Resource containers: A new facility for resource management in server systems

What kind of paper is this?

• Big(ish) idea.

The Story

Once upon a time, operating systems were structured around the process abstraction, in which processes acted as both a protection domain and a resource principal. With the advent of large scale server processing, where a single process might manage thousands of connections or requests, this tight coupling posed problems, because there was no way to allocate resources within processes. Banga and his advisors developed a technique to decouple protection domains from resource principals, calling the latter resource containers. This solved the problem of resource allocation in large servers, so everyone lived happily ever after.

The Problem

• Applications have no control over kernel resource consumption on their behalf.
• Although a server might do many things, it can only manage resources on behalf of the entire server, not the different threads or connections it manages.

The Solution

• Resource containers as new principals on behalf of whom you can allocate resources.

Background: Server Architectures

• First gen: process per connection
• Second gen: pool of processes
• Third gen: one thread per processor or event driven

Shortcomings of Current Resource Management

• Process or thread is a schedulable entity.
• Process is the "chargeable" entity.
• Thus, process is both the protection domain and the resource principal.
• E.g., when a network packet arrives, it gets processed in the kernel and get "billed" either to whatever process is currently running or to no process.
• Alternately, a system like make is multiple processes, but they are all acting in the service of a single task.

Resource Containers

• A resource principal
• Account for CPU time, memory allocated to kernel objects
• Have access control, scheduling parameters, resource limits, QoS values.
• resource binding: Associates a thread with a container (is a dynamic mapping).
• Are arranged hierarchically

Container operations

• Create
• Set parent
• Release container
• Share Container
• R/W Container Attributes
• Get container usage information
• Bind thread to container
• Reset binding
• Bind socket/file to a container

Performance evaluation

• Baseline: Container operation overheads are tiny
• Show how resource containers support priorities
• Allocate CGI processing to the same container processing the request
• Resiliance to SYN-flooding