Xen and the Art of Virtualization. CSE-291 (Cloud Computing) Fall 2016

Similar documents
Lecture 7. Xen and the Art of Virtualization. Paul Braham, Boris Dragovic, Keir Fraser et al. 16 November, Advanced Operating Systems

Advanced Operating Systems (CS 202) Virtualization

Xen and the Art of Virtualization. Nikola Gvozdiev Georgian Mihaila

Virtualization, Xen and Denali

Virtual Machines Disco and Xen (Lecture 10, cs262a) Ion Stoica & Ali Ghodsi UC Berkeley February 26, 2018

24-vm.txt Mon Nov 21 22:13: Notes on Virtual Machines , Fall 2011 Carnegie Mellon University Randal E. Bryant.

Xen and the Art of Virtualization

CSE 120 Principles of Operating Systems

Background. IBM sold expensive mainframes to large organizations. Monitor sits between one or more OSes and HW

Virtual Machine Monitors (VMMs) are a hot topic in

Dan Noé University of New Hampshire / VeloBit

Cloud Computing Virtualization

CS 350 Winter 2011 Current Topics: Virtual Machines + Solid State Drives

Linux and Xen. Andrea Sarro. andrea.sarro(at)quadrics.it. Linux Kernel Hacking Free Course IV Edition

COMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy

Xen and the Art of Virtualization

Xen and the Art of Virtualization

CSC 5930/9010 Cloud S & P: Virtualization

Xen and the Art of Virtualiza2on

OS Virtualization. Why Virtualize? Introduction. Virtualization Basics 12/10/2012. Motivation. Types of Virtualization.

Fast access ===> use map to find object. HW == SW ===> map is in HW or SW or combo. Extend range ===> longer, hierarchical names

CHAPTER 16 - VIRTUAL MACHINES

Virtual Memory. Lecture for CPSC 5155 Edward Bosworth, Ph.D. Computer Science Department Columbus State University

CLOUD COMPUTING IT0530. G.JEYA BHARATHI Asst.Prof.(O.G) Department of IT SRM University

Virtual Machines. Part 2: starting 19 years ago. Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.

Exokernel: An Operating System Architecture for Application Level Resource Management

OS Extensibility: SPIN and Exokernels. Robert Grimm New York University

Fast access ===> use map to find object. HW == SW ===> map is in HW or SW or combo. Extend range ===> longer, hierarchical names

Review: Hardware user/kernel boundary

Virtualization. Pradipta De

The Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36

Virtualization and memory hierarchy

Virtualization with XEN. Trusted Computing CS599 Spring 2007 Arun Viswanathan University of Southern California

Lecture 5: February 3

Part 1: Introduction to device drivers Part 2: Overview of research on device driver reliability Part 3: Device drivers research at ERTOS

Operating Systems 4/27/2015

CSE543 - Computer and Network Security Module: Virtualization

CSE543 - Computer and Network Security Module: Virtualization

Memory Management Virtual Memory

Module 1: Virtualization. Types of Interfaces

Lecture 4: Mechanism of process execution. Mythili Vutukuru IIT Bombay

VMMS: DISCO AND XEN CS6410. Ken Birman

Distributed Systems Operation System Support

VIRTUALIZATION: IBM VM/370 AND XEN

CSE543 - Computer and Network Security Module: Virtualization

G Xen and Nooks. Robert Grimm New York University

Introduction to Cloud Computing and Virtualization. Mayank Mishra Sujesha Sudevalayam PhD Students CSE, IIT Bombay

Chapter 5 (Part II) Large and Fast: Exploiting Memory Hierarchy. Baback Izadi Division of Engineering Programs

I/O virtualization. Jiang, Yunhong Yang, Xiaowei Software and Service Group 2009 虚拟化技术全国高校师资研讨班

references Virtualization services Topics Virtualization

Last 2 Classes: Introduction to Operating Systems & C++ tutorial. Today: OS and Computer Architecture

Xen is Copyright (c) , The Xen Team University of Cambridge, UK

Announcements. Reading. Project #1 due in 1 week at 5:00 pm Scheduling Chapter 6 (6 th ed) or Chapter 5 (8 th ed) CMSC 412 S14 (lect 5)

The Architecture of Virtual Machines Lecture for the Embedded Systems Course CSD, University of Crete (April 29, 2014)

I/O and virtualization

Memory Management. Disclaimer: some slides are adopted from book authors slides with permission 1

What s An OS? Cyclic Executive. Interrupts. Advantages Simple implementation Low overhead Very predictable

Process Scheduling Queues

CS370 Operating Systems

Overview of System Virtualization: The most powerful platform for program analysis and system security. Zhiqiang Lin

Multiprocessor Scheduling. Multiprocessor Scheduling

DISCO and Virtualization

Computer Architecture. Lecture 8: Virtual Memory


Memory management. Requirements. Relocation: program loading. Terms. Relocation. Protection. Sharing. Logical organization. Physical organization

Intel Virtualization Technology Roadmap and VT-d Support in Xen

SPIN Operating System

Operating System Support

Virtual Machine Monitors!

Anne Bracy CS 3410 Computer Science Cornell University

Computer Architecture Background

Network device virtualization: issues and solutions

Virtualization. Michael Tsai 2018/4/16

Main Points of the Computer Organization and System Software Module

Virtual Leverage: Server Consolidation in Open Source Environments. Margaret Lewis Commercial Software Strategist AMD

0x1A Great Papers in Computer Security

CSCE Introduction to Computer Systems Spring 2019

COS 318: Operating Systems. Virtual Machine Monitors

CHAPTER 16 - VIRTUAL MACHINES

CS-580K/480K Advanced Topics in Cloud Computing. VM Virtualization II

Virtual Machines. To do. q VM over time q Implementation methods q Hardware features supporting VM q Next time: Midterm?

The different Unix contexts

LIA. Large Installation Administration. Virtualization

CS 5600 Computer Systems. Lecture 11: Virtual Machine Monitors

CIS : Computational Reproducibility

Chapter 5 C. Virtual machines

Support for Smart NICs. Ian Pratt

Anne Bracy CS 3410 Computer Science Cornell University

CS5460: Operating Systems

Virtualization. Part 1 Concepts & XEN

Virtual Machine Security

Virtualization. Operating Systems, 2016, Meni Adler, Danny Hendler & Amnon Meisels

Operating Systems CMPSCI 377 Spring Mark Corner University of Massachusetts Amherst

Objectives and Functions Convenience. William Stallings Computer Organization and Architecture 7 th Edition. Efficiency

Review for Midterm. Starring Ari and Tyler

COS 318: Operating Systems. Virtual Memory and Address Translation

Multithreaded Processors. Department of Electrical Engineering Stanford University

CS370 Operating Systems

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING UNIT I

Virtualization. Starting Point: A Physical Machine. What is a Virtual Machine? Virtualization Properties. Types of Virtualization

Transcription:

Xen and the Art of Virtualization CSE-291 (Cloud Computing) Fall 2016

Why Virtualization? Share resources among many uses Allow heterogeneity in environments Allow differences in host and guest Provide a mechanism for migration, checkpointing, etc Recovery, maintenance Provide for elasticity

Challenges to Virtualization Isolation Performance w.r.t. resource sharing (CPU, memory, network, disk) Protection w.r.t. resource use Support multiple operating systems Minimal performance penalty

Granularity Multiplex processes Finely grained, but forces symmetric execution environment Multiplex OSes Allows heterogeneous environments High overhead of OS, runtime wastage and start-up latency

Full Virtualization Can be expensive Time might not be a resource that it is desirable to virtualize Timeouts, etc Real network addresses allow better integration with real-world Much easier with hardware support

Paravirtualization Good enough virtualization Very similar to fully virtualized machine, but some differences that can be leveraged by knowledgeable OS OS needs to be tweaked Apps do not need to be changed

Xen Design Principles 1. Support for unmodified application binaries is essential, or users will not transition to Xen. Hence we must virtualize all architectural features required by existing standard ABIs. 2. Supporting full multi-application operating systems is important, as this allows complex server configurations to be virtualized within a single guest OS instance. 3. Paravirtualization is necessary to obtain high performance and strong resource isolation on uncooperative machine architectures such as x86. 4. Even on cooperative machine architectures, completely hiding the effects of resource virtualization from guest OSes risks both correctness and performance

Memory Management: Hardware Support Hardware Support: Software Managed TLB (Not available on x86) Easiest option Not available on x86 Hardware Support: Tagged TLB (Not available on x86) Use one tag per address space Also a good option x86 Hardware managed page table Flushed upon context switch

Virtualizing Memory Management On x86 Implication: All valid page translations must be in page table Guest OSes allocate and manage page tables Xen needs to be mapped into all address spaces, so entering and leaving it doesn t require a flush or load. But protected from Guest OS Guest OS allocates pages from own memory, but asks Xen to map it Xen can validate/protect page tables OS can batch updates for performance (amortize hypervisor overhead)

Virtualizing CPU: Privlege In model with only two privilege levels, hypervisor would need to be at OS s normal level of privilege OS would need to run at app level, in its own context Hypervisor would need to handle transitions, setting page tables, etc Insert whole discussion about TLBs here X86 supports 4 privilege levels ( rings ) 0 normally for OS, 3 normally for apps With Xen, Xen uses Ring-0, OS uses Ring-1 Isolates OS from Apps Ensures only Xen can run privileged instructions

Virtualizing CPU: Privileged Instructions Paravirtualized Instructions Validated and executed within Xen (Ring-0) Processor fails or faults attempts other than from Ring-0 Guest OS can t directly execute Exceptions (Faults, Traps, etc) Handled by Xen, which copies exception frame to Guest OS Adjustment needed for page fault handler, since OS can t read address from CR2 register Xen copies to an extended stack frame. OS Needs to be modified to look there.

SysCalls and Page Faults Common enough to affect performance Syscalls Guests register fast interrupt handler (top half) Validated by Xen for install Page Faults Can t be optimized. Address is in CR2 and needs to be propagated by Xen

Device I/O Fully abstracted by Xen Simple interface Shared memory ring-buffers Callbacks via bit-maps replace interrupts Xen flips bit and calling Guest OS event handler Can also be blocked by OS

The Paravirtualized X86 Interface

Overall Structure

Control and Management Separation of Policy and Mechanism Xen exports interfaces Domain-0 created at boot time Able to create new domains Creates and deletes virtual network and block devices and associated access controls Manages the resources associated with each domain Guest OSes use interfaces to manage resources Exports application management interface Manage all of the resources

Hypercalls and Events Hypercall Synchronous calls from domain into Xen Basically a trap into the hypervisor, e.g. to request page table updates Events Notifications to domain from Xen, e.g. to replace interrupts Per domain bitmask is updated, followed by notification

Data Transfer: I/O Rings Circular ring Allocated by domain Accessible by Xen 2 pairs of producer-consumer pointers

CPU Scheduling Schedule domains via Borrowed Virtual Time (BVT) Balances context switches, dispatch time, and fairness Borrows from future time to allow warm threads to favor recently woken domains

Time and Timers Real time Seconds since machine s boot to the accuracy of processor s cycle counter Virtual time Advances only when VM is running Wall-clock time Real time plus offset Allows adjustment to real-time, without messing it up

Physical Memory Memory is statically partitioned to domains Memory can later be released Virtualized physical pages need to be mapped to physical pages for page tables Xen provides this via a globally readable array Can also be used to optimize for cache locality, etc.

Network Provides Virtual Firewall Router (VFR) Each domain has one or more Virtual Network Interfaces (VIF) attached to VFR Each VIF has two rings of buffer descriptors: transmit and receive Rules managed by Domain-0 Transmit: Enqueue packet descriptor Packet payload via scatter-gather DMA Simple round-robin packet scheduler Receive: Exchange packet-buffer for empty frame on ring

Disk Only Domain-0 can access the actual disks Disks are represented as Virtual Block Devices (VBDs) Translation table from VBD offset to physical offset VBDs keep extents and access control information Guest scheduler may order requests going onto ring Xen can reorder after that, knowing more about storage Requests from competing domains are batched and round-robin scheduled Fairness, but minimize overhead Domains can specify reorder barriers to preserve higher-level semantics, e.g write-ahead log

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback