Connection Conditioning: Architecture-Independent Support for Simple, Robust ServersKyoungSoo ParkVivek S. Pai

Princeton University

Server Performance Is GreatMost Web servers generally perform wellMany contributorsMoores law processors & memoryOS timing wheels, hashed PCB, zero copyLoad balancers clusters, data centersPoor performance outside server softwareCGIs, database access, network access, etc

What About Research InServer Software Architectures?10 years of progressNCSA/Apache (just processes)Events (Harvest, Zeus)Events & helpers (Flash)Events & threads (JAWS, Haboob)Events & threads & compilers (Knot)Has it mattered?

Netcraft Web Server SurveyApacheMicrosoftNCSA

Thats Not Quite FairRobustness/scalability workHandling large #s connectionsTolerating long delaysDetecting/mitigating attacksGenerally in context of event-driven serversUsers love multi-process serversEasier to add features, modulesApache very successful

Should We Care?Keep going this routeBecomes a boutique research areaDiscover/invent the next ApacheSome servers still benefitGo with the flowBring research benefits to ApacheFocus on what matters for most peopleNew constraints new research

Why Push Comes to ShoveWalmart Linux machine: $400 totalMicrotel AMD 1.5 GHz1GB memoryIntel GigEHP DL320: List under $3000Intel 2.8 GHz dual-core2 GB memoryBuilt-in GigE100 Mbps WAN: $30,000/month

New ApproachCan we make servers simpler & robust-ierEasier to program, defend, sharePossibly slower, but thats OKProgramming-style (architecture) neutralOld idea: Unix pipesGood for text processingBad for servers?

Connection Conditioning

Salient FeaturesFilters are separate processesInternally: threads, processes, events, ???Communicate via Unix domain socketsAllows passing socket/request bundleServer sees TCP socketsResponses via client socketNo outbound overheadsFilters tied to protocol, not # clients

Why Filters?Reuse across apps/protocolsBeck attack: Apache 98, Flash 02, thttpd ??Another layer of defenseWorks before application API (or even no API)Decoupled from application structureCan codify best practicesSimplifies re-useBut not a panacea

How Many Filters?In general, for most servers: fourManage connections wait for requestProbably event-drivenSeparate multiple requests, re-presentEases persistent connection useReject malformed requestsPrioritize

Connection Conditioning Library9 functions, 2 nonstandardMost are cc_accept, cc_read, etc.Trivial to modify existing serverscc_close specifies local or global One new function, cc_createlsockOffloads the socket/bind/listen processEasier than doing it transparentlyLibrary is 89 lines

Modify or Start FreshModify existing serversApache: < 50 lines (of 6000+)Flash: < 30 lines (of 2500+)New CC-aware server: 80 linesFiltersFramework: 152 linesConnections: 98 linesPersistence: 76 linesPriority: 59 lines

CCServer Operation & RationaleStraightforward serverOne request at a timeNo cachingOpen file, send it if small, else fork+sendRely on filters for heavy liftingModel for simple serversSmall footprint environmentsSensorsNot going to replace Apache

Performance TestsEvery paper needs performance testsSingle-file testsSome idea of baseline performanceFile mixFile set from SpecWeb99Chained filtersThroughput & latency of multiple filters

Single File Test Request Rates

Single File Test Request Rate

Single File Test Throughput

File Mix Throughput (Microtel)

File Mix Throughput (HP)

Chained Filters Latency

Chained Filters Throughput

Robustness TestsIncomplete connectionsClient opens socket, but no requestVery low-rate DoS if server limits connectionsQuality of serviceHigh-priority client mixed with low-priorityHigh-rate DoS, but filterablePersistent connection testConnection persists, but no follow-up requestLow-rate DoS, easy to mask

Incomplete Connections

Incomplete ConnectionsMuch higher rate to DoSBrings event-driven benefits to ApacheImplement policies across connections

Quality of Service

Idle Persistent ConnectionsPersistent connections become cheapEasier to provide client benefitsLazy closing better performance

Summary: Connection ConditioningApplying Unix pipes to servers allowsDecompose processing into filtersCompose filters as neededDesign filters as you likeProtect existing & new servers

At a modest performance cost