With I/O-Related Memory Contention Control for Real-Time Systems

Borgioli

Zini

Casini

et al. 2022

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

View full text Add to dashboard Cite

show abstract

“…virtual disk instance), and adapts its performance by adjusting its I/O rate and throughput as the utilization reaches a certain threshold. Richter et al [25] describe an anti-DoS mechanism for preventing packet flooding on SR-IOV-enabled guests by counting PCI Express operations and throttling any malicious guest.…”

Section: Related Workmentioning

confidence: 99%

FlexVF: Adaptive network device services in a virtualized environment

Ekane

Ngoc

Teabe

et al. 2022

Future Generation Computer Systems

View full text Add to dashboard Cite

“…Some prior work [51,45,17] uses techniques similar to those used for network side channel mitigation to performance isolate co-located tenants. Richter et al [52] propose to performance-isolate co-located tenants by modifying the NIC firmware. Pacer's traffic shaping can be similarly implemented in the NIC.…”

Section: Related Workmentioning

confidence: 99%

Pacer: Comprehensive Network Side-Channel Mitigation in the Cloud

Mehta¹,

Alzayat²,

Viti³

et al. 2019

Preprint

View full text Add to dashboard Cite

An important concern for many Cloud customers is data confidentiality. Of particular concern are potential data leaks via side channels, which arise when mutually untrusted parties contend on resources such as CPUs, caches, and networks. In this paper, we present a principled solution for mitigating side channels that arise from shared network links. Our solution, Pacer, shapes the outbound traffic of a Cloud tenant to make it independent of the tenant's secrets by design. At the same time, Pacer permits traffic variations based on public (non-secret) aspects of the tenants' computation, thus enabling efficient sharing of network resources. Implementing Pacer requires modest changes to the guest OS and the hosting hypervisor, and only minimal changes to guest applications. Experiments show that Pacer allows guests to protect their secrets with overhead close to the minimum possible considering the guest's conditional traffic distribution given public information. For instance, Pacer can hide a requested Wiktionary document in one of two size clusters at an average throughput and bandwidth overhead of 6.8% and 150%, respectively.

show abstract

A Hardware/Software Approach for Mitigating Performance Interference Effects in Virtualized Environments Using SR-IOV

Cited by 5 publications

References 23 publications

An I/O Virtualization Framework With I/O-Related Memory Contention Control for Real-Time Systems

An I/O Virtualization Framework With I/O-Related Memory Contention Control for Real-Time Systems

FlexVF: Adaptive network device services in a virtualized environment

Pacer: Comprehensive Network Side-Channel Mitigation in the Cloud

Contact Info

Product

Resources

About