University of Illinois at Chicago

Providing Network Isolation in Datacenters Using Programmable Switches

Download (3.88 MB)
posted on 2024-05-01, 00:00 authored by Mojtaba Malekpourshahraki
Today’s production data centers run thousands of applications and services with diverse traffic patterns and performance requirements in a single cluster. Co-located application content over the clusters’ resources such as processing power, memory, and network bandwidth. Unlike the CPU and memory sharing, contention over the network resources is still unresolved. Without any solution to address the network contention, one application may overuse the shared network by pushing more packets and adversely affect the performance of other applications. The root of this problem originates from the TCP per-flow fairness in bottleneck links. In a TCP- based data center, the network share that co-located applications receive is proportional to the number of TCP connections they open. Unfortunately, TCP does not provide any mechanism to model and enforce a network-sharing policy, leaving network operators without any tools to provide application performance guarantee. To address this problem, we first provide a background about how to abstract network policies and we introduce programmable switches and the features they provide to assist our designs. Then, we study our proposals about how to enforce the policies on programmable switches to avoid senders over-utilizing the bottleneck links regardless of the number of opened TCP/UDP connections in each application. We propose a total of four approaches. Our first proposal Ether, provides bounded fairness while it improves tail flow completion time. Next, We propose Nimble, a P4-friendly design that provides up to 100K rate limiters in a P4 switch by keeping the state of the traffic in counters. Nimble requires multiplication which is not natively supported by programmable switches, thus we propose ADA, a mathematical operations approximation mechanism over the p4 programs using TCAM lookup tables. Finally, we propose Antares, a p4-friendly isolation mechanism that enforces up to 10k hierarchical policy isolation without any associated control plane overload or high TCAM usage.



Balajee Vamanan


Computer science

Degree Grantor

University of Illinois Chicago

Degree Level

  • Doctoral

Degree name

PhD, Doctor of Philosophy

Committee Member

Jakob Eriksson Ajay Kshemkalyani Ian Kash Hulya Seferoglu

Thesis type


Usage metrics


    No categories selected


    Ref. manager