Search for: All records

The flexibility and scale of networks achievable by modern cloud computer architectures, particularly Kubernetes (K8s)-based applications, are rivaled only by the resulting complexity required to operate at scale in a responsive manner. This leaves applications vulnerable toEconomic Denial of Sustainability(EDoS) attacks, designed to force service withdrawal via draining the target of the financial means to support the application. With the public cloud market projected to reach three quarters of a trillion dollars USD by the end of 2025, this is a major consideration. In this paper, we develop a theoretical model to reason about EDoS attacks on K8s. We determine scaling thresholds based on Markov Decision Processes (MDPs), incorporating costs of operating K8s replicas, Service Level Agreement violations, and minimum service charges imposed by billing structures. We build on top of the MDP model a Stackelberg game, determining the circumstances under which an adversary injects traffic. The optimal policy returned by the MDP is generally of hysteresis-type, but not always. Specifically, through numerical evaluations we show examples where charges on an hourly resolution eliminate incentives for scaling down resources. Furthermore, through the use of experiments on a realistic K8s cluster, we show that, depending on the billing model employed and the customer workload characteristics, an EDoS attack can result in a 4× increase in traffic intensity resulting in a 3.6× decrease in efficiency. Interestingly, increasing the intensity of an attack may render it less efficient per unit of attack power. Finally, we demonstrate a proof-of-concept for a countermeasure involving custom scaling metrics where autoscaling decisions are randomized. We demonstrate that per-minute utilization charges are reduced compared to standard scaling, with negligible drops in requests. 

While sketch-based network telemetry is attractive, realizing its potential benefits has been elusive in practice. Existing sketch so- lutions offer low-level interfaces and impose high effort on op- erators to satisfy telemetry intents with required accuracies. Ex- tending these approaches to reduce effort results in inefficient deployments with poor accuracy-resource tradeoffs. We present SketchPlan, an abstraction layer for sketch-based telemetry to re- duce effort and achieve high efficiency. SketchPlan takes an en- semble view across telemetry intents and sketches, instead of ex- isting approaches that consider each intent-sketch pair in isola- tion. We show that SketchPlan improves accuracy-resource trade- offs by up-to 12x and up-to 60x vs. baselines, in single-node and network-wide settings. SketchPlan is open-sourced at: https: //github.com/milindsrivastava1997/SketchPlan 

While sketch-based network telemetry is attractive, realizing its potential benefits has been elusive in practice. Existing sketch solutions offer low-level interfaces and impose high effort on operators to satisfy telemetry intents with required accuracies. Extending these approaches to reduce effort results in inefficient deployments with poor accuracy-resource tradeoffs. We present SketchPlan, an abstraction layer for sketch-based telemetry to reduce effort and achieve high efficiency. SketchPlan’s takes an ensemble view across telemetry intents and sketches, instead of existing approaches that consider each intent-sketch pair in isolation. We show that SketchPlan improves accuracy-resource tradeoffs by up-to 12x and up-to 60x vs. baselines, in single-node and network-wide settings. 

Distributed key-value stores today require frequent key-value shard migration between nodes to react to dynamic workload changes for load balancing, data locality, and service elasticity. In this paper, we propose NetMigrate, a live migration approach for in-memory key-value stores based on programmable network data planes. NetMigrate migrates shards between nodes with zero service interruption and minimal performance impact. During migration, the switch data plane monitors the migration process in a fine-grained manner and directs client queries to the right server in real time, eliminating the overhead of pulling data between nodes. We implement a NetMigrate prototype on a testbed consisting of a programmable switch and several commodity servers running Redis and evaluate it under YCSB workloads. Our experiments demonstrate that NetMigrate improves the query throughput from 6.5% to 416% and maintains low access latency during migration, compared to the state-of-the-art migration approaches.