Container-based virtualization isbecoming increasingly popular in cloud computing due to its efficiency and flexibility.Resource isolation is a fundamental property of containers.Existing works have indicated weak res...Container-based virtualization isbecoming increasingly popular in cloud computing due to its efficiency and flexibility.Resource isolation is a fundamental property of containers.Existing works have indicated weak resource isolation could cause significant performance degradation for containerized applications and enhanced resource isolation.However,current studies have almost not discussed the isolation problems of page cache which is a key resource for containers.Containers leverage memory cgroup to control page cache usage.Unfortunately,existing policy introduces two major problems in a container-based environment.First,containers can utilize more memory than limited by their cgroup,effectively breaking memory isolation.Second,the Os kernel has to evict page cache to make space for newly-arrived memory requests,slowing down containerized applications.This paper performs an empirical study of these problems and demonstrates the performance impacts on containerized applications.Then we propose pCache(precise control of page cache)to address the problems by dividing page cache into private and shared and controlling both kinds of page cache separately and precisely.To do so,pCache leverages two new technologies:fair account(f-account)and evict on demand(EoD).F-account splits the shared page cache charging based on per-container share to prevent containers from using memory for free,enhancing memory isolation.And EoD reduces unnecessary page cache evictions to avoid the performance impacts.The evaluation results demonstrate that our system can effectively enhance memory isolation for containers and achieve substantial performance improvement over the original page cache management policy.展开更多
基金supported by the National Key Research and Development Program (2022YFB4500704)the National Natural Science Foundation of China (Grant Nos.62032008,62232012 and 62232011).
文摘Container-based virtualization isbecoming increasingly popular in cloud computing due to its efficiency and flexibility.Resource isolation is a fundamental property of containers.Existing works have indicated weak resource isolation could cause significant performance degradation for containerized applications and enhanced resource isolation.However,current studies have almost not discussed the isolation problems of page cache which is a key resource for containers.Containers leverage memory cgroup to control page cache usage.Unfortunately,existing policy introduces two major problems in a container-based environment.First,containers can utilize more memory than limited by their cgroup,effectively breaking memory isolation.Second,the Os kernel has to evict page cache to make space for newly-arrived memory requests,slowing down containerized applications.This paper performs an empirical study of these problems and demonstrates the performance impacts on containerized applications.Then we propose pCache(precise control of page cache)to address the problems by dividing page cache into private and shared and controlling both kinds of page cache separately and precisely.To do so,pCache leverages two new technologies:fair account(f-account)and evict on demand(EoD).F-account splits the shared page cache charging based on per-container share to prevent containers from using memory for free,enhancing memory isolation.And EoD reduces unnecessary page cache evictions to avoid the performance impacts.The evaluation results demonstrate that our system can effectively enhance memory isolation for containers and achieve substantial performance improvement over the original page cache management policy.