My presentation on the paper: Xen and the Art of Virtualization by Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, Andrew Warfield. Prepared for CSCI 297 - Advanced Operating System at GWU, Spring 2010
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Xen & the Art of Virtualization
1.
2. Challenges to build virtual machines
Performance isolation
Process Scheduling
Memory Usage
Network Traffic
Disk Access
Support for various OS platforms
Minimizing performance overhead
3. Conventional Xen
Full Virtualization Paravirtualization
GuestOS runs without Modifications to the
modification GuestOS necessary
Guest OS cannot access the Guest OS runs in parallel
hardware directly with other modified systems
Problematic for certain Provides some exposures to
privileged instructions (e.g., the underlying HW
traps)
No real-time guarantees
4. Multiplexes resources at the granularity of an entire
OS
Follows the ideology of Exokernel
As opposed to process-level multiplexing
Price: higher overhead
Target: 100 virtual OSes per machine
5. Depending on the hardware supports
Software managed TLB
Associate address space IDs with TLB tags
Allow coexistence of OSes
Avoid TLB flushing across OS boundaries
X86 does not have software managed TLB
Xen exists at the top 64MB of every address space
Avoid TLB flushing when an guest OS enter/exist Xen
Each OS can only map to memory it owns
Writes are validated by Xen
6. X86 supports 4 levels of
privileges
0 for OS, and 3 for
applications
Xen downgrades the
privilege of OSes
Privilege
System-call and page-fault
Level of handlers registered to Xen
Guest OS
“fast handlers” for most
0
exceptions, Xen isn’t
involved
1
2
3
7. Separation of policy and
mechanism
Domain0 hosts the
application-level
management software
Creation and deletion of
Control
virtual network
User User User
Plane
Software Software Software
interfaces and block
Software
devices
GuestOS GuestOS GuestOS GuestOS
(XenoLinux) (XenoLinux) (XenoBSD) (XenoXP)
Xeno - Aware Xeno - Aware Xeno - Aware Xeno - Aware
Device Drivers Device Drivers Device Drivers Device Drivers
Domain0 Virtual Virtual X
Virtual Virtual
Control
x86 CPU
Physical
Network
Block E
Interface Memory Device N
H/W (SMP x86, Phys Mem, eNet, SCSI/IDE)
8. Hypercall: synchronous calls from a domain to Xen
Analogous to system calls
Allows domains to perform a synchronous software trap
into the hypervisor to perform privileged operation
Events: asynchronous notifications from Xen to
domains
Replace device interrupts
Lightweight notification of important system events,
similar to Unix signal
Event handling can be deferred by domain
9. Safe indirect way to share I/O devices among OSes
Circular queue accessible by Xen and a domain
10. Borrowed virtual time scheduling
Allows temporary violations of fair sharing to favor
recently-woken domains
Goal: reduce wake-up latency
Xen provides several different types of timers
Real Time (time that always advances regardless of the
executing domain)
Virtual Time (time that only advances within the context of
the domain)
Wall Clock Time (time that takes in to account local offsets
for time zone and DST)
11. No shadow pages (VMWare)
Xen provides constrained but direct MMU updates
All guest OSes have read-only accesses to page tables
Updates are batched into a single hypercall
Updates must be validated by Xen
Guest OSes are responsible for allocation and managing
pages within their own domain
Xen exists in a generally unused section at the top of every
address space to prevent paging out
12. Reserved at domain creation times
Memory statically partitioned among domains
Does not guarantee contiguous regions of memory
Supports hardware~physical mapping by providing
shared translation array readable by all domains
13. Virtual firewall-router attached to all domains
Round-robin packet scheduler
To send a packet, enqueue a buffer descriptor into the
transmit rang
Use scatter-gather DMA (no packet copying)
A domain needs to exchange page frame to avoid
copying
Page-aligned buffering
14. Only Domain0 has direct access to disks
Other domains need to use virtual block devices
Use the I/O ring
Reorder requests prior to enqueuing them on the ring
If permitted, Xen will also reorder requests to improve
performance
Use DMA (zero copy)
15. SPEC INT2000 score SPEC WEB99
CPU Intensive (Little I/O and OS 180Mb/s TCP traffic (Disk read-write
interaction) on 2GB dataset)
16. Since version 3.0.2 Xen supports unmodified Microsoft
OSes and Linux when the host runs on Intel VT or AMD-V
hardware
As of 2009 most Linux distributions include Xen packages
to interact with the Xen hypervisor and start additional
domains
XenServer was made 100% open source 2 years after being
acquired by Citrix Systems. Citrix has also formed Xen
Project Advisory Board (Xen AB), which currently has
members from IBM, Intel, Hewlett-Packard, Novell, Red
Hat, Sun Microsystems and Oracle
17. Questions?
Discussion
Slide is available at:
http://www.slideshare.net/tarequeh/xen-the-art-of-
virtualization