Protecting grid data transfer services with active network interfaces

A key goal of grid computing is to provide seamless access to shared computational and data resources across organizational boundaries, in distributed virtual organizations. Grid services can potentially be used by thousands of users spanning multiple administrative domains. The inherent dynamic and heterogeneous nature of virtual organizations introduces challenging performance issues that need scalable, robust and efficient solutions. To improve throughput of grid data servers under heavy loads or under denial of service attacks, it is important to service requests differentially, giving preference to ongoing or imminent client requests. We show how such features can be efficiently implemented on an active network adapter based gateway that controls access to a pool of backend data servers. We present performance results for a prototype system based on a dual-ported active NIC, and demonstrate that an efficient differentiated service policy can be implemented on such a gateway to minimize the grid service response time and to improve server throughputs under heavy loads and denial of service attacks. We test with several network and server loads and show that response times can be maintained at a level similar to normal, low-load conditions.