著者
Yuuki Tsubouchi Masahiro Furukawa Ryosuke Matsumoto
雑誌
情報処理学会論文誌 (ISSN:18827764)
巻号頁・発行日
vol.63, no.3, 2022-03-15

The widespread use of cloud computing has made it easier for service providers to develop new features and handle increased access. However, the network dependencies among components in distributed applications deployed in the cloud are becoming more complex because the number and types of components are increasing. When system administrators make changes to a system, they cannot specify the impact of the changes, which may lead to larger failures than expected. Current methods of automatically discovering dependencies trace network flows included in TCP/UDP sockets in the Linux kernel on all hosts deployed in distributed applications. However, as the rate of communication increases, the number of flows transferred from the kernel space to user space increases, which increases CPU usage for tracing. We propose a low-overhead method of bundling multiple flows with the same network service into a single flow in a kernel to discover dependencies. The proposed method reduces the number of transferred flows to the user space, thus reducing CPU usage. Experimental results from evaluating our method indicate that the method maintains a CPU overhead below 2.2% when the number of flows increases.------------------------------This is a preprint of an article intended for publication Journal ofInformation Processing(JIP). This preprint should not be cited. Thisarticle should be cited as: Journal of Information Processing Vol.30(2022) (online)DOI http://dx.doi.org/10.2197/ipsjjip.30.260------------------------------
著者
Ryosuke Matsumoto Kenji Rikitake Kentaro Kuribayashi
雑誌
情報処理学会論文誌 (ISSN:18827764)
巻号頁・発行日
vol.60, no.9, 2019-09-15

For large-scale certificate management of multi-tenant web servers, preloading numerous certificates for managing numerous hosts under the single server process results in increasing the required memory usage because of the respective page table entry manipulation, which might be a poor resource efficiency and a reduced capacity. To resolve this issue, we propose a method for dynamic loading of certificates bound to the hostnames found during the SSL/TLS handshake sequences without preloading, provided that the Server Name Indication (SNI) extension is available. We implemented the function of choosing the respective certificates with the ngx_mruby module, which extends web server functions using mruby with a small memory footprint while maintaining the execution speed. The proposed method was evaluated by a web hosting service employing the authors.------------------------------This is a preprint of an article intended for publication Journal ofInformation Processing(JIP). This preprint should not be cited. Thisarticle should be cited as: Journal of Information Processing Vol.27(2019) (online)DOI http://dx.doi.org/10.2197/ipsjjip.27.650------------------------------
著者
Ryosuke Matsumoto Kenji Rikitake Kentaro Kuribayashi
出版者
一般社団法人 情報処理学会
雑誌
Journal of Information Processing (ISSN:18826652)
巻号頁・発行日
vol.27, pp.650-657, 2019 (Released:2019-09-15)
参考文献数
28

For large-scale certificate management of multi-tenant web servers, preloading numerous certificates for managing numerous hosts under the single server process results in increasing the required memory usage because of the respective page table entry manipulation, which might be a poor resource efficiency and a reduced capacity. To resolve this issue, we propose a method for dynamic loading of certificates bound to the hostnames found during the SSL/TLS handshake sequences without preloading, provided that the Server Name Indication (SNI) extension is available. We implemented the function of choosing the respective certificates with the ngx_mruby module, which extends web server functions using mruby with a small memory footprint while maintaining the execution speed. The proposed method was evaluated by a web hosting service employing the authors.