Virtual Machine History 1960s Virtual Machine Monitors � IBM VM/370 - Mainframe time-sharing � 1990s � VMware - MPP abstraction / x86 virtualization � Sun JVM – Application level virtualization � Lincoln Uyeda CS 614 - Advanced Systems - Fall '05 CS 614 - Advanced Systems - Fall '05 Virtual Machine History The Big Questions 2000s � Why not virtualize solely at the application � level? VirtualPC - Hosted OS � Paravirtualization � Diversity of OS / ABI � Denali - ‘Scalable’ VM-aware network systems � Language requirements exclude legacy � Disco -Isolated, optimized MIPS SMP applications � Xen - x86 VMM � � Why not virtualize across architectures as well? � N 2 required translators complicate VMM � Why is virtualization useful? CS 614 - Advanced Systems - Fall '05 CS 614 - Advanced Systems - Fall '05 Virtual Machine Motivation VMware View of VMM Priorities Decreasing hardware costs Compatibility � � Leads to underutilized machines Support for unaltered legacy OS � � Application isolation and security Performance � � Legacy support Limit events through the VMM bottleneck � � Simplicity Hardware independence � � OS + applications become the ‘machine’ � CS 614 - Advanced Systems - Fall '05 CS 614 - Advanced Systems - Fall '05 CS 614 - Advanced Systems - Fall '05 1
CPU Virtualization Issues Techniques for CPU Virtualizability Paravirtualization (Disco) Virtualizability � � A system is virtualizable if the VMM can retain ultimate � Coupling of hardware virtualization and OS � control of the system (by running in a privileged mode) porting Guest OS and applications must run in unprivileged � Provide new virtualizable counterparts to the � mode unvirtualizable instructions through the VMM Problems with x86 (IA-32) architecture � Port the OS to use only the virtualizable Instruction functionality differs depending on privileges � � instructions Unprivileged instructions allow access of privileged state � CS 614 - Advanced Systems - Fall '05 CS 614 - Advanced Systems - Fall '05 Techniques for CPU Virtualizability Future CPU Virtualization Trends Direct execution and dynamic binary Hardware support for x86 virtualization � � translation (VMware) Creation of a new execution mode � Avoids and accelerates traps for translation Trap all unvirtualizable instructions into the � � Has the potential for direct execution VM design VMM and ‘translate’ them to perform the correct � functionality Downside - Applications may begin using this � execution mode themselves Cache translated instructions to avoid future � traps CS 614 - Advanced Systems - Fall '05 CS 614 - Advanced Systems - Fall '05 Memory Virtualization Techniques Memory Virtualization Techniques Shadow page table Intelligent memory reclamation � � Centralized page table managed by the VMM VMware balloon process � � Increases ‘pressure’ on the VM, forcing paging VM updates its own page table which � � The assumption is that the VM has better knowledge propagates to the shadow page table � of which pages should be paged out VM uses the shadow page table for look-up � Redundant page reclamation � VMM keeps track of page contents � Pages are merged if their content is identical � Copy -on-write policy employed on divergence � CS 614 - Advanced Systems - Fall '05 CS 614 - Advanced Systems - Fall '05 CS 614 - Advanced Systems - Fall '05 2
I/O Virtualization Techniques I/O Virtualization Techniques Channel processors Where are the drivers? � � In mainframe virtualization, separate channel Two approaches � � processors made I/O support simple Hosted OS vs Hypervisor � Movement toward SCSI and USB based � VMware Workstation hosted approach � devices allows for simpler support for devices. Directs access through host OS device views � and drivers Introduces an expensive level of indirection � CS 614 - Advanced Systems - Fall '05 CS 614 - Advanced Systems - Fall '05 Hosted VMM Approach I/O Virtualization Techniques Hypervisor approach � VMM interacts with the device and provides � drivers Optimized, paravirtualized devices � CS 614 - Advanced Systems - Fall '05 CS 614 - Advanced Systems - Fall '05 Hypervisor Approach Future Trends in Virtualization Virtual machine migration � VMM level allows for encapsulation of the OS + � applications OS + applications can be migrated to new � physical hardware while running. (VMware VMotion) Operating Systems as storable data � VM detach the hardware from the OS and � applications, allowing a pure data view of the machine CS 614 - Advanced Systems - Fall '05 CS 614 - Advanced Systems - Fall '05 CS 614 - Advanced Systems - Fall '05 3
Future Trends in Virtualization Xen’s View of Virtualization Priorities Leveraging the benefits of isolation Performance isolation � � Guaranteed isolation of concurrent virtual High performance concurrent operation � � machines allows for multiple security levels. Compatibility of legacy applications � Deployment via full Virtual Machines � Generalized VMM � Application deployment on servers requires � Push architecture-specific virtualization into the � incremental installation from OS to target actual OS (via porting) applications Virtual machine schemas encapsulate OS + � applications into deployable templates CS 614 - Advanced Systems - Fall '05 CS 614 - Advanced Systems - Fall '05 Previous Paravirtualized Systems Control and Communication Denali isolation kernel System management is mediated by the � � hypervisor, which runs in privileged ring 0 Targets thousands of virtual machines � VMM Communication � Primarily focuses on virtualizing content servers � VMM speak to VM using asynchronous events � Alters the ABI � VM use synchronous hypercalls to speak to the VMM � Disco � Communication at this level utilizes I/O rings � Specific to ccNUMA machines VM can enqueuemultiple requests before alerting the � � VMM CS 614 - Advanced Systems - Fall '05 CS 614 - Advanced Systems - Fall '05 Abstract Data I/O Buffer Rings CPU Sharing Technique Privileged instruction handling � x86 - 4 privilege levels (typically levels 1 and 2 � are unused) All privileged instructions are required to register � and execute within Xen Exception handlers, which require access to � privileged state, are registered at the VMM level Exception-specific optimizations � For system calls, fast execution handlers are allowed � which do not redirect though ring 0 Page faults must run in ring 0, so this does not apply � CS 614 - Advanced Systems - Fall '05 CS 614 - Advanced Systems - Fall '05 CS 614 - Advanced Systems - Fall '05 4
CPU Sharing and Timers Memory Management Issues CPU scheduling Ideal situation � � Borrowed virtual time scheduling algorithm Tagged software TLB � � Developed at Stanford Allows for TLB flushing of specific regions � � Low-latency wake-up mechanism VM and hypervisor can exist in separate address spaces � � without effecting one another Gives preference to recently -woken domains (VM) � x86 case Time and timers � � Hardware-managed untagged TLB VM and VMM both have notions of time � � To avoid flushing with every context switch, Xensits atop Timeouts are delivered via the asynchronous events � � a 64 MB space at the top of every address space Requires a switch into the VMM before delivery � To allocate new memory pages, the VM must register � with the hypervisor VMM CS 614 - Advanced Systems - Fall '05 CS 614 - Advanced Systems - Fall '05 Virtual Address Translation The Virtual View of Physical Memory Full virtualization requires that the VM view Memory is statically partitioned between � � physical memory as contiguous, thus it requires a domains shadow page table A ‘balloon’ driver is used to reclaim memory � Xen does not attempt to provide contiguous � To support the sparseness of the memory, � physical memory. the VMM provides a single shared Guest OS pages are registered with the VMM � translation array, used by all VM When a guest OS requests an update, it is trapped and � the update is validated by the VMM The VMM commits all updates � Page frames are assigned types and reference counts to � maintain access invariants and ensure VM isolation. CS 614 - Advanced Systems - Fall '05 CS 614 - Advanced Systems - Fall '05 The Virtual View of Network Connections The Virtual View of Disk I/O The VMM provides the abstraction of a Disks are viewed as virtual block devices � � firewall network router (VBD) from within domains and are The VMM uses a filtering rule set and a pair accessed through I/O rings � of buffers for transmission and reception, as Disk access scheduling is optimized by � in a typical firewall router reordering within the Xen VMM Guest must be able to accept packets as � VBD appear to the guest OS much like � they arrive SCSI disks A number of packets are provided by the VMM � in exchange for a free page frame offered by the Translation tables for each disk are � VM maintained in the VMM CS 614 - Advanced Systems - Fall '05 CS 614 - Advanced Systems - Fall '05 CS 614 - Advanced Systems - Fall '05 5
Recommend
More recommend
