Lancet: Better Network Resilience by Designing for Pruned Failure - - PowerPoint PPT Presentation
Lancet: Better Network Resilience by Designing for Pruned Failure Sets Yiyang Chang* , Chuan Jiang*, Ashish Chandra*, Sanjay Rao*, Mohit Tawarmalani* *Purdue University, Bytedance This work was done when Yiyang Chang was at Purdue
ACM Sigmetrics 2020
Yiyang Chang*✝, Chuan Jiang*, Ashish Chandra*, Sanjay Rao*, Mohit Tawarmalani* *Purdue University, ✝Bytedance
This work was done when Yiyang Chang was at Purdue University
2
[1] Gill, et al, Understanding network failures in data centers: Measurement, analysis, and implications. Sigomm 2011. [2] Potharaju and Jain, When the network crumbles: An empirical study of cloud network failures and their impact on services, SOCC 2013.
requirements?
forced to design for f-1 failures only
Sigcomm 2014)
3
not possible?
4
b t a s c Good 2-failure scenario b t a s c Bad 2-failure scenario
Link Capacity 1 unit Demand from s to t 2 units
scenarios which a network can intrinsically handle
exploits this compact representation
world topology
5
ideal scheme. An ideal scheme routes using multi-commodity flow
cannot be handled
6
7
Classification algorithm
Do all certify? Yes. The subset is acceptable/good A set of failure scenarios Do all violate? Yes. The subset is violating/bad Do all certify? No. Do all violate? No. Needs further partitioning
8
f = 0 Do all certify? Yes. Prune
9
f = 0 f = 1 Do all certify? Yes. Prune
10
f = 0 f = 1 f = 2 Do all certify? Yes. Prune
11
f = 0 f = 1 f = 2 f = 3 Do all certify? No. Do all violate? No. Partition scenarios x2
12
f = 0 f = 1 f = 2 f = 3 x2 x4 Do all certify? Yes. Prune
13
f = 0 f = 1 f = 2 f = 3 Do all certify? No. Do all violate? No. Partition scenarios x2 1 x4
14
f = 0 f = 1 f = 2 f = 3 x2 1 x4 x0 Do all certify? Yes. Prune
15
f = 0 f = 1 f = 2 f = 3 Do all certify? No. Do all violate? Yes. x2 1 1 x4 x0 Prune
16
f = 0 f = 1 f = 2 f = 3 Do all certify? No. Do all violate? No. Partition scenarios x2 1 1 1 x4 x0
17
f = 0 f = 1 f = 2 f = 3 x2 1 1 1 x4 x0 x0 Do all certify? Yes. Prune
18
f = 0 f = 1 f = 2 f = 3 x2 1 1 1 x4 x0 x0 1 Do all certify? No. Do all violate? Yes. Prune
19
f = 0 f = 1 f = 2 f = 3 x2 1 1 1 x4 x0 x0 1 Done.
Key procedures
bound
there is a good failure scenario
fails in many bad scenarios
20
1 x1 x2 A1 A2 Y A3 x3 1 1
scenarios
scenarios
naturally generates the first representation
representation is better
21
22
protect against each failure scenarios
a state-of-the-art scheme [1]
routing schemes
forced to design for f - 1 failures
failures if not all
[1] Wang, et al, R3: Resilient routing reconfiguration, Sigcomm 2010
r: Normal traffic (no failures) i j m t s p: Extra traffic when <i, j> fails
constraints (circled in red)
each failure scenario x
union of failure sets, each one represented using LP duality
compact
exponentially smaller than the number of failure scenarios
23
scenarios
to include with the classification algorithm
scheme for failure sets discovered in Step 2
24
25
[1] Yin Zhang, et al. Network anomography. IMC 2005.
Network # of Nodes # of Edges # of sub-links Abilene 11 14 2 GEANT 32 50 2 Deltacom 103 151 2 ION 114 135 2
99.8% of the 2-failure scenarios for GEANT
26
% of Certified 2-failure Scenarios 25 50 75 100 GEANT 99.8 Ideal Lancet Gen-R3(1) Gen-R3(2)
routing design obtained by
scenarios
gaps exist between Gen-R3 schemes and the ideal scheme
27
% of Certified 2-failure Scenarios 25 50 75 100 GEANT 11.8 86.7 99.8 Ideal Lancet Gen-R3(1) Gen-R3(2)
designed with Lancet by excluding bad failure scenarios
performance gap, reaching
28
% of Certified 2-failure Scenarios 25 50 75 100 GEANT 11.8 86.7 99.8 99.8 Ideal Lancet Gen-R3(1) Gen-R3(2)
Gen-R3 (best) and is close to optimal
29
% of Certified Scenarios 25 50 75 100 GEANT f = 2 ION f = 2 Deltacom f = 2 Deltacom f = 3 Ideal Lancet Gen-R3 (best)
failure scenarios in a small number of failure sets
routing
30
Topology (#
# of sets # of scenarios GEANT (2) 3 1272 ION (2) 5 9172 Deltacom (2) 6 11,465 Deltacom (3) 3 466,486
GEANT
31
Design Time (s) 20000 40000 60000 80000 GEANT f=2 GEANT f=2 ION f=2 Deltacom f=2 Deltacom f=3
7,041 2,749 3,724 10 Enumeration Lancet > 18 hours
32
network can handle
while reducing the design time form > 18 hours to 10 seconds
33
Yiyang Chang: yiyangchang1024@gmail.com Sanjay Rao: sanjay@ecn.purdue.edu
case failure scenario is infeasible to tolerate
number of failure scenarios, which are often large (e.g., N = for all f-failure scenarios)
variables), largely impacting on computation time
( E f )
37
the form of a union of M sets, where M is small compared to the number of failure scenarios
has exactly one failure scenario)
representation exactly reformulate (H)
38
is handled
moderately for the most stringent performance thresholds 1.4 and 1.6
39
% of Certified Scenarios 25 50 75 100 Scale factor of Low-Priority Traffic 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.6 Gen-R3 (1) Gen-R3 (2) Lancet Centralized
40
scenarios, excluding bad ones
demands between source and destination
failure, but Gen-R3 fails to react
two failed links mutually using each other to protect against their respective failures
41
Lancet (top) vs. Gen-R3 (bottom)
42
protect against each link failure
generalizing a state-of-the-art scheme [1]
routing schemes
are forced to design for f - 1 failures
failures if not all
[1] Wang, et al, R3: Resilient routing reconfiguration, Sigcomm 2010
r: Normal traffic (no failures) i j m t s p: Extra traffic when <i, j> fails
(H) min
r,p,a,U
U s.t. rst is a unit flow from s to t. ∀s, t ∈ V pl is a flow of al from i to j. ∀l ∈ E, l = ⟨i, j⟩ ∀x ∈ X, e ∈ E, ∑
s,t
dstrst(e) + ∑
l∈E
xlpl(e) ≤ Uce(1 − xe) + aexe ae ≥ 0 ∀e ∈ E; U ≥ 0