Data center networks and Internet eXchange Points (IXPs) are a critical part of today's computing infrastructure that support important cloud services like Google, Facebook, and Netflix. In these networks, competing companies (tenants) run many different distributed applications that communicate across the network. Unfortunately, existing networks are not able to ensure that these competing applications are isolated. For example, if a malicious tenant were to open more connections and inject more data into the network than other tenants, it could consume more than its fair share of network capacity and adversely affect the performance of other tenants' applications. This work introduces a new system that can enforce network-wide isolation policies and ensure that competing tenants cannot game the system and get more performance by opening more connections or by injecting more data.

Existing approaches to providing in-network performance isolation use virtual queues to isolate traffic. Unfortunately, these approaches suffer from key limitations with respect to scalability, performance, update latency, and TCP-friendliness. To overcome these limitations, this proposal aims to rethink the design of how switches track and respond to dynamically changing traffic patterns and how end-hosts are notified of congestion information. Specifically, it will introduce logical queues, which use counters to approximately behave as a switch with a large number of virtual queues without the associated hardware costs. The key insight is that since today's switches are already dedicating switch resources (SRAM) to counters that are used for monitoring, these same counters can be repurposed to implement logical queues with low overheads.

This work will have significant implications for application developers, network hardware vendors, cloud providers, and users of cloud infrastructure. The new abstractions have the potential to become commonplace in both the development and teaching of network applications, and it has the potential to significantly improve performance and security isolation in today's networks. This proposal has the potential to also broaden the appeal of today’s programmable switches and open up a new segment of the market.

The software created as part of this work will be made broadly available for public reuse under flexible open-source licenses through github (https://github.com/uic-data-center-systems/). The investigators have a strong record of releasing the source codes of their research prototypes to the broader research community.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Network Systems (CNS)
Type
Standard Grant (Standard)
Application #
2008273
Program Officer
Deepankar Medhi
Project Start
Project End
Budget Start
2020-10-01
Budget End
2023-09-30
Support Year
Fiscal Year
2020
Total Cost
$499,999
Indirect Cost
Name
University of Illinois at Chicago
Department
Type
DUNS #
City
Chicago
State
IL
Country
United States
Zip Code
60612