2024-11-25
2024-10-16
2024-08-20
Abstract— The growing use of virtualization technologies in settings such as multi-tenant compute and storage clouds challenges us to both specify and enforce the isolation of clients sharing network and compute resources. In this paper we propose a novel analytical measure of performance isolation for shared resource systems serving multiple traffic flows or computing workloads. By basing our isolation measure on well-known results from network calculus, we demonstrate how isolation metrics can be calculated for flows traversing both individual system elements and networks of those elements. We argue that this measure fa¬cilitates the design of systems capable of ensuring that clients can realize a specified isolation target. We present illustrative examples of how our quantitative isolation measure can be used to compare the isolation properties of alternative instantiations of resource sharing systems ranging from experimental testbeds to dynamically-instantiated compute clouds. Finally, we show how next generation resource allocators can be designed to preserve the isolation of clients by either routing newly arriving flows, or re-arrange existing flows.
Index Terms— network calculus, deterministic queueing the-ory, security and privacy, QoS, fairness Cite:Jack Brassil, "Performance Isolation in Network and Computing Systems with Multiple Inputs," Journal of Communications, vol. 7, no.1, pp.39-51, 2012. Doi: 10.4304/jcm.7.1.39-51