Migration to NGN and EAGLE XG SSR

Download Report

Transcript Migration to NGN and EAGLE XG SSR 

Virtualizing Operating Systems
Dr. Dorgham Sisalem
This document is for informational purposes only, and Tekelec reserves the right to change any aspect of the products, features or
functionality described in this document without notice. Please contact Tekelec for additional information and updates.
Agenda
›
›
›
›
What is meant with Virtualization?
Why bother?
Terminology
Classical approach?

›
Why do not we use it?
Virtualization methods

Full Virtualization

Paravirtualization

Hardware-Assisted Virtualization
›
Summary
›
Slides under http://www.iptel.org/~dor/papers/Sisalem_VM.ppt
2 |
Classical Computer System
User applications:
User
User
User
Process
Process
Process
Compiled only for certain OS on certain ISA
Each process believes to have access to all HW resources
Operating System:
Mediator between user and machine
Distribute resources among processes
Operating System
Access IO on behalf of processes
Only one OS at a time
Compiled only for a certain ISA
Instruction Set Architecture
(ISA)
Machine
Physical hardware:
CPU, memory, IO devices
Classical Virtual System
U
P
U
P
U
P
U
P
U
P
U
P
U
P
U
P
U
P
Guest:
Assumes certain ISA (and possibly OS)
Guest
Guest
Guest
OS
OS
OS
ISA
ISA
ISA
Each guest believes to have access to all HW resources
and to be using its native ISA
VMM: Hypervisor
Mediator between guest and host
Virtual Machine Monitor
(VMM)
Distribute resources among guests
Access IO on behalf of guests
Works on a certain ISA
Instruction Set Architecture
(ISA)
Host Platform
Host:
Physical hardware: CPU, memory, IO devices
Possibly operating system
What is a Virtual Machine Monitor?

Classic Definition (Popek and Goldberg ’74)

The VMM provides an environment for programs which is
essentially identical with the original machine

Programs run in the environment show at worst only minor
decrease in speed

The VMM is in control of system resources
Virtualization Benefits
 Isolation
 Fault isolation
 Performance isolation
 Portability
 Independent of physical hardware
 Enables migration of live, running VMs
 Efficiency
 Idle resources used by multiple users and services
 Improved scalability
 Add more resources for a customer
A short history of virtualization
Seventies: Save costs
Since 1998: Save costs, clouds
Expensive Hardware
Virtualization to save costs by using the
Support time-sharing
same system for multiple users and OS
Multiple versions of OS
IBM implements virtualization
into its mainframes (VM/370)
Eighties, nineties:
Cheap Hardware
Virtualization considered
High performance
exotic technology
Vmware, Xen, Parallels, Microsoft … offer
virtualization solutions
Moderately expensive Hardware
Moderate performance
Support windows over mac or old games
What‘s in it for the developer?
› Portable software must be tested
BSD
Linux
Unix
on different platforms
› The Different platforms will
remain idle most of the time
› Reduce costs, management and
space needs
BSD
Linux
VMM
8 |
Unix
What‘s in it for hosting provider?
Customer1
Customer 2
Cust 1
Cust 2
VMM
Customer 3
Cust 3
› Data centers with no Virtualization
› Multiple customer applications
›
on the same OS
› No isolation
› Possible security
problems
› Server/customer
› Idle resources
With Virtualization
› Each customer on a virtual
machine
› Reduce costs, management and
space needs
9 |
What‘s in it for users?
 Heterogeneous applications on
Visio
Keynote
(only for windows=
(only for mac OS)
Atari
the user’s host
 Windows application on mac
 Old games
 …
 Offer the user a wider range of
Visio
Keynote
Host
10 |
Atari
applications
VM Classification
VM
Process
Emulation
System
High Level
Language VM
(Java VM)
11 |
Hosted
Bare HW
Type 2
(Type 1)
Process vs. System VM
User
process
(UP)
Windows
application
Runtime
Linux
application
(ISA2)
U
P
U
P
U
P
U
P
U
P
U
P
Win XP
Linux
U
P
U
P
U
P
Win Vista
Runtime
Operating System (Linux)
Virtual Machine Monitor
Instruction Set Architecture
Instruction Set Architecture
(ISA)
(ISA)
Machine
Host Platform
Process VM:
System VM:
Enable a single process to run on the
host
Enable a complete system (OS +
applications) to run on the host
12 |
Process VM: Emulation
• Adapt from one OS to another
• Adapt from one ISA to another
• Virtualize the Application Binary Interface (ABI)
Guest
• User ISA
• System calls to OS
• Virtualization
software
intercepts
the
application’s system calls and translates them
into the hosts system calls
• If guest and host ISA are different then
translate these as well
• Examples: Wine
13 |
Virtualizing Software
ABI
Operating System
Instruction Set Architecture
(ISA)
Machine
System VM: Hosted vs. Bare HW VMM
U
P
U
P
U
P
U
P
Win XP
User
Process
U
P
U
P
U
P
Linux
U
P
Linux
Virtual Machine
Monitor
(UP)
U
P
Win XP
U
P
U
P
U
P
Win Vista
Machine
Machine
Hosted VM
U
P
Virtual Machine Monitor
Host OS
›
U
P
›
Bare HW VM
 VMM runs as a user process on top of the host OS
 VMM runs directly on the hardware
 Easy to install
 Need to install the machine from scratch
•
An additional application
 VMM can use IP device drivers of host OS
 VMM scheduled as user process
•
No control on execution and resources
 Less efficient
 Examples: VM Workstation. Parallels ..
14 |
 VMM offers the IP devices to the guests
 VMM controls which guest gets which
share and when
 Examples: VM ESX, Qemu, Xen
Virtualization: What are the Problems?
› Isolation: Make sure that one guest does not harm another
 Only VMM can use priviliged instructions
› Memory management: Each guest believes it has access to
physical memory
 Map memory locations of guest to actual machine memory
› IO: All guests want access to disc, network, USB ....
 Schedule between guests and prevent one guest from disturbing
others
• Multiple guests share the same NIC but might want to have different
IP addresses
15 |
Computer Architecture: CPU
User ISA: Non-Priviliged
CPU calculations
Non-Privileged Instruction: User
Memory read-write in user memory space
Kernel ISA: Priviliged
Privileged Instruction: Kernel
IO access
Manage user memory space
Create/destroy processes
Context switch
Application
1. Run calculation on CPU
2
3
OS
ABI
Instruction Set Architecture
(ISA)
Machine
16 |
2. Raise system call for IO
access
1
3. Kernel takes over and issues
privileged instruction
Classical Virtualization Approach: CPU
User: Non-Privileged
CPU calculations
Even less Privileged Instruction: User
Memory read-write in user memory space
Kernel: Non-Privileged
IO access
Non-Privileged Instructions: Kernel
Manage user memory space
Create/destroy processes
Context switch
VMM: Privileged
IO access
Manage Guest memory space
Privileged Instructions: VMM
Create/destroy guests
Context switch between guests
Need at lest three levels of privileges
17 |
Classical Virtualization Approach: CPU
1. Run calculation on CPU
Application
3
2
2. Raise system call for IO
access
ABI
3. Kernel takes over and issues
privileged instruction but in
non-privileged mode
Guest OS
✗4
ISA
5
VMM
ISA
Machine
1
4. Command will
generate a trap
fail
and
5. The VMM catches the trap
and
1. Checks if the guest is
allowed to do the action
2. Issues the command
on behalf of the guest
18 |
Computer Architecture: Memory
Process 1
Process 2
Logical page numbers (LPN):
LPN
Process believes to have access
to all memory
PPN
Physical page numbers (PPN):
OS maps LPN to a physical location
19 |
Classical Virtualization Approach: Memory
Virtual Machine 1
Virtual Machine 2
Process 2
Process 1
Process 1
Process 2
Logical page numbers (LPN)
PPN
Physical page numbers (PPN):
PPN
•Each guest believes to have
access to the entire machine
physical memory
•No longer
memory
Shadow pages
references
physical
VMM
MPN
Machine page numbers (MPN):
•Map physical pages to the machine
Shadow page numbers:
memory
•Map logical pages to the machine memory
•Reduces the effort for a two step lookup
•Increases the complexity as the pages must be kept in sync with the guests
20 |
Virtualizing X86
› X86 use the IA32 Instruction set
› Offers four levels of priviliges
› Is not virtualizable using the classical
approach
 Some proviliged instructione when run in
non-proviliged mode fail silently
• No trap!
21 |
Ring3: User
Ring2
Ring1: Guest OS
Ring0: VMM
Full Virtualization: Processor
› Emulate x86 environment to the guest OS
 Interpretation
• Fetch one instruction at a time
• Decode the instruction: get the registers and memory
• Execute an Interpreter routine that provides the same functionality
• Highly inefficient
- 1 instruction in OS can cause hundreds of instructions in VMM
• Sometimes used for process vitualization
 Binary Translation
• Translate source binary program to target binary before/during execution
- Go through the binary code and replace problematic instructions
- Generate compiled code
• Higher startup costs: VMM need to understand what is going on
• Higher performance: number of additional instructions in the range of tens
- Optimization:
» Optimize frequently used parts
22 |
» Cache compiled segments
Full Virtualitzation: Binary Translation
Introduction to Virtual Machines, Carl Waldspurger
Guest Code
vEPC
mov
ebx, eax
cli
and
mov
ebx, ~0xfff
ebx, cr3
Translation Cache
mov
ebx, eax
mov
[VIF], 0
and
mov
ebx, ~0xfff
[CO_ARG], ebx
sti
call
HANDLE_CR3
ret
mov
[VIF], 1
test
[INT_PEND], 1
jne
call
HANDLE_INTS
jmp
HANDLE_RET
start
Full Virtualization: Memory Management
› Use shadow tables for memory management
 Block memory segments of Guests
 Guest access to memory segments results in a trap
 VMM updates shadow tables
› VMM needs to keep shadow and LPM in sync
24 |
Full Virtualization: IO Devices
› IO access
 Shared devices: Network card
• Guest access to a virtual device is intercepted by the VMM
• VMM conducts the actual access
OS
Driver
p
e
r
s
o
s
c
Device
• Data received on the device cause an interrupt at the guest
OS
• VMM needs to implement the device drives for all kinds of
devices
OS
Driver
 Dedicated device: display, keyboard …
• Guest Bypasses VM: No need to virtualize the device
• Not really that simple as some instance needs to translate
between guest and IO memory
- IO devices have their own memory
Device
Virtual device
Driver
- IO devices can access machine memory directly
Device
25 |
p
e
r
s
o
s
c
Paravirtualization
› VMM offers the Guests a modified ISA
 Example: XEN
› Guest operating system is modified to use the VMM
 In Full Virtualization problematic parts are fixed by VMM
 In Paravirtualization problematic parts are fixed by developer of OS
• Use Hypercalls instead of the native OS calls
› Memory management
 Guest allocates the pages
 Read access is still directly without VMM involvement
 Updates to the pages afterwards is only through hypercalls
 VMM validates the Guest’s write/delete instructions
 Guest can apply changes in batches
 Mapping from logical to physical to machine addresses is the
responsibility of the Guest
26 |
Paravirtualization: IO Access
› IO access
 Add Paravirtual device drivers to the Guest
 VMM and Guest domain share an IO interface
• XEN uses a circular buffer
OS
Paravirtual Driver
• After placing one or more requests in the buffer the Guest
informs the VMM through a hyper call about the data
 No need for interrupts
IO Interface
Driver
Device
27 |
p
e
r
s
o
s
c
Paravirtualization
› Advantages
 Higher performance than Full virtualization
 Guest still has access to some real resources (time and
machine addresses)
› Disadvantage
 Need to modify the Guest OS
- Annoying even if <1%
- Changes are different for each OS
 Paravirtual drivers must be implemented for each OS
28 |
Hardware Assisted Virtualization
› Add an additional privilige level
 Guest OS runs in non-Root level
 Instructions that required Emulation or
Paravirtualization cause a switch from nonroot to root mode
› Hardware takes over the logical-2-physical-
Ring 0 : User
Ring 2:
Ring 1
Ring 0 (non-Root): Guest OS
to-Machine mapping
 For every PPN access the hardware checks
also the MPN
 No need for shadow tables
› Better support for dedicated devices
 Hardware takes over the mapping of logical
address to device address
• No need for virtual device drivers
• No need for emulation or paravirtualization
29 |
Ring 0 (root): VMM
Summary
› What are the benefits?
 Isolation, portability, scalability
› What are the usage scenarios?
 Development, data centers, heterogenous applications
› What is the classical way of doing virtualization
 Trap and emulate
› Why doesn‘t the x86 allow for virtualization in the classical manner
 Not all insructions of the IA32 cause a trap
› What are the common virtualization techniques
 Full virtualization: Uses Binary translation, hides the machine but is complex and
can be slow
 Paravirtualization: Uses Hypercalls, is faster and simpler than full virtualization
but requires changes to the OS
 Hardware assisted: Remove some of the limitations of Full Virtualization
• Remember which?
30 |
References
›
Virtual Machines: Versatile Platforms For Systems And Processes, James E. Smith,
Ravi Nair, May 2005, ISBN 1-55860-910-5
 “The Architecture of Virtual Machines". Smith, J. E.; Nair, R.(2005) Computer (IEEE Computer
Society)
›
›
“Understanding Full Virtualization, Paravirtualization, and Hardware Assist”
›
“Xen and the Art of Virtualization”, P. Barham et al. Proceedings of the ACM
Symposium on Operating Systems Principles (SOSP), October 2003
›
›
“A Comparison of Software and Hardware Techniques for x86 Virtualization”, K.
Adams and O. Ageson. Proceedings of ASPLOS 2006, October 2006
"Intel Virtualization Technology: Hardware Support for Efficient Processor
Virtualization". G. Neiger et al.; Intel Intel Technology Journal 10 (3); 2006
“Intel Virtualization Technology for Direct IO”, D. Abramson et al. ; Intel Technology
Journal 10 (3); 2006
31 |
Thank you !!
Questions
Dorgham Sisalem
Director Strategic Architecture
Mobile: +49 171 304 2053
E-mail: [email protected]
32 |