Xen and the art of the virtualization

Tao Yang

CS708 19/04/07

Acknowledge

Paul Barham, Boris Dragovic, Keir Fraser,Steven Hand,Tim Harris,Alex Ho,Rolf Neugebauer,Ian Pratt,Andrew Warfield.

Xen and the art of the virtualization. 2003ACM Symposium on Operating Systems Principles (SOSP)

http://www.cl.cam.ac.uk/research/srg/netos/papers/2003-xensosp.pdf

A.Whitaker,M.Shaw,and S.D.Gribble. Scale and performance in the Denali isolation kernel.In Proceedings of the 5th Symposium on Operating System Principles(OSDI 2002),ACM Operating Systems Review, Winter 2002 Special Issue

http://denali.cs.washington.edu/pubs/distpubs/papers/denali_osdi.pdf Bryan Clark,Todd Deshane,Eli Dow, Stephen Evanchik,Matthew

Finlayson,Jason Herne,Jeanna Neefe Matthews. Xen and the Art of Repeated Research. USENIX 2004 Annual technical conference

http://www.usenix.org/events/usenix04/tech/freenix/full_papers/clark/clark.pdf

Outline

Overview of virtualization Xen and its architecture design Evaluate and Performance Future work

Overview

What is virtualization and Why we need that

Full virtualization vs. Paravirtualization

A broad definition

It is a abroad term that refer to abstraction of computer resource.

Hide the physical resource from the applications, systems and end users interact with those resource.

---A middle layer can solve most of problems

Why we need virtualization

Here are some examples to show the advantage of virtualization

To consolidate multiple operating system to run on a single server

Normalize hardware accessed by the operating system Isolate misbehaving applications Migrate running OS instance from one server to another

server

Full virtualization vs. Paravirtualization

There are many ways of Implement virtualization, the leading ways are full virtualization and paravirtualization

Full virtualization

Full virtualization provide a total abstraction for the underlying hardware

Pros: Guest operating system don’t need any modification and

execute on VM just as it would on physical machine. Completely decoupling the software from hardware helps to provide complete isolation of applications Cons: Not good performance. VM monitor have to provide an

image of entire system, include virtual BIOS, virtual memory space, virtual devices.

Not supported by IA-32,or x86, architecture.

Paravitualization

Abstraction of the hardware provided by the paravitualization is similar but not identical to the underlying physical hardware

Pros:near native performance

Cons:Modification of Guest operating System is required. Operating System need to port and run on top of virtual machine monitor

Xen and its architecture

Structure of Xen and Xen’s paravirtulization interface

Xen paravirtualization interface Memory management (software managed TLB) CPU (privilege rings, Exception, and Events ) Device I/O (I/O rings)

Structure of Xen

The initial domain,Domain 0,is responsible for hosting the application-level management software.

The control interface provides the ability to create and terminate other domains and to control their associated scheduling parameters,physical memory allocations and the access they are given to the machine’s physical disks and network device.

Xen paravirtulization interface

Software managed TLB(1)

TLB(Translation Lookaside Buffer) a cache to improve the speed of virtual address translation.

A tagged TLB is a useful feature supported by most server-class RISC architecture.Associating an address-space identifier tag with each TLB entry alls the hypervisor and each guest OS to efficiently coexist in separate address spaces because there is no need to flush the entire TLB when transferring executing.

Software managed TLB(2)

Xen try to introduce a mechanism which is similar to tagged TLB to avoid the frequent flush

Guest OSes are responsible for allocating and managing the hardware page tables; Xen exists in a 64MB section at the top of every address space, thus avoiding a TLB flush when entering and leaving the hypervisor

CPU(privilege ring &hypercall)

In order to protect from guest OS misbehavior,hypervisor should be run in high privilege level,guest OS should be modified to run at a lower privilege level.

Many processor architect only provide two privilege levels,that means the OS will share the lower privilege level with applications.The OS would then protect itself by running in a separate address space.

Privilege rings

Efficient virtualization of privilege level is possible on X86 because it supports four distinct privilege levels in hardware,in terms of rings.

Domain 0 and other modified Guest OS would run on ring1,Xen will run on ring 0. Ring 3 is reserved for applications.

Exceptions

A table describing the handler for each type of exception is registered with Xen validation.

The handler specified in the table are generally identical to those for real x86 hardware.

A ‘fast’ exception handler which is accessed directly by the processor is pre-validated by Xen .

Control transfer:Hypercalls and Events

Two mechanisms exist for control interactions between Xen and an overlying domain: Hypercall: synchronous calls form a domain

to Xen Asynchronous event mechanism: form xen to

a domain

Device I/O

I/O data is transferred to and from each domain via Xen using shared-memory, asynchronous buffer descriptor rings

Asynchronous I/O rings

Descriptors do not directly contain I/O data;instead ,I/O data buffers are allocated by the guest OS and indirectly referenced by I/O descriptor.

Any question about the ring?

Evaluate & Performance

As an x86 virtual machine monitor which allows multiple commodity operating systems to share conventional hardware,Xen has ported many operating systems,Linux BSD and Windows XP with minimal effort.

The cost of Porting an OS to Xen

Some data of Xp is not present because they are still in process when the paper is published,Xp required surprising mount of modification in Architecture –independent, because it uses a variety of Page-table Entry(PTE)

Each page table should be modified separately

Relative benchmark

SPEC CPU: contains a series of long –running computationally-intensive applications intended to measure the performance of system’s processor,memory system, and compiler quality.

OSDB: Open Source Database Benchmark suite(OSDB) IR : Multiple-user information Retrieval and On-Line transaction

Processing (OLTP)

dbench: file system benchmark Spec 99:application-level benchmark for evaluating web

servers and the systems that host them.

Relative performance

Conclusion

The virtualization approach taken by Xen is highly efficient.

However, Xen can not host 100 vm instances simultaneously, which is declared at the beginning the paper, and some related work can be referred to Xen and the art of repeated research paper

Future work

Add universal buffer cache indexed on block contents. XenoServer project.

This paper is published 2003 just after the Xen 1.0 released. By now,these future work have been completed!