UDS 2012 Xen
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

UDS 2012 Xen

on

  • 603 views

Slide deck for the Ubuntu Developer's Summit 2012 Xen session.

Slide deck for the Ubuntu Developer's Summit 2012 Xen session.

Statistics

Views

Total Views
603
Views on SlideShare
603
Embed Views
0

Actions

Likes
0
Downloads
9
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as OpenOffice

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • PVOPS is the Kernel Infrastructure to run a PV Hypervisor on top of Linux
  • Dom 0: In a typical Xen set-up Dom0 contains a smorgasboard of functionality: System boot Device emulation & multiplexing Administrative toolstack Drivers (e.g. Storage & Network) Etc. LARGE TCB – BUT, Smaller as in a Type 2 hypervisor Driver/Stub/Service Domains: also known as Disaggregation
  • PVOPS is the Kernel Infrastructure to run a PV Hypervisor on top of Linux
  • Dom 0: In a typical Xen set-up Dom0 contains a smorgasboard of functionality: System boot Device emulation & multiplexing Administrative toolstack Drivers (e.g. Storage & Network) Etc. LARGE TCB – BUT, Smaller as in a Type 2 hypervisor Driver/Stub/Service Domains: also known as Disaggregation
  • Device Model emulated in QEMU Models for newer devices are much faster, but for now PV is even faster
  • PVOPS is the Kernel Infrastructure to run a PV Hypervisor on top of Linux
  • Detailed List General Documentation improvements (e.g. man pages) Lots of bug fixing of course. [ edit ] Tools xl is now default toolstack and xend is formally deprecated lots of xl improvements. we should highlight xend deprecation (not effectively maintained since 2008) Remus compression (compression of memory image improves performance) Prefer oxenstored when available (improves scalability!) Support for upstream qemu; nearing feature parity (non default still, but we want people to be testing it) Added libvchan to xen mainline(cross domain comms) [ edit ] Xen Improvements to paging and sharing, enabling higher VM density for VDI use-cases EFI (extensible Firmware Interface) support for HV (i.e. if I have a machine that has EFI, I can use Xen on it) Support up to 256 Host CPUs for 64 bit h/v (from 128) Support dom0 kernels compressed with xz Per-device interrupt remapping (increases scalability) Support for pvhvm guest direct pirq injection (Performance improvement for PCI passthrough for Linux Guests) Intel SMEP (Supervisor Mode Execution Protection) support Mem event stuff? (Allows to externally observe what guests are up to and can be used for external virus checking - not sure what the right terminology is) Multiple PCI segment support Added xsave support(floating point) Lots of XSM / Flask fixes (security) AMD SVM "DecodeAssist" support (AMD CPU feature that avoids emulation and increases performance) [ edit ] Removed Functionality ACM (alternative XSM to Flask) was removed (unmaintained) Removed vnet (unmaintained) [ edit ] Xen Development Support Can build with clang Added "make deb" target Lots of xentrace improvements update ocaml bindings and make them usable by xapi (which previously had it's own fork of the same codebase)
  • Detailed List General Documentation improvements (e.g. man pages) Lots of bug fixing of course. [ edit ] Tools xl is now default toolstack and xend is formally deprecated lots of xl improvements. we should highlight xend deprecation (not effectively maintained since 2008) Remus compression (compression of memory image improves performance) Prefer oxenstored when available (improves scalability!) Support for upstream qemu; nearing feature parity (non default still, but we want people to be testing it) Added libvchan to xen mainline(cross domain comms) [ edit ] Xen Improvements to paging and sharing, enabling higher VM density for VDI use-cases EFI (extensible Firmware Interface) support for HV (i.e. if I have a machine that has EFI, I can use Xen on it) Support up to 256 Host CPUs for 64 bit h/v (from 128) Support dom0 kernels compressed with xz Per-device interrupt remapping (increases scalability) Support for pvhvm guest direct pirq injection (Performance improvement for PCI passthrough for Linux Guests) Intel SMEP (Supervisor Mode Execution Protection) support Mem event stuff? (Allows to externally observe what guests are up to and can be used for external virus checking - not sure what the right terminology is) Multiple PCI segment support Added xsave support(floating point) Lots of XSM / Flask fixes (security) AMD SVM "DecodeAssist" support (AMD CPU feature that avoids emulation and increases performance) [ edit ] Removed Functionality ACM (alternative XSM to Flask) was removed (unmaintained) Removed vnet (unmaintained) [ edit ] Xen Development Support Can build with clang Added "make deb" target Lots of xentrace improvements update ocaml bindings and make them usable by xapi (which previously had it's own fork of the same codebase)
  • PVOPS is the Kernel Infrastructure to run a PV Hypervisor on top of Linux
  • Detailed List General Documentation improvements (e.g. man pages) Lots of bug fixing of course. [ edit ] Tools xl is now default toolstack and xend is formally deprecated lots of xl improvements. we should highlight xend deprecation (not effectively maintained since 2008) Remus compression (compression of memory image improves performance) Prefer oxenstored when available (improves scalability!) Support for upstream qemu; nearing feature parity (non default still, but we want people to be testing it) Added libvchan to xen mainline(cross domain comms) [ edit ] Xen Improvements to paging and sharing, enabling higher VM density for VDI use-cases EFI (extensible Firmware Interface) support for HV (i.e. if I have a machine that has EFI, I can use Xen on it) Support up to 256 Host CPUs for 64 bit h/v (from 128) Support dom0 kernels compressed with xz Per-device interrupt remapping (increases scalability) Support for pvhvm guest direct pirq injection (Performance improvement for PCI passthrough for Linux Guests) Intel SMEP (Supervisor Mode Execution Protection) support Mem event stuff? (Allows to externally observe what guests are up to and can be used for external virus checking - not sure what the right terminology is) Multiple PCI segment support Added xsave support(floating point) Lots of XSM / Flask fixes (security) AMD SVM "DecodeAssist" support (AMD CPU feature that avoids emulation and increases performance) [ edit ] Removed Functionality ACM (alternative XSM to Flask) was removed (unmaintained) Removed vnet (unmaintained) [ edit ] Xen Development Support Can build with clang Added "make deb" target Lots of xentrace improvements update ocaml bindings and make them usable by xapi (which previously had it's own fork of the same codebase)
  • Detailed List General Documentation improvements (e.g. man pages) Lots of bug fixing of course. [ edit ] Tools xl is now default toolstack and xend is formally deprecated lots of xl improvements. we should highlight xend deprecation (not effectively maintained since 2008) Remus compression (compression of memory image improves performance) Prefer oxenstored when available (improves scalability!) Support for upstream qemu; nearing feature parity (non default still, but we want people to be testing it) Added libvchan to xen mainline(cross domain comms) [ edit ] Xen Improvements to paging and sharing, enabling higher VM density for VDI use-cases EFI (extensible Firmware Interface) support for HV (i.e. if I have a machine that has EFI, I can use Xen on it) Support up to 256 Host CPUs for 64 bit h/v (from 128) Support dom0 kernels compressed with xz Per-device interrupt remapping (increases scalability) Support for pvhvm guest direct pirq injection (Performance improvement for PCI passthrough for Linux Guests) Intel SMEP (Supervisor Mode Execution Protection) support Mem event stuff? (Allows to externally observe what guests are up to and can be used for external virus checking - not sure what the right terminology is) Multiple PCI segment support Added xsave support(floating point) Lots of XSM / Flask fixes (security) AMD SVM "DecodeAssist" support (AMD CPU feature that avoids emulation and increases performance) [ edit ] Removed Functionality ACM (alternative XSM to Flask) was removed (unmaintained) Removed vnet (unmaintained) [ edit ] Xen Development Support Can build with clang Added "make deb" target Lots of xentrace improvements update ocaml bindings and make them usable by xapi (which previously had it's own fork of the same codebase)
  • Detailed List General Documentation improvements (e.g. man pages) Lots of bug fixing of course. [ edit ] Tools xl is now default toolstack and xend is formally deprecated lots of xl improvements. we should highlight xend deprecation (not effectively maintained since 2008) Remus compression (compression of memory image improves performance) Prefer oxenstored when available (improves scalability!) Support for upstream qemu; nearing feature parity (non default still, but we want people to be testing it) Added libvchan to xen mainline(cross domain comms) [ edit ] Xen Improvements to paging and sharing, enabling higher VM density for VDI use-cases EFI (extensible Firmware Interface) support for HV (i.e. if I have a machine that has EFI, I can use Xen on it) Support up to 256 Host CPUs for 64 bit h/v (from 128) Support dom0 kernels compressed with xz Per-device interrupt remapping (increases scalability) Support for pvhvm guest direct pirq injection (Performance improvement for PCI passthrough for Linux Guests) Intel SMEP (Supervisor Mode Execution Protection) support Mem event stuff? (Allows to externally observe what guests are up to and can be used for external virus checking - not sure what the right terminology is) Multiple PCI segment support Added xsave support(floating point) Lots of XSM / Flask fixes (security) AMD SVM "DecodeAssist" support (AMD CPU feature that avoids emulation and increases performance) [ edit ] Removed Functionality ACM (alternative XSM to Flask) was removed (unmaintained) Removed vnet (unmaintained) [ edit ] Xen Development Support Can build with clang Added "make deb" target Lots of xentrace improvements update ocaml bindings and make them usable by xapi (which previously had it's own fork of the same codebase)
  • Detailed List General Documentation improvements (e.g. man pages) Lots of bug fixing of course. [ edit ] Tools xl is now default toolstack and xend is formally deprecated lots of xl improvements. we should highlight xend deprecation (not effectively maintained since 2008) Remus compression (compression of memory image improves performance) Prefer oxenstored when available (improves scalability!) Support for upstream qemu; nearing feature parity (non default still, but we want people to be testing it) Added libvchan to xen mainline(cross domain comms) [ edit ] Xen Improvements to paging and sharing, enabling higher VM density for VDI use-cases EFI (extensible Firmware Interface) support for HV (i.e. if I have a machine that has EFI, I can use Xen on it) Support up to 256 Host CPUs for 64 bit h/v (from 128) Support dom0 kernels compressed with xz Per-device interrupt remapping (increases scalability) Support for pvhvm guest direct pirq injection (Performance improvement for PCI passthrough for Linux Guests) Intel SMEP (Supervisor Mode Execution Protection) support Mem event stuff? (Allows to externally observe what guests are up to and can be used for external virus checking - not sure what the right terminology is) Multiple PCI segment support Added xsave support(floating point) Lots of XSM / Flask fixes (security) AMD SVM "DecodeAssist" support (AMD CPU feature that avoids emulation and increases performance) [ edit ] Removed Functionality ACM (alternative XSM to Flask) was removed (unmaintained) Removed vnet (unmaintained) [ edit ] Xen Development Support Can build with clang Added "make deb" target Lots of xentrace improvements update ocaml bindings and make them usable by xapi (which previously had it's own fork of the same codebase)
  • At this point I want to make a quick detour into the different hypervisor architectures from a viewpoint of security. Let’s look at type 1 hypervisor: Basically a very simple architecture, where the Hypervisor replaces the kernel The architecture is significantly simpler that a Type 2 hypervisor, because it does not need to provide rich “process” semantics, like “user”, filesystems, etc. BUT: the trade-off is that all the device drivers need to be rewritten for each hardware platform Type 2 is hosted - The hypervisor is just a driver that typically works with user-level monitor . HW access is intercepted by the ring 0- VM monitor passed to the User level Virtual Monitor, which passes requests to the kernel Re-use of device drivers is traded off against security and a large trusted computing base (green)
  • Dom 0: In a typical Xen set-up Dom0 contains a smorgasboard of functionality: System boot Device emulation & multiplexing Administrative toolstack Drivers (e.g. Storage & Network) Etc. LARGE TCB – BUT, Smaller as in a Type 2 hypervisor
  • Detailed List General Documentation improvements (e.g. man pages) Lots of bug fixing of course. [ edit ] Tools xl is now default toolstack and xend is formally deprecated lots of xl improvements. we should highlight xend deprecation (not effectively maintained since 2008) Remus compression (compression of memory image improves performance) Prefer oxenstored when available (improves scalability!) Support for upstream qemu; nearing feature parity (non default still, but we want people to be testing it) Added libvchan to xen mainline(cross domain comms) [ edit ] Xen Improvements to paging and sharing, enabling higher VM density for VDI use-cases EFI (extensible Firmware Interface) support for HV (i.e. if I have a machine that has EFI, I can use Xen on it) Support up to 256 Host CPUs for 64 bit h/v (from 128) Support dom0 kernels compressed with xz Per-device interrupt remapping (increases scalability) Support for pvhvm guest direct pirq injection (Performance improvement for PCI passthrough for Linux Guests) Intel SMEP (Supervisor Mode Execution Protection) support Mem event stuff? (Allows to externally observe what guests are up to and can be used for external virus checking - not sure what the right terminology is) Multiple PCI segment support Added xsave support(floating point) Lots of XSM / Flask fixes (security) AMD SVM "DecodeAssist" support (AMD CPU feature that avoids emulation and increases performance) [ edit ] Removed Functionality ACM (alternative XSM to Flask) was removed (unmaintained) Removed vnet (unmaintained) [ edit ] Xen Development Support Can build with clang Added "make deb" target Lots of xentrace improvements update ocaml bindings and make them usable by xapi (which previously had it's own fork of the same codebase)

UDS 2012 Xen Presentation Transcript

  • 1. Xen in Ubuntu Raring
  • 2. Agenda● Brief overview of Xen● Whats new in 4.2● Whats coming in 4.3● What is a great Ubuntu Xen experience?● Integration issues – Qemu – Libvirt● Other improvements 2
  • 3. Xen Overview
  • 4. Basic Xen Concepts Control Domain aka Dom0 XL, XM (deprecated) • Dom0 kernel with drivers • Xen Management Toolstack VMn • Trusted Computing Base VM1 Guest DomainsControl domain One or more VM0(dom0) driver, stub or • Your apps service domains Guest OS and Apps • E.g. your cloud management stack Dom0 Kernel Driver/Stub/Service Domain(s)Scheduler, MMU Xen Hypervisor • A “driver, device model or control Host HW service in a box”I/O Memory CPUs • De-privileged and isolated • Lifetime: start, stop, kill 4
  • 5. PV Domains & Driver DomainsControl domain Guest VMn Driver Domain Linux PV guests have limitations:(dom0) e.g. • limited set of virtual hardware Apps • Disk • Network PV Back Ends PV Front Ends PV Back End Advantages • Fast HW Drivers HW Driver • Works on any system Guest OS Dom0 Kernel* (even without virt extensions) Driver Domains Xen Hypervisor • Security Host HW • IsolationI/O Memory CPUs • Reliability and Robustness *) Can be MiniOS 5
  • 6. HVM & Stub DomainsDom0 Guest VMn Stubdomn Guest VMn Disadvantages • Slower than PV due to Emulation (mainly I/O devices) IO Emulation IO EmulationDevice Model Device Model Advantages IO Event • Install the same way as native Linux IO Event VMEXIT Mini OS VMEXIT Stub Domains • Security Xen Hypervisor • Isolation • Reliability and Robustness Host HW 6
  • 7. Xen 4.2 and 4.3
  • 8. Xen 4.2 Release● xl default toostack ● libxl stable interface ● xend deprecated● Scalability ● 4095 host CPUs, 5TiB RAM ● cpupools for more flexible partitioning ● Scheduler, NUMA improvements● Security improvements● http://wiki.xen.org/wiki/Xen_4.2_Feature_List
  • 9. Who writes Xen?
  • 10. Xen 4.3 Release• Slated for 17 June 2013• ARM server port• “PVH” mode: PV with some HVM extensions• NUMA• Numerous I/O path improvements• Qemu upsteam• Roadmap: http://wiki.xen.org/wiki/Xen_Roadmap/4.3
  • 11. Xen and Ubuntu
  • 12. Integration: qemu• Debian developments ● Qemu-dm: Xen qemu fork ● 4.2: qemu-upstream missing pass-through, migration ● 4.3: qemu-upstream will be default ● Debian has already removed qemu-dm• Solutions ● Qemu-xen-dm package ● Backport features
  • 13. Integration: libvirt• Libvirt 0.10.2 has bindings for xend, 4.1 libxl• 4.2 libxl bindings incompatible, xend deprecated• Options ● Stick with 4.1 (bad) ● Xen 4.2, but only xend bindings ● Back-port 4.2 libxl support
  • 14. What does a great Xen on Ubuntu look like?• As a Xen host ● Easy to install, set up ● Reliable, good performance ● Switching between Xen and non-Xen modes ● Good integration with libvirt, &c• As a Xen guest ● Installation ● Reliable, good performance
  • 15. Potential improvements• “Xen Host” option in installer• Make configuring Grub2 easier• Switching between Xen / non-Xen• Getty for PV console (hvc0)• Xen-tools• Guest installation?• Keeping an eye on linux-xen perf tweaks to backport
  • 16. Backup slides
  • 17. Architecture ConsiderationsType 1: Bare metal Hypervisor Type 2: OS ‘Hosted’A pure Hypervisor that runs directly on the A Hypervisor that runs within a Host OS and hostshardware and hosts Guest OS’s. Guest OS’s inside of it, using the host OS services to provide the virtual environment. VMn User-level VMM VMn VM1 User VM1 Apps VM0 Device Models VM0 Guest OS Guest OS and Apps and Apps Host OS Scheduler Hypervisor Ring-0 VM Monitor Device Drivers/Models Device Drivers “Kernel “ MMU Host HW Host HWI/O Memory CPUs I/O Memory CPUs Provides partition isolation + reliability, Low cost, no additional drivers higher security Ease of use & installation
  • 18. A bit of fun: our ARM Build Farm● 10 Freescale i.MX53 Loco Quickstart boards Running Debian "armhf" with a mainline 3.2.0 kernel Speed up development of Xen for Cortex A15 (avoid cross compilation)
  • 19. Xen 4.2 Release• Security: Intel Supervisor Mode Execution Protection, XSM / Flask improvements• Scalability: increased VM density for VDI use-cases, up to 256 Host CPUs for 64 bit HV , Multiple PCI segment support, prefer oxenstored• Performance: PCI pass-through for Linux Guests, AMD SVM DecodeAssist support, Remus memory image compression• EFI support• Libvchan cross domain comms in Xen mainline• XL improvements, XEND is formally deprecated• Documentation improvements (e.g. man pages)