Transcript Xen and the Art of Virtualization

Xen and the Art of
Virtualization
Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim
Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, Andrew Warfield
By Tyrel Russell
October 25, 2006
Overview





A virtual machine monitor
Paravirtualization
Design
Evaluation
Discussion
Motivating Goals
 Virtual machine monitor
– allows isolation of processes and virtual
machines
– supports a variety of guest operating systems
– performance overhead is minimal
Paravirtualization
 Provides an abstract machine similar to the
underlying machine
 Avoids difficulties of virtualizing all parts of
the architecture
 Specifically, avoids parts of the x86
architecture that weren’t designed for
virtualization
 Requires modification of guest OSes
Xen Design Principles
 Support unmodified application binaries
 Support full multi-application operating
systems
 Paravirtualization is necessary for
performance
 Hiding the effects of resource virtualization
The Virtual Machine Interface
 Memory Management
– Guest OSes manage and allocate hardware
page tables
– Avoids TLB flushes by maintaining Xen in every
address spaces
 CPU
– Guest OSes must run at a lower privilege level
 Device I/O
– Uses a shared buffer to increase performance
Cost of Porting OS to Xen




Modify code accessing page tables
Virtual network driver
Virtual block driver
Rewriting routines using privileged
instructions
 Changing low-level system initialization
code
 Changing boot-loading mechanism
The Control Interface
 Hypervisor controls
basic operations
 Control of the system
is performed by the
Control Plane Software
 Separate Guest OS
called the Domain0
Hypercalls and Events
 Hypercalls perform a synchronous software
trap
– Needed to perform privileged operations
– Updating page tables
 Communication from a guest OS and Xen is
performed by an event system
– Including device interrupts and termination
requests
I/O Rings
 A ring of I/O
descriptors
 Buffer memory is
provided by the guest
OS
 Requests and
responses can be
batched
Subsystem Virtualization






CPU Scheduling
Time and timers
Virtual Address Translation
Physical Memory
Network
Disk
CPU Scheduling and Timers
 Uses the Borrowed Virtual Time scheduling
algorithm
– Work conserving
– Low-latency wakeup
 Guest OSes can see both real and virtual
time
– Xen provides a timer through the event
mechanism to deal with guest OS timers
Virtual Address Translation
 Page Tables cannot be directly written
– Writes must be validated
 Page tables are associated with:
– a type
– a reference count
 To minimize calls, the requests can be
batched
Physical Memory
 Memory is reserved for a guest OS statically
 Xen can pass more pages if necessary
through a balloon driver
 Guest OSes create an illusion of contiguous
physical memory using a shared translation
array
Network
 Virtual Firewall Router
– One or more network interfaces
 Network interface is two I/O rings of
descriptors
– Transmission
– Receive
 The descriptors have a set of rules to
perform operations like firewall functions
Disk
 Domain0 has unchecked access
 Others access through virtual block drivers
 A VBD is a list ownership and access control
information
 Accessed using the I/O ring mechanism
 A translation table is maintained by Domain0
in the hypervisor
Building a New Domain




Domain0 creates new domains
Allocates a new address space
Informs Xen of initial register state
Builds boot-time address space to match
guest OS
Evaluation
 Compared:
– Linux
– XenoLinux (Xen)
– VMware workstation 3.2
– User-Mode Linux
Tests





Relative Performance Tests
Operating System Benchmarks
Concurrent Virtual Machines
Performance Isolation
Scalability
Discussion
 Is the memory load of guest operating systems acceptable
to reach their scalability goal? Especially with Windows?
 How much modification of guest operating systems is too
much? That is, is several thousand lines of code per
operating system actually minimal effort?
 What information is transparent to a guest OS in Xen? In
other words, how much information can be obtained
through Xen about other guests?
 They assume top 64MB of address will not be used by
applications. Is this reasonable?
 Trade-off between paravirtualization and full virtualization