experiences booting one million virtual machines and a
play

Experiences booting one million virtual machines (and a few tools we - PowerPoint PPT Presentation

Mar 17, 2024 •302 likes •692 views

Experiences booting one million virtual machines (and a few tools we developed) Ron Minnich Don Rudish 08961 - Scalable Computing R & D Eurosys 2010 Minnich, Rudish, Gentile, Armstrong, Wylie, Pedretti, Thompson Experiences booting one

  1. Experiences booting one million virtual machines (and a few tools we developed) Ron Minnich Don Rudish 08961 - Scalable Computing R & D Eurosys 2010 Minnich, Rudish, Gentile, Armstrong, Wylie, Pedretti, Thompson Experiences booting one million virtual machines (and a few

  2. The idea Motivation Current situation The idea We’re working to boot ten million machines We’d like to run a real botnet at scale and scale seems to be “huge” Of course, the numbers are open to argument, but . . . “A computer botnet is known to have breached almost 75,000 computers in 2,500 organizations around the world,” – last week Found almost by accident institution-logo Minnich, Rudish, Gentile, Armstrong, Wylie, Pedretti, Thompson Experiences booting one million virtual machines (and a few

  3. The idea Motivation Current situation Over 10M compromised in US No. 1: Zeus: 3.6 million No. 2: Koobface: 2.9 million No. 3: TidServ: 1.5 million No. 4: Trojan.Fakeavalert: 1.4 million No. 5: TR/Dldr.Agent.JKH: 1.2 million No. 6: Monkif: 520,000 No. 7: Hamweq: 480,000 No. 8: Swizzor: 370,000 No. 9: Gammima: 230,000 No. 10: Conficker: 210,000 <‌<= we thought this was bad! Source: http://www.networkworld.com/news/2009/072209- institution-logo botnets.html Minnich, Rudish, Gentile, Armstrong, Wylie, Pedretti, Thompson Experiences booting one million virtual machines (and a few

  4. Botnets HPC Our Results/Contribution Previous work 2008 – boot 50,000 VMs on Talon (128 nodes) 2009 – boot one million VMs on Thunderbird (4460 nodes) Create “sandbot” – prototype bot network bot Showed pretty pictures at SC2009 institution-logo Minnich, Rudish, Gentile, Armstrong, Wylie, Pedretti, Thompson Experiences booting one million virtual machines (and a few

  5. How are botnets built? Botnets Overlay Networks HPC Result Our Results/Contribution Legal How are botnets built? Typically “overnet” (nice writeup at wikipedia) So-called because it is an overlay network i.e. it has structure “overlaid” on th internet Many use edonkey2 protocol The legal overnet taken down 2006 Like that did any good, because: The illegal version out there, alive, and kicking Just try to tell the RIAA that! If p2p is outlawed only outlaws will have p2p institution-logo Minnich, Rudish, Gentile, Armstrong, Wylie, Pedretti, Thompson Experiences booting one million virtual machines (and a few

  6. How are botnets built? Botnets Overlay Networks HPC Result Our Results/Contribution Legal Edonkey implemented kademlia protocol That’s another long talk . . . and wikipedia does a better job than I can do Kademlia implements a Distributed Hash Table (DHT) Hash is 128 bits Nodes have a hash (i.e. 128-bit ID) Nodes contain information stored by hash as (key,value) pairs Hash uses XOR for “distance” metric institution-logo Minnich, Rudish, Gentile, Armstrong, Wylie, Pedretti, Thompson Experiences booting one million virtual machines (and a few

  7. How are botnets built? Botnets Overlay Networks HPC Result Our Results/Contribution Legal Kademlia network operations PING(hash) what you expect STORE(hash, value) FIND_NODE(hash) recipient of request returns set of nodes with least “distance” For nodes, you want “close to”, because you already know yourself FIND_VALUE(hash) return value of exact match of hash For values, you want an exact match of course institution-logo Minnich, Rudish, Gentile, Armstrong, Wylie, Pedretti, Thompson Experiences booting one million virtual machines (and a few

  8. How are botnets built? Botnets Overlay Networks HPC Result Our Results/Contribution Legal DHT information values For talking to a node: (IP, port) can be used to contact other nodes Otherwise, whatever you want Movies Songs RIAA takedown notices And here’s an interesting thought: Executables Command files commands institution-logo Minnich, Rudish, Gentile, Armstrong, Wylie, Pedretti, Thompson Experiences booting one million virtual machines (and a few

  9. How are botnets built? Botnets Overlay Networks HPC Result Our Results/Contribution Legal Put it together You have a way to uniquely name a node with low probability of collision You have a distributed way to: Find a node Join the set of nodes store information query information So you’ve got a fault-tolerant, distributed, programming support environment institution-logo Minnich, Rudish, Gentile, Armstrong, Wylie, Pedretti, Thompson Experiences booting one million virtual machines (and a few

  10. How are botnets built? Botnets Overlay Networks HPC Result Our Results/Contribution Legal RIAA shut down the legal uses But it’s all there for the bad guys And they use it Again, that’s another very long talk but, as usual, wikipedia has great foundation article The statistics are overwhelming And kind of hard to verify: how do you really know, if every attempt to probe it is foiled? But it’s real enough to scare researchers Some are physically afraid! institution-logo Minnich, Rudish, Gentile, Armstrong, Wylie, Pedretti, Thompson Experiences booting one million virtual machines (and a few

  11. Botnets HPC How HPC comes into play Our Results/Contribution So what to do? One possibility is to apply High Performance Computing (HPC) resources to attempts to understand behavior 180,000 core/30,000 node “Jaguar” at Oak Ridge 20,000 core/5,000 node “Thunderbird” at Sandia And all those little 10,000 core systems out there They all run Linux institution-logo Minnich, Rudish, Gentile, Armstrong, Wylie, Pedretti, Thompson Experiences booting one million virtual machines (and a few

  12. What We’ve done What We’ve developed Botnets Xproc HPC Pushmon Our Results/Contribution Build the network Scaling Goal Summary What we’re doing Use OneSIS cluster software (onesis.org) Used to bring up 4600-node cluster (T-bird) Relied on NFS root in earlier version Extend OneSIS with what we learned from Los Alamos Clustermatic (9grid.net/clustermatic) Extremely light-weight, RAMdisk-based nodes Can boot a node w/20M footprint Compare to huge footprint of most cluster software institution-logo Minnich, Rudish, Gentile, Armstrong, Wylie, Pedretti, Thompson Experiences booting one million virtual machines (and a few

  13. What We’ve done What We’ve developed Botnets Xproc HPC Pushmon Our Results/Contribution Build the network Scaling Goal Summary Result: extremely light nodes With lots of room for . . . lots of Virtual Machines On T-bird nodes, 250 are easy, x4600 nodes Modern nodes, 1000 are easy, x10K on Cray XT4 So we’ve gone to 1M on T-bird And we hope to go to 10M on Cray XT4 Was it easy? No. Success once, failure once How I hate IPMI ... But it can be done. institution-logo Minnich, Rudish, Gentile, Armstrong, Wylie, Pedretti, Thompson Experiences booting one million virtual machines (and a few

  14. What We’ve done What We’ve developed Botnets Xproc HPC Pushmon Our Results/Contribution Build the network Scaling Goal Summary Plus new stuff Xproc (bitbucket.org rminnich/clustermatic) Pushmon Vmatic institution-logo Minnich, Rudish, Gentile, Armstrong, Wylie, Pedretti, Thompson Experiences booting one million virtual machines (and a few

  15. What We’ve done What We’ve developed Botnets Xproc HPC Pushmon Our Results/Contribution Build the network Scaling Goal Summary XM XM XM XM XM XM /tmp/xproc BPSH bpsh -a date bpsh bundles up: date command list of nodes environment Date and all .so's needed institution-logo as cpio Minnich, Rudish, Gentile, Armstrong, Wylie, Pedretti, Thompson Experiences booting one million virtual machines (and a few

  16. What We’ve done What We’ve developed Botnets Xproc HPC Pushmon Our Results/Contribution Build the network Scaling Goal Summary Xproc Allows you to get remote processes started fast Great deal of flexilibity in terms of what files go along Since it uses a cpio to move the files anyway ... bpsh -f <file or dir) [-f <file or dir>]* Allows users to tag things to carry along Demo time institution-logo Minnich, Rudish, Gentile, Armstrong, Wylie, Pedretti, Thompson Experiences booting one million virtual machines (and a few

  17. What We’ve done What We’ve developed Botnets Xproc HPC Pushmon Our Results/Contribution Build the network Scaling Goal Summary Privacy Before xproc starts a child, it forks with CLONE_NEWNS and then creates a private mount on /xproc cpio stream is unpacked into that private mount Result: that mount is there for proc and all children evaporates when proc and all children exit Not visible “outside” Demo institution-logo Minnich, Rudish, Gentile, Armstrong, Wylie, Pedretti, Thompson Experiences booting one million virtual machines (and a few

  18. What We’ve done What We’ve developed Botnets Xproc HPC Pushmon Our Results/Contribution Build the network Scaling Goal Summary Efficient mounts for host/guest communications Problem: model is that we send cpio over each link On the same hosts, with 1000 guests, that’s stupid So we exploit the private mount and set up a shared host/guest block device Files are placed in there by host, read by guest The trick: it’s read-only and evaporates when process is done Avoids conflicting block writes and other issues form multiple guest IOs If guest wants to write data it has to send it out over per-guest block device or socket institution-logo Minnich, Rudish, Gentile, Armstrong, Wylie, Pedretti, Thompson Experiences booting one million virtual machines (and a few

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines: Virtual machine technology, often just called virtualization , makes one computer behave as several Running several operating systems simultaneously on

254 views • 10 slides
Section 15 Section 15 ADSP-BF533 Booting a 15-1 1 What is Booting? What is Booting?

Section 15 Section 15 ADSP-BF533 Booting a 15-1 1 What is Booting? What is Booting?

Section 15 Section 15 ADSP-BF533 Booting a 15-1 1 What is Booting? What is Booting? Booting is the process of loading application code, stored in an external memory device, into the various internal and external memories of the

505 views • 23 slides
Virtual machines COMP 520 Fall 2012 Virtual machines (2) Compilation and execution modes of

Virtual machines COMP 520 Fall 2012 Virtual machines (2) Compilation and execution modes of

COMP 520 Fall 2012 Virtual machines (1) Virtual machines COMP 520 Fall 2012 Virtual machines (2) Compilation and execution modes of Virtual machines: Abstract syntax trees AOT-compile Interpreter Virtual machine code

662 views • 40 slides
Virtual Machines Tom Goff &amp; David Dufresne We have created virtual machines for both

Virtual Machines Tom Goff &amp; David Dufresne We have created virtual machines for both

Motivation for using Virtual Machines Tom Goff &amp; David Dufresne We have created virtual machines for both VirtualBox and Vmware Player. Both options are supported across several platforms, but experience says that some hardware plays

178 views • 5 slides
Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits?

Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits?

Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits? Virtualization Creation of an isomorphism that maps a virtual guest system to a real host: Maps guest state S to host state V(S) For any

271 views • 26 slides
Introduction to Virtual Machines Introduction Abstraction and interfaces Virtualization

Introduction to Virtual Machines Introduction Abstraction and interfaces Virtualization

Introduction to Virtual Machines Introduction Abstraction and interfaces Virtualization Computer system architecture Process virtual machines System virtual machines 1 EECS 768 Virtual Machines Abstraction Mechanism to

704 views • 31 slides
Virtual machines should be invisible (and might be augmented) Stephen Kell

Virtual machines should be invisible (and might be augmented) Stephen Kell

Virtual machines should be invisible (and might be augmented) Stephen Kell stephen.kell@cs.ox.ac.uk some joint work with Conrad Irwin (University of Cambridge) Virtual machines should be. . . p.1/37 Spot the virtual machine (1) Virtual

963 views • 40 slides
1 Everyone Has a Why The Rise of a Virtual Workplace Going Virtual About 30 million

1 Everyone Has a Why The Rise of a Virtual Workplace Going Virtual About 30 million

1 Everyone Has a Why The Rise of a Virtual Workplace Going Virtual About 30 million Americans work from home. Virtual. Remote. Distributed. This style of organization is becoming more common among many industries including web shops

926 views • 49 slides
Virtual Machines Disclaimer: some slides are adopted from book authors slides with permission 1

Virtual Machines Disclaimer: some slides are adopted from book authors slides with permission 1

Virtual Machines Disclaimer: some slides are adopted from book authors slides with permission 1 Recap: Virtual Machines Enabling technology of cloud computing Basic idea: Provide machine abstractions 2 Recap: Virtual Machines

465 views • 23 slides
Diskless Booting via AFS Summary of Advantages of AFS over NFS as a network subsystem for

Diskless Booting via AFS Summary of Advantages of AFS over NFS as a network subsystem for

Diskless Booting via AFS Summary of Advantages of AFS over NFS as a network subsystem for diskless booting and a Micro-Mini-HowTo Motivation Diskless booting in general Ease of management Cost (disk hardware, OS upgrades) NFS vs

472 views • 12 slides
Virtual Machines Should Be Invisible Stephen Kell stephen.kell@cs.ox.ac.uk joint work with

Virtual Machines Should Be Invisible Stephen Kell stephen.kell@cs.ox.ac.uk joint work with

Virtual Machines Should Be Invisible Stephen Kell stephen.kell@cs.ox.ac.uk joint work with Conrad Irwin (University of Cambridge) Virtual machines should be. . . p.1/20 Spot the virtual machine (1) Virtual machines should be. . .

897 views • 20 slides
System Virtual Machines Introduction Key concepts Resource virtualization

System Virtual Machines Introduction Key concepts Resource virtualization

System Virtual Machines Introduction Key concepts Resource virtualization processors memory I/O devices Performance issues Applications EECS 768 Virtual Machines 1 Introduction System virtual machine

621 views • 38 slides
Virtual Realitys African Future an extrapolation from our current experiences GTC Europe

Virtual Realitys African Future an extrapolation from our current experiences GTC Europe

Virtual Realitys African Future an extrapolation from our current experiences GTC Europe 2017 Nigeria A country of many people 190+ Million and cultures We started out small and now were HERE! VR Journey VR in Nigeria:

560 views • 17 slides
1 2 The first set of slides will introduce the basics of virtualization and virtual machines.

1 2 The first set of slides will introduce the basics of virtualization and virtual machines.

So we will start the course with an introduction on virtual machines. 1 2 The first set of slides will introduce the basics of virtualization and virtual machines. Many of these concepts should be familiar to students from other classes,

487 views • 47 slides
Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives

Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives

Virtual Machines &amp; Security Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives the illusion of a real machine VMM/Hypervisor: host software which provides this capability Pioneered by IBM

75 views • 5 slides
PC Hardware &amp; Booting Chester Rebeiro IIT Madras Outline Memory and Device Addresses

PC Hardware &amp; Booting Chester Rebeiro IIT Madras Outline Memory and Device Addresses

PC Hardware &amp; Booting Chester Rebeiro IIT Madras Outline Memory and Device Addresses PC Organization x86 Evolution Powering up Booting xv6 Multiprocessor booting 2 CPUs Processor i386 3 Everything has an

599 views • 29 slides
Fundraising and Finance November 6, 2019 CAMPAIGN FINANCE COMPLIANCE DISCLAIMER Presentation

Fundraising and Finance November 6, 2019 CAMPAIGN FINANCE COMPLIANCE DISCLAIMER Presentation

Campaign Boot Camp: Fundraising and Finance November 6, 2019 CAMPAIGN FINANCE COMPLIANCE DISCLAIMER Presentation is for educational purposes only and designed for candidates who plan to raise or spend $2,000 or more on their election

984 views • 71 slides
SE SECU CURE BO BOOT F FOR F FPGAS HE HEADS HA HARDWARE E AND EM EMBED EDDED ED DESIG

SE SECU CURE BO BOOT F FOR F FPGAS HE HEADS HA HARDWARE E AND EM EMBED EDDED ED DESIG

SE SECU CURE BO BOOT F FOR F FPGAS HE HEADS HA HARDWARE E AND EM EMBED EDDED ED DESIG IGN AND SECURIT ITY LAB Lab Director Fareena Saqib, Assistant Professor Email: fsaqib@uncc.edu Office: EPIC 2164 Phone: 704-687-8098 Wh Why

556 views • 20 slides
Why open source firmware is important Jessie Frazelle - @jessfraz Points of View 1. Security

Why open source firmware is important Jessie Frazelle - @jessfraz Points of View 1. Security

Why open source firmware is important Jessie Frazelle - @jessfraz Points of View 1. Security 2. Usability 3. Visibility First Point of View: Security... Software Software Operating System Kernel Firmware Hardware Software Software

783 views • 62 slides
Verified Boot and Free Software: Reconciling Freedom and Security Paul Kocialkowski

Verified Boot and Free Software: Reconciling Freedom and Security Paul Kocialkowski

Verified Boot and Free Software: Reconciling Freedom and Security Paul Kocialkowski contact@paulk.fr Monday July 4 th 2016 Introducing Verified Boot and Related Issues Introducing Verified Boot and Related Issues Bootup Process BIOS History

947 views • 39 slides
Prak%kum The Bioinforma%cs Lab Week 1: Installing a Linux

Prak%kum The Bioinforma%cs Lab Week 1: Installing a Linux

Prak%kum The Bioinforma%cs Lab Week 1: Installing a Linux OS Stefan Seemayer Boot CD prepara%on Can boot from USB s%ck (on most

68 views • 6 slides
TrustOTP: Transforming Smartphones into Secure One-Time Password

TrustOTP: Transforming Smartphones into Secure One-Time Password

TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens He Sun, Kun Sun, Yuewu Wang, and Jiwu Jing Presented by Fengwei

474 views • 26 slides
Linux Boot Camp Jenna MacCarley, Peter Pearson, Shashank Goyal 9/19/2015 Carnegie Mellon

Linux Boot Camp Jenna MacCarley, Peter Pearson, Shashank Goyal 9/19/2015 Carnegie Mellon

Carnegie Mellon Linux Boot Camp Jenna MacCarley, Peter Pearson, Shashank Goyal 9/19/2015 Carnegie Mellon Connecting SSH Windows users: PuTTY (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html) Mac/Linux users: Use ssh

703 views • 27 slides
HYDRA: HYbrid Design for Remote Attestation (Using a Formally Verified Microkernel) Karim

HYDRA: HYbrid Design for Remote Attestation (Using a Formally Verified Microkernel) Karim

HYDRA: HYbrid Design for Remote Attestation (Using a Formally Verified Microkernel) Karim Eldefrawy , Norrathep Rattanavipanon, Gene Tsudik HRL Labs UC Irvine UC Irvine (Currently at SRI) July 18, 2017 karim.eldefrawy@sri.com IoT/CPS/ES 2

1.07k views • 41 slides

More recommend