Hui Zhang Assistant Professor School of Computer Science Email: hzhang@cs.cmu.edu Carnegie Mellon University URL: http://www.cs.cmu.edu/~hzhang 5000 Forbes Ave Phone: (412) 268-8945 Pittsburgh, PA 15213-3891 Fax: (412) 268-6787 -------------- Resource Management For Service-Oriented Internet Hui Zhang School of Computer Science Carnegie Mellon University As Internet becomes a more ubiquitious communication infrastructure, we see the emergence of a electronic service industry that is eager to deliver a wide variety of services to end-users. Services will range from low-level services that transport bit streams over the network infrastructure to value added services such as reliable transport, caching, video transcoding, and data mining. Various strategies have been proposed to enable these sophisticated services in the next generation Internet. For example, in the active network proposal by Tennenhouse, network switches provide a more general purpose programming model and applications/service providers can dynamically inject code into the switches to implement application or service specific functionalities. A less radical proposal, such as the application aware network approach taken by the Darwin project at CMU, is to distinguish between bearer services that transport bits and computational/storage services that require application specific processing and state storage/manipulation. In either case, the trend is to enable a rich and sophisticated set of distributed services "outside" application end points -- in active networks, the services are implemented by application downloaded code at switches, in application-aware networks, the services are implemented by service nodes or virtual end points that are neither application end points nor network switches. Since network is fundamentally a shared resource, it is critical to have effective resource management frameworks/algorithms/protocols that provide support for the diverse requirements of applications and services. Resource management in such a service-oriented Internet presents several important challenges that are not present in the today's Internet. First, there are multiple types of resources, in additional to link bandwidth, shared CPU and memory resources also need to be managed. While these resources have different characteristics, we would like to have a unified framework for accounting and managing them. Second, there will be diverse requirements and policies for resource management. While the current Internet integrated service model supports QoS mainly on the basis of individual traffic streams, sophisticated services and applications that consists of many traffic streams will want to have customized resource management policies for their traffic streams. Therefore, it is important to support dynamic and hierarchical resource management. Third, effective resource management requires application end nodes, service nodes, and network switch nodes to negotiate and coordinate. While negotiation and coordination has the potential to make the system more adaptive and resource utilization more efficient, it may also introduces overhead and make the system less robust and secure. It is important to devise protocols and algorithms that achieve robust, efficient, and secure negotiation and coordination. At CMU, we are developing a research program that addresses the above issues. There is an inter-disciplinary team that consist of researchers in networking (Allan Fisher, Peter Steenkiste, Hui Zhang), OS (Raj Rajikumar), and security (Doug Tygar). Experimental aspect of the research is conducted over the Dartnet and vBNS. There are close collaborations with industry (MCI, Sun, Intel). Unified Model For Managing Different Resources ==================================== =========== Network is a fundamentally a shared resource, and therefore, need to be managed. Application requirements and resource types are two important factors that affect resource management strategies. For applications that require performance guarantees, a reservation scheme is needed. For applications that can adapt to statistical fluctuation of availability of resources, network should "fairly" allocate resources according to certain policies. Recent research has shown that some type of proportional share service model (such as Fair Queueing algorithms) can be used to support both guaranteed and adaptive applications in networks. Proportional share algorithms offers both protection and fairness for managing contention to a shared resource. In addition, hierarchical and end-to-end allocation of resources are made much easier with proportional share resource model. It is natural to extend the same abstraction to other resource types such as CPU and memory. However, there are important differences between these resource types that need to be accounted for before a unified abstraction can be developed. For example, in a network environment, packet transmission is not preemptable, the length of a packet is known in advance, the time to switch between different sessions is smaller, and the number of simultaneously active sessions is larger. Therefore, the key for managing link bandwidth is to achieve high throughput for a large number of sessions. On the other hand for CPU management, the context switch overhead is much larger, a thread/process can be preempted. In addition, synchronization issues, such as priority-inversion, have to be addressed, as well. With memory management, an application should be able to either reserve certain pages in memory (this would be equivalent to "page pinning", mechanism already implemented by many operating systems), or to ask for a specific share of the available memory. In the latter case, the page replacement algorithm should ensure fair distribution of the available pages among competing applications. However, there are some significant differences that make the algorithms' design in this case even more challenging. First, the overhead of a page fault, is much larger than the overhead of a context switch in the CPU case, or scheduling a packet in networks. Therefore, we need to consider different tradeoffs between the allocation accuracy and the algorithm overhead. Second, if all physical pages are in use, not only do we need to decide what application will receive a new page, but also from what application to take it away. This difficulty reflects mainly the fact that unlike CPU and communication bandwidth which are only time-shared resources, the memory is both a time-shared and a space-shared resource. Hierarchical Resource Management =============================== In the today's networks the resources are allocated either on a per packet basis (IP network) or on a per traffic stream basis (ATM or Integrated Services IP network), there is no such a concept that an application/service has multiple traffic streams and wants to perform application/service specific resource management among these traffic streams. Because of the simple service model, the service specification interface and resource allocation algorithms for today's Internet are rather primitive. For example, it is possible to specify the QOS for each single traffic stream, but it is not possible to specify that multiple traffic streams should share the same set of reserved resources and they should have certain priority relationships when there are contentions for the shared reservation. As a result, the network does not distinguish between and consequently does not simultaneously support cooperative sharing among traffic streams within an application and competitive sharing among traffic streams in different applications. In a service-oriented network, sophisticated multi-party applications or service providers can coordinate communication, distributed computation resources, and other network services to achieve application-specific or service-specific goals of optimality. While network or appropriate service providers specify resource management policies for competitive resource sharing among applications, application can specify its own resource policy to manage resources for traffic streams belonging to itself. To support this capability, we need a hierarchical resource management framework that consists of the following components; (a) a service definition interface that allows an application/service to specify application/service specific requirements and resource management policy for its traffic streams, (b) algorithms and policies that map application's network-wide requirements into local requirements at each link and service node, and (c) mechanisms at each link and service node that simultaneously support resource management policies of multiple applications/services and network managers. Scheduling algorithm is the lowest level mechanism to support this framework. We have developed two algorithms, Hierarchical Packet Fair Queuing (H-PFQ) and Hierarchical Fair Service Curve (H-FSC), that can support different styles of hierarchical bandwidth allocation of communication links. We are extending the algorithms to manage CPU and memory resources by addressing the issues raised in the previous section. Robustness and Security of Resource Management ==================================== ========== Effective resource management requires network nodes (switches, application end nodes, service nodes) to discriminate services among packets based on policies. In addition, it requires different network nodes to dynamically negotiate to achieve consistent policies. This creates two types of problems: robustness and security. On the one hand, in order to achieve higher efficiency, it is usually more beneficial for network nodes to share distributed states. For example, by negotiating to use VCI's or Tags consistently inside the network, the cost of packet routing and classification can be greatly reduced. Our recent result also show that coordinating resource allocation among nodes inside the network can dramatically improve resource utilization. On the other hand, maintaining distributed state incurs additional overhead, and raises the usually difficult problem of ensuring state consistency. For example, in an ATM network, data cannot be transmitted before the VC (distributed state) is setup. This introduces high penalty for short sessions. In addition, the data transfer is interrupted when the VC is broken. To balance between these two considerations, in the design of network protocols, we should distinguish between two types of state information, one used for ensuring correctness or minimum functionalities of the system, and the other used for enhancing performance. To design a robust and efficient protocol, we need to minimize the first type of state information, but try to use as much as possible of the second type (without introducing too much overhead). In our design, we make the assumption that only a subset of network nodes will implement the advanced features. For those nodes, default local policies are set. Additional policies can be added on an incremental basis. Application and network efficiency will increase even if a subset of the network nodes install the application/service specific policies. Such a strategy will maintain the robustness of the IP datagram network, while taking advantage of the sophisticated capabilities of the new nodes. Networks with preferential treatment of packets (based on policies) are more vulnerable to security attacks than best-effort datagram networks. Various service denial or stealing attacks are possible. Lightweight authentication and accounting mechanisms need to be developed and integrated with the resource allocation framework. A promising direction is to apply techniques developed in the area of electronic commerce.