Xen and the art of the virtualization Tao

Xen and the art of the virtualization Tao Yang CS 708 19/04/07

Acknowledge Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, Andrew Warfield. Xen and the art of the virtualization. 2003 ACM Symposium on Operating Systems Principles (SOSP) http: //www. cl. cam. ac. uk/research/srg/netos/papers/2003 -xensosp. pdf n A. Whitaker, M. Shaw, and S. D. Gribble. Scale and performance in the Denali isolation kernel. In Proceedings of the 5 th Symposium on Operating System Principles(OSDI 2002), ACM Operating Systems Review, Winter 2002 Special Issue http: //denali. cs. washington. edu/pubs/distpubs/papers/denali_osdi. pdf Bryan Clark, Todd Deshane, Eli Dow, Stephen Evanchik, Matthew Finlayson, Jason Herne, Jeanna Neefe Matthews. Xen and the Art of Repeated Research. USENIX 2004 Annual technical conference http: //www. usenix. org/events/usenix 04/tech/freenix/full_papers/clark. pdf

Outline n n Overview of virtualization Xen and its architecture design Evaluate and Performance Future work

Overview n What is virtualization and Why we need that n Full virtualization vs. Paravirtualization

A broad definition n It is a abroad term that refer to abstraction of computer resource. n Hide the physical resource from the applications, systems and end users interact with those resource. ---A middle layer can solve most of problems

Why we need virtualization Here are some examples to show the advantage of virtualization n To consolidate multiple operating system to run on a single server n Normalize hardware accessed by the operating system n Isolate misbehaving applications n Migrate running OS instance from one server to another server

Full virtualization vs. Paravirtualization n There are many ways of Implement virtualization, the leading ways are full virtualization and paravirtualization

Full virtualization n Full virtualization provide a total abstraction for the underlying hardware Pros: Guest operating system don’t need any modification and execute on VM just as it would on physical machine. Completely decoupling the software from hardware helps to provide complete isolation of applications Cons: Not good performance. VM monitor have to provide an image of entire system, include virtual BIOS, virtual memory space, virtual devices. Not supported by IA-32, or x 86, architecture.

Paravitualization n Abstraction of the hardware provided by the paravitualization is similar but not identical to the underlying physical hardware n Pros: near native performance n Cons: Modification of Guest operating System is required. Operating System need to port and run on top of virtual machine monitor

Xen and its architecture n Structure of Xen and Xen’s paravirtulization interface n Xen paravirtualization interface n Memory management (software managed TLB) n CPU (privilege rings, Exception, and Events ) n Device I/O (I/O rings)

Structure of Xen n n The initial domain, Domain 0, is responsible for hosting the application-level management software. The control interface provides the ability to create and terminate other domains and to control their associated scheduling parameters, physical memory allocations and the access they are given to the machine’s physical disks and network device.

Xen paravirtulization interface

Software managed TLB(1) n TLB(Translation Lookaside Buffer) a cache to improve the speed of virtual address translation. n A tagged TLB is a useful feature supported by most server-class RISC architecture. Associating an addressspace identifier tag with each TLB entry alls the hypervisor and each guest OS to efficiently coexist in separate address spaces because there is no need to flush the entire TLB when transferring executing.

Software managed TLB(2) n Xen try to introduce a mechanism which is similar to tagged TLB to avoid the frequent flush n Guest OSes are responsible for allocating and managing the hardware page tables; Xen exists in a 64 MB section at the top of every address space, thus avoiding a TLB flush when entering and leaving the hypervisor

CPU(privilege ring &hypercall) n n In order to protect from guest OS misbehavior, hypervisor should be run in high privilege level, guest OS should be modified to run at a lower privilege level. Many processor architect only provide two privilege levels, that means the OS will share the lower privilege level with applications. The OS would then protect itself by running in a separate address space.

Privilege rings n n Efficient virtualization of privilege level is possible on X 86 because it supports four distinct privilege levels in hardware, in terms of rings. Domain 0 and other modified Guest OS would run on ring 1, Xen will run on ring 0. Ring 3 is reserved for applications.

Exceptions n A table describing the handler for each type of exception is registered with Xen validation. n The handler specified in the table are generally identical to those for real x 86 hardware. n A ‘fast’ exception handler which is accessed directly by the processor is pre-validated by Xen.

Control transfer: Hypercalls and Events n Two mechanisms exist for control interactions between Xen and an overlying domain: n n Hypercall: synchronous calls form a domain to Xen Asynchronous event mechanism: form xen to a domain

Device I/O n I/O data is transferred to and from each domain via Xen using shared-memory, asynchronous buffer descriptor rings

Asynchronous I/O rings n Descriptors do not directly contain I/O data; instead , I/O data buffers are allocated by the guest OS and indirectly referenced by I/O descriptor. Any question about the ring?

Evaluate & Performance n As an x 86 virtual machine monitor which allows multiple commodity operating systems to share conventional hardware, Xen has ported many operating systems, Linux BSD and Windows XP with minimal effort.

The cost of Porting an OS to Xen n n Some data of Xp is not present because they are still in process when the paper is published, Xp required surprising mount of modification in Architecture – independent, because it uses a variety of Page-table Entry(PTE) Each page table should be modified

Relative benchmark n n SPEC CPU: contains a series of long –running computationally-intensive applications intended to measure the performance of system’s processor, memory system, and compiler quality. OSDB: Open Source Database Benchmark suite(OSDB) n n n IR : Multiple-user information Retrieval and On-Line transaction Processing (OLTP) dbench: file system benchmark Spec 99: application-level benchmark for evaluating web servers and the systems that host them.

Relative performance

Conclusion n The virtualization approach taken by Xen is highly efficient. n However, Xen can not host 100 vm instances simultaneously, which is declared at the beginning the paper, and some related work can be referred to Xen and the art of repeated research paper

Future work n n Add universal buffer cache indexed on block contents. Xeno. Server project. This paper is published 2003 just after the Xen 1. 0 released. By now, these future work have been completed!