Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.
-
date post
21-Dec-2015 -
Category
Documents
-
view
224 -
download
0
Transcript of Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.
![Page 1: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/1.jpg)
Xen and the
Art of Virtualization
University of Cambridge
Presenter: Ashish Gupta
![Page 2: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/2.jpg)
Features An open infrastructure for global distributed
computing Run multiple services on a single Xenoserver
Envisage running up to 100 per server Secure and accountable execution
Strong isolation, logging and auditing Flexible: low-level execution environment Economical: execute on commodity hardware
(x86)
![Page 3: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/3.jpg)
Virtualization techniques
Single OS image (Ensim, VServers) Group user processes into resource container. Implement new schedulers in the OS to ensure isolation Hard to retrofit isolation to conventional Oses
Full virtualization (VMware, Connectix, Bochs) Run full OSes as unmodified guests The VMM enforces resource isolation But it’s hard to efficiently virtualize uncooperative
architectures
![Page 4: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/4.jpg)
Paravirtualization Goals
Low Virtualization Overhead Performance Isolation
Also (Flexibility)
Support full-featured multi-user multi-application OSes
![Page 5: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/5.jpg)
System Performance
![Page 6: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/6.jpg)
Para-virtualization – Principles ? Para-virtualization vs. full-virtualization
Expose guest OS to “real resources” (time, MMU etc.) Better support time sensitive tasks Allows guest OS optimizations Correctness issues
The Downside
![Page 7: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/7.jpg)
Para-virtualization Mechanisms
![Page 8: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/8.jpg)
Three broad aspects Memory Management CPU Device I/O
![Page 9: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/9.jpg)
Memory Management The VMWare approach – shadow page tables
![Page 10: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/10.jpg)
Modifications Paravirtualization obviates the need for
shadow page tables Guest OSes allocate and manage their own
page tables
HOW ?
![Page 11: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/11.jpg)
Mechanism Updates to page tables must be passed to Xen
for validation Updates may be queued and processed in batches
Validation rules (applied to each PTE): 1. only map a page if owned by the requesting
guest OS 2. only map a page containing PTEs for read-only
access Xen tracks page ownership and current use
![Page 12: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/12.jpg)
Memory Management The Xen approach
![Page 13: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/13.jpg)
Memory benchmarks
![Page 14: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/14.jpg)
CPU Efficient because - Four privilege levels
OS – Ring 1, Applications – Ring 3 Privileged instructions required to be validated and
executed by Xen
Exceptions Guest OS registers handlers with Xen Para-virtualization Unchanged handlers “fast handlers” for most exceptions, Xen isn’t involved Page faults – CR2 register read by Xen, so must
enter Xen
![Page 15: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/15.jpg)
Xen uses the 4-ring model
![Page 16: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/16.jpg)
VM ↔ VMM
Guest OS Xen : Hypercalls Like system calls
Xen Guest OS : Events Like UNIX signals
![Page 17: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/17.jpg)
I/O Virtualization Need to minimize cost of transferring bulk data
via Xen Copying costs time Copying pollutes caches Copying requires intermediate memory
Device classes Net Disk Graphics
![Page 18: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/18.jpg)
I/O Virtualization Use rings of buffer descriptors
Descriptors are small: cheap to copy and validate Descriptors refer to bulk data No need to map or copy the data into Xen’s address space Exception: checking network packet headers prior to TX
Use zero-copy DMA to transfer bulk data between hardware and guest OS Net TX: DMA packet payload separately from validated
packet header Net RX: Page-flip receive buffers into guest address space
![Page 19: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/19.jpg)
![Page 20: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/20.jpg)
TCP Benchmarks
![Page 21: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/21.jpg)
Effect of I/O and OS interaction
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Linux Xen VMWare UML
SPEC INT2000 score
CPU Intensive
Little I/O and OS interaction
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Linux Xen VMWare UML
SPEC WEB99
180Mb/s TCP traffic
Disk read-write on 2GB dataset
![Page 22: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/22.jpg)
Scalability
![Page 23: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/23.jpg)
Performance Isolation 4 domains
2 PostgreSQL, SPECWEB99 workloads 2 anti-social workloads
Disk bandwidth hog: huge number of small file creations Fork Bomb
The Bad guys could not kill the Good guys In Native Linux: Rendered the machine
completely unusable !
![Page 24: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/24.jpg)
![Page 25: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/25.jpg)
Denali Isolation Kernel
University of Washington
![Page 26: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/26.jpg)
Motivation Functionality pushed into the network:
Google, IMDB, Hotmail, Amazon, EBay, online banking, …lots!
Major players use dedicated hardware. Lesser services find that cumbersome,
expensive and limiting: Hardware, rack space, bandwidth
Big deployment barrier for little services.
![Page 27: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/27.jpg)
Virtual hosting
Third-party hardware, with small services multiplexed on machines.
Need the ability to run untrusted code.
Likewise for CDNs for dynamic content.
![Page 28: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/28.jpg)
Goals: strong security resource control.
Don’t need: resource sharing. Conventional OSs do not isolate enough Spectrum of Ideas !
#1: OSs with Perf isolation #2: OSs and sandboxing #3: Exo- / Micro- kernels #4: Conventional VMs #5: Isolation Kernel
![Page 29: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/29.jpg)
Isolation Kernel Focus here is on
Performance with Scaling
and Isolation/Security
Reconsider the exposed Virtual Architecture
Downside (Linux port ?)
![Page 30: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/30.jpg)
Scaling Arguments
![Page 31: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/31.jpg)
Denali Mechanism
![Page 32: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/32.jpg)
Overall Architecture
![Page 33: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/33.jpg)
ISA Biggest challenge for x86 virtualization:
Ambiguous instruction semantics No support for ambiguous instructions
Two virtual Instructions Idle-with-timeout Terminate execution
![Page 34: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/34.jpg)
Memory Architecture Simple DOS-like architecture: No virtual MMU Why ?
TLB Problems on x86 : Hardware mapped: Inflexible
Avoids TLB Flushes
Optional Virtual MMU ?
![Page 35: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/35.jpg)
I/O and Interrupt Model Simpler interfaces to NIC, Disk, keyboard,
console and Timer Avoid the “chatty” interfaces
Interrupt Model Physical Interrupts Virtual interrupts
Interrupt Dispatch Model Delays and batches interrupts for non-running VMs Timing related interrupts ?? Real time apps, games
etc ?
![Page 36: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/36.jpg)
Implementation Round robin scheduling
Idle-with-timeout compensated with a higher priority for next quantum.
Can use existing compilers (gcc) to generate code
VMs are paged in on demand. VMM always in core
![Page 37: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/37.jpg)
Memory Virtualized 16MB of physical address space per VM
(since no virtual MMU).
Recently they added a virtual MIPS-style virtual MMU, so guest OS can virtualize its apps’ space. Overhead?
- Pre-allocated, strided swap space. No sharing, so each VM’s space is contiguous.
![Page 38: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/38.jpg)
Networked IO Ethernet driver moved from guest OS to
Denali. Rest of TCP/IP stack stays.
This suffices for early-demuxing received packets into the appropriate VM.
Virtual packet send/recv is 1 PIO each
![Page 39: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/39.jpg)
Guest OS Guest OS: currently only a library, with no
simulated protection boundary there. Supports a POSIX subset. Different from a traditional VM : OS more like a
process: single user, single task OS ? Flexibility ?
![Page 40: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/40.jpg)
Evaluation Network Latency
![Page 41: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/41.jpg)
TCP, HTTP throughput TCP: BSD-Linux 607Mb/s
Denali-Linux 569Mb/
![Page 42: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/42.jpg)
Fair comparison?
Denali with library kernel compared against BSD: both have one protection boundary
Denali-Linux will have one real and one simulated protection boundary: different ?
![Page 43: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/43.jpg)
Batching Reduction in context switching frequency
![Page 44: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/44.jpg)
Idle-with-timeout
![Page 45: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/45.jpg)
Scalability
In-core regime – constant performance disk bound regime - problems
![Page 46: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/46.jpg)
Scalability and block size
Internal fragmentation!
![Page 47: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/47.jpg)
Evaluation summary
Good performance and scalability
due to
architectural modifications
various techniques
Is the lib OS representative of a real OS?
![Page 48: Xen and the Art of Virtualization University of Cambridge Presenter: Ashish Gupta.](https://reader035.fdocuments.in/reader035/viewer/2022062320/56649d545503460f94a315f7/html5/thumbnails/48.jpg)