Turning Down the LAMP: Software Specialisation for the Cloud

Download Turning Down the LAMP: Software Specialisation for the Cloud

Post on 13-Feb-2017

218 views

Category:

Documents

0 download

TRANSCRIPT

  • Turning Down the LAMP: Software Specialisation for the Cloud

    Anil Madhavapeddy1, Richard Mortier2, Ripduman Sohan1, Thomas Gazagnaire3

    Steven Hand1, Tim Deegan3, Derek McAuley2 and Jon Crowcroft1

    University of Cambridge1, University of Nottingham2, Citrix Systems R&D3

    AbstractThe wide availability of cloud computing offers an un-precedented opportunity to rethink how we construct ap-plications. The cloud is currently mostly used to pack-age up existing software stacks and operating systems(e.g. LAMP) for scaling out websites. We instead viewthe cloud as a stable hardware platform, and present aprogramming framework which permits applications tobe constructed to run directly on top of it without inter-vening software layers. Our prototype (dubbed Mirage)is unashamedly academic; it extends the Objective Camllanguage with storage extensions and a custom run-timeto emit binaries that execute as a guest operating systemunder Xen. Mirage applications exhibit significant per-formance speedups for I/O and memory handling versusthe same code running under Linux/Xen. Our results canbe generalised to offer insight into improving more com-monly used languages such as PHP, Python and Ruby,and we discuss lessons learnt and future directions.

    1 Introduction

    Cloud computing has changed the economics of hostingin recent years. As large datacenters have grown to pro-vide modern Internet services, deployment of virtualisa-tion platforms has enabled their computing power to berented by customers to run their own applications. Thefirst such service was Amazons Elastic Computing [1],which provides resources to customers dynamically andscales up and down according to demand.

    Unfortunately, this extremely dynamic resource avail-ability within the cloud is not well supported by tra-ditional software stacks, e.g., LAMP (Linux, Apache,MySQL, PHP). These are very thick, containing ex-tensive support for legacy systems and code built up overyears. This makes them cumbersome to build and deploy,inefficient to run, and complex to administer securely.Some of these concerns are being tackled via prepack-

    aged binary images, bolt-on accelerators which dy-namically optimise scripting code such as PHP, and au-tomated security update infrastructure.

    In this paper we propose departing from this approachof layering systems, instead developing a software stackdesigned explicitly for use in the cloud. Standard in-terfaces such as POSIX are less relevant in this highlydistributed environment, and a fresh software stack canalso help to exploit the new capabilities of virtualisa-tion more effectively, such as live relocation. Softwareefficiency now brings direct financial rewards in cloudenvironments, providing a much greater impetus to im-prove on the current state-of-the-art and reducing resis-tance to change from the open source community (e.g.the NoSQL movement [15]).

    This paper makes several contributions:

    (i) the motivation for constructing a new software stack(2), and its architecture (3);

    (ii) early performance results that demonstrate signifi-cant improvements in I/O and memory speeds, sug-gesting this is an area worth exploring (4); and

    (iii) a discussion which generalises our results to otherprogramming frameworks (5).

    Finally, we examine related work and conclude (6).

    2 A New Approach: Mirage

    The key principle behind Mirage is to treat cloud vir-tual hardware as a compiler target, and convert high-levellanguage source code directly into kernels that run on it.Our prototype compiler uses the OCaml language (3) tofurther remove dynamic typing overheads and introducemore safety at compile time. We now break down ourdesign considerations into efficiency, security, simplic-ity, purpose, and ease-of-use, as follows:

    1

  • Hardware

    Hypervisor

    OS Kernel

    User Processes

    Language Runtime

    Threads

    Application Code

    Hardware

    Hypervisor

    Application Code

    Mirage Kernel

    Figure 1: A conventional software stack (left) and thestatically-linked Mirage approach (right).

    Efficiency Multiplexed interfaces in modern softwarestacks generate substantial overheads which, when de-ployed at scale, waste energy and thus money [32]. Mak-ing efficient use of the cloud requires the ability to instan-tiate and destroy virtual machines (VMs) with low la-tency, difficult with todays heavyweight software stackssuch as LAMP. We discuss concurrency (3.2) and stor-age (3.3) later, and how Mirage improves the situation.

    Security Mirage applications are bootable images gen-erated from code written in a strongly type-checked lan-guage. The language eliminates low-level memory is-sues such as buffer overflows. The applications config-uration is analysed during compilation to remove unusedfeatures, reducing the attack surface for attackers whilealso reducing memory usage.

    Simplicity The semantics of many OS interfaces areinconsistent, due to having to support a wide applica-tion base which has evolved over timeboth network-ing [4] and filesystem [23] APIs have known deficien-cies. OS kernels often favour performance over strictsafety [6], and when applications such as databases needstrong guarantees (e.g., writing blocks to disk), they areforced to make conservative assumptions and suffer per-formance drops.

    Current software stacks are already heavy with lay-ers: (i) an OS kernel; (ii) user processes; (iii) a language-runtime such as the JVM or .NET CLR; and (iv) threadsin a shared address space. The main driver for virtualisa-tion to date has been to consolidate under-utilised phys-ical hosts, and this adds another runtime software layerwith the hypervisor. This is essential to run existing OSsand software to run unmodified (Figure 1 (left)).

    Focus Most operating systems try to solveeverythingfrom desktops to network servers tofast-paced games. In some cases, such as concur-rency, researchers have spent a lot of time examiningindividual models, e.g., threading versus event archi-tectures [34, 37], and a general-purpose kernel has to

    support all of them. Mirage focusses on the domain ofI/O intensive cloud servers, which lets us specialise thestack (see Figure 1 (right)) and reap the benefits.

    Ease of Deployment There have been many brave at-tempts in the past to build systems like this which usehigh-level languages [11, 13] or radically different de-signs [8], but they all hit the issue of research OSs be-coming rapidly obsolete with advances in physical hard-ware [24]. In contrast, the hypervisors being used forcloud computing (mostly Xen and Hyper-V) provide astandard but complex and low-level interface to pro-gram against [26]. Mirage hides this complexity behindthe compiler toolchain, and gives a programmer usable,high-level language abstractions whilst targeting the low-level virtual hardware interface directly.

    3 Design and Implementation

    Objective Caml [17], or OCaml, is a modern functionallanguage supporting a variety of programming styles, in-cluding functional, imperative, and object-oriented. Itis a dialect of the ML family, with a well-designed,theoretically-sound type system that has been developedsince the 1970s [16].

    ML is a pragmatic system that strikes a balance be-tween imperative languages, e.g., C, and pure functionallanguages, e.g., Haskell. It features type inference, al-gebraic data types, and higher-order functions, but alsopermits references and mutable data structures whileguaranteeing that all such side-effects are always type-safe and will never cause memory corruption. Safety isachieved by two methods: (i) static type-checking; and(ii) dynamic bounds checking of array and buffers.

    We have previously shown how to construct se-cure, high-performance network applications usingOCaml [19]. Our applications were largely OS-independent, and so a simpler runtime dedicated tothe purpose of running them could deliver significantcost savings and performance improvements in cloudenvironmentsnow the central goal of Mirage. We donot modify the OCaml compiler itself, but rather the run-time libraries it provides to interface with the OS. Thiscode is mostly written in C, and includes the garbage col-lector and memory allocator.

    3.1 Memory Management

    The static type safety guarantees made by OCaml elim-inate the need for runtime hardware memory protection,except against other unsafe system components. Mirageruns applications in a single 64-bit virtual address space(see Figure 2). Modern OS kernels discourage static

    2

  • OS textand data

    networkbuffers

    reservedby Xen

    OCamlminor heap

    OCamlmajor heap

    IP header

    TCP header

    transmitpacketdata

    IP header

    TCP header

    receivepacketdata

    4KB

    120T

    B12

    8TB

    64-b

    it vi

    rtua

    l add

    ress

    spa

    ce

    Figure 2: Virtual memory layout of a 64-bit Mirage ker-nel running under Xen.

    memory mapping in favour of Address Space Randomi-sation (ASR) for protection against buffer overflows [28].Mirage does not benefit from ASR since the applicationis type-safe, and the runtime itself has little dynamic al-location and no shared library mappings.

    In 64-bit mode, the bottom 128TB and the top 120TBof virtual address space are available for use by the guest,with the rest either reserved by the hypervisor or non-canonical addresses. The application begins with codeand static data mapped into the bottom portion of virtualmemory, and the OCaml heap area and network buffersplaced separately into the top 120TB region. Pages aretransmitted and received in Xen by granting them to thehypervisor [36]. The exact size allocated to each regionis configurable, but is aligned to 2MB boundaries to usex86 64 superpages resulting in smaller page-tables.

    Statically mapping virtual memory in this fashion pro-vides Mirage with a significant speed boost. Under nor-mal kernels, the standard OCaml garbage collector can-not guarantee that its address space is contiguous in vir-tual memory and maintains a page table to track the al-located heap regions. In tight allocation loops, the page-table lookup can take around 15% of CPU time, an over-head which disappears in Mirage (see Figure 4).

    3.2 ConcurrencyIn Mirage, we collapse all concurrency into two distinctmodels: (i) lightweight control-flow threads for manag-ing I/O and timeouts; and (ii) optimised inter-VM com-munication for parallel computation. Each Mirage in-stance runs as on a single CPU core, and depends onthe hypervisor to divide up a physical host into several

    single-core VMs. Thus, a parallel program runs as eightVMs on a single eight-core machine, or be spread acrossfour two-core physical hosts. Communication is opti-mised dynamically: if the VMs are running on the samephysical machine, Mirage uses shared memory channelsinstead of the network stack.

    We believe that these two models are sufficient tocapture the main uses of parallel programming withoutrunning into the difficulty of creating a unified modelsuitable for both large-scale distributed computation andhighly scalable single-server I/O [33]. Our controlthreads are based on the Lwt co-operative threading li-brary [35], and has syntax extensions to permit program-ming in a similar style to pre-emptive threading. Al-though we do not present a full evaluation of threading inthis paper due to space limitations, informal benchmarksare available for Lwt which illustrate our points [9].

    3.3 StorageMirage provides a persistence mechanism as a non-intrusive language extension to OCaml [12]. For eachdatatype specified by the programmer, we statically gen-erate functions at compile time to save and retrieve val-ues of this type to and from the Xen virtual block devices.This approach has several advantages: (i) the program-mer can persist arbitrary OCaml types with no explicitconversion: the details are completely abstracted away;(ii) the code is statically generated and highly optimisedfor efficiency; and (iii) better static safety is guaranteedby auto-generating interfaces. For example:

    type t = { name: string; mail: string } with ormlet me = { name="Anil"; mail="avsm2@cam.ac.uk" }let main () =let db = t_open "contacts" int_save db t;let cam = t_get mail:(Contains "ac.uk") db inprintf "Found %d @ac.uk" (List.length cam)

    The type t is a standard OCaml type, with an annotationto mark it as a storage type. Variables of type t can besaved and queried via the t open, t save and t getfunctions.

    The backend uses the SQLite database library, andSQL is automatically generated from the applicationsdatatypes and never used by the programmer directly.SQLite has a VFS layer to let OSs define their ownI/O mechanisms. Mirage implements a Xen blkfrontVFS which interacts directly with a block device with-out an intervening filesystem. This layer performshighly optimised I/O: (i) all database read/writes are 4KBpage-aligned and contiguous segments use blkfrontscatter-gather allowing up to 11 pages to be sent in onerequest; (ii) the journal file is mostly appended to, andonly needs to be flushed when the VFS layer requests

    3

  • 0

    100

    200

    300

    400

    500

    600

    4 256 1024 2048 3072 4096 6144 8192

    Tim

    e (s

    econ

    ds)

    Record size (bytes)

    MirageOS Xen GuestMirage Linux Application

    Figure 3: Performance of a SQL stress test running as adirect kernel vs. 64-bit Linux userspace.

    a sync; (iii) write barriers can maintain safe journal se-mantics without needing to wait for a synchronous diskflush. Although some of these assumptions are invalidfor general-use filesystems, they work very well with adatabase engine.

    4 Evaluation

    So far, we have asserted several performance benefits torunning Mirage kernels. We now confirm our hypothesisvia performance tests on Mirage as kernels versus on vir-tualised Linux. Tests were conducted on a quad-core In-tel Xeon 2.83GHz system with 4GB RAM, running Xen3.4.3 and a 64-bit Linux 2.6.27.29 dom0 kernel. Theguests were configured with 1GB RAM, 1 vCPU, andLVM block storage. The Linux guest used the same 64-bit PV kernel as dom0 and an ext2 filesystem.

    We evaluated the performance of our database stor-age by running a benchmark that inserts, updates anddeletes records of varying sizes over 5000 iterations. Thedatabase was checked after each iteration and all valuescompared to ensure integrity.

    Figure 3 shows the results of this benchmark withvarying record sizes. Linux is faster for small recordsizes but performance decreases as individual recordsizes increase. In contrast, Mirage performance is sig-nificantly faster and scales better with increasing recordsize. We attribute this to the specialised buffer cachein Mirage which takes advantage of page-aligned directI/O, as well as the optimised heuristics for journal files(which are typically short-lived and only require flush-ing to disk once, memory permitting). One of the mainbenefits of implementing the SQLite VFS operations inOCaml is to let us experiment with different heuristicsand data structures more easily; one of the main benefitsof Mirage is exactly that it makes this kind of specialisa-tion straightforward.

    0

    10

    20

    30

    40

    50

    60

    70

    500 2500 5000 10000 15000 30000 50000 100000

    Tim

    e (s

    econ

    ds)

    Allocation size (bytes)

    Mirag...