xen and the art of virtualizationweb.cecs.pdx.edu/~walpole/class/cs533/fall2013/slides/13b.pdf ·...
TRANSCRIPT
CS533 - Concepts of Operating Systems
Fall 2013
1
Xen and the Art of Virtualization Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt & Andrew Warfield
Presented by Anthony So
November, 13 2013
CS533 - Concepts of Operating Systems
Fall 2013
2
Presentation Overview
Introduction
Xen approach o Overview
o Implementation
o Evaluation
Summary
CS533 - Concepts of Operating Systems
Fall 2013
3
Introduction
CS533 - Concepts of Operating Systems
Fall 2013
4
Monolithic kernel
Hardware (CPU, Physical Memory, Storage, I/O, … etc)
Privilege
Non-Privilege
File System
Virtual Memory
IPC Scheduler Device Driver
User Apps
CS533 - Concepts of Operating Systems
Fall 2013
5
VM/Domain
Virtualization
Hardware (CPU, Physical Memory, Storage, I/O, … etc)
Privilege
Non-Privilege
File System
Virtual Memory
IPC Scheduler Device Driver
User Apps
VMM (Virtual CPU, Virtual Physical Memory, Virtual Network, Virtual Block Device … etc)
CS533 - Concepts of Operating Systems
Fall 2013
6
Non, Full, and Para-Virtualization
Hardware
OS VMM VMM
OS Modified OS
User Apps
Privilege
Non-Privilege
Non Full Para
User Apps User Apps
Hardware Hardware
CS533 - Concepts of Operating Systems
Fall 2013
7
Xen - Overview
CS533 - Concepts of Operating Systems
Fall 2013
8
Xen Architecture Overview
CS533 - Concepts of Operating Systems
Fall 2013
9
Control Transfer
Synchronous calls from a domain to Xen may be made using a hypercall
Notification are delivered to domains from Xen using an asynchronous event mechanism
Domain
VMM
Synchronous Hypercall
Asynchronous Event
CS533 - Concepts of Operating Systems
Fall 2013
10
Xen – Implementation
CS533 - Concepts of Operating Systems
Fall 2013
11
CPU – Privilege Instruction
Hardware
OS VMM VMM
OS Modified OS
User Apps
Privilege
Non-Privilege
Non Full Para
User Apps User Apps
Hardware Hardware
How x86 architecture handles privileged instructions?
CS533 - Concepts of Operating Systems
Fall 2013
12
Memory Management
Tagged TLB vs No Tagged TLB Tagged TLB is ideal for virtualization because each
TLB entry associated with an address-space identifier to allows hypervisor and guest OS entries to coexist even with context switch, thus, avoid complete TLB flush.
x86 – No Tagged TLB and must flush after a context switch.
Xen exists in a 64MB section a the top of every address space, thus avoiding a TLB flush when entering and leaving the hypervisor.
CS533 - Concepts of Operating Systems
Fall 2013
13
Memory Management
S/W managed vs H/W managed TLB
x86 uses H/W managed TLB. Therefore, TLB management and handling TLB faults are done entirely by the MMU hardware.
S/W managed TLB is ideal for virtualization because TLB misses are serviced by the OS.
CS533 - Concepts of Operating Systems
Fall 2013
14
Memory Management
Xen register guest OS page tables directly with the MMU but restricted guest OS to read-only access.
Page Table updates are passed to Xen via hypercall.
Request are validated before being applied. o Type: writable, page table … etc.
o Reference count: Must be 0 to switch task type.
To minimize hypercall, guest OS locally queue updates before applying an entire batch with a single hypercall.
CS533 - Concepts of Operating Systems
Fall 2013
15
Pmap
Machine
To
Physical
Shadow
Page
Table
Machine
To
Virtual
Guest
Page
Table
Physical
To
Virtual
Shadow Page Table.
Memory Management
Guest OS wants to update page table
VMM lookup the real address in memory and update the table
Guest OS wants to update page table
VMM lookup the real address in memory and update the table
CS533 - Concepts of Operating Systems
Fall 2013
16
Page
Table
Machine
To
Virtual
Xen
Memory Management
Guest OS has direct read access to page table
Read
Guest OS want to update page table
Hypercall VMM do the update on behave of guest OS
Write
CS533 - Concepts of Operating Systems
Fall 2013
17
Memory Management
Balloon Driver is a mechanism to adjust a domain’s memory usage.
[3]
CS533 - Concepts of Operating Systems
Fall 2013
18
Exception / System Calls / Interrupt
Exception: A table describing the handler for each type of exception is registered with Xen for validation. The handler are identical to real x86 hardware (except page faults).
System Calls: Xen allows each guest OS to register & install a fast handler to enable direct calls from user apps into its guest OS and avoid routing through Xen on every calls.
Interrupt: Hardware interrupts are replaced with a lightweight event system.
CS533 - Concepts of Operating Systems
Fall 2013
19
Time and Timers
Xen provides guest OS the following notion of time:
Real Time: o Time that is maintained continuously since machine boot.
Virtual Time: o Time that a particular domain has executed. It will not
advance if the domain is not executing.
Wall-Clock Time: o Current Real Time + an offset.
CS533 - Concepts of Operating Systems
Fall 2013
20
I/O Ring
An asynchronous I/O rings is used for data transfer between Xen and guest OS. (Circular queue)
Guest OS Xen
CS533 - Concepts of Operating Systems
Fall 2013
21
Network
Xen provides the following abstraction:
Virtual firewall-router (VFR)
Virtual network interfaces (VIF) – Like a modem network interface card
Two I/O rings: transmit and receive.
Round-Robin packet scheduler.
Page flipping: require guest OS to exchange an unused page frame for each packet it receives to avoid copying between Xen and the guest OS (but require page-alignment).
CS533 - Concepts of Operating Systems
Fall 2013
22
Disk
Domain0 has unchecked access to physical disks.
All other domains access persistent storage through Virtual block device (VBD).
Domain0 manages VBDs.
Ownership and access control information are accessed via the I/O ring.
Round-round scheduler.
Batching of requests for better access performance.
CS533 - Concepts of Operating Systems
Fall 2013
23
Xen - Evaluation
CS533 - Concepts of Operating Systems
Fall 2013
24
Hardware
Dell 2650 dual processor 2.4GHz Xeon server
2GB RAM
Broadcom Tigon 3 Gigabit Ethernet NIC
Hitachi DK32EJ 146GB 10k RPM SCSI disk
Linux version 2.4.21
RedHat 7.2
CS533 - Concepts of Operating Systems
Fall 2013
25
Virtualization Comparison
Native Linux o Compiled for i686
XenoLinux o Compiled for Xeno-i686 for Xen
VMware Workstation o Compiled for i686
User-mode Linux (UML) o Compiled for um for UML
CS533 - Concepts of Operating Systems
Fall 2013
26
Relative Performance
Computation Intensive: Processor & memory w/ minimal I/O or O/S
Compiling kernel: I/O, scheduler, memory management
Database: Sync. Disk operation
File Server:
Web server:
CS533 - Concepts of Operating Systems
Fall 2013
27
Concurrent
Higher overhead from single domain is due to lack of support to SMP guest OS
CS533 - Concepts of Operating Systems
Fall 2013
28
Conclusion
Xen is a paravirtualization
Xen exposes an hypercall interface to Guest OS. Guest OS use it to communicate with Xen to do privileged instructions.
As a result, Xen can not use unmodified guest OS.
Performance is comparable to native Linux.
CS533 - Concepts of Operating Systems
Fall 2013
29
Learn More
The Xen Project at www.xenproject.org