Making Nested Virtualization Real by Using Hardware Virtualization Features

Similar documents
Nested Virtualization Update From Intel. Xiantao Zhang, Eddie Dong Intel Corporation

Intel Virtualization Technology Roadmap and VT-d Support in Xen

KVM for IA64. Anthony Xu

Micro VMMs and Nested Virtualization

I/O virtualization. Jiang, Yunhong Yang, Xiaowei Software and Service Group 2009 虚拟化技术全国高校师资研讨班

KVM as The NFV Hypervisor

Live Migration of vgpu

Practical Xen Testing at Intel

How to abstract hardware acceleration device in cloud environment. Maciej Grochowski Intel DCG Ireland

SR-IOV support in Xen. Yaozu (Eddie) Dong Yunhong Jiang Kun (Kevin) Tian

4th Generation Intel Core vpro Processors with Intel VMCS Shadowing

What is KVM? KVM patch. Modern hypervisors must do many things that are already done by OSs Scheduler, Memory management, I/O stacks

Intel Desktop Board DZ68DB

Intel Graphics Virtualization on KVM. Aug KVM Forum 2011 Rev. 3

Runtime VM Protection By Intel Multi-Key Total Memory Encryption (MKTME)

Intel Transparent Computing

Evolving Small Cells. Udayan Mukherjee Senior Principal Engineer and Director (Wireless Infrastructure)

Intel Atom Processor Based Platform Technologies. Intelligent Systems Group Intel Corporation

Design of Vhost-pci - designing a new virtio device for inter-vm communication

Intel Graphics Virtualization Technology. Kevin Tian Graphics Virtualization Architect

Intel Cache Acceleration Software for Windows* Workstation

Intel Server Board S2600STB

Virtualization. Starting Point: A Physical Machine. What is a Virtual Machine? Virtualization Properties. Types of Virtualization

Virtualization. ! Physical Hardware Processors, memory, chipset, I/O devices, etc. Resources often grossly underutilized

Graphics Pass-through with VT-d

Extending Energy Efficiency. From Silicon To The Platform. And Beyond Raj Hazra. Director, Systems Technology Lab

Hardware-Assisted Mediated Pass-Through with VFIO. Kevin Tian Principal Engineer, Intel

Intel Setup and Configuration Service. (Lightweight)

LED Manager for Intel NUC

Intel Platform Administration Technology Quick Start Guide

Intel Server Board S2600CW2S

Achieve Low Latency NFV with Openstack*

Intel Setup and Configuration Service Lite

I/O Scalability in Xen

Intel Desktop Board D945GCLF2

Optimizing and Enhancing VM for the Cloud Computing Era. 20 November 2009 Jun Nakajima, Sheng Yang, and Eddie Dong

Intel 82580EB/82580DB GbE Controller Feature Software Support. LAN Access Division (LAD)

Advanced Operating Systems (CS 202) Virtualization

GraphBuilder: A Scalable Graph ETL Framework

COSC6376 Cloud Computing Lecture 14: CPU and I/O Virtualization

Drive Recovery Panel

Intel Xeon Phi Coprocessor. Technical Resources. Intel Xeon Phi Coprocessor Workshop Pawsey Centre & CSIRO, Aug Intel Xeon Phi Coprocessor

How to Configure Intel X520 Ethernet Server Adapter Based Virtual Functions on SuSE*Enterprise Linux Server* using Xen*

Intel Desktop Board D946GZAB

Intel Desktop Board DG41CN

Introduction to SGX (Software Guard Extensions) and SGX Virtualization. Kai Huang, Jun Nakajima (Speaker) July 12, 2017

Hardware- assisted Virtualization

INTEL PERCEPTUAL COMPUTING SDK. How To Use the Privacy Notification Tool

VT-d Posted Interrupts. Feng Wu, Jun Nakajima <Speaker> Intel Corporation

Intel vpro Technology Virtual Seminar 2010

Software Evaluation Guide for ImTOO* YouTube* to ipod* Converter Downloading YouTube videos to your ipod

Intel G31/P31 Express Chipset

Intel and the Future of Consumer Electronics. Shahrokh Shahidzadeh Sr. Principal Technologist

The Transition to PCI Express* for Client SSDs

Intel Desktop Board DG31PR

Intel Unite Plugin Guide for VDO360 Clearwater

Expand Your HPC Market Reach and Grow Your Sales with Intel Cluster Ready

Intel 848P Chipset. Specification Update. Intel 82848P Memory Controller Hub (MCH) August 2003

Intel Server Board S2400SC

Intel Unite. Intel Unite Firewall Help Guide

Intel Education Theft Deterrent Release Note WW16'14. August 2014

Intel Desktop Board DP55SB

Intel Desktop Board DG41RQ

Intel Desktop Board D945GCCR

Intel Integrated Native Developer Experience 2015 (OS X* host)

Intel Server Board S1200BTS

Non-Volatile Memory Cache Enhancements: Turbo-Charging Client Platform Performance

Intel Desktop Board DH61SA

Hardware assisted Virtualization in Embedded

Intel Desktop Board D975XBX2

Intel Desktop Board DH61CR

Intel RealSense Depth Module D400 Series Software Calibration Tool

Linux in Automotive From Open Source to Products

Intel 945(GM/GME)/915(GM/GME)/ 855(GM/GME)/852(GM/GME) Chipsets VGA Port Always Enabled Hardware Workaround

Intel Cloud Builder Guide: Cloud Design and Deployment on Intel Platforms

Intel Cache Acceleration Software (Intel CAS) for Linux* v2.9 (GA)

Intel Desktop Board DQ57TM

Chapter 5 C. Virtual machines

OpenCL* and Microsoft DirectX* Video Acceleration Surface Sharing

Intel Server Board S1200V3RPO Intel Server System R1208RPOSHORSPP

Intel s Architecture for NFV

Intel Virtualization Technology for Directed I/O Architecture Specification

Intel Cache Acceleration Software - Workstation

Intel Server Board S1200V3RPO Intel Server System R1208RPOSHORSPP

Intel Desktop Board DQ35MP. MLP Report. Motherboard Logo Program (MLP) 5/7/2008

Sample for OpenCL* and DirectX* Video Acceleration Surface Sharing

Intel Server Board S5520HC

Intel Desktop Board DP67DE

Intel Open Network Platform Release 2.0 Hardware and Software Specifications Application Note. SDN/NFV Solutions with Intel Open Network Platform

Virtual Machines. Part 2: starting 19 years ago. Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.

Intel Atom Processor D2000 Series and N2000 Series Embedded Application Power Guideline Addendum January 2012

Live Migration of vgpu

Intel Desktop Board D945GCLF


Nested Virtualization Friendly KVM

Intel RealSense D400 Series Calibration Tools and API Release Notes

Intel Desktop Board DH55TC

COMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy

IEEE1588 Frequently Asked Questions (FAQs)

Theory and Practice of the Low-Power SATA Spec DevSleep

Transcription:

Making Nested Virtualization Real by Using Hardware Virtualization Features May 28, 2013 Jun Nakajima Intel Corporation 1

Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. INTEL PRODUCTS ARE NOT INTENDED FOR USE IN MEDICAL, LIFE SAVING, OR LIFE SUSTAINING APPLICATIONS. Intel may make changes to specifications and product descriptions at any time, without notice. All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice. Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request. Intel and the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others. Copyright 2013 Intel Corporation.

Agenda Why does Nested Virtualization matter for cloud? What is it? How does it enhance the cloud? How is Nested Virtualization implemented? What are the challenges? Which hardware virtualization features are helpful? Current status Performance and functionality Summary 3

How Virtualization is Used in the Cloud? Compute Nodes: Cloud software (e.g. OpenStack) uses API to manage VMs VMMs (e.g. KVM, Xen, etc.) use H/W Virtualization features to run guests H/W Virtualization features are not available for guests APIs VM 0 Guest OS 0 VM 1 App App. App..... Guest OS 1 VM 0 Guest OS 0... APIs for VM Management No H/W Virtualization features advertised VM 1 App App. App..... Guest OS 1 Virtual Machine Monitor (VMM) VMM VMM Physical Host Hardware Physical Host Hardware Physical Host Hardware Compute Node H/W Virtualization features (e.g. Intel VT) 4

Lack of H/W Virtualization Features in Cloud Applications Means: VMs: No KVM on Linux, No Hyper-V functionality on Windows No HVM (Hardware-based VM) on Xen e.g. No Windows support Need to use software emulation Very slow APIs VM 0 Guest OS VM Linux No KVM... VMM VM 0 Guest OS... Guest VMM (e.g Xen) VM 0 Guest OS No H/W Virtualization features advertised Physical Host Hardware H/W Virtualization features (e.g. Intel VT) 5

What s Nested Virtualization? Software feature in (Root) VMM that allows Guest VMM to use H/W virtualization features Virtual H/W virtualization features (nested) May use H/W virtualization features VM VM VM H/W virtualization features (e.g. Intel VT) VT-x (CPU virtualization) VXM instructions, VMCS (Virtual Machine Control Structure), EPT (Extended Page Table), etc. VT-d (Direct I/O) VT-c (Connectivity, especially SR-IOV of NIC) Root VMM HW Guest VMM 6

Motivations (1) Enhance Hosting Capabilities/Features of the Cloud Data centers using H/W virtualization products Cannot be hosted in clouds without nested virtualization Operating systems with built-in H/W virtualization support Lose features (or fail back to software solutions) XP mode for VDI Hyper-V System Emulators with H/W virtualization Run very slow in cloud (or fall back to software emulation) Android Emulator on Linux (KVM) and Windows (HAXM*) *: Intel Hardware Accelerated Execution Manager http://software.intel.com/en-us/articles/intel-hardware-accelerated-execution-manager 7

Motivations (2) Cloud Virtualization Hosting clouds with fewer physical severs More cores, dynamic resource utilization using Virtual Compute Nodes Cloud Development Increase productivity, lower cost Large-scale testing of cloud Improve security, quality APIs Virtual Compute Node Virtual Compute Node VM 0 Guest OS... VM 0 Guest OS VM 0 Guest OS... VM 0 Guest OS Guest VMM VMM Guest VMM H/W Virtualization features advertised Physical Host Hardware

Agenda Why does Nested Virtualization matter for cloud? What is it? How does it enhance the cloud? How is Nested Virtualization implemented? What are the challenges? Which hardware virtualization features are helpful? Current status Performance and functionality Summary 9

Challenges of Nested Virtualization Extra Overheads Potentially lower performance Higher VM Exit rates (Next slides) Software overhead of virtualizing H/W virtualization features Complexity of Root VMM Software More surface areas for security attacks Sometimes exposes existing bugs with (Guest) VMMs Requires more QA because of various combinations 10

Example of Extra Overheads VM Entry/Exit Real VM Entry/Exit Virtual VM Entry/Exit 1. L1 creates VT-x structures for L2 2. L1 enters VM (Virtual VM Enter) VMLAUNCH, VMRESUME 3. Trapped by L0 (VM Exit) 4. L0 sets up real VMCS 5. L0 enters L2 VM (Real VM Enter) VMLAUNCH, VMRESUME 6. At some point L2 causes VM exit to L0 (Real VM Exit) 7. L0 handles VM Exit itself and resumes L2 (Real VM Enter) or injects VM Exit to L1 (Virtual VM Exit) 8. Repeat from 2. L2 Guest VMCS L2 L1 (Guest) VMM VMCS VMX EPT VMX EPT Shadowing *VMCS (Virtual Machine Control Structure) VMCS Guest/Host states L1 *EPT (Extend Page Table) Guest memory virtualization Virtualize VMX EPT H/W Functionality Additional Software 11 L0 (Root) VMM Code & Data L0

Reducing Extra Overheads Standard Virtualization VM-1 VM-0 VM-n Opportunity #2: Reduce virtual VM exits entirely (e.g., via EPT, APIC Virtualization) Build Foil Nested Virtualization L2 (True) Guest VM Exit VM Entry R R R R R W W R R R R R W W L1 (Guest) VMM VMREADs / VMWRITEs VMM VMCS VMCS (Virtual Machine Control Structure) Holds guest and host CPU register state Increasingly optimized with each VT implementation The key to reducing VT latencies over time L0 (Root) VMM Opportunity #3: Eliminate VM exits on guest VMCS Accesses Opportunity #1: Reduce transition latencies *KVM/Xen : 8+ VMREADs, 3+ VMWRITEs per VM Exit (Approximately, depends on the Exit type and version)

Improving Performance of Nested Virtualization (Recap) Opportunity #1: Reduce Transition Latencies Reduce unique overheads of virtualization. Intel is fanatically committed. Optimize software code Opportunity #2: Reduce Virtual VM Exits Entirely EPT (Implemented as Virtual EPT) APIC Virtualization Eliminate or reduce VM exits with access to local APIC Guest VMMs can access local APICs more frequently to virtualize timers, I/ O devices VT-d, SR-IOV Reduce overhead of I/O virtualization Guest VMMs can access I/O devices more frequently Opportunity #3: Eliminate VM Exits on guest VMCS Accesses VMCS Shadowing 13

Virtual EPT L2 Guest GPA (Guest Physical Address) Physical address in guest s view HPA (Host Physical Address) Real (machine) physical address EPT Shadowing VMCS Shadowing L1 EPT Shadowing L2 GPA è L1 GPA L1 (Guest) VMM Points to real H/W data structures Convert GPA to HPA VMCS VMCS Shadow EPT L2 GPA è HPA L0 EPT L1 GPA è HPA Switch to Shadow EPT @ VM Entry to L2 14

New H/W Feature: VMCS Shadowing Software-only L2 (True) Guest VMCS Shadowing L2 (True) Guest R R R R R W W L1 (Guest) VMM R R R R R W W Shadow VMCS L1 (Guest) VMM L0 (Root) VMM L0 (Root) VMM VMREAD-Bitmap and VMWRITE-Bitmap VM Exit if Bit n in VMREAD/VMWRITE bitmap is 1, where n is value of bits 14:0 of register source/destination operand Direct Guest VMM VMREAD/VMWRITE to a Shadow VMCS Accesses to Shadow VMCS done by hardware Eliminates majority of nesting-induced VM exits Improves performance of software stacks that support nesting

Agenda Why does Nested Virtualization matter for cloud? What is it? How does it enhance the cloud? How is Nested Virtualization implemented? What are the challenges? Which hardware virtualization features are helpful? Current status Performance and functionality Summary 16

Performance Trending With only virtual EPT and VMCS Shadowing, performance of L2 is around 80% of L1* APIC Virtualization could provide approx. 3% additional improvement in Kernel Build and SPECCPU cases (not shown in the chart)* Expect more gain from: VT-d, SR-IOV Looking at issues with SPECjbb WordPress: L2 Guest OS: RHEL6.4 (with 4vCPUs and 4GB memory) Web Server: Apache (httpd-2.2.15-26.el6.x86_64.rpm) Database: MySQL (mysql-server-5.1.66-2.el6_3.x86_64.rpm) Web App: WordPress v3.5.1 JMeter (a client on another machine): JMeter v2.9 90 80 70 60 50 40 30 20 10 0 L2- EPT- shadowvmcs L2- no- EPT- no- shadowvmcs *Estimated Results Benchmark Disclaimer Results have been estimated based on internal Intel analysis and are provided for informational purposes only. Any difference in system hardware or software design or configuration may affect actual performance. L2 (Linux) Performance relative to L1 (KVM on KVM) 17

Current Status Crucial features for Nested Virtualization in KVM and Xen Virtual EPT KVM (WIP, v3 submitted), Xen (upstream) VMCS Shadowing KVM (upstream), Xen (upstream) APIC Virtualization KVM (upstream), Xen (upstream) VT-d, SR-IOV KVM (in distributions), Xen (in distributions) Our Test Cases (KVM and Xen as L0) L1 KVM (L0 KVM and Xen) Xen (on L0 Xen, issues on L0 KVM) VMware Player 5.0 on Windows 7 (pass on L0 Xen, issues on L0 KVM) VirutalBox 4.2 on Windows 7 (on L0 Xen) Issues L2 32/64-bit Linux 32/64-bit Windows 18

Summary Nested Virtualization Extends hosting capabilities/features of cloud Provides a means to virtualize cloud Becoming realistic solutions with new H/W features and software support Performance is getting closer to L1 With only virtual EPT and VMCS Shadowing, performance of L2 is getting around 80% of L1* More gains are expected with other H/W virtualization features Functionality KVM on KVM, KVM/Xen on Xen VMware on Xen, VMware on KVM (WIP) Nested Virtualization Is Becoming Real *Estimated Results Benchmark Disclaimer Results have been estimated based on internal Intel analysis and are provided for informational purposes only. Any difference in system hardware or software design or configuration may affect actual performance. 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback