“virtualisation introduction” -network and services...

Unit 1. “VIRTUALISATION INTRODUCTION”2966-Network and Services Virtualisation2013-2014 – First semesterAssistant professor: Katja GillyDepartament: Physics and Computer Architectures

Outline

• Introduction• History of Virtualisation• Virtualisation Architecture– System Virtualisation– Storage Virtualisation– GPU Virtualisation– Software Virtualisation– Hardware Support Virtualisation– Network Virtualisation

Introduction

• What is virtualisation?– Virtualisation is a broad term (virtual memory, storage,

network, etc.)

– Basically allows one computer to do the job of multiple computers, by sharing the resources of a single hardware across multiple environments

Introduction

• What is virtualisation?

Operating System

App. A App. B App. C App. D

Hardware

Virtualisation Layer

VirtualContainer

App. A App. B

Hardware

VirtualContainer

App. CApp. D

Virtualised systemIt makes it possible to run

multiple Virtual Containers on a single physical platform

Introduction

• Why virtualise?– For multitasking operating systems; computers have

more processing power than one task needs– Consolidation: It allows a number of virtual servers to

be consolidated into a single physical machine–Migration: It is relatively easy to migrate virtual

machines from one physical computer to another– Cloning VMs is also easy– Power cost reduction– Portability: you can save the state of a VM onto a

USB flash drive – Greater degree of isolation than a process in an OS

Outline


History of Virtualisation

1964 IBM CP-40

1972 IBM VM/370

1997 Virtual PC

1999 VMware

2003Xen

2005 Intel VT

2006 AMD VT

2007KVM-X86

2012Xen-ARMKVM-ARM

Time Sharing

Virtual Memory

Mainframe Virtualisation

DesktopVirtualisation

ServerVirtualisation

Cloud Computing

Traditional-virtualisationPara-virtualisation

HW-assist

MobileVirtualisation


The first machine to fully support virtualisation was: • IBM’s VM, which began life as part of the System/360

project• Specialised, proprietary, high-end server and mainframe

systems• Very easy to migrate from having a collection of

minicomputers to having a single mainframe.• Each minicomputer would simply be replaced with a

virtual machine


• By 1980/90 servers virtualisation adoption initiated a reduction– Inexpensive x86 hardware platforms– Windows/Linux adopted as server OSs

➔ 1 machine 1 OS several applications➔ Applications can affect each other➔ Big disadvantage: machine utilisation is very

low, most of the times it is below than 25%


• x86 server deployments introduced new IT challenges:– Low server infrastructure utilisation (10-18%)– Increasing physical infrastructure costs (facilities, power,

cooling, etc)– Increasing IT management costs (configuration, deployment,

updates, etc)– Insufficient failover and disaster protection

The solution for all these problems was to virtualise x86 platforms


X86Windows

XP

X86Windows

2003

X86Suse

X86Red Hat

12% Hardware Utilisation




App App App App App App App App


Computing Infrastructure – Virtualisation

● It matches the benefits of high hardware utilisation with running several operating systems (applications) in separated virtualised environments

• Each application runs in its own operating system

• Each operating system does not know it is sharing the underlying hardware with others

X86 Multi-Core, Multi Processor


X86Windows

XP

App. A

X86Windows

2003

App. B

X86SuseLinux

App. C

X86Red Hat

Linux

App. D


x86 virtualisation problems:IA-32 (Intel Architecture-32, also named i386) is the third generation of x86 architecture, first implemented in the Intel 80386 microprocessors in 1985.

• Its CPU was designed with virtualisation in mind

• According to Popek and Goldberg(*), the processor would be virtualisable if the set of control sensitive instructions is a subset of the set of privileged instructions.

• This means that any instruction that modifies the configuration of resources in the system must either be executed in privileged mode, or trap if it isn’t.

• Unfortunately, IA-32 instruction set includes 17 instruction set that does not have this property.

(*) Formal Requirements for Virtualizable Third Generation Architectures. Popek and Goldberg. Communications of ACM. 1974


What are sensitive instructions?• In architecture field, the CPU designers separate instructions into

different categories.

– Privilege instruction: Those instructions are trapped if the machine is in user mode and are not trapped if the machine is in kernel mode.

ex: Instruction to modify page table base register

– Non-Privilege instruction: All other instructions

ex: Software interrupt, Normal arithmetic operation

• In virtualisation field, the hypervisor designers separate instructions into two categories.

– Sensitive instruction: Those instructions that interact with hardware, which include control-sensitive and behaviour-sensitive instructions.

ex: Instruction to modify page table base register, software interrupt,..

– Non-sensitive instruction: All other instructions

ex: Normal arithmetic operation, …


Dynamic Translation

VirtualMachine

Hardware

Operating System

VirtualMachine…

Hypervisor

Hardware

VMVM

Hardware

VirtualMachine

VirtualMachine…

Virtualisation Logic

Hypervisor

…

1st Generation: Full virtualisation (Binary rewriting)● Software Based● VMware and

Microsoft

2nd Generation: Paravirtualisation● Cooperative

virtualisation● Modified guest● VMware, Xen

3rd Generation: Silicon-based (Hardware-assisted) virtualisation● Unmodified guest● VMware and Xen on

virtualisation-aware hardware platforms


Full virtualisation • 1st Generation offering of x86/x64 server

virtualisation

• Dynamic binary translation– The emulation layer talks to an operating

system which talks to the computer hardware

– The guest OS doesn't see that it is used in an emulated environment

• All of the hardware is emulated including the CPU

• Two popular open source emulators are QEMU and Bochs

EmulatedHardware

Virtu

al M

ach

ine

Gu

est O

S

Device Drivers

Ap

p.

A

Ap

p.

B

Ap

p.

C

Hardware

Host OS

Device Drivers


Full virtualisation: advantages • The emulation layer:

– Isolates VMs from the host OS and from each other

– Controls individual VM access to system resources, preventing an unstable VM from impacting system performance

• Total VM portability

– By emulating a consistent set of system hardware, VMs have the ability to transparently move between hosts with dissimilar hardware without any problems

• It is possible to run an operating system that was developed for another architecture on your own architecture

• A VM running on a Dell server can be relocated to a Hewlett-Packard server

EmulatedHardware

Virtu

al M

ach

ine

Gu

est O

S

Device Drivers

Ap

p.

A

Ap

p.

B

Ap

p.

C

Hardware

Host OS

Device Drivers


Full virtualisation: drawbacks • Hardware emulation comes with a performance price

• In traditional x86 architectures, OS kernels expect to run privileged code in Ring 0

– However, because Ring 0 is controlled by the host OS, VMs are forced to execute at Ring 1/3, which requires the VMM to trap and emulate instructions

• Due to these performance limitations, paravirtualisation and hardware-assisted virtualisation were developed

Application Ring 3

OperatingSystem

Ring 0

Traditional x86 Architecture

Application Ring 3

Guest OS Ring 1 / 3

VirtualMachineMonitor

Ring 0

Full Virtualisation


Para-virtualisation • The Guest OS is modified and thus run kernel-

level operations at Ring 1 (or 3)

– the guest is fully aware of how to process privileged instructions

– thus, privileged instruction translation by the VMM is no longer necessary

– The guest operating system uses a specialised API to talk to the VMM and, in this way, execute the privileged instructions

• The VMM is responsible for handling the virtualisation requests and putting them to the hardware

Virtual Machine Monitor

Virtu

al M

ach

ine

Gu

est O

S

Device Drivers

Ap

p.

A

Ap

p.

B

Ap

p.

C

Specialized API

Hardware

Hypervisor

Device Drivers


Para-virtualisation • Today, VM guest operating systems are paravirtualised using two different approaches:

– Recompiling the OS kernel

• Paravirtualisation drivers and APIs must reside in the guest operating system kernel

• You do need a modified operating system that includes this specific API, requiring a compiling operating systems to be virtualisation aware

– Some vendors (such as Novell) have embraced paravirtualisation and have provided paravirtualised OS builds, while other vendors (such as Microsoft) have not

– Installing paravirtualised drivers

• In some operating systems it is not possible to use complete paravirtualisation, as it requires a specialised version of the operating system

• To ensure good performance in such environments, paravirtualisation can be applied for individual devices

• For example, the instructions generated by network boards or graphical interface cards can be modified before they leave the virtualised machine by using paravirtualised drivers


Hardware-assisted virtualisation• The guest OS runs at ring 0

• The VMM uses processor extensions (such as Intel®-VT or AMD-V) to intercept and emulate privileged operations in the guest

• Hardware-assisted virtualisation removes many of the problems that make writing a VMM a challenge

• The VMM runs in a more privileged ring than 0, a virtual -1 ring is created

• Often called HVM

Virtual Machine Monitor

Virtu

al M

ach

ine

Gu

est O

S

Device Drivers

Ap

p.

A

Ap

p.

B

Ap

p.

C

Specialized API

Hardware

Hypervisor

Device Drivers


Hardware-assisted virtualisation• The hypervisor/VMM runs at Ring -1

– super-privileged mode

VMX non-root VMX root


Hardware-assisted virtualisation• Advantages

– It allows to run unmodified OSs (so legacy OS can be run without problems)

• Drawbacks

– Speed and Flexibility

• An unmodified OS does not know it is running in a virtualised environment and so, it can’t take advantage of any of the virtualisation features– It can be resolved using paravirtualisation partially (hybrid

virtualisation approach)

Outline


System virtualisation

Purposes of the hypervisor• CPU Virtualisation– Handle all sensitive instructions by emulation

• Memory Virtualisation– Allocate guest physical memory– Translate guest virtual address to host virtual address

• I/O Virtualisation– Emulate I/O devices for guest– Ex: Keyboard, UART, Storage and Network

Hypervisor Case: KVM

CPU MMU I/OTimer InterruptHardware

CPU Virtualisation

MMUVirtualisation

I/OVirtualisation

VM 0 VM 1

Hypervisor

QEMU

Linux + KVM

1. CPU and memory virtualisations are handled in the Linux Kernel Space 2. I/O virtualisation is handled in the Linux User Space by QEMU3. It is a full virtualisation implementation

LVM• LVM is a logical volume manager for the Linux kernel; it manages disk

drives and similar mass-storage devices

• Commonly used for the following purposes:

– Managing large hard disk farms by allowing disks to be added and replaced without downtimes and services disruption, in combination with hot swapping.

– On small systems (like a desktop at home), instead of having to estimate at installation time how big a partition might need to be in the future, LVM allows file systems to be easily resized later as needed.

– Performing consistent backups by taking snapshots of the logical volumes.

– Creating single logical volumes of multiple physical volumes or entire hard disks (somewhat similar to RAID 0, but more similar to JBOD), allowing for dynamic volume resizing.

• LVM can be considered as a thin software layer on top of the hard disks and partitions, which creates an abstraction of continuity and ease-of-use for managing hard drive replacement, repartitioning, and backup.

Software virtualisation

LVM

• LVM is a logical volume manager for the Linux kernel; it manages disk drives and similar mass-storage devices.

Logical Volume Manager


LVM: example

• Disk partition → physical volumes → volume group → logical volumes → file systems


RAID• RAID (Redundant Array of Independent Disks) is a

storage technology that combines multiple disk drive components into a logical unit.

• Data is distributed across the drives in one of several ways called "RAID levels“, such as RAID0, RAID1, etc., depending on the level of redundancy and performance required.


Example: RAID0 and RAID1


mirroring without parity or striping

It provides improved performance and additional storage but no fault tolerance (block-level striping without parity or mirroring) .

LVM and RAID for Virtualisation

• LVM provides a virtual storage systems which is flexible to partition and allocate logical volumes to virtual machines

• RAID not only improves storage performance but has fault tolerance capability


• A Graphics Processing Units (GPUs) are high-performance many-core processors capable of very high computation and data throughput.

GPU virtualisation

• While the Intel Core I7 980X (extreme edition) gives us around 110GFLOPS, GPUs such as AMD Radeon 6970 and NVidia C2090 offer more than 660GFLOPS.

Performance Comparison: GPU vs. CPU.

GPU virtualisation

GPGPU (General Purpose GPU)• High performance of modern Graphics Processing Units may be utilised

not only for graphics related application but also for general computing. • Today’s GPUs are general-purpose parallel processors with support for

accessible programming interfaces and industry-standard languages such as C.

• Developers who port their applications to GPUs often achieve speedups of orders of magnitude vs. optimised CPU implementations.

GPU virtualisation

• GPU virtualisation allows multiple virtual machines to interact directly with a GPU and manages the GPU resources so multiple users can share common hardware, while improving user density.

GPU virtualisation

• IT administrators have a lot to deal with in today’s corporate infrastructure. With the ever increasing prices of upgrading desktop computers, software virtualisation is becoming very appealing.

• It has following features:

Ease of Management

Security

Green

Portable

Software Virtualisation

• Virtual desktop Infrastructure (VDI) is a desktop-centric service that hosts users desktop environments on remote servers, which are accessed over a network using a remote display protocol.


Virtual Desktop Infrastructure (VDI)

• eyeOS is a web desktop following the cloud computing concept that seeks to enable collaboration and communication among users. It is mainly written in PHP, XML, and JavaScript


EyeOS: Web Desktop Virtualisation

Hardware Virtualisation

Intel VT-X

• New CPU Operating Mode– VMX Root Operation

– Non-Root Operation

• New Transitions– VM entry to Guest

– VM exit to VMM

• VM Control Structure– Configured by VMM software

Hardware VirtualisationARM virtualisation extension

• Secure world supports a single virtual machine

• New Non-secure level of privilege to hold Hypervisor

– Hypervisor mode applies to normal world

– Hyp Mode is used by the Hypervisor

– Guest OS given same kernel/user privilege structure as for a non virtualised environment

Hardware VirtualisationSingle-Root I/O Virtualisation

• PCI-SIG specifies multiple functional elements addressing performance and security aspects of I/O virtualisation

• PCIe devices will have multiple virtual functions (VF’s)

Hardware VirtualisationMulti-Root I/O Virtualisation

• Multiple hardware domains utilising same IO endpoints

• Virtual functions are dedicated to virtual machines

• Software Defined Networking (SDN) is an approach to building computer networks that separates and abstracts elements of these systems

• SDN decouples the system that makes decisions about where traffic is sent (the control plane) from the underlying system that forwards traffic to the selected destination (the data plane)

Network Virtualisation

Software Defined Networking (SDN)• The inventors and vendors of these systems claim

that this technology simplifies networking and enables new applications, such as – network virtualisation in which the control plane is

separated from the data plane and implemented in a software application.


Open vSwitch• Open vSwitch is a flexible, multi-layer software

network switch. Typically used in virtualisation environments as the network switching component in the hypervisor.

• Open vSwitch maintains the logical state of a virtual machine's network connection across physical hosts when a virtual machine is migrated, and it can be managed and monitored by standard protocols such as: OpenFlow, NetFlow, sFlow, SPAN, RSPAN.


Open vSwitch

• When it comes to virtualisation, open vSwitch is attractive because it provides the ability for a single controller to manage your virtual network across all your servers.


InfiniBand virtualisation

• InfiniBand is a switched fabric communications link used in high-performance computing and enterprise data centers.

• It has two key features : low latency and high bandwidth

• Virtualisation Using InfiniBand Brings Big Benefits to Data Centers

• When it comes to virtualisation, open vSwitch is attractive because it provides the ability for a single controller to manage your virtual network across all your servers.


Bibliography

• Books :– The definite guide to Xen Hypervisor. David Chisnall.

Prentice Hall

• Other resources :– Lecture slides of “Virtual Machine” course (5200) in

NCTU

“virtualisation introduction” -network and services...

Documents