Connection Conditioning: Architecture-Independent Support for Simple, Robust Servers
description
Transcript of Connection Conditioning: Architecture-Independent Support for Simple, Robust Servers
-
Connection Conditioning: Architecture-Independent Support for Simple, Robust ServersKyoungSoo ParkVivek S. Pai
Princeton University
-
Server Performance Is GreatMost Web servers generally perform wellMany contributorsMoores law processors & memoryOS timing wheels, hashed PCB, zero copyLoad balancers clusters, data centersPoor performance outside server softwareCGIs, database access, network access, etc
-
What About Research InServer Software Architectures?10 years of progressNCSA/Apache (just processes)Events (Harvest, Zeus)Events & helpers (Flash)Events & threads (JAWS, Haboob)Events & threads & compilers (Knot)Has it mattered?
-
Netcraft Web Server SurveyApacheMicrosoftNCSA
-
Thats Not Quite FairRobustness/scalability workHandling large #s connectionsTolerating long delaysDetecting/mitigating attacksGenerally in context of event-driven serversUsers love multi-process serversEasier to add features, modulesApache very successful
-
Should We Care?Keep going this routeBecomes a boutique research areaDiscover/invent the next ApacheSome servers still benefitGo with the flowBring research benefits to ApacheFocus on what matters for most peopleNew constraints new research
-
Why Push Comes to ShoveWalmart Linux machine: $400 totalMicrotel AMD 1.5 GHz1GB memoryIntel GigEHP DL320: List under $3000Intel 2.8 GHz dual-core2 GB memoryBuilt-in GigE100 Mbps WAN: $30,000/month
-
New ApproachCan we make servers simpler & robust-ierEasier to program, defend, sharePossibly slower, but thats OKProgramming-style (architecture) neutralOld idea: Unix pipesGood for text processingBad for servers?
-
Connection Conditioning
-
Salient FeaturesFilters are separate processesInternally: threads, processes, events, ???Communicate via Unix domain socketsAllows passing socket/request bundleServer sees TCP socketsResponses via client socketNo outbound overheadsFilters tied to protocol, not # clients
-
Why Filters?Reuse across apps/protocolsBeck attack: Apache 98, Flash 02, thttpd ??Another layer of defenseWorks before application API (or even no API)Decoupled from application structureCan codify best practicesSimplifies re-useBut not a panacea
-
How Many Filters?In general, for most servers: fourManage connections wait for requestProbably event-drivenSeparate multiple requests, re-presentEases persistent connection useReject malformed requestsPrioritize
-
Connection Conditioning Library9 functions, 2 nonstandardMost are cc_accept, cc_read, etc.Trivial to modify existing serverscc_close specifies local or global One new function, cc_createlsockOffloads the socket/bind/listen processEasier than doing it transparentlyLibrary is 89 lines
-
Modify or Start FreshModify existing serversApache: < 50 lines (of 6000+)Flash: < 30 lines (of 2500+)New CC-aware server: 80 linesFiltersFramework: 152 linesConnections: 98 linesPersistence: 76 linesPriority: 59 lines
-
CCServer Operation & RationaleStraightforward serverOne request at a timeNo cachingOpen file, send it if small, else fork+sendRely on filters for heavy liftingModel for simple serversSmall footprint environmentsSensorsNot going to replace Apache
-
Performance TestsEvery paper needs performance testsSingle-file testsSome idea of baseline performanceFile mixFile set from SpecWeb99Chained filtersThroughput & latency of multiple filters
-
Single File Test Request Rates
-
Single File Test Request Rate
-
Single File Test Throughput
-
File Mix Throughput (Microtel)
-
File Mix Throughput (HP)
-
Chained Filters Latency
-
Chained Filters Throughput
-
Robustness TestsIncomplete connectionsClient opens socket, but no requestVery low-rate DoS if server limits connectionsQuality of serviceHigh-priority client mixed with low-priorityHigh-rate DoS, but filterablePersistent connection testConnection persists, but no follow-up requestLow-rate DoS, easy to mask
-
Incomplete Connections
-
Incomplete ConnectionsMuch higher rate to DoSBrings event-driven benefits to ApacheImplement policies across connections
-
Quality of Service
-
Idle Persistent ConnectionsPersistent connections become cheapEasier to provide client benefitsLazy closing better performance
-
Summary: Connection ConditioningApplying Unix pipes to servers allowsDecompose processing into filtersCompose filters as neededDesign filters as you likeProtect existing & new servers
At a modest performance cost