[Xen-devel] Re: Fine-grained proxy resource charging

[Andi Kleen <ak@xxxxxxx>]

> (b) charge neither: if the "fairness" goal is that a domain never be 
> excessively charged for work it didn't specifically request.

I think IO fairness between domains would be a realistic goal with some limits. 
e.g. there is the existing CFQ/CFQ2 block IO scheduler which does 
a reasonable job at this.

It cannot be completely fair due to some hard to avoid limits (once the request
is hand off to the disk you cannot control it anymore and it is hard
to fully take seek costs into account), but could
likely give a reasonable approximation.

There are also ways on the network level to allocate bandwidth fairly
(SFQ et.al.) 

> My larger interest here is preventing domain A from acting maliciously or 
> pathologically: the HP paper indicates that a domain A can easily consume 
> a nontrivial amount (3-33%) of a service domain B's CPU.  This can be done 
> with a continual series of small network requests (1 KB) that wouldn't be 
> controlled by simply capping A's network utilization.

Completely avoiding DOS in all corner cases is very hard - i am not sure 
anybody has solved that problem yet.

However there are lots of network schedulers that take packet
costs into account too. Actually I think near all of them do,
I don't know of any that only works on bytes.

-Andi

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel