A Hardware/Software Approach for Mitigating Performance Interference Effects in Virtualized Environments Using SR-IOV

Andre Richter, Christian Herber, Stefan Wallentowitz, Thomas Wild, Andreas Herkersdorf

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

5 Scopus citations

Abstract

Single Root I/O Virtualization (SR-IOV) is an extension to the PCI Express (PCIe) standard that allows virtual machines (VMs) to directly access shared I/O devices without host involvement. This enabled SR-IOV to become the best-performing solution for virtual I/O to date, which lead to its commercial adoption, e.g., In the Amazon EC2. On the downside, a malicious VM can exploit the direct access to an SR-IOV device by flooding it with PCIe packets. This results in a congestion on the PCIe interconnect, which leads to performance interference effects between the malicious VM, concurrent VMs and even the host. In this paper, we present a hardware/software approach that detects and mitigates such Denial-of-Service (DoS) attacks. On the hardware side, we propose monitoring extensions within SR-IOV devices that distinguish legal device use from malicious device use by observing the rate of incoming PCIe transactions at VM granularity. Malicious VMs are reported to the host via interrupts. On the software side, performance interference effects can then be mitigated by dynamically adjusting the host's scheduling of the malicious VM or even shutting it down. We implement a prototype with a commercial off-the-shelf SR-IOV Ethernet controller and an FPGA board. On it, we demonstrate that appropriate scheduling of malicious VMs successfully mitigates interference effects for three cloud-relevant benchmarks. For example, Memcached is restored to 99.4% of baseline performance (compared to 61.8% without our extensions). In contrast to QoS features proposed in the PCIe 3.0 standard, our solution is more flexible. Additionally, it can be realized as an add-on to existing misuse detection hardware like the Intel Malicious Driver Detection (MDD).

Original languageEnglish
Title of host publicationProceedings - 2015 IEEE 8th International Conference on Cloud Computing, CLOUD 2015
EditorsCalton Pu, Ajay Mohindra
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages950-957
Number of pages8
ISBN (Electronic)9781467372879
DOIs
StatePublished - 19 Aug 2015
Event8th IEEE International Conference on Cloud Computing, CLOUD 2015 - New York, United States
Duration: 27 Jun 20152 Jul 2015

Publication series

NameProceedings - 2015 IEEE 8th International Conference on Cloud Computing, CLOUD 2015

Conference

Conference8th IEEE International Conference on Cloud Computing, CLOUD 2015
Country/TerritoryUnited States
CityNew York
Period27/06/152/07/15

Keywords

  • Performance Interference
  • SR-IOV
  • Virtualization

Fingerprint

Dive into the research topics of 'A Hardware/Software Approach for Mitigating Performance Interference Effects in Virtualized Environments Using SR-IOV'. Together they form a unique fingerprint.

Cite this