SlideShare a Scribd company logo

OpenNebulaConf2019 - Nested Virtualization with OpenNebula: A Practical Approach - Venko Moyankov - StorPool

OpenNebula Project
OpenNebula Project

In this talk, StorPool will present the concept of nested virtualization and PCI pass-through. Nested virtualization is when you have virtual machines running inside other virtual machines. If done right, nested virtualization is extremely suitable for testing large virtualized environments, without the need for having hundreds of physical servers. This approach empowers system administrators by reducing the time and effort needed to run/test multiple dynamic environments. This is done by having easier automation/provisioning, API control and much more. In a nested virtualization solution, the physical hardware is sliced and diced fast and easy, which gives you a large set of opportunities to experiment without the need for huge investments in physical hardware or time and effort needed to reinstall/set-up software. Join this talk to learn more about why and how to do nested virtualization with OpenNebula and achieve an inception moment of having virtual machines, inside virtual machines, inside virtual machines…

Software
1 of 22
Download to read offline
Nested Virtualization with OpenNebula (and PCI Passthrough) A Practical Approach Venko Moyankov OpenNebulaConf 2019 Barcelona, October 21-22
The Problem KVM KVM KVM KVM KVM KVM KVM KVM KVM KVM KVM KVM H-V H-V H-V XEN XEN XEN
KVM KVM StorPool Lab KVM KVM KVM KVM KVM KVM KVM KVM KVM KVM KVM KVM also and more ... H-V H-V H-V XEN XEN XEN
The Technologies Behind ● Hardware virtualization (VT-x) ● Nested Virtualization ● VMCS Shadowing ● IOMMU (PCI Passthrough) ● SR-IOV ● ACS (IOMMU groups) ● OpenNebula PCI Passthrough ● libvirt Domain XML tweaks (VF Net only) Host OpenNebula
Hardware Virtualization VT-x AMD-V or SVM All CPUs, but may need to enable it in BIOS
Nested Virtualization Enables hardware virtualization in the guest KVM feature
VMCS Shadowing ● Hardware feature ● Accelerates nested virtualization ● Available in most CPUs since 2013 (Haswell) Source: https://software.intel.com/en-us/blogs/2014/12/12/enabling-virtual-machine-control-structure-shadowing-on-a-nested-virtual-machine
PCI Passthrough Allows guests to have direct exclusive access to PCI devices ● I/O MMU virtualization (IOMMU) VT-d AMD-Vi Mostly used for GPU and NIC Host GPU1 Hypervisor / VMM VM Host driver driver VM driver VM driver GPU2 GPU3GPU0 PCIe IOMMU / VT-d
SR-IOV ● Single Root I/O Virtualization ● One physical device appears as multiple virtual functions (VF) ● Allows different VMs to share a single PCIe hardware ● Mostly used for NIC Host NIC VF1 Hypervisor / VMM VM Host driver driver VM driver VM driver VF2 VF3PF PCIe IOMMU / VT-d
ACS and IOMMU Groups Host GPU1 Hypervisor / VMM VM Host driver driver VMVM driver VM driver GPU2 GPU3GPU0 IOMMU / VT-dRAM ACS PCIe
Let's Do It
Host Hardware Virtualization Check it is available with: lscpu | grep vmx Nested Virtualization kvm-intel.conf: options kvm-intel nested=1 Check it in the guest with: lscpu | grep vmx VMCS Shadowing kvm-intel.conf: options kvm-intel enable_shadow_vmcs=1
PCI Passthrough & SR-IOV PCI Passthrough Enabled via kernel options: Intel: intel_iommu=on iommu=pt AMD: amd_iommu=pt SR-IOV ● Ensure SR-IOV and VT-d are enabled in BIOS. ● Setup VFs: # echo '8' > /sys/class/net/eth3/device/sriov_numvfs
ACS and IOMMU Groups ● Check ACS is supported lspci -vv | egrep “Access Control Services” https://heiko-sieger.info/iommu-groups -what-you-need-to-consider/ ● Check IOMMU groups for a in /sys/kernel/iommu_groups/*; do find $a -type l; done | sort --version-sort
Congratulations! You are ready to run Nested Virtualization ! Almost
Enable PCI passthrough in OpenNebula /var/lib/one/remotes/im/kvm-probes.d/pci.rb /var/lib/one/remotes/etc/im/kvm-probes.d/pci.conf :filter: '15b3:1018' :short_address: [] :device_name: []
Tweak domain.xml <hostdev mode='subsystem' type='pci' managed='yes'> <source> <address domain='0x0000' bus='0xd8' slot='0x00' function='0x5'/> </source> <address type='pci' domain='0x0000' bus='0x01' slot='0x01' function='0'/> </hostdev> <interface managed="yes" type="hostdev"> <driver name="vfio" /> <mac address="02:00:11:ab:cd:01" /> <source> <address bus="0xd8" domain="0x0000" function="0x5" slot="0x00" type="pci" /> </source> <address bus="0x01" domain="0x0000" function="0" slot="0x01" type="pci" /> </interface> https://github.com/OpenNebula/addon-storpool/blob/master/docs/ advanced_configuration.md#vms-domain-xml-tweaking
OpenNebula
Summary CPU BIOS Kernel KVM OpenNebula VT-x 🗸 🗸 Nested Virt. 🗸 VMCS Shadowing 🗸 🗸 🗸 IOMMU (PCI Passthrough) 🗸 🗸 🗸 🗸 SR-IOV 🗸 🗸 ACS (IOMMU groups) 🗸 libvirt Domain XML (VF Net only) 🗸
Q&A
Venko Moyankov venko@storpool.com StorPool Storage www.storpool.com @storpool Thank you!

Recommended

OpenNebulaConf2019 - Welcome and Project Update - Ignacio M. Llorente, Rubén ...
OpenNebulaConf2019 - Welcome and Project Update - Ignacio M. Llorente, Rubén ...OpenNebulaConf2019 - Welcome and Project Update - Ignacio M. Llorente, Rubén ...
OpenNebulaConf2019 - Welcome and Project Update - Ignacio M. Llorente, Rubén ...OpenNebula Project
 
OpenNebulaConf2019 - Building Virtual Environments for Security Analyses of C...
OpenNebulaConf2019 - Building Virtual Environments for Security Analyses of C...OpenNebulaConf2019 - Building Virtual Environments for Security Analyses of C...
OpenNebulaConf2019 - Building Virtual Environments for Security Analyses of C...OpenNebula Project
 
OpenNebulaConf2019 - CORD and Edge computing with OpenNebula - Alfonso Aureli...
OpenNebulaConf2019 - CORD and Edge computing with OpenNebula - Alfonso Aureli...OpenNebulaConf2019 - CORD and Edge computing with OpenNebula - Alfonso Aureli...
OpenNebulaConf2019 - CORD and Edge computing with OpenNebula - Alfonso Aureli...OpenNebula Project
 
OpenNebulaConf2019 - 6 years (+) OpenNebula - Lessons learned - Sebastian Man...
OpenNebulaConf2019 - 6 years (+) OpenNebula - Lessons learned - Sebastian Man...OpenNebulaConf2019 - 6 years (+) OpenNebula - Lessons learned - Sebastian Man...
OpenNebulaConf2019 - 6 years (+) OpenNebula - Lessons learned - Sebastian Man...OpenNebula Project
 
OpenNebulaConf2019 - Performant and Resilient Storage the Open Source & Linux...
OpenNebulaConf2019 - Performant and Resilient Storage the Open Source & Linux...OpenNebulaConf2019 - Performant and Resilient Storage the Open Source & Linux...
OpenNebulaConf2019 - Performant and Resilient Storage the Open Source & Linux...OpenNebula Project
 
OpenNebulaConf2019 - Image Backups in OpenNebula - Momčilo Medić - ITAF
OpenNebulaConf2019 - Image Backups in OpenNebula - Momčilo Medić - ITAFOpenNebulaConf2019 - Image Backups in OpenNebula - Momčilo Medić - ITAF
OpenNebulaConf2019 - Image Backups in OpenNebula - Momčilo Medić - ITAFOpenNebula Project
 
OpenNebulaConf2019 - How We Use GOCA to Manage our OpenNebula Cloud - Jean-Ph...
OpenNebulaConf2019 - How We Use GOCA to Manage our OpenNebula Cloud - Jean-Ph...OpenNebulaConf2019 - How We Use GOCA to Manage our OpenNebula Cloud - Jean-Ph...
OpenNebulaConf2019 - How We Use GOCA to Manage our OpenNebula Cloud - Jean-Ph...OpenNebula Project
 
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...OpenNebula Project
 

Recommended

OpenNebulaConf2019 - Welcome and Project Update - Ignacio M. Llorente, Rubén ...
OpenNebulaConf2019 - Welcome and Project Update - Ignacio M. Llorente, Rubén ...OpenNebulaConf2019 - Welcome and Project Update - Ignacio M. Llorente, Rubén ...
OpenNebulaConf2019 - Welcome and Project Update - Ignacio M. Llorente, Rubén ...OpenNebula Project
 
OpenNebulaConf2019 - Building Virtual Environments for Security Analyses of C...
OpenNebulaConf2019 - Building Virtual Environments for Security Analyses of C...OpenNebulaConf2019 - Building Virtual Environments for Security Analyses of C...
OpenNebulaConf2019 - Building Virtual Environments for Security Analyses of C...OpenNebula Project
 
OpenNebulaConf2019 - CORD and Edge computing with OpenNebula - Alfonso Aureli...
OpenNebulaConf2019 - CORD and Edge computing with OpenNebula - Alfonso Aureli...OpenNebulaConf2019 - CORD and Edge computing with OpenNebula - Alfonso Aureli...
OpenNebulaConf2019 - CORD and Edge computing with OpenNebula - Alfonso Aureli...OpenNebula Project
 
OpenNebulaConf2019 - 6 years (+) OpenNebula - Lessons learned - Sebastian Man...
OpenNebulaConf2019 - 6 years (+) OpenNebula - Lessons learned - Sebastian Man...OpenNebulaConf2019 - 6 years (+) OpenNebula - Lessons learned - Sebastian Man...
OpenNebulaConf2019 - 6 years (+) OpenNebula - Lessons learned - Sebastian Man...OpenNebula Project
 
OpenNebulaConf2019 - Performant and Resilient Storage the Open Source & Linux...
OpenNebulaConf2019 - Performant and Resilient Storage the Open Source & Linux...OpenNebulaConf2019 - Performant and Resilient Storage the Open Source & Linux...
OpenNebulaConf2019 - Performant and Resilient Storage the Open Source & Linux...OpenNebula Project
 
OpenNebulaConf2019 - Image Backups in OpenNebula - Momčilo Medić - ITAF
OpenNebulaConf2019 - Image Backups in OpenNebula - Momčilo Medić - ITAFOpenNebulaConf2019 - Image Backups in OpenNebula - Momčilo Medić - ITAF
OpenNebulaConf2019 - Image Backups in OpenNebula - Momčilo Medić - ITAFOpenNebula Project
 
OpenNebulaConf2019 - How We Use GOCA to Manage our OpenNebula Cloud - Jean-Ph...
OpenNebulaConf2019 - How We Use GOCA to Manage our OpenNebula Cloud - Jean-Ph...OpenNebulaConf2019 - How We Use GOCA to Manage our OpenNebula Cloud - Jean-Ph...
OpenNebulaConf2019 - How We Use GOCA to Manage our OpenNebula Cloud - Jean-Ph...OpenNebula Project
 
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...OpenNebula Project
 
Replacing vCloud with OpenNebula
Replacing vCloud with OpenNebulaReplacing vCloud with OpenNebula
Replacing vCloud with OpenNebulaOpenNebula Project
 
NTS: What We Do With OpenNebula - and Why We Do It
NTS: What We Do With OpenNebula - and Why We Do ItNTS: What We Do With OpenNebula - and Why We Do It
NTS: What We Do With OpenNebula - and Why We Do ItOpenNebula Project
 
OpenNebula from the Perspective of an ISP
OpenNebula from the Perspective of an ISPOpenNebula from the Perspective of an ISP
OpenNebula from the Perspective of an ISPOpenNebula Project
 
NTS CAPTAIN / OpenNebula at Julius Blum GmbH
NTS CAPTAIN / OpenNebula at Julius Blum GmbHNTS CAPTAIN / OpenNebula at Julius Blum GmbH
NTS CAPTAIN / OpenNebula at Julius Blum GmbHOpenNebula Project
 
Performant and Resilient Storage: The Open Source & Linux Way
Performant and Resilient Storage: The Open Source & Linux WayPerformant and Resilient Storage: The Open Source & Linux Way
Performant and Resilient Storage: The Open Source & Linux WayOpenNebula Project
 
NetApp Hybrid Cloud with OpenNebula
NetApp Hybrid Cloud with OpenNebulaNetApp Hybrid Cloud with OpenNebula
NetApp Hybrid Cloud with OpenNebulaOpenNebula Project
 
NSX with OpenNebula - upcoming 5.10
NSX with OpenNebula - upcoming 5.10NSX with OpenNebula - upcoming 5.10
NSX with OpenNebula - upcoming 5.10OpenNebula Project
 
Security for Private Cloud Environments
Security for Private Cloud EnvironmentsSecurity for Private Cloud Environments
Security for Private Cloud EnvironmentsOpenNebula Project
 
CheckPoint R80.30 Installation on OpenNebula
CheckPoint R80.30 Installation on OpenNebulaCheckPoint R80.30 Installation on OpenNebula
CheckPoint R80.30 Installation on OpenNebulaOpenNebula Project
 
DE-CIX: CloudConnectivity
DE-CIX: CloudConnectivityDE-CIX: CloudConnectivity
DE-CIX: CloudConnectivityOpenNebula Project
 
DDC Demo
DDC DemoDDC Demo
DDC DemoOpenNebula Project
 
Cloud Disaggregation with OpenNebula
Cloud Disaggregation with OpenNebulaCloud Disaggregation with OpenNebula
Cloud Disaggregation with OpenNebulaOpenNebula Project
 
OpenNebula and StorPool: Building Powerful Clouds
OpenNebula and StorPool: Building Powerful CloudsOpenNebula and StorPool: Building Powerful Clouds
OpenNebula and StorPool: Building Powerful CloudsOpenNebula Project
 
Nested virtualization & PCI pass-through
Nested virtualization & PCI pass-throughNested virtualization & PCI pass-through
Nested virtualization & PCI pass-throughOpenNebula Project
 
A Data Pro - Project Serendipity
A Data Pro - Project Serendipity A Data Pro - Project Serendipity
A Data Pro - Project Serendipity OpenNebula Project
 
The UNICORE Project: Unikraft and OpenNebula
The UNICORE Project: Unikraft and OpenNebulaThe UNICORE Project: Unikraft and OpenNebula
The UNICORE Project: Unikraft and OpenNebulaOpenNebula Project
 
Deploying OpenNebula in an HPC environment
Deploying OpenNebula in an HPC environmentDeploying OpenNebula in an HPC environment
Deploying OpenNebula in an HPC environmentOpenNebula Project
 
Rancher Labs - Your own PaaS in action
Rancher Labs - Your own PaaS in actionRancher Labs - Your own PaaS in action
Rancher Labs - Your own PaaS in actionOpenNebula Project
 
Huawei - All-Flash Innovation
Huawei - All-Flash InnovationHuawei - All-Flash Innovation
Huawei - All-Flash InnovationOpenNebula Project
 
OpenNebula LXD Overview
OpenNebula LXD OverviewOpenNebula LXD Overview
OpenNebula LXD OverviewOpenNebula Project
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 

More Related Content

More from OpenNebula Project

Replacing vCloud with OpenNebula
Replacing vCloud with OpenNebulaReplacing vCloud with OpenNebula
Replacing vCloud with OpenNebulaOpenNebula Project
 
NTS: What We Do With OpenNebula - and Why We Do It
NTS: What We Do With OpenNebula - and Why We Do ItNTS: What We Do With OpenNebula - and Why We Do It
NTS: What We Do With OpenNebula - and Why We Do ItOpenNebula Project
 
OpenNebula from the Perspective of an ISP
OpenNebula from the Perspective of an ISPOpenNebula from the Perspective of an ISP
OpenNebula from the Perspective of an ISPOpenNebula Project
 
NTS CAPTAIN / OpenNebula at Julius Blum GmbH
NTS CAPTAIN / OpenNebula at Julius Blum GmbHNTS CAPTAIN / OpenNebula at Julius Blum GmbH
NTS CAPTAIN / OpenNebula at Julius Blum GmbHOpenNebula Project
 
Performant and Resilient Storage: The Open Source & Linux Way
Performant and Resilient Storage: The Open Source & Linux WayPerformant and Resilient Storage: The Open Source & Linux Way
Performant and Resilient Storage: The Open Source & Linux WayOpenNebula Project
 
NetApp Hybrid Cloud with OpenNebula
NetApp Hybrid Cloud with OpenNebulaNetApp Hybrid Cloud with OpenNebula
NetApp Hybrid Cloud with OpenNebulaOpenNebula Project
 
NSX with OpenNebula - upcoming 5.10
NSX with OpenNebula - upcoming 5.10NSX with OpenNebula - upcoming 5.10
NSX with OpenNebula - upcoming 5.10OpenNebula Project
 
Security for Private Cloud Environments
Security for Private Cloud EnvironmentsSecurity for Private Cloud Environments
Security for Private Cloud EnvironmentsOpenNebula Project
 
CheckPoint R80.30 Installation on OpenNebula
CheckPoint R80.30 Installation on OpenNebulaCheckPoint R80.30 Installation on OpenNebula
CheckPoint R80.30 Installation on OpenNebulaOpenNebula Project
 
Cloud Disaggregation with OpenNebula
Cloud Disaggregation with OpenNebulaCloud Disaggregation with OpenNebula
Cloud Disaggregation with OpenNebulaOpenNebula Project
 
OpenNebula and StorPool: Building Powerful Clouds
OpenNebula and StorPool: Building Powerful CloudsOpenNebula and StorPool: Building Powerful Clouds
OpenNebula and StorPool: Building Powerful CloudsOpenNebula Project
 
Nested virtualization & PCI pass-through
Nested virtualization & PCI pass-throughNested virtualization & PCI pass-through
Nested virtualization & PCI pass-throughOpenNebula Project
 
A Data Pro - Project Serendipity
A Data Pro - Project Serendipity A Data Pro - Project Serendipity
A Data Pro - Project Serendipity OpenNebula Project
 
The UNICORE Project: Unikraft and OpenNebula
The UNICORE Project: Unikraft and OpenNebulaThe UNICORE Project: Unikraft and OpenNebula
The UNICORE Project: Unikraft and OpenNebulaOpenNebula Project
 
Deploying OpenNebula in an HPC environment
Deploying OpenNebula in an HPC environmentDeploying OpenNebula in an HPC environment
Deploying OpenNebula in an HPC environmentOpenNebula Project
 
Rancher Labs - Your own PaaS in action
Rancher Labs - Your own PaaS in actionRancher Labs - Your own PaaS in action
Rancher Labs - Your own PaaS in actionOpenNebula Project
 

More from OpenNebula Project (20)

Replacing vCloud with OpenNebula
Replacing vCloud with OpenNebulaReplacing vCloud with OpenNebula
Replacing vCloud with OpenNebula
 
NTS: What We Do With OpenNebula - and Why We Do It
NTS: What We Do With OpenNebula - and Why We Do ItNTS: What We Do With OpenNebula - and Why We Do It
NTS: What We Do With OpenNebula - and Why We Do It
 
OpenNebula from the Perspective of an ISP
OpenNebula from the Perspective of an ISPOpenNebula from the Perspective of an ISP
OpenNebula from the Perspective of an ISP
 
NTS CAPTAIN / OpenNebula at Julius Blum GmbH
NTS CAPTAIN / OpenNebula at Julius Blum GmbHNTS CAPTAIN / OpenNebula at Julius Blum GmbH
NTS CAPTAIN / OpenNebula at Julius Blum GmbH
 
Performant and Resilient Storage: The Open Source & Linux Way
Performant and Resilient Storage: The Open Source & Linux WayPerformant and Resilient Storage: The Open Source & Linux Way
Performant and Resilient Storage: The Open Source & Linux Way
 
NetApp Hybrid Cloud with OpenNebula
NetApp Hybrid Cloud with OpenNebulaNetApp Hybrid Cloud with OpenNebula
NetApp Hybrid Cloud with OpenNebula
 
NSX with OpenNebula - upcoming 5.10
NSX with OpenNebula - upcoming 5.10NSX with OpenNebula - upcoming 5.10
NSX with OpenNebula - upcoming 5.10
 
Security for Private Cloud Environments
Security for Private Cloud EnvironmentsSecurity for Private Cloud Environments
Security for Private Cloud Environments
 
CheckPoint R80.30 Installation on OpenNebula
CheckPoint R80.30 Installation on OpenNebulaCheckPoint R80.30 Installation on OpenNebula
CheckPoint R80.30 Installation on OpenNebula
 
DE-CIX: CloudConnectivity
DE-CIX: CloudConnectivityDE-CIX: CloudConnectivity
DE-CIX: CloudConnectivity
 
DDC Demo
DDC DemoDDC Demo
DDC Demo
 
Cloud Disaggregation with OpenNebula
Cloud Disaggregation with OpenNebulaCloud Disaggregation with OpenNebula
Cloud Disaggregation with OpenNebula
 
OpenNebula and StorPool: Building Powerful Clouds
OpenNebula and StorPool: Building Powerful CloudsOpenNebula and StorPool: Building Powerful Clouds
OpenNebula and StorPool: Building Powerful Clouds
 
Nested virtualization & PCI pass-through
Nested virtualization & PCI pass-throughNested virtualization & PCI pass-through
Nested virtualization & PCI pass-through
 
A Data Pro - Project Serendipity
A Data Pro - Project Serendipity A Data Pro - Project Serendipity
A Data Pro - Project Serendipity
 
The UNICORE Project: Unikraft and OpenNebula
The UNICORE Project: Unikraft and OpenNebulaThe UNICORE Project: Unikraft and OpenNebula
The UNICORE Project: Unikraft and OpenNebula
 
Deploying OpenNebula in an HPC environment
Deploying OpenNebula in an HPC environmentDeploying OpenNebula in an HPC environment
Deploying OpenNebula in an HPC environment
 
Rancher Labs - Your own PaaS in action
Rancher Labs - Your own PaaS in actionRancher Labs - Your own PaaS in action
Rancher Labs - Your own PaaS in action
 
Huawei - All-Flash Innovation
Huawei - All-Flash InnovationHuawei - All-Flash Innovation
Huawei - All-Flash Innovation
 
OpenNebula LXD Overview
OpenNebula LXD OverviewOpenNebula LXD Overview
OpenNebula LXD Overview
 

Recently uploaded

The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsMehedi Hasan Shohan
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningVitsRangannavar
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
What are the features of Vehicle Tracking System?
What are the features of Vehicle Tracking System?What are the features of Vehicle Tracking System?
What are the features of Vehicle Tracking System?Watsoo Telematics
 
buds n tech IT solutions
buds n tech IT solutionsbuds n tech IT solutions
buds n tech IT solutionsmonugehlot87
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 

Recently uploaded (20)

The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software Solutions
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
What are the features of Vehicle Tracking System?
What are the features of Vehicle Tracking System?What are the features of Vehicle Tracking System?
What are the features of Vehicle Tracking System?
 
buds n tech IT solutions
buds n tech IT solutionsbuds n tech IT solutions
buds n tech IT solutions
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 

OpenNebulaConf2019 - Nested Virtualization with OpenNebula: A Practical Approach - Venko Moyankov - StorPool

  • 1. Nested Virtualization with OpenNebula (and PCI Passthrough) A Practical Approach Venko Moyankov OpenNebulaConf 2019 Barcelona, October 21-22
  • 2. The Problem KVM KVM KVM KVM KVM KVM KVM KVM KVM KVM KVM KVM H-V H-V H-V XEN XEN XEN
  • 3. KVM KVM StorPool Lab KVM KVM KVM KVM KVM KVM KVM KVM KVM KVM KVM KVM also and more ... H-V H-V H-V XEN XEN XEN
  • 4. The Technologies Behind ● Hardware virtualization (VT-x) ● Nested Virtualization ● VMCS Shadowing ● IOMMU (PCI Passthrough) ● SR-IOV ● ACS (IOMMU groups) ● OpenNebula PCI Passthrough ● libvirt Domain XML tweaks (VF Net only) Host OpenNebula
  • 5. Hardware Virtualization VT-x AMD-V or SVM All CPUs, but may need to enable it in BIOS
  • 6. Nested Virtualization Enables hardware virtualization in the guest KVM feature
  • 7. VMCS Shadowing ● Hardware feature ● Accelerates nested virtualization ● Available in most CPUs since 2013 (Haswell) Source: https://software.intel.com/en-us/blogs/2014/12/12/enabling-virtual-machine-control-structure-shadowing-on-a-nested-virtual-machine
  • 8. PCI Passthrough Allows guests to have direct exclusive access to PCI devices ● I/O MMU virtualization (IOMMU) VT-d AMD-Vi Mostly used for GPU and NIC Host GPU1 Hypervisor / VMM VM Host driver driver VM driver VM driver GPU2 GPU3GPU0 PCIe IOMMU / VT-d
  • 9. SR-IOV ● Single Root I/O Virtualization ● One physical device appears as multiple virtual functions (VF) ● Allows different VMs to share a single PCIe hardware ● Mostly used for NIC Host NIC VF1 Hypervisor / VMM VM Host driver driver VM driver VM driver VF2 VF3PF PCIe IOMMU / VT-d
  • 10. ACS and IOMMU Groups Host GPU1 Hypervisor / VMM VM Host driver driver VMVM driver VM driver GPU2 GPU3GPU0 IOMMU / VT-dRAM ACS PCIe
  • 12. Host Hardware Virtualization Check it is available with: lscpu | grep vmx Nested Virtualization kvm-intel.conf: options kvm-intel nested=1 Check it in the guest with: lscpu | grep vmx VMCS Shadowing kvm-intel.conf: options kvm-intel enable_shadow_vmcs=1
  • 13. PCI Passthrough & SR-IOV PCI Passthrough Enabled via kernel options: Intel: intel_iommu=on iommu=pt AMD: amd_iommu=pt SR-IOV ● Ensure SR-IOV and VT-d are enabled in BIOS. ● Setup VFs: # echo '8' > /sys/class/net/eth3/device/sriov_numvfs
  • 14. ACS and IOMMU Groups ● Check ACS is supported lspci -vv | egrep “Access Control Services” https://heiko-sieger.info/iommu-groups -what-you-need-to-consider/ ● Check IOMMU groups for a in /sys/kernel/iommu_groups/*; do find $a -type l; done | sort --version-sort
  • 15. Congratulations! You are ready to run Nested Virtualization ! Almost
  • 16. Enable PCI passthrough in OpenNebula /var/lib/one/remotes/im/kvm-probes.d/pci.rb /var/lib/one/remotes/etc/im/kvm-probes.d/pci.conf :filter: '15b3:1018' :short_address: [] :device_name: []
  • 17.
  • 18. Tweak domain.xml <hostdev mode='subsystem' type='pci' managed='yes'> <source> <address domain='0x0000' bus='0xd8' slot='0x00' function='0x5'/> </source> <address type='pci' domain='0x0000' bus='0x01' slot='0x01' function='0'/> </hostdev> <interface managed="yes" type="hostdev"> <driver name="vfio" /> <mac address="02:00:11:ab:cd:01" /> <source> <address bus="0xd8" domain="0x0000" function="0x5" slot="0x00" type="pci" /> </source> <address bus="0x01" domain="0x0000" function="0" slot="0x01" type="pci" /> </interface> https://github.com/OpenNebula/addon-storpool/blob/master/docs/ advanced_configuration.md#vms-domain-xml-tweaking
  • 20. Summary CPU BIOS Kernel KVM OpenNebula VT-x 🗸 🗸 Nested Virt. 🗸 VMCS Shadowing 🗸 🗸 🗸 IOMMU (PCI Passthrough) 🗸 🗸 🗸 🗸 SR-IOV 🗸 🗸 ACS (IOMMU groups) 🗸 libvirt Domain XML (VF Net only) 🗸
  • 21. Q&A