Seawall: Performance Isolation for Cloud Datacenter Networks

While today’s virtual datacenters have hypervisor based mechanisms to partition compute resources between the tenants co-located on an end host, they provide little control over how tenants share the network. ˆis opens cloud applications to interference from other tenants, resulting in unpredictable performance and exposure to denial of service attacks. ˆis paper explores the design space for achieving performance isolation between tenants. We nd that existing schemes for enterprise datacenters su er from at least one of these problems: they cannot keep up with the numbers of tenants and the VM churn observed in cloud datacenters; they impose static bandwidth limits to obtain isolation at the cost of network utilization; they require switch and/or NIC modi cations; they cannot tolerate malicious tenants and compromised hypervisors. We propose Seawall, an edge-based solution, that achieves maxmin fairness across tenant VMs by sending tra c through congestion-controlled, hypervisor-to-hypervisor tunnels.