Downloaded 191 times
Uploaded byThe Linux Foundation
LF Collaboration Summit: Xen Project 4 4 Features and Futures
The document discusses the release of Xen Project 4.4, highlighting its features, architectures, and enhancements after 8 months of development. Key advancements include improved support for nested virtualization, a new pvh mode for efficiency, and better integration with modern storage systems, among others. Additionally, it outlines future directions for Xen, including enhanced support for cloud operating systems, automotive applications, and further development of virtualization capabilities.
More Related Content
Similar to LF Collaboration Summit: Xen Project 4 4 Features and Futures
![XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems](https://cdn.slidesharecdn.com/ss_thumbnails/xendevsummit2019-babchuk-op-tee-190812095541-thumbnail.jpg?width=640&height=640&fit=bounds)
LF Collaboration Summit: Xen Project 4 4 Features and Futures
- 1. Russell Pavlicek Xen ProjectEvangelist Citrix Systems Xen Project 4.4: Features and Futures
- 2. About This Release •Xen Project 4.4.0 was released on March 10, 2014. • This release is the work of 8 months of development, with 1193 changesets. • Xen Project 4.4 is our first release made with an attempt at a 6-month development cycle. – Between Christmas, and a few important blockers, we missed that by about 6 weeks; but still not too bad overall.
- 3. Xen Project 101:Basics
- 4. Hypervisor Architectures Type 1:Bare metal Hypervisor A pure Hypervisor that runs directly on the hardware and hosts Guest OS’s. Provides partition isolation + reliability, higher security Provides partition isolation + reliability, higher security Host HWHost HW Memory CPUsI/O HypervisorHypervisor SchedulerScheduler MMUMMUDevice Drivers/ModelsDevice Drivers/Models VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps
- 5. Hypervisor Architectures Type 1:Bare metal Hypervisor A pure Hypervisor that runs directly on the hardware and hosts Guest OS’s. Type 2: OS ‘Hosted’ A Hypervisor that runs within a Host OS and hosts Guest OS’s inside of it, using the host OS services to provide the virtual environment. Provides partition isolation + reliability, higher security Provides partition isolation + reliability, higher security Low cost, no additional drivers Ease of use & installation Low cost, no additional drivers Ease of use & installation Host HWHost HW Memory CPUsI/O Host HWHost HW Memory CPUsI/O HypervisorHypervisor SchedulerScheduler MMUMMUDevice Drivers/ModelsDevice Drivers/Models VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Host OSHost OS Device DriversDevice Drivers Ring-0 VM Monitor “Kernel “ Ring-0 VM Monitor “Kernel “ VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps User Apps User Apps User-level VMMUser-level VMM Device ModelsDevice Models
- 6. Xen Project: Type1 with a Twist Type 1: Bare metal Hypervisor Host HWHost HW Memory CPUsI/O HypervisorHypervisor SchedulerScheduler MMUMMUDevice Drivers/ModelsDevice Drivers/Models VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps
- 7. Xen Project: Type1 with a Twist Type 1: Bare metal Hypervisor Host HWHost HW Memory CPUsI/O HypervisorHypervisor SchedulerScheduler MMUMMUDevice Drivers/ModelsDevice Drivers/Models VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Host HWHost HW Memory CPUsI/O HypervisorHypervisor VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Xen Project Architecture SchedulerScheduler MMUMMU
- 8. Xen Project: Type1 with a Twist Type 1: Bare metal Hypervisor Host HWHost HW Memory CPUsI/O HypervisorHypervisor SchedulerScheduler MMUMMUDevice Drivers/ModelsDevice Drivers/Models VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Host HWHost HW Memory CPUsI/O HypervisorHypervisor VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Xen Project Architecture SchedulerScheduler MMUMMU Control domain (dom0) Control domain (dom0) DriversDrivers Device ModelsDevice Models Linux & BSDLinux & BSD
- 9. Basic Xen ProjectConcepts 9 Control domain (dom0) Control domain (dom0) Host HWHost HW VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Memory CPUsI/O Console Interface to the outside world • Control Domain aka Dom0 • Dom0 kernel with drivers Xen Management Toolstack • Guest Domains • Your apps • Driver/Stub/Service Domain(s) A “driver, device model or control service in a box” De-privileged and isolated Lifetime: start, stop, kill Dom0 KernelDom0 Kernel HypervisorHypervisorSchedulerScheduler MMUMMU XSMXSM Trusted Computing Base
- 10. Basic Xen ProjectConcepts: Toolstack+ 10 Control domain (dom0) Control domain (dom0) Host HWHost HW VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Console Memory CPUsI/O Dom0 KernelDom0 Kernel ToolstackToolstack HypervisorHypervisorSchedulerScheduler MMUMMU XSMXSM Console • Interface to the outside world • Control Domain aka Dom0 • Dom0 kernel with drivers • Xen Management Toolstack • Guest Domains • Your apps • Driver/Stub/Service Domain(s) A “driver, device model or control service in a box” De-privileged and isolated Lifetime: start, stop, kill Trusted Computing Base
- 11. Basic Xen ProjectConcepts: Disaggregation 11 Control domain (dom0) Control domain (dom0) Host HWHost HW VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Console Memory CPUsI/O One or more driver, stub or service domains One or more driver, stub or service domains Dom0 KernelDom0 Kernel ToolstackToolstack HypervisorHypervisorSchedulerScheduler MMUMMU XSMXSM Console • Interface to the outside world • Control Domain aka Dom0 • Dom0 kernel with drivers • Xen Management Toolstack • Guest Domains • Your apps • Driver/Stub/Service Domain(s) • A “driver, device model or control service in a box” • De-privileged and isolated • Lifetime: start, stop, kill Trusted Computing Base
- 12. Xen Project 4.4Features
- 13. • PVH modecombines the best elements of HVM and PV – PVH takes advantage of many of the hardware virtualization features that exist in contemporary hardware • Potential for significantly increased efficiency and performance • Reduced implementation footprint in Linux,FreeBSD • Enable with "pvh=1" in your config Experimental PVH Guest Support
- 14. Xen Project VirtualizationVocabulary • PV – Paravirtualization – Hypervisor provides API used by the OS of the Guest VM – Guest OS needs to be modified to provide the API • HVM – Hardware-assisted Virtual Machine – Uses CPU VM extensions to handle Guest requests – No modifications to Guest OS – But CPU must provide the VM extensions • FV – Full Virtualization (Another name for HVM)
- 15. Xen Project VirtualizationVocabulary • PVHVM – PV drivers on HVM – Allows H/W virtualized guests to use PV disk and I/O drivers – Provides HVM drivers which employ PV backend – No modifications to guest OS – Better performance than straight HVM • PVH – PV in HVM Container (New in 4.4) – Almost fully PV – Uses HW extensions to eliminate PV MMU – Possibly best mode for CPUs with virtual H/W extensions
- 16. The Virtualization Spectrum VHVirtualized (HW) P Paravirtualized VS Virtualized (SW) HVM mode/domain PV mode/domain Disk and Network Interrupts,Tim ers Em ulated Motherboard, Legacy boot Privileged Instructions and page tables in 4.4
- 17. The Virtualization Spectrum Scopefor improvement Poor performance Optimal performance HVM mode/domain Disk and Network Interrupts,Tim ers Em ulated Motherboard, Legacy boot Privileged Instructions and page tables in 4.4 PV mode/domain
- 18. Mirage OS • Inthe next-gen cloud, small and modular is key – Some claim that Containers (e.g., Docker) are the future; hypervisors are dead – But Cloud Operating Systems (aka Library Operating Systems, Unikernels, etc.) can create tiny VMs with all the security of hypervisors while reducing the VM attack surface
- 19. Mirage OS (2) •Xen Project continues to lead the way in Cloud Operating Systems – Mirage OS V2.0 released in July 2014 – Creates lightweight VM appliances, many 1 MB or less in size – Openmirage.org is self-hosted Mirage-based application – Opens the door to 1000's of VMs per host – Plus, we support many other Cloud OS's as well
- 20. • Event channelsare paravirtualized interrupts • Previously limited to either 1024 or 4096 channels per domain – Domain 0 needs several event channels for each guest VM (for network/disk backends, qemu etc.) – Practical limit of total number of VMs to around 300-500 (depending on VM configuration) Improved Event Channel Scalability
- 21. • New FIFO-basedevent channel ABI allows for over 100,000 event channels – Improve fairness – Allows for multiple priorities – The increased limit allows for more VMs, which benefits large systems and cloud operating systems such as Mirage OS, LING (formerly ErlangOnXen), OSv, HalVM – Also useful for VDI applications Improved Event Channel Scalability (2)
- 22. • Linux driverdomains used to rely on udev events in order to launch backends for guests – Dependency on udev is replaced with a custom daemon built on top of libxl – Now feature complete and consistent between Linux and non-Linux guests – Provides greater flexibility in order to run user-space backends inside of driver domains – Example of capability: driver domains can now use Qdisk backends, which was not possible with udev Improved Disk Driver Domains
- 23. • SPICE isa protocol for virtual desktops which allows a much richer connection than display-only protocols like VNC • Added support for additional SPICE functionality, including: – Vdagent – clipboard sharing – USB redirection Improved Support for SPICE
- 24. • In thepast, Xen Project software required a custom implementation of GRUB called pvgrub • The upstream GRUB 2 project now has a build target which will construct a bootable PV Xen Project image – This ensures 100% GRUB 2 compatibility for pvgrub going forward – Delivered in GRUB 2 release v2.02 GRUB 2 Support of Xen Project PV Images
- 25. • Modern storagedevices work much better with larger chunks of data • Indirect descriptors have allowed the size of each individual request to triple, greatly improving I/O performance when running on fast storage technologies like SSD and RAID • This support is available in any guest running Linux 3.11 or higher (regardless of Xen Project version) Indirect Descriptors for Block PV Protocol
- 26. • kexec allowsa running Xen Project host to be replaced with another OS without rebooting – Primarily used execute a crash environment to collect information on a Xen Project hypervisor or dom0 crash • The existing functionality has been extended to: – Allow tools to load images without requiring dom0 kernel support (which does not exist in upstream kernels) – Improve reliability when used from a 32-bit dom0 – kexec-tools 2.0.5 or later is required Improved kexec Support
- 27. • XAPI andMirage OS are sub-projects within the Xen Project written in OCaml • Both are also used in XenServer and rely on the Xen Project OCaml language bindings to operate well • These language bindings have had a major overhaul – Produces much better compatibility between XAPI, Mirage OS and Linux distributions going forward Improved XAPI and Mirage OS support
- 28. • Nested virtualizationprovides virtualized hardware virtualization extensions to HVM guests – Can now run Xen Project, KVM, VMWare or HyperV inside of a guest for debugging or deployment testing (only 64 bit hypervisors currently) – Also allows Windows 7 "XP Compatibility mode" – Tech Preview not yet ready for production use, but has made significant gains in functionality and reliability – Enable with "hap=1" and "nestedhvm=1" • More information on nested virtualization: http://wiki.xenproject.org/wiki/Xen_nested Tech Preview of Nested Virtualization
- 29. • EFI isthe new booting standard that is replacing BIOS – Some operating systems only boot with EFI – Some features, like SecureBoot, only work with EFI Experimental Support for Guest EFI boot
- 30. • You canfind a blog post to set up an iSCSI target on the Gluster blog: – http://www.gluster.org/2013/11/a-gluster-block- interface-performance-and-configuration/ Improved Integration With GlusterFS
- 31. • A numberof new features have been implemented: • 64 bit Xen Project on ARM now supports booting guests • Physical disk partitions and LVM volumes can now be used to store guest images using xen-blkback (that is, using PV drivers) • Significant stability improvements across the board • ARM/multiboot booting protocol design and implementation • PSCI support Improved ARM Support
- 32. • Some DMAin Dom0 even with no hardware IOMMUs • ARM and ARM64 ABIs are declared stable and maintained for backwards compatibility • Significant usability improvements, such as automatic creation of guest device trees and improved handling of host DTBs Improved ARM Support (2)
- 33. • Adding newhardware platforms to Xen Project on ARM has been vastly improved, making it easier for Hardware vendors and embedded vendors to port to their board • Added support for the Arndale board, Calxeda ECX- 2000 (aka Midway), Applied Micro X-Gene Storm, TI OMAP5 and Allwinner A20/A31 boards • ARM server class hardware (Calxeda Midway) has been introduced in the Xen Project OSSTest automated testing framework Improved ARM Support (3)
- 34. • The hypervisorcan update the microcode in the early phase of boot time – The microcode binary blob can be either as a standalone multiboot payload, or part of the initial kernel (dom0) initial ramdisk (initrd) – To take advantage of this use latest version of dracut with --early-microcode parameter and on the Xen Project command line specify: ucode=scan. – For details see dracut manpage and http:// xenbits.xenproject.org/docs/unstable/misc/xen-comm and-line.html Early Microcode Loading
- 35.
- 36. • More MirageOS and Cloud OS support • Xen Automotive – Xen Project in the entertainment center of your car? • XenGT – Virtualized GPU support • Even More ARM Support – On your server, in your phone, wherever… • PVH stability and performance – The new hypervisor mode to get harder and faster – Domain 0 support, AMD support More Fun to Come…
- 37. • Native supportof VMware VMDK format • Better distribution integration (CentOS, Ubuntu, CloudStack, OpenStack, etc.) • Improvements in NUMA performance and support • Additional libvirt support: parity between xl & xm • Automated Testing System – http:// blog.xenproject.org/index.php/2014/02/21/xen-project-automatic-t esting-on-community-infrastructure/ • General performance enhancements http://wiki.xenproject.org/wiki/Xen_Project_Hypervisor_Roadmap/4.5 And Still More Fun to Come…
- 38. Want to KnowMore? • Then come to Xen Project User Summit in New York City on Sept 15! • One day of great Xen Project talks – Unikernels, security, high availability – SUSE Cloud, OpenStack, CentOS, OSv, HaLVM – LinuxCon 25% Discount Code: Xenuser25 • Even if you are just investigating virtualization alternatives, we'd like you to join us!
- 39.