Resource containers: A new facility for resource management
in server systems
Banga, Druschel, Mogul (1999)
What kind of paper is this?
Once upon a time, operating systems were structured around the
process abstraction, in which processes acted as both a protection
domain and a resource principal.
With the advent of large scale server processing, where a single
process might manage thousands of connections or requests, this
tight coupling posed problems, because there was no way to allocate
resources within processes.
Banga and his advisors developed a technique to decouple protection
domains from resource principals, calling the latter resource
This solved the problem of resource allocation in large
servers, so everyone lived happily ever after.
- Applications have no control over kernel resource consumption
on their behalf.
- Although a server might do many things, it can only manage
resources on behalf of the entire server, not the different threads
or connections it manages.
- Resource containers as new principals on behalf of whom you
can allocate resources.
Background: Server Architectures
- First gen: process per connection
- Second gen: pool of processes
- Third gen: one thread per processor or event driven
Shortcomings of Current Resource Management
- Process or thread is a schedulable entity.
- Process is the "chargeable" entity.
- Thus, process is both the protection domain and the resource
- E.g., when a network packet arrives, it gets processed in the
kernel and get "billed" either to whatever process is currently
running or to no process.
- Alternately, a system like make is multiple processes, but they
are all acting in the service of a single task.
- A resource principal
- Account for CPU time, memory allocated to kernel objects
- Have access control,
scheduling parameters, resource limits, QoS values.
- resource binding: Associates a thread with a container
(is a dynamic mapping).
- Are arranged hierarchically
- Set parent
- Release container
- Share Container
- R/W Container Attributes
- Get container usage information
- Bind thread to container
- Reset binding
- Bind socket/file to a container
- Baseline: Container operation overheads are tiny
- Show how resource containers support priorities
- Allocate CGI processing to the same container processing the
- Resiliance to SYN-flooding