Dear Mooney Our understanding of the CAT/MBA specification is as follows. Could you please verify it?
instead of allcoatiog cache ways to processes and the hardware preventing other proicess form using that cache you are actually confining a process to a set of cache ways prevetnign it form using other cacheways. other processes are free to use the cache ways you configed the process too as well. there is no isolation at the hardware level so you can still get noisy neighbour effect form unconfied proceses.
that mean you need to first reserve cache ways for exclusive use by openstack (preventing all host proces form usign them) and then config individual instance to the now free cache ways.
Regarding cache allocation, it is possible to allocate cache resources exclusively to each cgroup. In resctrl, by setting the "mode" to "exclusive", we can assign cache resources to each cgroup exclusively, preventing other cgroups from accessing them.[1] However, this requires creating cgroups, assigning cache resources, and properly assigning processes to the cgroups via resctrl. If one of your primary concerns is the requirement for dynamic hardware control within OpenStack to enable exclusive cache resource allocation, exclusive cache allocation without it is possible now, depending on the implementation.
the same applies to intels memomory bandwith allcoation feature.
Each cgroup can be assigned a maximum bandwidth, expressed as a percentage of the total bandwidth or in MBps [1]. If the total assigned bandwidth exceeds 100%, contention may occur. We can exclusively allocate bandwidth by implementing a mechanism that keeps total assigned bandwidth below 100%. [1] https://www.kernel.org/doc/Documentation/x86/resctrl.rst Please let me know if you have any concerns or comments based on the information above. regards, Taketani