KVM Virtualization Technology

RPM Brotherhood: KVM VIRTUALIZATION TECHNOLOGY

Syamsul Anuar Abd Nasir Fedora Ambassador Malaysia 

ABOUT ME ●

Technical Consultant for Warix Technologies  www.warix.my

• Warix is a Red Hat partner • Offers the services and solutions on building private cloud / Virtualization based on Red Hat Enterprise Virtualization and KVM • Fedora Ambassador Malaysia

INTRODUCTION Ability to run multiple Operating System (Windows, Linux, UNIX etc) on one single physical machine Decoupling software and applications from single hardware

VIRTUALIZATION VOCABULARIES • VM: Virtual Machine • Hypervisor / VMM : Virtual Machine Monitor or simple term, OS for the VM Guests • Guest OS: The OS that is run within a virtual machine • Host OS: The OS that runs on the computer system • Paravirtualized Guest: The guest OS that is modified to have knowledge of a VMM. Mostly Xen • Full Virtualization: The guest OS is run unmodified in this environment

TYPES OF HYPERVISOR • TYPE 1 : Native or baremetal hypervisor that runs directly on host hardware. E.g. Xen and KVM • TYPE 2 : Hypervisor software running on top OS. E.g. Virtualbox

• Containers: User Space server Virtualization method where kernel and OS allows multiple solated instances of them running. Eg. FreeBSD Jails, Solaris Zone, OpenVZ, FreeVPS, and Linux Vserver

HARDWARE ASSISTED VIRT CPU Vendors extending x86 architecture • Adding CPU features to support virtualization • Feature added ~2006 available in o Intel – VT (Xeon, Core Duo and Core 2 Duo) o AMD – AMD-V (Opteron, Athlon and Phenom) 1st Generation • Offloads “Ring compression” to CPU • Effectively provides new privilege level • Hypervisor no longer scan and rewrite kernel code • CPU provides 'hooks' or 'traps' for privileged instructions

HARDWARE ASSISTED VIRT 2nd Generation • Memory Management o Offloads memory page table management to CPU & Chipset o Provides significant performance improvement • Intel - Extended Page Tables (EPT) o Available in Nehalem class Xeon • AMD : Rapid Virtualization Indexing (RVI) o was called NPT (Nested Page Tables) o Available in quad core Opterons

THE KVM VIRTUALIZATION • KVM – the Kernel-based Virtual Machine – is a Linux kernel module that turns Linux into a hypervisor • Tightly integrated into Linux and upstream since kernel 2.6.20 (January 2007) • Requires hardware virtualization extensions (Intel VMX and AMD SVM) • Offload most work to CPU & chip and NO binary translation (So its faster) • Leveraging all the capabilities of the Linux kernel  without breaking any compatability issue • Cool features - memory and storage overcommit (among others)

BENEFITS OF KVM MODEL • Leverage is the name of the game o Linux – no need to re-invent the wheel o Built on trusted, stable enterprise grade platform o Ease of management – use same tools for managing physical servers and hypervisors • Advanced features o Inherit scalability, NUMA support, power management, hot-plug etc o others have to develop from scratch o SELinux security, S-Virt, Advanced scheduler, RAS support (Intel Nehalem EX enablement)

KVM AS HYPERVISOR

KVM FEATURES MEMORY OVERCOMMIT Kernel Same-Page Merging (KSM) 



Memory Page Sharing Securely shares identical memory pages between virtual machine

KVM FEATURES STORAGE OVERCOMMIT Thin Provisioning Allocate storage only when needed Oversubscribe storage Transparent to virtual machine Improve Storage Utilization Reduced Storage Costs Works with NFS, iSCSI and Fiber Channel Storage reporting and alerting

KVM FEATURES SECURITY Security 

Inherits security features of Linux



Includes support for SELinux



Provides protection & isolation for virtual machines processes & host



Compromised virtual machine isolation

sVirt Project 

Sub-project of NSA's SELinux community



Provides “hardened” hypervisors



Contain any hypervisor breaches

KVM FEATURES VIRTIO Performance 

Open Source Paravirtualized accelerated drivers for Linux Kernel Virtualization



Improve performance for Full Hardware Virtualization



Virtualization disk, NIC etc



Collaboration between Red Hat and IBM



Not specific to KVM

SOME KVM BENCHMARK (Iperf in KVM)

SUMMARY OF RESULTS









One should use Virtio in favor of VT-d pass-through, or emulated Network Driver Emulated NICs are much slower than Virtio or VT-d The MAX bandwidth of Virtio connecting to a remote is very close to VT-d or Native Using Virtio to connect to Dom0 is much faster than using VT-d (since in our setup VT-d is a second NIC)

Source : http://vmstudy.blogspot.com/2010/04/network-speed-test-iperfin-kvm-virtio.html

OTHER TECHNOLOGIES AROUND KVM 

Libguestfs - libguestfs is a set of tools which you can use to examine and modify virtual machine images from outside (ie. from the host)



NetCF - a library for configuring network interfaces.



Deltacloud – An API that abstract the differences between clouds.







QCOW2 - qcow2 is the native disk image file format of qemu. It supports “copy-on-write” feature. Cgroups - an upstream kernel feature that allows system resources to be partitioned/divided up amongst different processes, or a group of processes. Condor - develop, implement, deploy, and evaluate mechanisms and policies that support High Throughput Computing (HTC) on large collections of distributively owned computing resources.

THANK YOU ANY QUESTION ?