Next:Failing
System CallsUp:The
Virtual Service AbstractionPrevious:Tracking
Service Membership
Virtual Service Gates
Whenever a VS receives a new member, resource limits could potentially
be violated. This means that classification and resource limit enforcement
are inseparable. Therefore, we introduce gates, a combination of
system call filtering and VS classification. Each system call that is used
to track VS-membership is controlled by a gate.
If the gate's filtering code indicates a resource limit violation as
a result of the new classification, the system call will either fail with
an administrator specified errno code, block, or execute in best-effort
mode. Otherwise, VS-membership is updated as specified in the classification
rules. Figure 5 depicts the basic
anatomy of a gate:
-
1.
-
The prefilter checks whether the caller is (a) classified and (b)
whether its VS affiliation permits the execution of the gated call.
-
2.
-
The classifier applies a matching classification rule. To execute
the classifier for creation-type calls it executes after the new resource
has been created.
-
3.
-
Finally, the postfilter checks whether the resulting classification
violates any VS resource limits. The resource limits we considered are:
count limits on the number of processes and sockets. Other resource limits,
such as CPU and network bandwidth are enforced silently by the packet and
CPU schedulers and need be checked by the gate mechanism. If a resource
limit is violated, the system call fails or retries as is described in
the next section.
Figure 5:Gated system calls
|
Next:Failing
System CallsUp:The
Virtual Service AbstractionPrevious:Tracking
Service Membership