Knut Omang Ifi/Oracle 20 Oct, Introduction to virtualization (Virtual machines) Aspects of network virtualization:

Similar documents
Knut Omang Ifi/Oracle 6 Nov, 2017

What is KVM? KVM patch. Modern hypervisors must do many things that are already done by OSs Scheduler, Memory management, I/O stacks


Spring 2017 :: CSE 506. Device Programming. Nima Honarmand

Intel Virtualization Technology Roadmap and VT-d Support in Xen

Chapter 5 C. Virtual machines

Spring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand

VGA Assignment Using VFIO. Alex Williamson October 21 st, 2013

Hardware-Assisted Mediated Pass-Through with VFIO. Kevin Tian Principal Engineer, Intel

I/O virtualization. Jiang, Yunhong Yang, Xiaowei Software and Service Group 2009 虚拟化技术全国高校师资研讨班

Intel Graphics Virtualization on KVM. Aug KVM Forum 2011 Rev. 3

Quo Vadis Virtio? Michael S. Tsirkin Red Hat

viommu/arm: full emulation and virtio-iommu approaches Eric Auger KVM Forum 2017

viommu/arm: full emulation and virtio-iommu approaches Eric Auger KVM Forum 2017

I/O and virtualization

Virtualization. Pradipta De


Module 1: Virtualization. Types of Interfaces

KVM on POWER Status update & IO Architecture

System Virtual Machines

DISCO and Virtualization

COMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy

Virtualization. Starting Point: A Physical Machine. What is a Virtual Machine? Virtualization Properties. Types of Virtualization

Virtualization. ! Physical Hardware Processors, memory, chipset, I/O devices, etc. Resources often grossly underutilized

Advanced Operating Systems (CS 202) Virtualization

Nested Virtualization and Server Consolidation

Introduction to Virtual Machines. Carl Waldspurger (SB SM 89 PhD 95) VMware R&D

CSE 120 Principles of Operating Systems

ARM-KVM: Weather Report Korea Linux Forum

Passthrough in QEMU/KVM on Linux

CHAPTER 16 - VIRTUAL MACHINES

Hypervisor security. Evgeny Yakovlev, DEFCON NN, 2017

OS Virtualization. Why Virtualize? Introduction. Virtualization Basics 12/10/2012. Motivation. Types of Virtualization.

CS 350 Winter 2011 Current Topics: Virtual Machines + Solid State Drives

Nova Scheduler: Optimizing, Configuring and Deploying NFV VNF's on OpenStack

Vhost and VIOMMU. Jason Wang (Wei Xu Peter Xu

Lecture 5: February 3

Virtual Memory. Lecture for CPSC 5155 Edward Bosworth, Ph.D. Computer Science Department Columbus State University

Virtualization and memory hierarchy

CLOUD ARCHITECTURE & PERFORMANCE WORKLOADS. Field Activities

Virtual Virtual Memory

System Virtual Machines

Device I/O Programming

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?

Evolution of the netmap architecture

The Price of Safety: Evaluating IOMMU Performance

MDev-NVMe: A NVMe Storage Virtualization Solution with Mediated Pass-Through

COSC6376 Cloud Computing Lecture 14: CPU and I/O Virtualization

Shared Virtual Memory Virtualization. Liu, Yi L Raj, Ashok Pan, Jacob

CLOUD COMPUTING IT0530. G.JEYA BHARATHI Asst.Prof.(O.G) Department of IT SRM University

Virtualization. Dr. Yingwu Zhu

KVM Weather Report. Amit Shah SCALE 14x

Development of I/O Pass-through: Current Status & the Future. Nov 21, 2008 Yuji Shimada NEC System Technologies, Ltd.

CS 152 Computer Architecture and Engineering

The Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36

Task: provide isolated access to multiple PCI devices for multiple KVM guests on POWER8 box.

Performance Considerations of Network Functions Virtualization using Containers

Virtually Impossible

Task Scheduling of Real- Time Media Processing with Hardware-Assisted Virtualization Heikki Holopainen

Advanced Computer Networks. End Host Optimization

Virtual Machine Monitors!

Intel Virtualization Technology for Directed I/O

CS-580K/480K Advanced Topics in Cloud Computing. VM Virtualization II

Virtual Machines Disco and Xen (Lecture 10, cs262a) Ion Stoica & Ali Ghodsi UC Berkeley February 26, 2018

I/O Systems. Amir H. Payberah. Amirkabir University of Technology (Tehran Polytechnic)

Virtualization (II) SPD Course 17/03/2010 Massimo Coppola

evm for Windows* User Manual

Support for Smart NICs. Ian Pratt

RMRR EXCLUSION. Technical Whitepaper. Alex Williamson Myron Stowe Laura Novich

Cloud Computing Virtualization

Shared Virtual Memory (SVM) in Xen. Feng Wu

Virtualization. Operating Systems, 2016, Meni Adler, Danny Hendler & Amnon Meisels

Fast packet processing in the cloud. Dániel Géhberger Ericsson Research

Data Path acceleration techniques in a NFV world

Virtualisation: The KVM Way. Amit Shah

Xen and the Art of Virtualization. CSE-291 (Cloud Computing) Fall 2016

Rack Disaggregation Using PCIe Networking

Multiprocessor Scheduling. Multiprocessor Scheduling

CS370 Operating Systems

Xen Extensions to Enable Modular/3rd Party Device Emulation for HVM Domains. Problem Statement

Bare-Metal Performance for x86 Virtualization

Intel Virtualization Technology for Directed I/O Architecture Specification

Virtual Machines. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University

Linux Virtualization Update

Chapter 5 (Part II) Large and Fast: Exploiting Memory Hierarchy. Baback Izadi Division of Engineering Programs

VIRTIO: VHOST DATA PATH ACCELERATION TORWARDS NFV CLOUD. CUNMING LIANG, Intel

Real Safe Times in the Jailhouse Hypervisor Unrestricted Siemens AG All rights reserved

Last 2 Classes: Introduction to Operating Systems & C++ tutorial. Today: OS and Computer Architecture

AMD IOMMU VERSION 2 How KVM will use it. Jörg Rödel August 16th, 2011

The Convergence of Storage and Server Virtualization Solarflare Communications, Inc.

On the DMA Mapping Problem in Direct Device Assignment

The Architecture of Virtual Machines Lecture for the Embedded Systems Course CSD, University of Crete (April 29, 2014)

Chapter 13: I/O Systems. Operating System Concepts 9 th Edition

Intel Virtualization Technology for Directed I/O

references Virtualization services Topics Virtualization

6.9. Communicating to the Outside World: Cluster Networking

Parallels Virtuozzo Containers

VALE: a switched ethernet for virtual machines

Hardware OS & OS- Application interface

Virtualization, Xen and Denali

Transcription:

Software and hardware support for Network Virtualization part 2 Knut Omang Ifi/Oracle 20 Oct, 2015 32 Overview Introduction to virtualization (Virtual machines) Aspects of network virtualization: Virtual network infrastructure, interfaces, adapters Network interface attach points (PCI, PCIe) Software emulation of a network interface Paravirtualized network interfaces Hardware support for sharing a network adapter (SR/IOV) Use cases, challenges, risks and tradeoffs 33

PCI (Peripheral Component Interconnect) DMA (Direct Memory Access) support for devices New, more compact physical design Standardized, extensible software interface! 3 Address space types: Config space I/O ports (ISA compat++) Memory mapped I/O (MMIO) Config space has standardized layout, standardized semantics 34 DMA (Direct memory access) DMA engines in the PCI infrastructure DMA engines on each device Typically programmed via registers accessible from BAR space Uses DMA addresses read, write, atomic (PCIe 3.0) In simple systems (x86, older x86_64): DMA addr == physical addr Modern x86_64: IOMMU/DMAR (later) Can in principle write almost everywhere in memory! 35

Communication between driver and PCI device device driver MMIO read/write req ordinary memory read/write happens transparently to driver/cpu interrupt handler for the requested interrupt invoked MMIOread/ write resp DMA memory read req DMA memory read resp interrupt from device performs side effect of write/read if any.. read a request from a queue in memory, handle it, then write response something happened that needs attention from driver (ex. DMA finished..) 36 PCI capabilities Linked list of information describing extra capabilities, such as: Message Signaled Interrupts (MSI, MSI-X) Power management PCI Express Example from lspci -vvv:... Capabilities: [40] MSI-X: Enable+ Count=2 MaskedVector table: BAR=1 offset=00000000 PBA: BAR=1 offset=00000800 37

PCI Express Most PCs still running today has this Software compatible with PCI w/extensions: PCI Express a PCI capability Extended config space: 256 byte 4096 byte Extended capabilities: New capability list Completely different hardware: Different physical interfaces Serial, point-to-point May define a hierarchy of domains and switches 1,4,8 or 16 lanes, different speeds.. 38 A PCI Express based system 39

PCI Express x1 and x16 vs PCI 40 PCI Express capability 41

PCI Express Ethernet 42 Implementing an emulated device Device emulation and driver code runs in the same process Access to config and BAR spaces through traps: memory protection signal handler in emulation code I/O threads for DMA Signals for interrupts Benefit: Can use existing OS driver in guest, no modification necessary Drawback: Performance, must implement irrelevant hardware features to satisfy driver. 43

Paravirtualized I/O support Use existing framework: PCI Implement a new device type Ex. virtio: shared memory queues between hypervisor and guest optimized for the virtualization scenario: reducing copying limit amount of traps common transport for several driver types Benefit: performance Drawback: Guest OS must be aware (virtio drivers must be installed in guest) Still some software overhead compared to bare metal 44 Paravirt example: Virtio based Ethernet (Qemu) 45

Device assignment (device passthrough) A system can have multiple devices of each type Can we dedicate a device to a specific virtual machine? Device description and access passed through to guest Guest loads a driver for that device and runs happily Bare metal performance, no software overhead? Great, simple idea, any but's? 46 Device assignment (device passthrough) Config space: Device numbers, BAR addresses? DMA: Addressing: GPA!= HPA Memory overcommit: memory of VM might be on disk Security: A device can (in principle) write everywhere Anywhere in global memory... Manipulate other devices? Moving a VM with passed through device? Interrupts: Security: Denial of service attack from a VM? Routing - traps required Need a lot of devices if many VMs - enough PCIe slots? 47

IOMMU (I/O Memory Management Unit(s)) Extra level of protection and translation between I/O device and memory Intel calls this DMAR (DMA Remapping) units Vt-d on Intel, AMD-Vi on AMD Allows device to use GPA Protects memory against malicious driver code in guest Also interrupt remapping 48 How to deal with memory overcommit Disallow Memory used for DMA must be pinned Worst case: All memory for a guest must be pinned x86: A guest OS might not care to tell what memory is used for DMA Hardware to handle page faults PCI Express extended capability PRI (Page Request Interface) Few devices implement it (yet..) 49

Cross access to other devices? A device can (in principle) DMA into another device's BAR space(s) Depends on PCIe bridges and switches A bridge may support ACS (Access Control Services) Linux with VFIO uses a concept of IOMMU groups A group consists of all devices that are considered within the same domain If two devices can access each other without limitations, they are within the same domain 50 ACS (Access Control Services) Optional PCI Express extended capability Describes how a bridge/switch handles cross access 51

Device assignment: Sharing devices? SR/IOV - Single Root I/O Virtualization PCI Express extension A physical device may support a number of virtual functions Number of active virtual functions can be configured dynamically Programmable in config space via PCI Express extended capability A virtual function may be assigned to a VM all functions still shares resources, but implemented in hardware 52 SR/IOV PCIe extended capability 53

Can the IOMMU become a bottleneck? Potential issues: Page table memory Number of entries in IOMMU's caches (sizing problem in chipsets) Pure translation performance? Solutions: Use big pages for GVA to GPA Continuous memory allocator, huge pages, Get help from devices ATS (Address Translation Support) 54 ATS (Address Translation Support) PCI Express Extended capability Allows device to optionally aid and offload the IOMMU Protocol for communication between IOMMU and device Request a translation Pre-translated DMA request from device (tag'ed to bypass IOMMU) Invalidation protocol: IOMMU sends request to device to invalidate Security implications? 55

Use cases for virtualization Server consolidation Cloud services Software appliances Emulating unavailable platforms Development and testing Demonstration and showcasing... 56 How does a VM communicate? Mostly out on the network (with external hosts..?) Mostly with other VMs on the same server A mix.. How will that affect performance? Passthrough vs Software only 57

Moving VMs around (VM migration) Avoid downtime Live migration? Move a running VM Copy (some) state while machine is running minimize delay when execution is moved Live migration and network interfaces emulate the same hardware on the new machine copy state? what about network state (packets on the wire, addressing, routing..) what if device was passed through? 58 VM performance on a NUMA machine? Locality between CPU/core/thread and memory CPU affinity Cache affinity Passthrough: CPU closeness to device In cases of contention: Which VM to move? How to detect? 59

Security. 60 Summary Goal: Understanding some of the challenges and trade-offs in providing fast network access for virtual machines Need to understand technology base Many roads to network access for VMs Performance: Depends on where to communicate Each has it's pros and cons In some cases software can be made faster! But sometimes hardware support the only viable solution Migration: software only easier to move? 61

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback