Resource containers: A new facility for resource management
in server systems
Banga, Druschel, Mogul (1999)
What kind of paper is this?
The Story
Once upon a time, operating systems were structured around the
process abstraction, in which processes acted as both a protection
domain and a resource principal.
With the advent of large scale server processing, where a single
process might manage thousands of connections or requests, this
tight coupling posed problems, because there was no way to allocate
resources within processes.
Banga and his advisors developed a technique to decouple protection
domains from resource principals, calling the latter resource
containers.
This solved the problem of resource allocation in large
servers, so everyone lived happily ever after.
The Problem
- Applications have no control over kernel resource consumption
on their behalf.
- Although a server might do many things, it can only manage
resources on behalf of the entire server, not the different threads
or connections it manages.
The Solution
- Resource containers as new principals on behalf of whom you
can allocate resources.
Background: Server Architectures
- First gen: process per connection
- Second gen: pool of processes
- Third gen: one thread per processor or event driven
Shortcomings of Current Resource Management
- Process or thread is a schedulable entity.
- Process is the "chargeable" entity.
- Thus, process is both the protection domain and the resource
principal.
- E.g., when a network packet arrives, it gets processed in the
kernel and get "billed" either to whatever process is currently
running or to no process.
- Alternately, a system like make is multiple processes, but they
are all acting in the service of a single task.
Resource Containers
- A resource principal
- Account for CPU time, memory allocated to kernel objects
- Have access control,
scheduling parameters, resource limits, QoS values.
- resource binding: Associates a thread with a container
(is a dynamic mapping).
- Are arranged hierarchically
Container operations
- Create
- Set parent
- Release container
- Share Container
- R/W Container Attributes
- Get container usage information
- Bind thread to container
- Reset binding
- Bind socket/file to a container
Performance evaluation
- Baseline: Container operation overheads are tiny
- Show how resource containers support priorities
- Allocate CGI processing to the same container processing the
request
- Resiliance to SYN-flooding