Xen and the Art of Virtualization

1
Xen and the Art of Virtualization
Paul Barham, Boris Dragovic, Keir Fraser, Steven
Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian
Pratt, Andrew Warfield University of Cambridge
Computer Laboratory Presented by Andrew Boie
2
Overview

• What is the problem
• Virtual Machines
• Xen
• Related Work
• Denali
• VMWare
• User-Mode Linux
• Design Goals
• Implementation
• Memory Management
• CPU
• Device I/O
• Evaluation
• Conclusions

3
What is the Problem

• Many systems exist to subdivide the resources of
  a computer
• Some have 100 binary compatibility, but are slow
• Others sacrifice security or functionality for
  speed
• Few offer resource isolation or performance
  guarantees
• Xen
• Allows multiple commodity operating systems to
  share conventional hardware
• Design target run 100 virtual machine instances
  on a modern server
• Does not sacrifice performance or functionality
• Applications for Xen
• Server consolidation
• Co-located hosting facilities
• Distributed web services
• Secure computing platforms

4
Related Work

• Denali
• Designed to support thousands of virtual machines
  running network services
• Does not target existing ABIs
• Only one process per VM
• Lack of performance isolation thrashing
• VMWare ESX Server
• Full virtualization
• No modifications to OS
• Must trap all privileged instructions high
  performance cost
• User-Mode Linux
• Run an instance of Linux as a user mode process
  on a Linux host
• Substantial overhead

5
Design Goals

• Support for unmodified application binaries
• Otherwise users will not transition to Xen
• Requires virtualizing all features required by
  existing ABIs
• Support full multi-application operating systems
• Allows complex server configurations inside a
  single OS instance
• Paravirtualization
• Does not require shadow page tables
• Requires modification of guest OS
• High performance, strong resource isolation
• Necessary on architectures such as x86 to meet
  design goals
• Hiding effects of resource virtualization from
  guest OSes can risk both correctness and
  performance

6
Control and Management

• Structure

7
Control and Management (Contd)

• Domain created at boot time which runs the
  application-level management software
• Only Domain 0 may use the Xen control interface
• Create and terminate other domains
• Scheduling parameters
• Access to disks and network devices
• Creation of virtual network interfaces and block
  devices
• Hypercalls
• Synchronous calls from a guest OS to the Xen
  hypervisor
• Update page tables
• Events
• Virtual IRQs
• Data received on network
• Disk request completion
• Guest OS may defer event handling by setting a
  flag

8
Memory Management

• Page Tables
• Guest OS allocates page tables from its own
  memory pool
• Page table is registered with Xen, and Guest OS
  loses direct write privileges
• All page table updates must be validated by Xen
  via hypercalls
• Guest OS may batch update requests to increase
  speed
• Xen exists in the first 64MB of every address
  space, to avoid TLB flush when entering
  hypervisor
• Initial memory allocation for domain specified at
  time of creation
• Domains may adjust their reservation by making
  calls to Xen

9
CPU

• Guest OS no longer the most priviledged entity in
  system must be modified to run at a lower
  privilege level
• On x86, 4 convenient privilege levels
• Xen in Ring 0
• Guest OS in Ring 1
• User code in Ring 3
• Privileged CPU instructions must be validated and
  executed within Xen
• Guest OS registers exception handlers with Xen
• Xen traps exceptions, copies exception stack to
  Guest OS, and returns control to OS-registered
  handler

10
CPU (Contd)

• Common Exceptions
• System calls usually implemented by software
  exception Xen allows guest OS to register a
  fast exception handler without needing to
  indirect via Ring 0
• Page faults require reading privileged CPU
  register copied by Xen so that it can be
  accessed by Ring 1
• Scheduling
• Borrowed Virtual Time (BVT) scheduling
• Temporarily violates fair sharing to favor
  recently woken domains
• Useful for TCP, which relies on timely delivery
  of acknowledgements to estimate round-trip times
• Other scheduling algorithms can easily be added
  over generic scheduler abstraction

11
Device I/O - Buffer descriptor rings
12
Device I/O (Contd)

• Xen supports event delivery mechanism for sending
  asynchronous notifications to domains, similar to
  hardware IRQ
• Network
• Virtual Firewall-router provided by Xen, with
  each domain having one or more virtual network
  devices
• Each VIF has two I/O rings, for send and receive
• Disk
• Domain 0 has complete access to physical disks
• All other domains use Virtual Block Device (VBD)
  abstraction
• VBDs created and managed within Domain 0
• Human I/O
• Xen paper does not elaborate how KVM are shared,
  if at all

13
Evaluation

• SPEC INT2000
• Long running CPU-bound applications
• Test CPU, Memory, and compiler
• Build Linux kernel
• OSDB-IR
• Multi-user information retrieval from PostgreSQL
• Considerable load on OS
• OSDB-OLTP
• Online Transaction Processing
• Many synchronous disk operations
• Dbench
• File system benchmark
• SPEC WEB99
• Web Server Benchmark
• Dynamic content generation, HTTP POST, CGI
• Test file system, network, web server performance

14
Evaluation -
15
Evaluation - OS Performance

• Lmbench
• OS Benchmarks
• System call execution time
• Context switch time
• File and VM system latency

16
Evaluation - Network

• Examine TCP performance over Gigabit LAN
• Ttcp benchmark

17
Evaluation - Concurrency

• SPEC WEB99 for 1, 2, 4, 8, 16 concurrent web
  servers

18
Conclusions

• Excellent platform for deploying a wide variety
  of network-centric services
• Facilitates creation of transient servers for
  short period of time and low instantiation costs
• Performance of XenoLinux on Xen is practically
  equivalent to baseline Linux system
• No appreciable cost for resource management
  facilities