Portal de Periódicos da CAPES

Strong Temporal Isolation Among Containers in OpenStack for NFV Services

2021; Institute of Electrical and Electronics Engineers; Volume: 11; Issue: 1 Linguagem: Inglês

10.1109/tcc.2021.3116183

2372-0018

Tommaso Cucinotta, Luca Abeni, Mauro Marinoni, Riccardo Mancini, Carlo Vitucci,

Real-Time Systems Scheduling

In this article, the problem of temporal isolation among containerized software components running in shared cloud infrastructures is tackled, proposing an approach based on hierarchical real-time CPU scheduling. This allows for reserving a precise share of the available computing power for each container deployed in a multi-core server, so to provide it with a stable performance, independently from the load of other co-located containers. The proposed technique enables the use of reliable modeling techniques for end-to-end service chains that are effective in controlling the application-level performance. An implementation of the technique within the well-known OpenStack cloud orchestration software is presented, focusing on a use-case framed in the context of network function virtualization. The modified OpenStack is capable of leveraging the special real-time scheduling features made available in the underlying Linux operating system through a patch to the in-kernel process scheduler. The effectiveness of the technique is validated by gathering performance data from two applications running in a real test-bed with the mentioned modifications to OpenStack and the Linux kernel. A performance model is developed that tightly models the application behavior under a variety of conditions. Extensive experimentation shows that the proposed mechanism is successful in guaranteeing isolation of individual containerized activities on the platform.