Check out the new USENIX Web site. nextupprevious
Next:Failing System CallsUp:The Virtual Service AbstractionPrevious:Tracking Service Membership

  
Virtual Service Gates

Whenever a VS receives a new member, resource limits could potentially be violated. This means that classification and resource limit enforcement are inseparable. Therefore, we introduce gates, a combination of system call filtering and VS classification. Each system call that is used to track VS-membership is controlled by a gate.

If the gate's filtering code indicates a resource limit violation as a result of the new classification, the system call will either fail with an administrator specified errno code, block, or execute in best-effort mode. Otherwise, VS-membership is updated as specified in the classification rules. Figure 5 depicts the basic anatomy of a gate:

1.
The prefilter checks whether the caller is (a) classified and (b) whether its VS affiliation permits the execution of the gated call.
2.
The classifier applies a matching classification rule. To execute the classifier for creation-type calls it executes after the new resource has been created.
3.
Finally, the postfilter checks whether the resulting classification violates any VS resource limits. The resource limits we considered are: count limits on the number of processes and sockets. Other resource limits, such as CPU and network bandwidth are enforced silently by the packet and CPU schedulers and need be checked by the gate mechanism. If a resource limit is violated, the system call fails or retries as is described in the next section.

 

Figure 5:Gated system calls
\begin{figure}\begin{center}\epsfig{file=figures/gate-arc.eps,width=2.3in}\end{center}\end{figure}


nextupprevious
Next:Failing System CallsUp:The Virtual Service AbstractionPrevious:Tracking Service Membership