Service function chaining (SFC), consisting of a sequence of
virtual network functions (VNFs) (i.e., firewalls and load balancers), is
an effective service provision technique in modern data center networks.
By requiring cloud user traffic to traverse the VNFs in order, SFC im-
proves the security and performance of the cloud user applications. In
this paper, we study how to place an SFC inside a data center to mini-
mize the network traffic of the virtual machine (VM) communication. We
take a cooperative multi-agent reinforcement learning approach, wherein
multiple agents collaboratively figure out the traffic-efficient route for the
VM communication.
Underlying the SFC placement is a fundamental graph-theoretical prob-
lem called the k-stroll problem. Given a weighted graph G(V, E), two
nodes s, t ∈ V , and an integer k, the k-stroll problem is to find the
shortest path from s to t that visits at least k other nodes in the graph.
Our work is the first to take a multi-agent learning approach to solve k-
stroll problem. We compare our learning algorithm with an optimal and
exhaustive algorithm and an existing dynamic programming(DP)-based
heuristic algorithm. We show that our learning algorithm, although lack-
ing the complete knowledge of the network assumed by existing research,
delivers comparable or even better VM communication time while taking
two orders of magnitude of less execution time.
more »
« less
KeyValueServe † : Design and performance analysis of a multi-tenant data grid as a cloud service: KeyValueServe: Design and performance analysis of a multi-tenant data grid as a cloud service
- NSF-PAR ID:
- 10049792
- Publisher / Repository:
- Wiley Blackwell (John Wiley & Sons)
- Date Published:
- Journal Name:
- Concurrency and Computation: Practice and Experience
- Volume:
- 30
- Issue:
- 14
- ISSN:
- 1532-0626
- Page Range / eLocation ID:
- e4424
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
null (Ed.)FPGAs are getting an increasing interest from public clouds and cloud research projects. They are particularly attractive because of their ability to serve as energy efficient and customizable hardware accelerators. Commercial clouds have however highlighted the lack of multi-tenancy support, which does not permit hardware consolidation as it is not possible to space-share FPGA resources between multiple tenants. In this paper, we propose an architecture that divides the FPGA into logically isolated regions that we call ” virtual regions ” (VR). The VRs are immersed in a NoC interconnect allowing flexible communication, fast data movement, and low hardware footprint. The proposed architecture enables multitenancy as VRs can be allocated to different tenants at runtime.more » « less
-
Because FPGAs outperform traditional processing cores like CPUs and GPUs in terms of performance per watt and flexibility, they are being used more and more in cloud and data center applications. There are growing worries about the security risks posed by multi-tenant sharing as the demand for hardware acceleration increases and gradually gives way to FPGA multi-tenancy in the cloud. The confidentiality, integrity, and availability of FPGA-accelerated applications may be compromised if space-shared FPGAs are made available to many cloud tenants. We propose a root of trust-based trusted execution mechanism called TrustToken to prevent harmful software-level attackers from getting unauthorized access and jeopardizing security. With safe key creation and truly random sources, TrustToken creates a security block that serves as the foundation of trust-based IP security. By offering crucial security characteristics, such as secure, isolated execution and trusted user interaction, TrustToken only permits trustworthy connection between the non-trusted third-party IP and the rest of the SoC environment. The suggested approach does this by connecting the third-party IP interface to the TrustToken Controller and running run-time checks on the correctness of the IP authorization(Token) signals. With an emphasis on software-based assaults targeting unauthorized access and information leakage, we offer a noble hardware/software architecture for trusted execution in FPGA-accelerated clouds and data centers.more » « less
