SlideShare une entreprise Scribd logo

Xen revisited

Shahbaz Sidhu
Shahbaz Sidhu

Cloud Computing

Formation
1  sur  28
Télécharger pour lire hors ligne
® Xen and the Art of Virtualization Revisited Ian Pratt, Citrix Systems Inc. 4/21/2008 1
® Outline • A brief history of Xen • Why virtualization matters • Paravirtualization review • Hardware-software co-design – MMU virtualization – Network interface virtualization 4/21/2008 2
® The Xen Story • Mar 1999 XenoServers HotOS paper • Apr 2002 Xen hypervisor development starts • Oct 2003 Xen SOSP paper • Apr 2004 Xen 1.0 released • Jun 2004 First Xen developer‟s summit • Nov 2004 Xen 2.0 released • 2004 Hardware vendors start taking Xen seriously • 2005 RedHat, Novell, Sun and others adopt Xen • 2006 VMware and Microsoft adopt paravirtualization • Sep 2006 First XenEnterprise released • May 2008 Xen embedded in Flash on HP/Dell servers 4/21/2008 3
® Xen Project Mission • Build the industry standard open source hypervisor – Core "engine" that is incorporated into multiple vendors‟ products • Maintain Xen‟s industry-leading performance – Be first to exploit new hardware acceleration features – Help OS vendors paravirtualize their OSes • Maintain Xen‟s reputation for stability and quality – Security must now be paramount • Support multiple CPU types; big and small systems – From server to client to mobile phone • Foster innovation • Drive interoperability
® Why Virtualization is „Hot‟ • Clearing up the mess created by the success of „scale-out‟ – One Application per commodity x86 server – Leads to „server sprawl‟ – 5-15% CPU utilization typical • Failure of popular OSes to provide – Full configuration isolation – Temporal isolation for performance predictability – Strong spatial isolation for security and reliability – True backward app compatibility 4/21/2008 5
® 6 First Virtualization Benefits • Server consolidation – Consolidate scale-out success – Exploit multi-core CPUs • Manageability – Secure remote console – Reboot / power control – Performance monitoring • Ease of deployment – Rapid provisioning • VM image portability – Move image between different hardware – Disaster Recovery
® 7 2nd Generation Virtualization Benefits Avoid planned downtime with VM Relocation Dynamically re-balance workload to meet application SLAs Hardware Fault Tolerance with replay / checkpointing
® Hypervisor Security • “hidden hypervisor” attack is a myth, but exploitation of an installed hypervisor is a real and dangerous threat • Hypervisors add more software and thus increase the attack surface – Network-facing control stack – VM containment • Hopefully much smaller and defensible than a conventional OS – Need a “strength in depth” approach – Measured launch 8
® Improving Security with Hypervisors • Hypervisors allow administrative policy enforcement from outside of the OS – Firewalls, IDS, malware scanning etc • More robust as not so easily disabled • Provides protection within a network rather than just at borders – Hardening OSes with immutable memory, taint tracking, logging and replay – Backup policy, multi-path IO, HA, FT etc • Availability and Reliability • Reducing human effort required to admin all the VMs is the next frontier 4/21/2008 9
® Breaking the bond between OS and h/w • Simplifies Application-stack certification – Certify App-on-OS; OS-on-HV; HV-on-h/w – Enables Virtual Appliances • Virtual hardware greatly reduces the effort to modify/create new OSes – Application-specific OSes • Slimming down and optimization of existing OSes • “Native execution” of Apps • Hypervisors enable h/w vendors to „light up‟ new features more rapidly 4/21/2008 10
® Paravirtualization • Extending the OS to be aware it is running in a virtualized environment – For performance and enhanced correctness – IO, memory size, CPU, MMU, time • In Xen <2.0, some paravirtulizations were compulsory to close x86 virtualization holes – Intel VT / AMD-V allow incremental paravirtualization • Paravirtualization is still very important for performance, and works along side enhancements to the hardware – Higher-level paravirtualizations yield greatest benefit 4/21/2008 11
® MMU Virtualization • Critical for performance, challenging to make fast, especially SMP – Hot-unplug unnecessary virtual CPUs – Use multicast TLB flush paravirtualizations etc • Xen supports 3 MMU virtualization modes 1.Direct pagetables 2.Shadow pagetables 3.Hardware Assisted Paging • OS Paravirtualization compulsory for #1, optional (and very beneficial) for #2&3 4/21/2008 12
® MMU Virtualization : Direct-Mode • Requires guest changes – Supported by Linux, Solaris, FreeBSD, NetBSD etc • Highest performance, fewest traps MMU Guest OS Xen VMM Hardware guest writes (typically batched) guest reads Virtual → Machine
® Shadow Pagetables • Guest changes optional, but help with batching, knowing when to unshadow • Latest algorithms work remarkably well MMU Accessed & dirty bits Guest OS VMM Hardware guest writes guest reads Virtual → Guest-physical Virtual → Machine Updates
® Peformance 4/21/2008 15
® Hardware Assisted Paging • AMD NPT / Intel EPT • Hardware handles translation with nested pagetables – guest PTs managed by guest in normal way – guest-physical to machine-physical tables managed by Xen • Can increases the number of memory accesses to perform a TLB fill pagetable walk by factor of 5 (gulp!) – Hopefully less through caching partial walks – But reduces the effective TLB size • Current implementations seem to do rather worse than shadow PTs (e.g. 15%) – Wide-SMP guests do relatively better due to no s/w locking • TLB flush paravirtualizations essential – H/w will improve: TLBs will get bigger, caching more elaborate, prefetch more aggressive 4/21/2008 16
® Network Interface Virtualization • Network IO is tough – High packet rate • Batches often small – Data must typically be copied to VM on RX – Some apps latency sensitive • Xen‟s network IO virtualization has evolved over time – Take advantage of new NIC features – Smart NIC categorization: Types 0-3 4/21/2008 17
® Level 0 : Modern conventional NICs • Single free buffer, RX and TX queues • TX and RX checksum offload • Transmit Segmentation Offload (TSO) • Large Receive Offload (LRO) • Adaptive interrupt throttling • MSI support • (iSCSI initiator offload – export blocks to guests) • (RDMA offload – helps live relocation)
® I/O Architecture Event Channel Virtual MMUVirtual CPUControl IF Hardware (SMP, MMU, physical memory, Ethernet, SCSI/IDE) Native Device Driver GuestOS Device Manager & Control s/w VM0 GuestOS VM1 Front-End Device Drivers GuestOS Applications VM2 Device Emulation GuestOS Applications VM3 Safe HW IF Xen Virtual Machine Monitor Back-End Applications Front-End Device Drivers
® Direct Device Assignment Event Channel Virtual MMUVirtual CPUControl IF Hardware (SMP, MMU, physical memory, Ethernet, SCSI/IDE) Native Device Driver GuestOS Device Manager & Control s/w VM0 GuestOS VM1 Front-End Device Drivers GuestOS Applications VM2 Device Emulation GuestOS Applications VM3 Safe HW IF Xen Virtual Machine Monitor Back-End Applications Native Device Driver
® Xen3 Driver Domains Event Channel Virtual MMUVirtual CPUControl IF Hardware (SMP, MMU, physical memory, Ethernet, SCSI/IDE) Native Device Driver GuestOS Device Manager & Control s/w VM0 Native Device Driver GuestOS VM1 Front-End Device Drivers GuestOS Applications VM2 Device Emulation GuestOS Applications VM3 Safe HW IF Xen Virtual Machine Monitor Back-End Back-End
® Grant Tables •Allows pages to be shared between domains •No hypercall needed by granting domain •Grant_map, Grant_copy and Grant_transfer operations •Signalling via event channels High-performance secure inter-domain communication
® Level 1 : Multiple RX Queues • NIC supports multiple free and RX buffer Q‟s – Choose Q based on dest MAC, VLAN – Default queue used for mcast/broadcast • Great opportunity for avoiding data copy for high-throughput VMs – Try to allocate free buffers from buffers the guest is offering – Still need to worry about bcast, inter-domain etc • Multiple TX queues with traffic shapping
® Level 2 : Direct guest access • NIC allows Q pairs to be mapped into guest in a safe and protected manner – Unprivileged h/w driver in guest – Direct h/w access for most TX/RX operations – Still need to use s/w path for bcast, inter-dom • Memory pre-registration with NIC via privileged part of driver (e.g. in dom0) – Or rely on architectural IOMMU in future • For TX, require traffic shaping and basic MAC/srcIP filtering enforcement
® Level 2 NICs e.g. Solarflare / Infiniband • Accelerated routes set up by Dom0 – Then DomU can access hardware directly • Allow untrusted entities to access the NIC without compromising system integrity – Grant tables used to pin pages for DMA • Treated as an “accelerator module” to allow easy hot plug/unplug Dom0 DomU DomU Hardware Hypervisor Dom0 DomU DomU Hardware Hypervisor
® Level 3 Full Switch on NIC / MR-IOV • NIC presents itself as multiple PCI devices, one per guest – Relies on IOMMU for protection – Still need to deal with the case when there are more VMs than virtual h/w NIC – Worse issue with h/w-specific driver in guest • Full L2+ switch functionality on NIC – Inter-domain traffic can go via NIC • But goes over PCIe bus twice
® page 27 April 21, 200 Performance 0 5 10 15 20 25 30 35 CPU(%) 0 5 10 15 20 25 30 35 CPU(%) usercopy kern xen1 grantcopy kern0 xen0 Type-0 Type-1 Type-2 linux Type-0 Type-1 Type-2 linux Default configuration (6 pkt/intr) Interrupt throttling config (64 pkt/intr) 201% 100%123% 109% 100% 272% 193% 126% • Smarter NICs reduce CPU overhead substantially • Care must be taken with type-2/3 NICs to ensure benefits of VM portability and live relocation are not lost • “Extreme late copy” for zero-copy inter-domain communication under development
® Conclusions • Open Source is a great way to get impact from University research projects • Hypervisors will become ubiquitous, near zero overhead, built in to platform • Virtualization may enable a new "golden age" of operating system diversity • Virtualization is a really fun area to be working in! ian.pratt@xen.org 4/21/2008 28

Recommandé

Xen io
Xen ioXen io
Xen iowangyuanzhf
 
Xen Hypervisor
Xen HypervisorXen Hypervisor
Xen HypervisorSusheel Thakur
 
Xen & virtualization
Xen & virtualizationXen & virtualization
Xen & virtualizationSusheel Thakur
 
Xen and the Art of Virtualization
Xen and the Art of VirtualizationXen and the Art of Virtualization
Xen and the Art of VirtualizationSusheel Thakur
 
Xen.org Overview 2009
Xen.org Overview 2009Xen.org Overview 2009
Xen.org Overview 2009The Linux Foundation
 
Rootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationRootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationThe Linux Foundation
 
Xen & the Art of Virtualization
Xen & the Art of VirtualizationXen & the Art of Virtualization
Xen & the Art of VirtualizationTareque Hossain
 
Bare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for InnovationBare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for InnovationThe Linux Foundation
 

Recommandé

Xen io
Xen ioXen io
Xen iowangyuanzhf
 
Xen Hypervisor
Xen HypervisorXen Hypervisor
Xen HypervisorSusheel Thakur
 
Xen & virtualization
Xen & virtualizationXen & virtualization
Xen & virtualizationSusheel Thakur
 
Xen and the Art of Virtualization
Xen and the Art of VirtualizationXen and the Art of Virtualization
Xen and the Art of VirtualizationSusheel Thakur
 
Xen.org Overview 2009
Xen.org Overview 2009Xen.org Overview 2009
Xen.org Overview 2009The Linux Foundation
 
Rootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationRootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationThe Linux Foundation
 
Xen & the Art of Virtualization
Xen & the Art of VirtualizationXen & the Art of Virtualization
Xen & the Art of VirtualizationTareque Hossain
 
Bare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for InnovationBare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for InnovationThe Linux Foundation
 
Xen and the art of embedded virtualization (ELC 2017)
Xen and the art of embedded virtualization (ELC 2017)Xen and the art of embedded virtualization (ELC 2017)
Xen and the art of embedded virtualization (ELC 2017)Stefano Stabellini
 
Why xen slides
Why xen slidesWhy xen slides
Why xen slidesThe Linux Foundation
 
Xen PV Performance Status and Optimization Opportunities
Xen PV Performance Status and Optimization OpportunitiesXen PV Performance Status and Optimization Opportunities
Xen PV Performance Status and Optimization OpportunitiesThe Linux Foundation
 
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVMHypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVMvwchu
 
Xen Project Hypervisor for the Cloud
Xen Project Hypervisor for the CloudXen Project Hypervisor for the Cloud
Xen Project Hypervisor for the CloudThe Linux Foundation
 
Xen, XenServer, and XAPI: What’s the Difference?-XPUS13 Bulpin,Pavlicek
Xen, XenServer, and XAPI: What’s the Difference?-XPUS13 Bulpin,PavlicekXen, XenServer, and XAPI: What’s the Difference?-XPUS13 Bulpin,Pavlicek
Xen, XenServer, and XAPI: What’s the Difference?-XPUS13 Bulpin,PavlicekThe Linux Foundation
 
Xen Community Update 2011
Xen Community Update 2011Xen Community Update 2011
Xen Community Update 2011The Linux Foundation
 
LCA13: Xen on ARM
LCA13: Xen on ARMLCA13: Xen on ARM
LCA13: Xen on ARMLinaro
 
Xen and the art of virtualization
Xen and the art of virtualizationXen and the art of virtualization
Xen and the art of virtualizationAbdul417101
 
Xen and Art of Virtualization (Xen Architecture)
Xen and Art of Virtualization (Xen Architecture)Xen and Art of Virtualization (Xen Architecture)
Xen and Art of Virtualization (Xen Architecture)Mr Cracker
 
OSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
OSSEU18: NVDIMM and Virtualization - George Dunlap, CitrixOSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
OSSEU18: NVDIMM and Virtualization - George Dunlap, CitrixThe Linux Foundation
 
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...The Linux Foundation
 
Xen RAS Status and Progress
Xen RAS Status and ProgressXen RAS Status and Progress
Xen RAS Status and ProgressThe Linux Foundation
 
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary session
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary sessionLinaro Connect Asia 13 : Citrix - Xen on ARM plenary session
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary sessionThe Linux Foundation
 
LFNW2014 Advanced Security Features of Xen Project Hypervisor
LFNW2014 Advanced Security Features of Xen Project HypervisorLFNW2014 Advanced Security Features of Xen Project Hypervisor
LFNW2014 Advanced Security Features of Xen Project HypervisorThe Linux Foundation
 
PVH : PV Guest in HVM container
PVH : PV Guest in HVM containerPVH : PV Guest in HVM container
PVH : PV Guest in HVM containerThe Linux Foundation
 
XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...
XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...
XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...The Linux Foundation
 
Xen Project: Windows PV Drivers
Xen Project: Windows PV DriversXen Project: Windows PV Drivers
Xen Project: Windows PV DriversThe Linux Foundation
 
Backup virtual machines with XenServer 5.x
Backup virtual machines with XenServer 5.xBackup virtual machines with XenServer 5.x
Backup virtual machines with XenServer 5.xThomas Krampe
 
System Device Tree update: Bus Firewalls and Lopper
System Device Tree update: Bus Firewalls and LopperSystem Device Tree update: Bus Firewalls and Lopper
System Device Tree update: Bus Firewalls and LopperStefano Stabellini
 
Red Hat Enterprise Linux 5.2 Virtualization Guide
Red Hat Enterprise Linux 5.2 Virtualization GuideRed Hat Enterprise Linux 5.2 Virtualization Guide
Red Hat Enterprise Linux 5.2 Virtualization GuideRishi Sharma
 
S4 xen hypervisor_20080622
S4 xen hypervisor_20080622S4 xen hypervisor_20080622
S4 xen hypervisor_20080622Todd Deshane
 

Contenu connexe

Tendances

Xen and the art of embedded virtualization (ELC 2017)
Xen and the art of embedded virtualization (ELC 2017)Xen and the art of embedded virtualization (ELC 2017)
Xen and the art of embedded virtualization (ELC 2017)Stefano Stabellini
 
Xen PV Performance Status and Optimization Opportunities
Xen PV Performance Status and Optimization OpportunitiesXen PV Performance Status and Optimization Opportunities
Xen PV Performance Status and Optimization OpportunitiesThe Linux Foundation
 
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVMHypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVMvwchu
 
Xen Project Hypervisor for the Cloud
Xen Project Hypervisor for the CloudXen Project Hypervisor for the Cloud
Xen Project Hypervisor for the CloudThe Linux Foundation
 
Xen, XenServer, and XAPI: What’s the Difference?-XPUS13 Bulpin,Pavlicek
Xen, XenServer, and XAPI: What’s the Difference?-XPUS13 Bulpin,PavlicekXen, XenServer, and XAPI: What’s the Difference?-XPUS13 Bulpin,Pavlicek
Xen, XenServer, and XAPI: What’s the Difference?-XPUS13 Bulpin,PavlicekThe Linux Foundation
 
LCA13: Xen on ARM
LCA13: Xen on ARMLCA13: Xen on ARM
LCA13: Xen on ARMLinaro
 
Xen and the art of virtualization
Xen and the art of virtualizationXen and the art of virtualization
Xen and the art of virtualizationAbdul417101
 
Xen and Art of Virtualization (Xen Architecture)
Xen and Art of Virtualization (Xen Architecture)Xen and Art of Virtualization (Xen Architecture)
Xen and Art of Virtualization (Xen Architecture)Mr Cracker
 
OSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
OSSEU18: NVDIMM and Virtualization - George Dunlap, CitrixOSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
OSSEU18: NVDIMM and Virtualization - George Dunlap, CitrixThe Linux Foundation
 
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...The Linux Foundation
 
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary session
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary sessionLinaro Connect Asia 13 : Citrix - Xen on ARM plenary session
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary sessionThe Linux Foundation
 
LFNW2014 Advanced Security Features of Xen Project Hypervisor
LFNW2014 Advanced Security Features of Xen Project HypervisorLFNW2014 Advanced Security Features of Xen Project Hypervisor
LFNW2014 Advanced Security Features of Xen Project HypervisorThe Linux Foundation
 
XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...
XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...
XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...The Linux Foundation
 
Backup virtual machines with XenServer 5.x
Backup virtual machines with XenServer 5.xBackup virtual machines with XenServer 5.x
Backup virtual machines with XenServer 5.xThomas Krampe
 
System Device Tree update: Bus Firewalls and Lopper
System Device Tree update: Bus Firewalls and LopperSystem Device Tree update: Bus Firewalls and Lopper
System Device Tree update: Bus Firewalls and LopperStefano Stabellini
 

Tendances (20)

Xen and the art of embedded virtualization (ELC 2017)
Xen and the art of embedded virtualization (ELC 2017)Xen and the art of embedded virtualization (ELC 2017)
Xen and the art of embedded virtualization (ELC 2017)
 
Why xen slides
Why xen slidesWhy xen slides
Why xen slides
 
Xen PV Performance Status and Optimization Opportunities
Xen PV Performance Status and Optimization OpportunitiesXen PV Performance Status and Optimization Opportunities
Xen PV Performance Status and Optimization Opportunities
 
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVMHypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
 
Xen Project Hypervisor for the Cloud
Xen Project Hypervisor for the CloudXen Project Hypervisor for the Cloud
Xen Project Hypervisor for the Cloud
 
Xen, XenServer, and XAPI: What’s the Difference?-XPUS13 Bulpin,Pavlicek
Xen, XenServer, and XAPI: What’s the Difference?-XPUS13 Bulpin,PavlicekXen, XenServer, and XAPI: What’s the Difference?-XPUS13 Bulpin,Pavlicek
Xen, XenServer, and XAPI: What’s the Difference?-XPUS13 Bulpin,Pavlicek
 
Xen Community Update 2011
Xen Community Update 2011Xen Community Update 2011
Xen Community Update 2011
 
LCA13: Xen on ARM
LCA13: Xen on ARMLCA13: Xen on ARM
LCA13: Xen on ARM
 
Xen and the art of virtualization
Xen and the art of virtualizationXen and the art of virtualization
Xen and the art of virtualization
 
Xen and Art of Virtualization (Xen Architecture)
Xen and Art of Virtualization (Xen Architecture)Xen and Art of Virtualization (Xen Architecture)
Xen and Art of Virtualization (Xen Architecture)
 
OSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
OSSEU18: NVDIMM and Virtualization - George Dunlap, CitrixOSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
OSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
 
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...
 
Xen RAS Status and Progress
Xen RAS Status and ProgressXen RAS Status and Progress
Xen RAS Status and Progress
 
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary session
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary sessionLinaro Connect Asia 13 : Citrix - Xen on ARM plenary session
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary session
 
LFNW2014 Advanced Security Features of Xen Project Hypervisor
LFNW2014 Advanced Security Features of Xen Project HypervisorLFNW2014 Advanced Security Features of Xen Project Hypervisor
LFNW2014 Advanced Security Features of Xen Project Hypervisor
 
PVH : PV Guest in HVM container
PVH : PV Guest in HVM containerPVH : PV Guest in HVM container
PVH : PV Guest in HVM container
 
XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...
XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...
XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...
 
Xen Project: Windows PV Drivers
Xen Project: Windows PV DriversXen Project: Windows PV Drivers
Xen Project: Windows PV Drivers
 
Backup virtual machines with XenServer 5.x
Backup virtual machines with XenServer 5.xBackup virtual machines with XenServer 5.x
Backup virtual machines with XenServer 5.x
 
System Device Tree update: Bus Firewalls and Lopper
System Device Tree update: Bus Firewalls and LopperSystem Device Tree update: Bus Firewalls and Lopper
System Device Tree update: Bus Firewalls and Lopper
 

En vedette

Red Hat Enterprise Linux 5.2 Virtualization Guide
Red Hat Enterprise Linux 5.2 Virtualization GuideRed Hat Enterprise Linux 5.2 Virtualization Guide
Red Hat Enterprise Linux 5.2 Virtualization GuideRishi Sharma
 
S4 xen hypervisor_20080622
S4 xen hypervisor_20080622S4 xen hypervisor_20080622
S4 xen hypervisor_20080622Todd Deshane
 
virtualization and hypervisors
virtualization and hypervisorsvirtualization and hypervisors
virtualization and hypervisorsGaurav Suri
 
LinuxCon Japan 13 : 10 years of Xen and Beyond
LinuxCon Japan 13 : 10 years of Xen and BeyondLinuxCon Japan 13 : 10 years of Xen and Beyond
LinuxCon Japan 13 : 10 years of Xen and BeyondThe Linux Foundation
 
BACD July 2012 : The Xen Cloud Platform
BACD July 2012 : The Xen Cloud Platform BACD July 2012 : The Xen Cloud Platform
BACD July 2012 : The Xen Cloud Platform The Linux Foundation
 

En vedette (8)

Red Hat Enterprise Linux 5.2 Virtualization Guide
Red Hat Enterprise Linux 5.2 Virtualization GuideRed Hat Enterprise Linux 5.2 Virtualization Guide
Red Hat Enterprise Linux 5.2 Virtualization Guide
 
S4 xen hypervisor_20080622
S4 xen hypervisor_20080622S4 xen hypervisor_20080622
S4 xen hypervisor_20080622
 
Xen Overview Q3 2009
Xen Overview Q3 2009Xen Overview Q3 2009
Xen Overview Q3 2009
 
µ-Xen
µ-Xenµ-Xen
µ-Xen
 
Xen @ Google, 2011
Xen @ Google, 2011Xen @ Google, 2011
Xen @ Google, 2011
 
virtualization and hypervisors
virtualization and hypervisorsvirtualization and hypervisors
virtualization and hypervisors
 
LinuxCon Japan 13 : 10 years of Xen and Beyond
LinuxCon Japan 13 : 10 years of Xen and BeyondLinuxCon Japan 13 : 10 years of Xen and Beyond
LinuxCon Japan 13 : 10 years of Xen and Beyond
 
BACD July 2012 : The Xen Cloud Platform
BACD July 2012 : The Xen Cloud Platform BACD July 2012 : The Xen Cloud Platform
BACD July 2012 : The Xen Cloud Platform
 

Similaire à Xen revisited

Virtualization in cloud
Virtualization in cloudVirtualization in cloud
Virtualization in cloudAshok Kumar
 
Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0guest72e8c1
 
5. IO virtualization
5. IO virtualization5. IO virtualization
5. IO virtualizationHwanju Kim
 
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISORLOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISORVanika Kapoor
 
20191201 kubernetes managed weblogic revival - part 1
20191201 kubernetes managed weblogic revival - part 120191201 kubernetes managed weblogic revival - part 1
20191201 kubernetes managed weblogic revival - part 1makker_nl
 
The Kubernetes WebLogic revival (part 1)
The Kubernetes WebLogic revival (part 1)The Kubernetes WebLogic revival (part 1)
The Kubernetes WebLogic revival (part 1)Simon Haslam
 
State of virtualisation -- 2012
State of virtualisation -- 2012State of virtualisation -- 2012
State of virtualisation -- 2012Jonathan Sinclair
 
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...The Linux Foundation
 
Xen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XTXen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XTThe Linux Foundation
 
Virtualization and how it leads to cloud
Virtualization and how it leads to cloudVirtualization and how it leads to cloud
Virtualization and how it leads to cloudHuzefa Husain
 

Similaire à Xen revisited (20)

Virtualization in cloud
Virtualization in cloudVirtualization in cloud
Virtualization in cloud
 
RMLL / LSM 2009
RMLL / LSM 2009RMLL / LSM 2009
RMLL / LSM 2009
 
Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0
 
5. IO virtualization
5. IO virtualization5. IO virtualization
5. IO virtualization
 
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISORLOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
 
20191201 kubernetes managed weblogic revival - part 1
20191201 kubernetes managed weblogic revival - part 120191201 kubernetes managed weblogic revival - part 1
20191201 kubernetes managed weblogic revival - part 1
 
Server Consolidation
Server ConsolidationServer Consolidation
Server Consolidation
 
Ina Pratt Fosdem Feb2008
Ina Pratt Fosdem Feb2008Ina Pratt Fosdem Feb2008
Ina Pratt Fosdem Feb2008
 
The Kubernetes WebLogic revival (part 1)
The Kubernetes WebLogic revival (part 1)The Kubernetes WebLogic revival (part 1)
The Kubernetes WebLogic revival (part 1)
 
State of virtualisation -- 2012
State of virtualisation -- 2012State of virtualisation -- 2012
State of virtualisation -- 2012
 
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
 
Usenix Invited Talk
Usenix Invited TalkUsenix Invited Talk
Usenix Invited Talk
 
virtual machine.ppt
virtual machine.pptvirtual machine.ppt
virtual machine.ppt
 
Virtualization
VirtualizationVirtualization
Virtualization
 
Xen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XTXen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XT
 
Virtualization and how it leads to cloud
Virtualization and how it leads to cloudVirtualization and how it leads to cloud
Virtualization and how it leads to cloud
 
Ian Pratt Nsdi Keynote Apr2008
Ian Pratt Nsdi Keynote Apr2008Ian Pratt Nsdi Keynote Apr2008
Ian Pratt Nsdi Keynote Apr2008
 
unit 2.ppt
unit 2.pptunit 2.ppt
unit 2.ppt
 
µ-Xen
µ-Xenµ-Xen
µ-Xen
 
unit-2.pptx
unit-2.pptxunit-2.pptx
unit-2.pptx
 

Plus de Shahbaz Sidhu

Datacenter as computer
Datacenter as computerDatacenter as computer
Datacenter as computerShahbaz Sidhu
 

Plus de Shahbaz Sidhu (20)

Xen
XenXen
Xen
 
Virtualization
VirtualizationVirtualization
Virtualization
 
Paravirtualization
ParavirtualizationParavirtualization
Paravirtualization
 
Outsourcing control
Outsourcing controlOutsourcing control
Outsourcing control
 
Nist cloud comp
Nist cloud compNist cloud comp
Nist cloud comp
 
Map reduce
Map reduceMap reduce
Map reduce
 
Live migration
Live migrationLive migration
Live migration
 
Handout3o
Handout3oHandout3o
Handout3o
 
Handout2o
Handout2oHandout2o
Handout2o
 
Handout1o
Handout1oHandout1o
Handout1o
 
Hadoop
HadoopHadoop
Hadoop
 
Gfs
GfsGfs
Gfs
 
En
EnEn
En
 
Datacenter as computer
Datacenter as computerDatacenter as computer
Datacenter as computer
 
Cloudcom13
Cloudcom13Cloudcom13
Cloudcom13
 
Bigtable osdi06
Bigtable osdi06Bigtable osdi06
Bigtable osdi06
 
About clouds
About cloudsAbout clouds
About clouds
 
6620handout5t
6620handout5t6620handout5t
6620handout5t
 
6620handout5o
6620handout5o6620handout5o
6620handout5o
 
6620handout4t
6620handout4t6620handout4t
6620handout4t
 

Dernier

Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsKarakKing
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 

Dernier (20)

Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 

Xen revisited

  • 1. ® Xen and the Art of Virtualization Revisited Ian Pratt, Citrix Systems Inc. 4/21/2008 1
  • 2. ® Outline • A brief history of Xen • Why virtualization matters • Paravirtualization review • Hardware-software co-design – MMU virtualization – Network interface virtualization 4/21/2008 2
  • 3. ® The Xen Story • Mar 1999 XenoServers HotOS paper • Apr 2002 Xen hypervisor development starts • Oct 2003 Xen SOSP paper • Apr 2004 Xen 1.0 released • Jun 2004 First Xen developer‟s summit • Nov 2004 Xen 2.0 released • 2004 Hardware vendors start taking Xen seriously • 2005 RedHat, Novell, Sun and others adopt Xen • 2006 VMware and Microsoft adopt paravirtualization • Sep 2006 First XenEnterprise released • May 2008 Xen embedded in Flash on HP/Dell servers 4/21/2008 3
  • 4. ® Xen Project Mission • Build the industry standard open source hypervisor – Core "engine" that is incorporated into multiple vendors‟ products • Maintain Xen‟s industry-leading performance – Be first to exploit new hardware acceleration features – Help OS vendors paravirtualize their OSes • Maintain Xen‟s reputation for stability and quality – Security must now be paramount • Support multiple CPU types; big and small systems – From server to client to mobile phone • Foster innovation • Drive interoperability
  • 5. ® Why Virtualization is „Hot‟ • Clearing up the mess created by the success of „scale-out‟ – One Application per commodity x86 server – Leads to „server sprawl‟ – 5-15% CPU utilization typical • Failure of popular OSes to provide – Full configuration isolation – Temporal isolation for performance predictability – Strong spatial isolation for security and reliability – True backward app compatibility 4/21/2008 5
  • 6. ® 6 First Virtualization Benefits • Server consolidation – Consolidate scale-out success – Exploit multi-core CPUs • Manageability – Secure remote console – Reboot / power control – Performance monitoring • Ease of deployment – Rapid provisioning • VM image portability – Move image between different hardware – Disaster Recovery
  • 7. ® 7 2nd Generation Virtualization Benefits Avoid planned downtime with VM Relocation Dynamically re-balance workload to meet application SLAs Hardware Fault Tolerance with replay / checkpointing
  • 8. ® Hypervisor Security • “hidden hypervisor” attack is a myth, but exploitation of an installed hypervisor is a real and dangerous threat • Hypervisors add more software and thus increase the attack surface – Network-facing control stack – VM containment • Hopefully much smaller and defensible than a conventional OS – Need a “strength in depth” approach – Measured launch 8
  • 9. ® Improving Security with Hypervisors • Hypervisors allow administrative policy enforcement from outside of the OS – Firewalls, IDS, malware scanning etc • More robust as not so easily disabled • Provides protection within a network rather than just at borders – Hardening OSes with immutable memory, taint tracking, logging and replay – Backup policy, multi-path IO, HA, FT etc • Availability and Reliability • Reducing human effort required to admin all the VMs is the next frontier 4/21/2008 9
  • 10. ® Breaking the bond between OS and h/w • Simplifies Application-stack certification – Certify App-on-OS; OS-on-HV; HV-on-h/w – Enables Virtual Appliances • Virtual hardware greatly reduces the effort to modify/create new OSes – Application-specific OSes • Slimming down and optimization of existing OSes • “Native execution” of Apps • Hypervisors enable h/w vendors to „light up‟ new features more rapidly 4/21/2008 10
  • 11. ® Paravirtualization • Extending the OS to be aware it is running in a virtualized environment – For performance and enhanced correctness – IO, memory size, CPU, MMU, time • In Xen <2.0, some paravirtulizations were compulsory to close x86 virtualization holes – Intel VT / AMD-V allow incremental paravirtualization • Paravirtualization is still very important for performance, and works along side enhancements to the hardware – Higher-level paravirtualizations yield greatest benefit 4/21/2008 11
  • 12. ® MMU Virtualization • Critical for performance, challenging to make fast, especially SMP – Hot-unplug unnecessary virtual CPUs – Use multicast TLB flush paravirtualizations etc • Xen supports 3 MMU virtualization modes 1.Direct pagetables 2.Shadow pagetables 3.Hardware Assisted Paging • OS Paravirtualization compulsory for #1, optional (and very beneficial) for #2&3 4/21/2008 12
  • 13. ® MMU Virtualization : Direct-Mode • Requires guest changes – Supported by Linux, Solaris, FreeBSD, NetBSD etc • Highest performance, fewest traps MMU Guest OS Xen VMM Hardware guest writes (typically batched) guest reads Virtual → Machine
  • 14. ® Shadow Pagetables • Guest changes optional, but help with batching, knowing when to unshadow • Latest algorithms work remarkably well MMU Accessed & dirty bits Guest OS VMM Hardware guest writes guest reads Virtual → Guest-physical Virtual → Machine Updates
  • 16. ® Hardware Assisted Paging • AMD NPT / Intel EPT • Hardware handles translation with nested pagetables – guest PTs managed by guest in normal way – guest-physical to machine-physical tables managed by Xen • Can increases the number of memory accesses to perform a TLB fill pagetable walk by factor of 5 (gulp!) – Hopefully less through caching partial walks – But reduces the effective TLB size • Current implementations seem to do rather worse than shadow PTs (e.g. 15%) – Wide-SMP guests do relatively better due to no s/w locking • TLB flush paravirtualizations essential – H/w will improve: TLBs will get bigger, caching more elaborate, prefetch more aggressive 4/21/2008 16
  • 17. ® Network Interface Virtualization • Network IO is tough – High packet rate • Batches often small – Data must typically be copied to VM on RX – Some apps latency sensitive • Xen‟s network IO virtualization has evolved over time – Take advantage of new NIC features – Smart NIC categorization: Types 0-3 4/21/2008 17
  • 18. ® Level 0 : Modern conventional NICs • Single free buffer, RX and TX queues • TX and RX checksum offload • Transmit Segmentation Offload (TSO) • Large Receive Offload (LRO) • Adaptive interrupt throttling • MSI support • (iSCSI initiator offload – export blocks to guests) • (RDMA offload – helps live relocation)
  • 19. ® I/O Architecture Event Channel Virtual MMUVirtual CPUControl IF Hardware (SMP, MMU, physical memory, Ethernet, SCSI/IDE) Native Device Driver GuestOS Device Manager & Control s/w VM0 GuestOS VM1 Front-End Device Drivers GuestOS Applications VM2 Device Emulation GuestOS Applications VM3 Safe HW IF Xen Virtual Machine Monitor Back-End Applications Front-End Device Drivers
  • 20. ® Direct Device Assignment Event Channel Virtual MMUVirtual CPUControl IF Hardware (SMP, MMU, physical memory, Ethernet, SCSI/IDE) Native Device Driver GuestOS Device Manager & Control s/w VM0 GuestOS VM1 Front-End Device Drivers GuestOS Applications VM2 Device Emulation GuestOS Applications VM3 Safe HW IF Xen Virtual Machine Monitor Back-End Applications Native Device Driver
  • 21. ® Xen3 Driver Domains Event Channel Virtual MMUVirtual CPUControl IF Hardware (SMP, MMU, physical memory, Ethernet, SCSI/IDE) Native Device Driver GuestOS Device Manager & Control s/w VM0 Native Device Driver GuestOS VM1 Front-End Device Drivers GuestOS Applications VM2 Device Emulation GuestOS Applications VM3 Safe HW IF Xen Virtual Machine Monitor Back-End Back-End
  • 22. ® Grant Tables •Allows pages to be shared between domains •No hypercall needed by granting domain •Grant_map, Grant_copy and Grant_transfer operations •Signalling via event channels High-performance secure inter-domain communication
  • 23. ® Level 1 : Multiple RX Queues • NIC supports multiple free and RX buffer Q‟s – Choose Q based on dest MAC, VLAN – Default queue used for mcast/broadcast • Great opportunity for avoiding data copy for high-throughput VMs – Try to allocate free buffers from buffers the guest is offering – Still need to worry about bcast, inter-domain etc • Multiple TX queues with traffic shapping
  • 24. ® Level 2 : Direct guest access • NIC allows Q pairs to be mapped into guest in a safe and protected manner – Unprivileged h/w driver in guest – Direct h/w access for most TX/RX operations – Still need to use s/w path for bcast, inter-dom • Memory pre-registration with NIC via privileged part of driver (e.g. in dom0) – Or rely on architectural IOMMU in future • For TX, require traffic shaping and basic MAC/srcIP filtering enforcement
  • 25. ® Level 2 NICs e.g. Solarflare / Infiniband • Accelerated routes set up by Dom0 – Then DomU can access hardware directly • Allow untrusted entities to access the NIC without compromising system integrity – Grant tables used to pin pages for DMA • Treated as an “accelerator module” to allow easy hot plug/unplug Dom0 DomU DomU Hardware Hypervisor Dom0 DomU DomU Hardware Hypervisor
  • 26. ® Level 3 Full Switch on NIC / MR-IOV • NIC presents itself as multiple PCI devices, one per guest – Relies on IOMMU for protection – Still need to deal with the case when there are more VMs than virtual h/w NIC – Worse issue with h/w-specific driver in guest • Full L2+ switch functionality on NIC – Inter-domain traffic can go via NIC • But goes over PCIe bus twice
  • 27. ® page 27 April 21, 200 Performance 0 5 10 15 20 25 30 35 CPU(%) 0 5 10 15 20 25 30 35 CPU(%) usercopy kern xen1 grantcopy kern0 xen0 Type-0 Type-1 Type-2 linux Type-0 Type-1 Type-2 linux Default configuration (6 pkt/intr) Interrupt throttling config (64 pkt/intr) 201% 100%123% 109% 100% 272% 193% 126% • Smarter NICs reduce CPU overhead substantially • Care must be taken with type-2/3 NICs to ensure benefits of VM portability and live relocation are not lost • “Extreme late copy” for zero-copy inter-domain communication under development
  • 28. ® Conclusions • Open Source is a great way to get impact from University research projects • Hypervisors will become ubiquitous, near zero overhead, built in to platform • Virtualization may enable a new "golden age" of operating system diversity • Virtualization is a really fun area to be working in! ian.pratt@xen.org 4/21/2008 28