Xen and the Art of Virtualization - Barham et. al. CSE 598c - - - PowerPoint PPT Presentation

xen and the art of virtualization
SMART_READER_LITE
LIVE PREVIEW

Xen and the Art of Virtualization - Barham et. al. CSE 598c - - - PowerPoint PPT Presentation

Nov 23, 2022 237 likes •461 views

Xen and the Art of Virtualization - Barham et. al. CSE 598c - Spring 2006 William Enck CSE598c - Spring 2006 - Virtual Machines - Prof. Urgaonkar Page 1 Xens Goals Isolation Access Control Performance Heterogeneity

slide-1
SLIDE 1

CSE598c - Spring 2006 - Virtual Machines - Prof. Urgaonkar Page

Xen and the Art of Virtualization

  • Barham et. al.

CSE 598c - Spring 2006 William Enck

1

slide-2
SLIDE 2

CSE598c - Spring 2006 - Virtual Machines - William Enck Page

Xen’s Goals

  • Isolation
  • Access Control
  • Performance
  • Heterogeneity
  • Support a variety of Guest OSs
  • Low Performance Overhead

2

slide-3
SLIDE 3

CSE598c - Spring 2006 - Virtual Machines - William Enck Page

Terms

  • Guest OS: an operating system that Xen can host
  • Domain: a running virtual machine within a guest OS

executes

  • Hypervisor: Xen, or the
  • VMM. (operates at a higher

privilege level than the supervisor of Guest OSs)

3

slide-4
SLIDE 4

CSE598c - Spring 2006 - Virtual Machines - William Enck Page

A Review

  • Types of

Virtual Machine Monitors (VMMs)

4 Host Hardware VMM Guest OS App. App. Guest OS App. App. Guest OS App. App. Host Hardware Host OS VMM App. App. Guest OS App. App. Guest OS App. App.

Type I Type II

slide-5
SLIDE 5

CSE598c - Spring 2006 - Virtual Machines - William Enck Page

Xen Architecture

5

X E N H/W (SMP x86, phy mem, enet, SCSI/IDE)

virtual network virtual blockdev virtual x86 CPU virtual phy mem

Control Plane Software

GuestOS

(XenoLinux)

GuestOS

(XenoBSD)

GuestOS

(XenoXP)

User Software User Software User Software

GuestOS

(XenoLinux)

Xeno-Aware Device Drivers Xeno-Aware Device Drivers Xeno-Aware Device Drivers Xeno-Aware Device Drivers

Domain0 control interface

Figure 1: The structure of a machine running the Xen hyper- visor, hosting a number of different guest operating systems, including Domain0 running control software in a XenoLinux environment.

slide-6
SLIDE 6

CSE598c - Spring 2006 - Virtual Machines - William Enck Page

Xen Architecture

6

X E N H/W (SMP x86, phy mem, enet, SCSI/IDE)

virtual network virtual blockdev virtual x86 CPU virtual phy mem

Control Plane Software

GuestOS

(XenoLinux)

GuestOS

(XenoBSD)

GuestOS

(XenoXP)

User Software User Software User Software

GuestOS

(XenoLinux)

Xeno-Aware Device Drivers Xeno-Aware Device Drivers Xeno-Aware Device Drivers Xeno-Aware Device Drivers

Domain0 control interface

Figure 1: The structure of a machine running the Xen hyper- visor, hosting a number of different guest operating systems, including Domain0 running control software in a XenoLinux environment.

slide-7
SLIDE 7

CSE598c - Spring 2006 - Virtual Machines - William Enck Page

Xen Hypervisor

  • Hypervisor provides only basic control operations
  • CPU scheduling between domains
  • filtering network packets before transmission
  • access control for block reads
  • No need to look deeper
  • e.g. CPU sharing, type of transmitted data
  • Potentially complex policy decisions are best performed

by management software in a guest OS

7

slide-8
SLIDE 8

CSE598c - Spring 2006 - Virtual Machines - William Enck Page

Xen Architecture

8

X E N H/W (SMP x86, phy mem, enet, SCSI/IDE)

virtual network virtual blockdev virtual x86 CPU virtual phy mem

Control Plane Software

GuestOS

(XenoLinux)

GuestOS

(XenoBSD)

GuestOS

(XenoXP)

User Software User Software User Software

GuestOS

(XenoLinux)

Xeno-Aware Device Drivers Xeno-Aware Device Drivers Xeno-Aware Device Drivers Xeno-Aware Device Drivers

Domain0 control interface

Figure 1: The structure of a machine running the Xen hyper- visor, hosting a number of different guest operating systems, including Domain0 running control software in a XenoLinux environment.

slide-9
SLIDE 9

CSE598c - Spring 2006 - Virtual Machines - William Enck Page

Domain0 (Dom0)

  • The domain created at boot time is permitted to

use the control interface

  • Full access to the physical machine
  • Responsible for hosting application level

management software

  • create and terminate other domains
  • delegate access to machine resources (mem, disks, NICs)

9

slide-10
SLIDE 10

CSE598c - Spring 2006 - Virtual Machines - William Enck Page

Domain Management

10

slide-11
SLIDE 11

CSE598c - Spring 2006 - Virtual Machines - William Enck Page

Xen Architecture

11

X E N H/W (SMP x86, phy mem, enet, SCSI/IDE)

virtual network virtual blockdev virtual x86 CPU virtual phy mem

Control Plane Software

GuestOS

(XenoLinux)

GuestOS

(XenoBSD)

GuestOS

(XenoXP)

User Software User Software User Software

GuestOS

(XenoLinux)

Xeno-Aware Device Drivers Xeno-Aware Device Drivers Xeno-Aware Device Drivers Xeno-Aware Device Drivers

Domain0 control interface

Figure 1: The structure of a machine running the Xen hyper- visor, hosting a number of different guest operating systems, including Domain0 running control software in a XenoLinux environment.

slide-12
SLIDE 12

CSE598c - Spring 2006 - Virtual Machines - William Enck Page

User Domains (DomU)

  • Use abstracted interfaces managed by Dom0
  • Virtual network InterFaces (VIF)
  • Dom0 can prevent source address spoofing
  • Virtual Block Devices (VBD)
  • Additional reordering and scheduling in Xen
  • Receive a static amount of memory
  • Strong Isolation
  • Can be increased with the Balloon Driver

12

slide-13
SLIDE 13

CSE598c - Spring 2006 - Virtual Machines - William Enck Page

Device View

13

slide-14
SLIDE 14

CSE598c - Spring 2006 - Virtual Machines - William Enck Page

A Review

  • Challenges of

Virtualization

  • Processor Support
  • All sensitive instructions must be privileged (i.e. must trap)
  • Not the case for x86
  • Problem Areas
  • Syscalls, Page Faults
  • Work-arounds
  • Full Virtualization (VMWare)
  • Signal Handers (User-Mode Linux)

14

slide-15
SLIDE 15

CSE598c - Spring 2006 - Virtual Machines - William Enck Page

Paravirtualization

  • Drawbacks of Full

Virtualization

  • Efficiency
  • Need for real and virtual time (e.g. TCP timeouts)
  • Solution: Paravirtualization
  • Present a virtual machine abstraction that is similar but

not identical to the underlying hardware

  • Requires modification of the guest OS
  • does not require changes to the ABI (guest applications)
  • Xen does this differently than the Denali project

15

slide-16
SLIDE 16

CSE598c - Spring 2006 - Virtual Machines - William Enck Page

Control Transfer

  • Domain to Xen
  • Hypercall
  • synchronous call from a domain to Xen
  • Xen to Domain
  • Asynchronous Event Mechanism
  • Replaces device interrupts
  • e.g., received data
  • Similar to traditional UNIX signals (must register callback)

16

slide-17
SLIDE 17

CSE598c - Spring 2006 - Virtual Machines - William Enck Page

Data Transfer

  • I/O Descriptor Rings
  • For transferring data between a Domain and Xen
  • Indirectly reference Guest OS managed I/O buffers
  • Four pointers {(Producer, Consumer) X (Xen, Domain)}
  • Domains produce requests
  • Xen consumes requests
  • Xen produces responses
  • Domains consume responses

17

Request Consumer Private pointer in Xen Request Pr oducer Shared pointer updated by guest OS Response Consumer Private pointer in guest OS Response Pr oducer Shared pointer updated by Xen Request queue - Descriptors queued by the VM but not yet accepted by Xen Outstanding descriptors - Descriptor slots awaiting a response from Xen Response queue - Descriptors returned by Xen in response to serviced requests Unused descriptors

Figure 2: The structure of asynchronous I/O rings, which are used for data transfer between Xen and guest OSes.

slide-18
SLIDE 18

CSE598c - Spring 2006 - Virtual Machines - William Enck Page

Virtual Address Translation

  • Hardware page tables cause problems
  • No ASID tags on TLB = flush on address space switch
  • VMWare: “shadow” page tables (hurts performance)
  • Paravirtualization allows Xen to avoid this
  • Xen registers Guest OS page tables directly with MMU
  • Restricts Guest OSes to read-only access
  • Guest OS manages page tables (hypercalls)
  • Xen need only be involved in page table updates
  • Xen in top 64MB

18

slide-19
SLIDE 19

CSE598c - Spring 2006 - Virtual Machines - William Enck Page

Performance

19

L 567 X 567 V 554 U 550

SPEC INT2000 (score)

L 263 X 271 V 334 U 535

Linux build time (s)

L 172 X 158 V 80 U 65

OSDB-IR (tup/s)

L 1714 X 1633 V 199 U 306

OSDB-OLTP (tup/s)

L 418 X 400 V 310 U 111

dbench (score)

L 518 X 514 V 150 U 172

SPEC WEB99 (score)

0.0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1.0 1.1

Relative score to Linux

Figure 3: Relative performance of native Linux (L), XenoLinux (X), VMware workstation 3.2 (V) and User-Mode Linux (U).

slide-20
SLIDE 20

CSE598c - Spring 2006 - Virtual Machines - William Enck Page

Applications of VMMs

  • Server Consolidation
  • Co-Located Hosting Facilities
  • Distributed Web Services
  • Secure Computing Platforms
  • Application Mobility

20

slide-21
SLIDE 21

CSE598c - Spring 2006 - Virtual Machines - William Enck Page

Xen Since 1.0

  • I/O changes
  • Live Migration
  • SMP for DomUs
  • Support for Intel

VT

  • x and AMD Pacifica
  • No more paravirtualization!

21