Single Root Input/Output Virtualization (SR-IOV) is a standard technology for forking a single PCI express device and providing it to applications while ensuring performance isolation. It enables container orchestrators to share a limited number of physical network interfaces without incurring significant virtualization overhead. The allocation of virtualized network devices to containers, however, needs to be more configurable based on the bandwidth needs of running applications. Moreover, container orchestrators' network control over the virtualized interfaces is limited by the abilities of SR-IOV. We explore the design considerations for a system with controlled SR-IOV virtualization and present ConRDMA, a novel architecture that enables fine control of RDMA virtualization for containers. Our evaluation shows that ConRDMA enables containers to use RDMA allocated bandwidth more efficiently and to select best-suited nodes to meet their varying communication requirements.

翻译：单根输入/输出虚拟化（SR-IOV）是一种标准技术，可将单个PCI Express设备进行分叉并提供给应用程序，同时确保性能隔离。它使容器编排器能够共享有限数量的物理网络接口，而不会产生显著的虚拟化开销。然而，基于运行应用程序的带宽需求，虚拟化网络设备对容器的分配需要更具可配置性。此外，容器编排器对虚拟化接口的网络控制受到SR-IOV功能的限制。我们探讨了受控SR-IOV虚拟化系统的设计考量，并提出ConRDMA——一种能够对容器的RDMA虚拟化进行精细控制的新型架构。我们的评估表明，ConRDMA使容器能够更高效地利用分配的RDMA带宽，并选择最适合的节点以满足其变化的通信需求。