Iron: Isolating Network-based CPU in Container Environments
For this week, we cover Iron: Isolating Network-based CPU in Container Environments.
Research Question:
- What is the impact of network-intensive workloads on container performance? And how can network-based CPU processing be effectively isolated in container environments?
- How to provide sufficient isolation for container regarding to network-intensive workload? More specificly, how can the overhead of packet processing be accurately accounted for in resource management and scheduling?
Key Contributions:
- A case study showing the computational burden of processing network traffic can be significant. Current cgroup mechanisms do not account for this burden, which can cause an 6× slowdown for some workloads.
- A system called Iron to provide hardened isolation. Iron’s charging mechanism integrates with the Linux cgroup scheduler in order to ensure containers are properly charged or credited for network-based processing. Iron also provides a novel packet dropping mechanism to limit the effect, with minimal overhead, of a noisy neighbor that has exhausted its resource allocation
It’s actually the second time I lead discussion on this paper as I forgot that it’s already presented in last year. What this paper benefits us most is gaining direct insigh into how performance degradate happen in container environment. As a member of performance debugging lab, such a insight enables further exploarition of debugging performance in various isolation level for me. Moreover, I liked most about this paper is that it provides detailed case study into an interesting performance issue.
Presenter: Zhaoqi(Roy) Zhang