Old version: [233]대형 컨테이너 클러스터에서의 고가용성 Network Load Balancing

The document discusses register allocation techniques in LLVM. It introduces the register allocation problem and describes LLVM's template method for register allocation. It then discusses LLVM's basic greedy register allocation approach, which prioritizes assigning registers to live intervals with higher spill costs. Finally, it describes LLVM's greedy register allocation in more detail, including techniques for live interval splitting such as local, instruction, region and block splitting using algorithms like Hopfield networks.

This document discusses BPF (Berkeley Packet Filter), a mechanism for filtering network packets on Linux. BPF allows defining filters using an instruction set that is executed against packets to determine whether to accept or drop them. The document provides an overview of how BPF works, demonstrating simple BPF filters, and discusses using BPF for packet filtering and other applications like seccomp.

DPDK Summit 2015 in San Francisco. NTT presentation by Yoshihiro Nakajima. For additional details and the video recording please visit www.dpdksummit.com.

The document discusses issues with line number information in the .debug_line section when relocation is not applied properly. It shows a C program with line number information extracted using llvm-dwarfdump and llvm-objdump. Setting a breakpoint at line 6 fails as the address is incorrect without relocation applied to .debug_line. Precise line number information relies on correct address information in .debug_line.

В какой-то момент 3-й в мире работный сайт начал периодически падать на несколько минут. Сюрпризом стало то, что в этот раз действительно из-за сети. Для масштабирования сервисов и их взаимодействия между собой hh.ru использует внутренний балансировщик. Обработку 25 тыс. запросов в секунду обеспечивают 5 серверов с nginx. Обращение к этим серверам балансирует коммутатор. Я расскажу, как мы расследовали серию инцидентов, которая была вызвана нарушением протокола TCP при балансировке. И что мы придумали, чтобы продолжить безнаказанно его нарушать.

В какой-то момент 3-й в мире работный сайт начал периодически падать на несколько минут. Сюрпризом стало то, что в этот раз действительно из-за сети. Для масштабирования сервисов и их взаимодействия между собой hh.ru использует внутренний балансировщик. Обработку 25 тыс. запросов в секунду обеспечивают 5 серверов с nginx. Обращение к этим серверам балансирует коммутатор. Я расскажу, как мы расследовали серию инцидентов, которая была вызвана нарушением протокола TCP при балансировке. И что мы придумали, чтобы продолжить безнаказанно его нарушать.

The document discusses using Lagopus software-defined networking (SDN) switches to demonstrate an SDN internet exchange (IX) at the Interop Tokyo 2015 technology show. Key points: - Two Lagopus SDN switches were deployed as the core switches in an SDN IX to enable automated provisioning of inter-autonomous system layer 2 connectivity and on-demand packet filtering between internet service providers. - The Lagopus switches achieved an average throughput of 2Gbps with no packet drops over a week during the show, demonstrating the potential for software switches in next-generation SDNs. - Previous work to optimize the Lagopus switch performance through techniques like hardware offloading to FPGAs helped enable its

Thomas Monjalon, 6WIND, presents on where/how to use DPDK, the DPDK ecosystem, and the DPDK.org community. Thomas is the community maintainer of DPDK.org.

Plan 9 introduces updates to TCP/IP networking in Plan 9. Key points include: 1) TCP connection states are modeled by a state machine with states like closed, listen, syn_sent, established, etc. 2) New TCP features like TCP Reno/Tahoe congestion control and window scaling options are supported. 3) Timers are used for connection timeouts, ACK processing, and RTT measurement.

Wataru Ishida and Yoshihiro Nakajima of NTT present a high performance vSwitch design that uses DPDK for acceleration of the vSwitch.

Presented at PGCon 2014 in Ottawa. Program crashes are a fact of life and occasionally unavoidable. If there are core dumps that get generated then understanding what happened becomes easier.

The document discusses dynamically hacking the Linux kernel with containers. It begins by introducing the speaker and their research interests. It then discusses three ways to modify the kernel space: kernel modules, live patching, and kernel detouring. Kernel detouring allows hijacking system calls within containers for cross-OS compatibility. Challenges include insufficient isolation and limited development. The talk demonstrates a proof-of-concept of running FreeBSD binaries on Linux using kernel detouring and containers. It remapped Linux system calls to FreeBSD equivalents and provided a FreeBSD environment within a Linux container.

This document provides instructions for configuring and demonstrating the weighted fair queuing (WFQ) queueing mechanism on a router interface. It describes configuring WFQ on Router R2's Serial 0/1 interface, and using show commands to observe its operation and how it handles traffic. The thresholds, queues and other WFQ parameters are modified to test its behavior under heavy traffic loads.

The document discusses register allocation in LLVM. It begins with an introduction to the register allocation problem and describes LLVM's base register allocation interface. It then provides more details on LLVM's basic register allocation approach and its greedy register allocation approach. The greedy approach uses techniques like live range splitting to improve register allocation.

Best Paper Award in (Cadence) CDNLive Taiwan 2017 held on Aug. 17, 2017: Run Simulations and Then Become An Inventor.

The document provides an overview of eBPF maps and how they can be used to share data between eBPF programs running in the kernel and userspace applications. It describes how maps are created via the BPF syscall using the BPF_MAP_CREATE command. It also explains how keys and values can be looked up, updated, and deleted from maps using commands like BPF_MAP_LOOKUP_ELEM, BPF_MAP_UPDATE_ELEM, and BPF_MAP_DELETE_ELEM. Finally, it lists the different types of eBPF maps available.

This document discusses Open vSwitch and its support for stateful services like connection tracking (conntrack) and network address translation (NAT). Open vSwitch is designed to manage overlay networks and provides programmable flow tables and remote management. It aims to integrate conntrack to enable stateful firewalling and NAT functions. This will allow matching on connection states and leveraging existing Linux conntrack and NAT modules. Examples are given of how conntrack and NAT rules could be implemented using these new Open vSwitch capabilities.

- Explains the key concept, purpose and constraints of Byzantine Fault and Byzantine Fault Tolerance(BFT). - Introduces and describes (not prove) some basic consensus protocols including '3m + 1 Process Algorithm', Ethash and Casper FFG. - Explains the finality problem of PoW algorithms * The detailed explanation on these slides in Korean : https://medium.com/@SangmoonOh/basic-consensus-algorithms-explained-d963eabbfbf8"

Kube-proxy is a Kubernetes component responsible to re-conciliate the state of the Service resources. This component can be configured in four different modes: userspace, iptables, IPVS or Kernel space (Windows). In big scales, the IPVS mode offers better performance resulting in an attractive offer. In this session, I'll try to explain the IPVS internals, and how Kubernetes automates the management of services through basic examples.

This document outlines test plans and requirements for testing IPv6 in an OPNFV PoC v2.0 environment using OpenStack Liberty and ODL Lithium SR2. It details: (1) Setting up an IPv6 service VM in OpenStack with ODL controller capability for IPv6 routing and address advertisement. (2) A test design and steps for setting up infrastructure, ODL and OpenStack controllers, and compute nodes. (3) Positive test cases to validate IPv6 and IPv4 connectivity between VMs, routers and external DNS via ping, traceroute from the VM and service VM. (4) References for IPv6 configuration and testing in Linux.

The document provides instructions for using Gateway cloning technology to construct entry clones and expression clones for protein expression. Key steps include: 1. Constructing entry clones containing the gene of interest using restriction digestion/ligation or BP recombination. 2. Choosing a destination vector for protein expression in E. coli, mammalian cells, or baculovirus based on desired tags and expression system. 3. Transferring the gene of interest from the entry clone to the destination vector using LR recombination to generate an expression clone for protein production.

A hardware implementation for NAT-64 server on FPGA platform that enables IPV4 to IPV6 conversion mechanisms (vise versa)

Jugal Parikh, Microsoft Holly Stewart, Microsoft Humans are susceptible to social engineering. Machines are susceptible to tampering. Machine learning is vulnerable to adversarial attacks. Singular machine learning models can be “gamed” leading to unexpected outcomes. In this talk, we’ll compare the difficulty of tampering with cloud-based models and client-based models. We then discuss how we developed stacked ensemble models to make our machine learning defenses less susceptible to tampering and significantly improve overall protection for our customers. We talk about the diversity of our base ML models and technical details on how they are optimized to handle different threat scenarios. Lastly, we’ll describe suspected tampering activity we’ve witnessed using protection telemetry from over half a billion computers, and whether our mitigation worked.

The document discusses RenderScript on LLVM. It describes RenderScript as a way to perform 3D rendering and compute tasks portably and with high performance on Android. It outlines the main components: an offline compiler that optimizes scripts, an online JIT compiler, and a runtime library. It provides an example of using RenderScript to convert an image to grayscale and discusses how scripts are compiled and executed to provide fast launch times.

ジュニパーネットワークスが提供するSDNソリューション”Contrail”の最新情報をご紹介します。さらに使いやすくなったService chainingとAnalytics機能、パケット転送性能の向上、また、Openstack環境と既存環境との接続方法をご紹介します。

The document describes how to mount a 3PAR virtual copy volume onto a RHEL server. It involves creating host definitions and exporting volumes from 3PAR to the server. The volumes are then mapped, formatted, and mounted. Finally, a virtual copy is created on 3PAR and exported to the server, where it is detected as a new volume.

Cilium is an open source project which provides networking, security and load balancing for application services that are deployed using Linux container technologies by using the native eBPF technology in the Linux kernel. In this presentation we talked about: - The evolution of the BPF filters and explained the advantages of eBPF Filters and its use cases today in Linux especially on how Cilium networking utilizes the eBPF Filters to secure the Kubernetes workload with increased performance when compared to legacy iptables. - How Cilium uses SOCKMAP for layer 7 policy enforcement - How Cilium integrates with Istio and handles L7 Network Policies with Envoy Proxies. - The new features since the last release such as running Kubernetes cluster without kube-proxy, providing clusterwide NetworkPolicies, providing fully distributed networking and security observability platform for cloud native workloads etc.

The document describes a Secure Active Switch (SAS) system that implements modifications to the Linux kernel bridge to prevent ARP poisoning attacks on a local network. The SAS runs on an embedded system using a ColdFire Motorola processor. It functions as an active network switch that can detect and block ARP attacks by monitoring packets and learning the MAC-IP bindings. Testing showed the SAS successfully blocked ARP poisoning attempts while only adding around 1% more latency to regular network traffic.

This document discusses load balancing problems in container clusters and proposes using the IPVS Maglev hashing scheduler to provide an efficient and reliable load balancer. It describes how traditional load balancing approaches like static routing and ECMP can cause issues like disruption when containers are added or removed. The Maglev hashing algorithm is presented as a solution to provide consistent hashing for high availability. The document outlines implementing Maglev hashing in the IPVS module of the Linux kernel to leverage netfilter for packet processing and forwarding while avoiding issues of traditional load balancers. This achieves an efficient and reliable load balancer that can hash consistently without connection loss, even if load balancers fail.

This document describes a group project to build a NAT64 server that connects IPv4 clients to IPv6 servers and vice versa. The project involves implementing IPv4 to IPv6 and IPv6 to IPv4 conversion algorithms and combining them into a NAT64 module. Key steps include implementing a tri-mode Ethernet MAC wrapper, mapping IPv4 and IPv6 header fields, and using a static NAT table to map IPv4 and IPv6 addresses. The project was developed on a Virtex-5 FPGA board and debugged using ChipScope Pro and Wireshark due to limitations of available simulators.

Containers are an application-centric way to deliver scalable applications on infrastructure of choice. Containers package code and dependencies together, and run similarly to virtual machines but are more portable and resource-efficient. Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications across clusters of hosts. Helm helps define, install, and upgrade complex Kubernetes applications using charts that package application code, dependencies, and configuration.

In this video from the Blue Waters 2018 Symposium, Maxim Belkin presents a tutorial on Containers: Shifter and Singularity on Blue Waters. Container solutions are a great way to seamlessly execute code on a variety of platforms. Not only they are used to abstract away from the software stack of the underlying operating system, they also enable reproducible computational research. In this mini-tutorial, I will review the process of working with Shifter and Singularity on Blue Waters. Watch the video: https://wp.me/p3RLHQ-iXO Learn more: https://bluewaters.ncsa.illinois.edu/blue-waters-symposium-2018 Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter

ODC112036 IGMP Protocol Principle ISSUE1.00

This talk is aimed to give developers who are interested to scale their streaming application with Exactly-Once (EOS) guarantees. Since the original release, EOS processing has received wide adoption as a much needed feature inside the community, and has also exposed various scalability and usability issues when applied in production systems. To address those issues, we improved on the existing EOS model by integrating static Producer transaction semantics with dynamic Consumer group semantics. We will have a deep-dive into the newly added features (KIP-447), from which the audience will have more insight into the scalability v.s. semantics guarantees tradeoffs and how Kafka Streams specifically leveraged them to help scale EOS streaming applications written in this library. We would also present how the EOS code can be simplified with plain Producer and Consumer. Come to learn more if you wish to adopt this improved EOS feature and get started on building your own EOS application today!

BPF (Berkeley Packet Filter) has evolved from a limited virtual machine for efficient packet filtering to a new type of software called extended BPF. Extended BPF allows for custom, efficient, and production-safe performance analysis tools and observability programs to be run in the Linux kernel through BPF. It enables new event-based applications running as BPF programs attached to various kernel events like kprobes, uprobes, tracepoints, sockets, and more. Major companies like Facebook, Google, and Netflix are using BPF programs for tasks like intrusion detection, container security, firewalling, and observability with over 150,000 AWS instances running BPF programs. BPF provides a new program model and security features compared

1) The document discusses Kafka transactions and exactly-once processing in Kafka. 2) It describes the current approach Kafka uses to achieve exactly-once semantics, including idempotent writes within a partition and transactional writes across partitions. 3) It also discusses challenges with the current approach, such as lack of scalability due to the need to create a producer for each input partition, and proposes solutions in KIP-447 to address these challenges.

The document provides configuration steps for CCIE Security V5.0 Lab CFG1 Solution. It includes tasks to configure active-standby failover on ASA devices, active-active failover between ASA devices, clustering between ASA devices, access policies on NGIPS devices, and other security configurations like VPN, authentication, and logging. The document has undergone multiple revisions to update configurations.

The document discusses various machine learning clustering algorithms like K-means clustering, DBSCAN, and EM clustering. It also discusses neural network architectures like LSTM, bi-LSTM, and convolutional neural networks. Finally, it presents results from evaluating different chatbot models on various metrics like validation score.

[233] 대형 컨테이너 클러스터에서의 고가용성 Network Load Balancing: Maglev Hashing Scheduler in IPVS, Linux Kernel

[215] Druid로 쉽고 빠르게 데이터 분석하기

[245]Papago Internals: 모델분석과 응용기술 개발

[236] 스트림 저장소 최적화 이야기: 아파치 드루이드로부터 얻은 교훈

[235]Wikipedia-scale Q&A

The document discusses challenges with using reinforcement learning for robotics. While simulations allow fast training of agents, there is often a "reality gap" when transferring learning to real robots. Other approaches like imitation learning and self-supervised learning can be safer alternatives that don't require trial-and-error. To better apply reinforcement learning, robots may need model-based approaches that learn forward models of the world, as well as techniques like active localization that allow robots to gather targeted information through interactive perception. Closing the reality gap will require finding ways to better match simulations to reality or allow robots to learn from real-world experiences.

This document describes research on using deep learning to predict student performance in massive open online courses (MOOCs). It introduces GritNet, a model that takes raw student activity data as input and predicts outcomes like course graduation without feature engineering. GritNet outperforms baselines by more than 5% in predicting graduation. The document also describes how GritNet can be adapted in an unsupervised way to new courses using pseudo-labels, improving predictions in the first few weeks. Overall, GritNet is presented as the state-of-the-art for student prediction and can be transferred across courses without labels.

This document provides a summary of new datasets and papers related to computer vision tasks including object detection, image matting, person pose estimation, pedestrian detection, and person instance segmentation. A total of 8 papers and their associated datasets are listed with brief descriptions of the core contributions or techniques developed in each.

This document presents a formula for calculating the loss function J(θ) in machine learning models. The formula averages the negative log likelihood of the predicted probabilities being correct over all samples S, and includes a regularization term λ that penalizes predicted embeddings being dissimilar from actual embeddings. It also defines the cosine similarity term used in the regularization.

[225]NSML: 머신러닝 플랫폼 서비스하기 & 모델 튜닝 자동화하기

[224]네이버 검색과 개인화

[216]Search Reliability Engineering (부제: 지진에도 흔들리지 않는 네이버 검색시스템)

The document discusses running a TensorFlow Serving (TFS) container using Docker. It shows commands to: 1. Pull the TFS Docker image from a repository 2. Define a script to configure and run the TFS container, specifying the model path, name, and port mapping 3. Run the script to start the TFS container exposing port 13377