CS533 - Concepts of Operating Systems

Fall 2013

1

Xen and the Art of Virtualization Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt & Andrew Warfield

Presented by Anthony So

November, 13 2013

CS533 - Concepts of Operating Systems

Fall 2013

2

Presentation Overview

Introduction

Xen approach o Overview

o Implementation

o Evaluation

Summary

CS533 - Concepts of Operating Systems

Fall 2013

3

Introduction

CS533 - Concepts of Operating Systems

Fall 2013

4

Monolithic kernel

Hardware (CPU, Physical Memory, Storage, I/O, … etc)

Privilege

Non-Privilege

File System

Virtual Memory

IPC Scheduler Device Driver

User Apps

CS533 - Concepts of Operating Systems

Fall 2013

5

VM/Domain

Virtualization

Hardware (CPU, Physical Memory, Storage, I/O, … etc)

Privilege

Non-Privilege

File System

Virtual Memory

IPC Scheduler Device Driver

User Apps

VMM (Virtual CPU, Virtual Physical Memory, Virtual Network, Virtual Block Device … etc)

CS533 - Concepts of Operating Systems

Fall 2013

6

Non, Full, and Para-Virtualization

Hardware

OS VMM VMM

OS Modified OS

User Apps

Privilege

Non-Privilege

Non Full Para

User Apps User Apps

Hardware Hardware

CS533 - Concepts of Operating Systems

Fall 2013

7

Xen - Overview

CS533 - Concepts of Operating Systems

Fall 2013

8

Xen Architecture Overview

CS533 - Concepts of Operating Systems

Fall 2013

9

Control Transfer

Synchronous calls from a domain to Xen may be made using a hypercall

Notification are delivered to domains from Xen using an asynchronous event mechanism

Domain

VMM

Synchronous Hypercall

Asynchronous Event

CS533 - Concepts of Operating Systems

Fall 2013

10

Xen – Implementation

CS533 - Concepts of Operating Systems

Fall 2013

11

CPU – Privilege Instruction

Hardware

OS VMM VMM

OS Modified OS

User Apps

Privilege

Non-Privilege

Non Full Para

User Apps User Apps

Hardware Hardware

How x86 architecture handles privileged instructions?

CS533 - Concepts of Operating Systems

Fall 2013

12

Memory Management

Tagged TLB vs No Tagged TLB Tagged TLB is ideal for virtualization because each

TLB entry associated with an address-space identifier to allows hypervisor and guest OS entries to coexist even with context switch, thus, avoid complete TLB flush.

x86 – No Tagged TLB and must flush after a context switch.

Xen exists in a 64MB section a the top of every address space, thus avoiding a TLB flush when entering and leaving the hypervisor.

CS533 - Concepts of Operating Systems

Fall 2013

13

Memory Management

S/W managed vs H/W managed TLB

x86 uses H/W managed TLB. Therefore, TLB management and handling TLB faults are done entirely by the MMU hardware.

S/W managed TLB is ideal for virtualization because TLB misses are serviced by the OS.

CS533 - Concepts of Operating Systems

Fall 2013

14

Memory Management

Xen register guest OS page tables directly with the MMU but restricted guest OS to read-only access.

Page Table updates are passed to Xen via hypercall.

Request are validated before being applied. o Type: writable, page table … etc.

o Reference count: Must be 0 to switch task type.

To minimize hypercall, guest OS locally queue updates before applying an entire batch with a single hypercall.

CS533 - Concepts of Operating Systems

Fall 2013

15

Pmap

Machine

To

Physical

Shadow

Page

Table

Machine

To

Virtual

Guest

Page

Table

Physical

To

Virtual

Shadow Page Table.

Memory Management

Guest OS wants to update page table

VMM lookup the real address in memory and update the table

Guest OS wants to update page table

VMM lookup the real address in memory and update the table

CS533 - Concepts of Operating Systems

Fall 2013

16

Page

Table

Machine

To

Virtual

Xen

Memory Management

Guest OS has direct read access to page table

Read

Guest OS want to update page table

Hypercall VMM do the update on behave of guest OS

Write

CS533 - Concepts of Operating Systems

Fall 2013

17

Memory Management

Balloon Driver is a mechanism to adjust a domain’s memory usage.

[3]

CS533 - Concepts of Operating Systems

Fall 2013

18

Exception / System Calls / Interrupt

Exception: A table describing the handler for each type of exception is registered with Xen for validation. The handler are identical to real x86 hardware (except page faults).

System Calls: Xen allows each guest OS to register & install a fast handler to enable direct calls from user apps into its guest OS and avoid routing through Xen on every calls.

Interrupt: Hardware interrupts are replaced with a lightweight event system.

CS533 - Concepts of Operating Systems

Fall 2013

19

Time and Timers

Xen provides guest OS the following notion of time:

Real Time: o Time that is maintained continuously since machine boot.

Virtual Time: o Time that a particular domain has executed. It will not

advance if the domain is not executing.

Wall-Clock Time: o Current Real Time + an offset.

CS533 - Concepts of Operating Systems

Fall 2013

20

I/O Ring

An asynchronous I/O rings is used for data transfer between Xen and guest OS. (Circular queue)

Guest OS Xen

CS533 - Concepts of Operating Systems

Fall 2013

21

Network

Xen provides the following abstraction:

Virtual firewall-router (VFR)

Virtual network interfaces (VIF) – Like a modem network interface card

Two I/O rings: transmit and receive.

Round-Robin packet scheduler.

Page flipping: require guest OS to exchange an unused page frame for each packet it receives to avoid copying between Xen and the guest OS (but require page-alignment).

CS533 - Concepts of Operating Systems

Fall 2013

22

Disk

Domain0 has unchecked access to physical disks.

All other domains access persistent storage through Virtual block device (VBD).

Domain0 manages VBDs.

Ownership and access control information are accessed via the I/O ring.

Round-round scheduler.

Batching of requests for better access performance.

CS533 - Concepts of Operating Systems

Fall 2013

23

Xen - Evaluation

CS533 - Concepts of Operating Systems

Fall 2013

24

Hardware

Dell 2650 dual processor 2.4GHz Xeon server

2GB RAM

Broadcom Tigon 3 Gigabit Ethernet NIC

Hitachi DK32EJ 146GB 10k RPM SCSI disk

Linux version 2.4.21

RedHat 7.2

CS533 - Concepts of Operating Systems

Fall 2013

25

Virtualization Comparison

Native Linux o Compiled for i686

XenoLinux o Compiled for Xeno-i686 for Xen

VMware Workstation o Compiled for i686

User-mode Linux (UML) o Compiled for um for UML

CS533 - Concepts of Operating Systems

Fall 2013

26

Relative Performance

Computation Intensive: Processor & memory w/ minimal I/O or O/S

Compiling kernel: I/O, scheduler, memory management

Database: Sync. Disk operation

File Server:

Web server:

CS533 - Concepts of Operating Systems

Fall 2013

27

Concurrent

Higher overhead from single domain is due to lack of support to SMP guest OS

CS533 - Concepts of Operating Systems

Fall 2013

28

Conclusion

Xen is a paravirtualization

Xen exposes an hypercall interface to Guest OS. Guest OS use it to communicate with Xen to do privileged instructions.

As a result, Xen can not use unmodified guest OS.

Performance is comparable to native Linux.

CS533 - Concepts of Operating Systems

Fall 2013

29

Learn More

The Xen Project at www.xenproject.org