Initiation concrète-à-la-virtualisation-devoxx-fr-2021
•
0 likes•1,019 views
Conférence de type université donnée à Devoxx France 9 3/4 le 30 septembre 2021.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Initiation concrète-à-la-virtualisation-devoxx-fr-2021
Similar to Initiation concrète-à-la-virtualisation-devoxx-fr-2021 (20)
More from Pierre-Antoine Grégoire
Recently uploaded
Recently uploaded (20)
Initiation concrète-à-la-virtualisation-devoxx-fr-2021
- 1. #DevoxxFR Initiation concrète à la virtualisation Samuel Ortiz @sameo Julien Durillon @juuduu Pierre-Antoine Grégoire @zepag 1
- 3. #DevoxxFR 3 Introduction et généralités
- 7. Virtualisation: intérêt 7 Mutualisation / Optimisation
- 8. Virtualisation: intérêt 8 Mutualisation / Optimisation
- 9. 9 App 1 App 2 OS 1 OS 2 HARDWARE HYPERVISEUR 1 Virtualisation: intérêt Souplesse et Disponibilité HARDWARE HYPERVISEUR 2
- 10. 1 0 App 1 App 2 OS 1 OS 2 HARDWARE HYPERVISEUR 1 Virtualisation: intérêt Souplesse et Disponibilité HARDWARE HYPERVISEUR 2 App 2 OS 2 HARDWARE HYPERVISEUR 1 App 1 OS 1 HARDWARE HYPERVISEUR 2
- 13. 1 3 Virtualisation: accélération commodity hardware cpu performance increase Nombre de Transistors Temps Oui il n’y a pas d'échelle… ce n’est qu’une illustration ;)
- 14. #DevoxxFR 14 CPU
- 15. #DevoxxFR 15 CPU 0 1 0 1 1 0 0 1 Octet (byte) 0 1 0 1 1 0 0 1 0 1 0 1 1 0 0 1 0 1 0 1 1 0 0 1 0 1 0 1 1 0 0 1 0 1 0 1 1 0 0 1 0 1 0 1 1 0 0 1 0 1 0 1 1 0 0 1 0 1 0 1 1 0 0 1 Mot (word) 8 bits 64 bits Instruction Adresse Donnée (nombre, texte…) OU OU
- 16. #DevoxxFR 16 CPU Memory (e.g. RAM) CPU Instruction ou Donnee
- 17. #DevoxxFR 17 CPU LD: Charger un nombre depuis la RAM dans le CPU MOV: Stocker un nombre venant du CPU dans la RAM ADD: Faire l’addition de 2 nombres CMP: Comparer les 2 opérandes JMP: Sauter à une autre adresse OUT: Ecrire sur un port d'entrée/sortie IN: Lire depuis un port d'entrée/sortie …et des centaines d’autres INSTRUCTION SET (Specifique a chaque architecture):
- 20. Fetch-Decode-Execute Memory (e.g. RAM) 0xba, 0xf8, 0x03, 0x00, 0xd8, 0x04, '0', 0xee, 0xb0, 'n', 0xee, 0xf4, CPU
- 21. Fetch-Decode-Execute mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) CPU
- 22. Fetch-Decode-Execute mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) FETCH CPU Fetch
- 23. Fetch-Decode-Execute mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) decode(mov $0x3f8, %dx) CPU Decode
- 24. Fetch-Decode-Execute mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) decode(mov $0x3f8, %dx) -> Copier 0x3f8 dans le registre DX CPU Decode
- 25. Fetch-Decode-Execute mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) execute(Copier 0x3f8 dans le registre DX) CPU Execute
- 26. Fetch-Decode-Execute mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) DX: 0xf38 CPU
- 27. Fetch-Decode-Execute mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) DX: 0xf38 FETCH CPU Fetch
- 28. Fetch-Decode-Execute mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) DX: 0xf38 FETCH CPU Fetch
- 29. Fetch-Decode-Execute mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) DX: 0xf38 decode(add $'0', %al) CPU Decode
- 30. Fetch-Decode-Execute mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) DX: 0xf38 execute(add $'0', %al) CPU Execute
- 31. Fetch-Decode-Execute mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) DX: 0xf38 AX: ‘4’ CPU
- 32. Fetch-Decode-Execute mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) DX: 0xf38 AX: ‘4’ FETCH CPU Fetch
- 33. Fetch-Decode-Execute mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) DX: 0xf38 AX: ‘4’ decode(out %al, (%dx)) CPU Decode
- 34. Fetch-Decode-Execute mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) DX: 0xf38 AX: ‘4’ execute(out %al, (%dx)) CPU Execute
- 35. Fetch-Decode-Execute mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) DX: 0xf38 AX: ‘4’ Serial port execute(out %al, (%dx)) CPU Execute
- 36. Fetch-Decode-Execute mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) DX: 0xf38 AX: ‘4’ Serial port execute(out %al, (%dx)) WRITE CPU Execute
- 37. Fetch-Decode-Execute mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) DX: 0xf38 AX: ‘4’ Serial port execute(out %al, (%dx)) WRITE Privileged I/O Instruction CPU Execute
- 38. Virtualisation Hardware? Mode spécifique du processeur (VMX) Exécution restreinte et supervisée de certaines parties du code (Les VMs) Pour chaque VM: ● Certaines instructions ne sont pas exécutées par le processeur (Trap) ● Délégation à un superviseur logiciel (a.k.a. hyperviseur) ● Trapper une instruction est un cas d’exception ● Exemple: CPUID CPU Fetch Decode Trap Emulate
- 40. Instructions de Virtualisation CPU VMXON VMLAUNCH VMRESUME … et quelques autres: vmwrite, vmread, vmclear, vmptrld, vmptrRST, vmfunc, vmcall, INVEPT, INVVPID, VMXOFF
- 41. Running a VM mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) CPU
- 42. Running a VM mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) Hypervisor CPU
- 43. Running a VM mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) Hypervisor VMXON CPU VMXON
- 44. Running a VM mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) Hypervisor VMLAUNCH CPU VMLAUNCH
- 45. mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) Hypervisor VMLAUNCH Running a VM CPU VMLAUNCH
- 46. mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) Hypervisor VMLAUNCH VM Running a VM CPU VMLAUNCH
- 47. mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) Hypervisor VM Running a VM CPU
- 48. mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) Hypervisor VM FETCH Running a VM CPU Fetch
- 49. mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) Hypervisor VM decode(mov $0x3f8, %dx) Running a VM CPU Decode
- 50. mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) Hypervisor VM decode(mov $0x3f8, %dx) -> Copier 0x3f8 dans le registre DX Running a VM CPU Decode
- 51. mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) Hypervisor VM execute(Copier 0x3f8 dans le registre DX) Running a VM CPU Execute
- 52. mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) Hypervisor VM DX: 0xf38 Running a VM CPU
- 53. mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) Hypervisor VM DX: 0xf38 Running a VM CPU
- 54. mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) Hypervisor VM DX: 0xf38 Running a VM CPU
- 55. mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) Hypervisor VM DX: 0xf38 AX: ‘4’ Running a VM CPU
- 56. mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) Hypervisor VM DX: 0xf38 AX: ‘4’ FETCH Running a VM CPU Fetch
- 57. mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) Hypervisor VM DX: 0xf38 AX: ‘4’ decode(out %al, (%dx)) Running a VM CPU Decode
- 58. mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) Hypervisor VM DX: 0xf38 AX: ‘4’ decode(out %al, (%dx)) ⚠ Running a VM CPU Decode
- 59. mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) Hypervisor VM DX: 0xf38 AX: ‘4’ decode(out %al, (%dx)) ⚠ TRAP Running a VM CPU Trap
- 60. mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) Hypervisor VM DX: 0xf38 AX: ‘4’ decode(out %al, (%dx)) ⚠ VM-EXIT information Running a VM CPU Trap
- 61. mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) Hypervisor VM DX: 0xf38 AX: ‘4’ decode(out %al, (%dx)) ⚠ emulate(out %al, (%dx)) Running a VM CPU Emulate
- 62. mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) Hypervisor VM DX: 0xf38 AX: ‘4’ decode(out %al, (%dx)) ⚠ e.g. write %al to log file Running a VM CPU
- 63. mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) Hypervisor VM DX: 0xf38 AX: ‘4’ decode(out %al, (%dx)) ⚠ VMRESUME CPU VMRESUME
- 64. mov $0x3f8, %dx add %bl, %al add $'0', %al out %al, (%dx) mov $'n', %al out %al, (%dx) hlt Memory (e.g. RAM) Hypervisor VM DX: 0xf38 AX: ‘4’ FETCH Running a VM CPU Fetch
- 66. Mémoire Virtuelle Abstraction de la mémoire physique Illusion d’un espace d'adressage continu et très large Un pointeur applicatif est un adresse virtuelle != physique CPU Memory Management Unit (MMU) utilisé par le kernel CPU
- 67. Virtual Memory Memory (e.g. RAM) mov dx, [0x12345678] CPU
- 68. Virtual Memory mov dx, [0x12345678] Memory (e.g. RAM) FETCH Fetch CPU
- 69. Virtual Memory mov dx, [0x12345678] Memory (e.g. RAM) decode(mov dx, [0x12345678]) Decode CPU
- 70. Virtual Memory mov dx, [0x12345678] Memory (e.g. RAM) decode(mov dx, [0x12345678]) -> Copie la valeur à l’adresse 0x12345678 dans le registre dx Decode CPU
- 71. Virtual Memory mov dx, [0x12345678] Memory (e.g. RAM) decode(mov dx, [0x12345678]) -> Copie la valeur à l’adresse 0x12345678 dans le registre dx Decode CPU
- 72. Virtual Memory mov dx, [0x12345678] Memory (e.g. RAM) decode(mov dx, [0x12345678]) -> Copie la valeur à l’adresse 0x12345678 dans le registre dx Adresse Virtuelle Decode CPU
- 73. Virtual Memory mov dx, [0x12345678] Memory (e.g. RAM) decode(mov dx, [0x12345678]) -> Copie la valeur à l’adresse 0x12345678 dans le registre dx Adresse Virtuelle Adresse Physique?? Decode CPU
- 74. Virtual Memory mov dx, [0x12345678] Memory (e.g. RAM) translate(0x12345678) CPU
- 75. Virtual Memory mov dx, [0x12345678] Memory (e.g. RAM) translate(0x12345678) Memory Management Unit CPU
- 76. Virtual Memory mov dx, [0x12345678] Memory (e.g. RAM) translate(0x12345678) Memory Management Unit CPU
- 77. Virtual Memory mov dx, [0x12345678] Memory (e.g. RAM) translate(0x12345678) Memory Management Unit 0x12345678 is at 0xff005678 CPU
- 78. Virtual Memory mov dx, [0x12345678] Memory (e.g. RAM) translate(0x12345678) Memory Management Unit 0x12345678 is at 0xff005678 Adresse Physique CPU
- 79. Virtual Memory mov dx, [0x12345678] Memory (e.g. RAM) execute(mov dx, [0x12345678]) 0xf00ba4f00 @0xff005678 Memory Management Unit Execute CPU
- 80. Virtual Memory mov dx, [0x12345678] Memory (e.g. RAM) execute(mov dx, [0x12345678]) 0xf00ba4f00 @0xff005678 Read @0xff005678 Memory Management Unit CPU
- 81. DX: 0xf00ba4f00 Virtual Memory mov dx, [0x12345678] Memory (e.g. RAM) Memory Management Unit 0xf00ba4f00 @0xff005678 CPU
- 82. Virtual Memory Memory (e.g. RAM) Memory Management Unit Page Table Adress Virtual Physical 0x1200 0xf200 0x1840 0xf840 TLB Page Tables CPU
- 83. Virtual Memory Memory (e.g. RAM) Memory Management Unit Page Table Adress Virtual Physical 0x1200 0xf200 0x1840 0xf840 TLB translate(0x2400) Page Tables CPU
- 84. Virtual Memory Memory (e.g. RAM) Memory Management Unit Page Table Adress Virtual Physical 0x1200 0xf200 0x1840 0xf840 TLB translate(0x2400) Page Tables CPU
- 85. Virtual Memory Memory (e.g. RAM) Memory Management Unit Page Table Adress Virtual Physical 0x1200 0xf200 0x1840 0xf840 TLB translate(0x2400) TLB MISS Page Tables CPU
- 86. Virtual Memory Memory (e.g. RAM) Memory Management Unit Page Table Adress Virtual Physical 0x1200 0xf200 0x1840 0xf840 TLB 0xfc00 translate(0x2400) TLB MISS Page Tables CPU
- 87. Virtual Memory Memory (e.g. RAM) Memory Management Unit Page Table Adress Virtual Physical 0x1200 0xf200 0x1840 0xf840 TLB 0xfc00 0x2400 is at 0xfc00 TLB MISS Page Tables CPU
- 89. #DevoxxFR 89 RAM
- 90. RAM 9 0 Virtualisation “à l’ancienne” SHADOW PAGE TABLES GUEST OS guest Virtual guest Physical 0x01000 0xe19a8 0x05000 0xb018e VMM CPU RAM
- 91. RAM 9 1 Virtualisation “à l’ancienne” SHADOW PAGE TABLES GUEST OS guest Virtual guest Physical 0x01000 0xe19a8 0x05000 0xb018e VMM Guest VIRTUAL host physical 0x01000 0x034b835 0x05000 0xdeb1a78 CPU RAM
- 92. RAM 9 2 Virtualisation “à l’ancienne” SHADOW PAGE TABLES GUEST OS guest Virtual guest Physical 0x01000 0xe19a8 0x05000 0xb018e VMM Guest VIRTUAL host physical 0x01000 0x034b835 0x05000 0xdeb1a78 CPU guest virtual host physical 0x01000 0x034b835 0x05000 0xdeb1a78 RAM
- 93. RAM 9 3 Virtualisation “à l’ancienne” SHADOW PAGE TABLES GUEST OS guest Virtual guest Physical 0x01000 0xe19a8 0x05000 0xb018e VMM Guest VIRTUAL host physical 0x01000 0x034b835 0x05000 0xdeb1a78 CPU guest virtual host physical 0x01000 0x034b835 0x05000 0xdeb1a78 READ 0x00000 RAM
- 94. RAM 9 4 Virtualisation “à l’ancienne” SHADOW PAGE TABLES GUEST OS guest Virtual guest Physical 0x01000 0xe19a8 0x05000 0xb018e VMM Guest VIRTUAL host physical 0x01000 0x034b835 0x05000 0xdeb1a78 CPU guest virtual host physical 0x01000 0x034b835 0x05000 0xdeb1a78 READ 0x00000 RAM TLB PAGE HIT/MISS ...
- 95. RAM 9 5 Virtualisation “à l’ancienne” SHADOW PAGE TABLES GUEST OS guest Virtual guest Physical 0x01000 0xe19a8 0x05000 0xb018e VMM Guest VIRTUAL host physical 0x01000 0x034b835 0x05000 0xdeb1a78 CPU guest virtual host physical 0x01000 0x034b835 0x05000 0xdeb1a78 READ 0x00000 0x034b835 RAM TLB PAGE HIT/MISS ...
- 96. RAM 9 6 Virtualisation “à l’ancienne” SHADOW PAGE TABLE (write) GUEST OS Guest Virtual Guest Physical 0x01000 0xe19a8 VMM Guest VIRTUAL host physical 0x01000 0x034b835 CPU RAM guest virtual host physical 0x01000 0x034b835
- 97. RAM 9 7 Virtualisation “à l’ancienne” SHADOW PAGE TABLE (write) GUEST OS Guest Virtual Guest Physical 0x01000 0xe19a8 VMM Guest VIRTUAL host physical 0x01000 0x034b835 CPU WRITE 0x05000 → 0xf2a15 RAM guest virtual host physical 0x01000 0x034b835
- 98. RAM 9 8 Virtualisation “à l’ancienne” SHADOW PAGE TABLE (write) GUEST OS Guest Virtual Guest Physical 0x01000 0xe19a8 VMM Guest VIRTUAL host physical 0x01000 0x034b835 CPU WRITE 0x05000 → 0xf2a15 RAM guest virtual host physical 0x01000 0x034b835 READ ONLY!
- 99. RAM 9 9 Virtualisation “à l’ancienne” SHADOW PAGE TABLE (write) GUEST OS Guest Virtual Guest Physical 0x01000 0xe19a8 VMM Guest VIRTUAL host physical 0x01000 0x034b835 CPU WRITE 0x05000 → 0xf2a15 TRAP/VMEXIT RAM guest virtual host physical 0x01000 0x034b835 READ ONLY!
- 100. RAM 1 0 Virtualisation “à l’ancienne” SHADOW PAGE TABLE (write) GUEST OS Guest Virtual Guest Physical 0x01000 0xe19a8 VMM Guest VIRTUAL host physical 0x01000 0x034b835 0x05000 0xdeb1a78 CPU WRITE 0x05000 → 0xf2a15 RAM guest virtual host physical 0x01000 0x034b835 READ ONLY!
- 101. RAM 1 0 Virtualisation “à l’ancienne” SHADOW PAGE TABLE (write) GUEST OS Guest Virtual Guest Physical 0x01000 0xe19a8 VMM Guest VIRTUAL host physical 0x01000 0x034b835 0x05000 0xdeb1a78 CPU WRITE 0x05000 → 0xf2a15 RAM guest virtual host physical 0x01000 0x034b835 0x05000 0xdeb1a78 READ ONLY! UPDATE
- 102. RAM 1 0 Virtualisation “à l’ancienne” SHADOW PAGE TABLE (write) GUEST OS Guest Virtual Guest Physical 0x01000 0xe19a8 VMM Guest VIRTUAL host physical 0x01000 0x034b835 0x05000 0xdeb1a78 CPU WRITE 0x05000 → 0xf2a15 VMRESUME RAM guest virtual host physical 0x01000 0x034b835 0x05000 0xdeb1a78 READ ONLY! UPDATE
- 103. RAM 1 0 Virtualisation “à l’ancienne” SHADOW PAGE TABLE (write) GUEST OS Guest Virtual Guest Physical 0x01000 0xe19a8 0x05000 0x28a7de VMM Guest VIRTUAL host physical 0x01000 0x034b835 0x05000 0xdeb1a78 CPU WRITE 0x05000 → 0xf2a15 VMRESUME RAM guest virtual host physical 0x01000 0x034b835 0x05000 0xdeb1a78 READ ONLY! UPDATE
- 104. RAM 1 0 Virtualisation assistée par le hardware Second-Layer Address Translation GUEST OS CPU RAM Guest Virtual Guest Physical 0x01000 0xe19a8 0x05000 0x28a7de VMM Guest Physical host physical 0x01000 0x034b835 0x05000 0xdeb1a78 EPT/RVI
- 105. RAM 1 0 Virtualisation assistée par le hardware Second-Layer Address Translation GUEST OS CPU Guest PHYSICAL host physical 0xe19a8 0x034b835 0xb018e 0xdeb1a78 RAM Guest Virtual Guest Physical 0x01000 0xe19a8 0x05000 0x28a7de VMM Guest Physical host physical 0x01000 0x034b835 0x05000 0xdeb1a78 EPT/RVI
- 106. RAM 1 0 Virtualisation assistée par le hardware Second-Layer Address Translation GUEST OS guest Virtual guest Physical 0x01000 0xe19a8 0x05000 0xb018e CPU Guest PHYSICAL host physical 0xe19a8 0x034b835 0xb018e 0xdeb1a78 RAM Guest Virtual Guest Physical 0x01000 0xe19a8 0x05000 0x28a7de VMM Guest Physical host physical 0x01000 0x034b835 0x05000 0xdeb1a78 EPT/RVI
- 107. RAM 1 0 Virtualisation assistée par le hardware Second-Layer Address Translation GUEST OS guest Virtual guest Physical 0x01000 0xe19a8 0x05000 0xb018e CPU Guest PHYSICAL host physical 0xe19a8 0x034b835 0xb018e 0xdeb1a78 RAM Guest Virtual Guest Physical 0x01000 0xe19a8 0x05000 0x28a7de VMM Guest Physical host physical 0x01000 0x034b835 0x05000 0xdeb1a78 EPT/RVI READ/WRITE 0x01000
- 108. RAM 1 0 Virtualisation assistée par le hardware Second-Layer Address Translation GUEST OS guest Virtual guest Physical 0x01000 0xe19a8 0x05000 0xb018e CPU Guest PHYSICAL host physical 0xe19a8 0x034b835 0xb018e 0xdeb1a78 RAM Guest Virtual Guest Physical 0x01000 0xe19a8 0x05000 0x28a7de VMM Guest Physical host physical 0x01000 0x034b835 0x05000 0xdeb1a78 EPT/RVI READ/WRITE 0x01000
- 109. RAM 1 0 Virtualisation assistée par le hardware Second-Layer Address Translation GUEST OS guest Virtual guest Physical 0x01000 0xe19a8 0x05000 0xb018e CPU Guest PHYSICAL host physical 0xe19a8 0x034b835 0xb018e 0xdeb1a78 RAM Guest Virtual Guest Physical 0x01000 0xe19a8 0x05000 0x28a7de VMM Guest Physical host physical 0x01000 0x034b835 0x05000 0xdeb1a78 EPT/RVI READ/WRITE 0x01000
- 110. RAM 11 0 Virtualisation assistée par le hardware Second-Layer Address Translation GUEST OS guest Virtual guest Physical 0x01000 0xe19a8 0x05000 0xb018e CPU Guest PHYSICAL host physical 0xe19a8 0x034b835 0xb018e 0xdeb1a78 RAM Guest Virtual Guest Physical 0x01000 0xe19a8 0x05000 0x28a7de VMM Guest Physical host physical 0x01000 0x034b835 0x05000 0xdeb1a78 EPT/RVI READ/WRITE 0x01000
- 111. RAM 11 1 Virtualisation assistée par le hardware Second-Layer Address Translation GUEST OS guest Virtual guest Physical 0x01000 0xe19a8 0x05000 0xb018e CPU Guest PHYSICAL host physical 0xe19a8 0x034b835 0xb018e 0xdeb1a78 RAM Guest Virtual Guest Physical 0x01000 0xe19a8 0x05000 0x28a7de VMM Guest Physical host physical 0x01000 0x034b835 0x05000 0xdeb1a78 EPT/RVI READ/WRITE 0x01000
- 112. RAM 11 2 Virtualisation assistée par le hardware Second-Layer Address Translation GUEST OS guest Virtual guest Physical 0x01000 0xe19a8 0x05000 0xb018e CPU Guest PHYSICAL host physical 0xe19a8 0x034b835 0xb018e 0xdeb1a78 RAM Guest Virtual Guest Physical 0x01000 0xe19a8 0x05000 0x28a7de VMM Guest Physical host physical 0x01000 0x034b835 0x05000 0xdeb1a78 EPT/RVI READ/WRITE 0x01000 0x034b835
- 114. #DevoxxFR 114 I/O
- 115. Drivers 11 5 APP OS ⚙ DRIVER DEVICES : PRINTER GPU (nvidia, amd, intel…) Network card HARD DRIVE I/O
- 116. Émulation 11 6 GUEST OS ⚙ DRIVER VMM ?? TRAP VMEXIT I/O
- 117. Émulation 11 7 Exemple: ETHERNET Nom Intel PRO/100 Débit max 100 Mbps Interface PCI I/O
- 120. Paravirtualisation GUEST OS GUEST DRIVER I/O Drivers spécifiques dans le système Guest
- 121. Paravirtualisation GUEST OS GUEST DRIVER guest tools I/O Drivers spécifiques dans le système Guest
- 122. Additions Paravirtualisation GUEST OS GUEST DRIVER I/O Drivers spécifiques dans le système Guest
- 123. Paravirtualisation GUEST OS GUEST DRIVER VIRTIO I/O Drivers spécifiques dans le système Guest
- 124. Paravirtualisation GUEST OS GUEST DRIVER VIRTIO I/O Drivers spécifiques dans le système Guest U PSTREAM
- 125. Assignment de devices HV GUEST OS GUEST DRIVER DEVICE I/O
- 126. Mémoire & Devices Memory (e.g. RAM) Memory Management Unit I/O
- 127. Mémoire & Devices Memory (e.g. RAM) MMU I/O I/O MMU south bridge, on parle de Platform Controller Hub (PCH), qui est directement lie au core du processeur. Mais la plupart des gens qui ont ce genre de connaissances sont surement encore sur le terme de south bridge... Samuel Ortiz 10:20 AM Yesterday Une derniere information: Aujourd'hui toutes les distros bootent le kernel avec l'IOMMU=on pare defaut. Ce qui signifie que tous les devices sont toujours derriere l'IOMMU, qu'ils soit assignes a une VM ou pas.
- 128. Assignment de devices GPU GUEST OS GPU DRIVER HV OS GPU DRIVER I/O
- 129. GPU GUEST OS GPU DRIVER HV OS GPU DRIVER I/O Assignment de devices
- 130. GPU GUEST OS GPU DRIVER HV OS I/O Assignment de devices
- 131. GPU GUEST OS GPU DRIVER HV OS VFIO + IOMMU I/O Assignment de devices
- 132. GPU GUEST OS GPU DRIVER HV OS (Exemple) ~ $ qemu-kvm … -device vfio-pci,id=video,host=02:00.0,multifunction=on,x-vga=on -device vfio-pci,id=vidaudio,host=02:00.1,bus=pci.0 VFIO + IOMMU I/O Assignment de devices
- 133. GPU GUEST OS GPU DRIVER ESX / vmware DIRECTPATH I/O I/O Assignment de devices
- 134. GPU GUEST OS GPU DRIVER HV OS GUEST OS GPU DRIVER ? VFIO + IOMMU I/O Assignment de devices
- 135. GPU GUEST OS GPU DRIVER HV OS GUEST OS GPU DRIVER VFIO + IOMMU I/O Assignment de devices
- 136. NIC GUEST OS HV OS GUEST OS I/O Assignment de devices
- 137. NIC GUEST OS HV OS GUEST OS I/O Assignment de devices SR-IOV
- 138. NIC GUEST OS HV OS GUEST OS I/O Assignment de devices PF SR-IOV
- 139. VF4 VF3 VF2 NIC GUEST OS HV OS GUEST OS I/O VF1 Assignment de devices PF SR-IOV
- 140. VF4 VF3 VF2 NIC GUEST OS HV OS GUEST OS VFIO I/O VF1 Assignment de devices PF SR-IOV
- 141. VF4 VF3 VF2 NIC GUEST OS HV OS GUEST OS VFIO I/O VF1 Assignment de devices PF VFIO SR-IOV
- 142. VF4 VF3 VF2 NIC GUEST OS NIC DRIVER HV OS GUEST OS NIC DRIVER VFIO I/O VF1 Assignment de devices PF VFIO SR-IOV
- 143. VIRTIO VIRTIO GUEST OS virtio DRV GUEST HV OS GUEST OS virtio DRV GUEST VFIO I/O VIRTIO Assignment de devices VFIO virtio DRV guest
- 146. HYPERVISEURS
- 147. HYPERVISEURS
- 148. HYPERVISEURS
- 149. + HYPERVISEURS
- 151. + virtualisation CPU/ EPT Implémente le device model HYPERVISEURS
- 153. #DevoxxFR 153 VMs vs. Containers
- 154. CPU RAM NET. STOR. Containers HOST LINUX KERNEL
- 155. CPU RAM NET. STOR. Containers HOST LINUX KERNEL Container A Process A Filters: - Seccomp - MAC - CAPs namespaces
- 156. CPU RAM NET. STOR. Containers HOST LINUX KERNEL Container A Process A Filters: - Seccomp - MAC - CAPs Container B Process B Filters: - Seccomp - MAC - CAPs namespaces namespaces
- 157. Containers CPU RAM NET. STOR. HOST LINUX KERNEL Container A Container B Container C Process A Process B Process C Filters: - Seccomp - MAC - CAPs Filters: - Seccomp - MAC - CAPs Filters: - Seccomp - MAC - CAPs namespaces namespaces namespaces
- 158. Containers CPU RAM NET. STOR. HOST LINUX KERNEL Container A Container B Container C Process A Process B Process C Filters: - Seccomp - MAC - CAPs Filters: - Seccomp - MAC - CAPs Filters: - Seccomp - MAC - CAPs namespaces namespaces namespaces Kernel Partagé
- 159. Containers CPU RAM NET. STOR. HOST LINUX KERNEL Container A Container B Container C Process A Process B Process C Filters: - Seccomp - MAC - CAPs Filters: - Seccomp - MAC - CAPs Filters: - Seccomp - MAC - CAPs namespaces namespaces namespaces Kernel Partagé Contexte d’exécution Partagé
- 160. Containers CPU RAM NET. STOR. HOST LINUX KERNEL Container A Container B Container C Process A Process B Process C Filters: - Seccomp - MAC - CAPs Filters: - Seccomp - MAC - CAPs Filters: - Seccomp - MAC - CAPs namespaces namespaces namespaces Kernel Partagé Contexte d’exécution Partagé Rapidité de démarrage / cycle de vie facilité
- 162. VMs VM A Processus A CPU RAM NET. STOR. GUEST LINUX KERNEL HOST LINUX KERNEL (HYPERVISOR)
- 163. VMs VM A VM B Processus A Processus B CPU RAM NET. STOR. CPU RAM NET. STOR. GUEST LINUX KERNEL GUEST LINUX KERNEL HOST LINUX KERNEL (HYPERVISOR)
- 164. VMs VM A VM B VM C Processus A Processus B Processus C CPU RAM NET. STOR. CPU RAM NET. STOR. CPU RAM NET. STOR. GUEST LINUX KERNEL GUEST LINUX KERNEL GUEST LINUX KERNEL HOST LINUX KERNEL (HYPERVISOR)
- 165. VMs VM A VM B VM C Processus A Processus B Processus C CPU RAM NET. STOR. CPU RAM NET. STOR. CPU RAM NET. STOR. GUEST LINUX KERNEL GUEST LINUX KERNEL GUEST LINUX KERNEL Kernels dédiés HOST LINUX KERNEL (HYPERVISOR)
- 166. VMs VM A VM B VM C Processus A Processus B Processus C CPU RAM NET. STOR. CPU RAM NET. STOR. CPU RAM NET. STOR. Virtualisation du HARDWARE GUEST LINUX KERNEL GUEST LINUX KERNEL GUEST LINUX KERNEL Kernels dédiés HOST LINUX KERNEL (HYPERVISOR)
- 167. VMs VM A VM B VM C Processus A Processus B Processus C CPU RAM NET. STOR. CPU RAM NET. STOR. CPU RAM NET. STOR. Virtualisation du HARDWARE GUEST LINUX KERNEL GUEST LINUX KERNEL GUEST LINUX KERNEL Kernels dédiés Cycle de vie lourd /LENTEUR de démarrage HOST LINUX KERNEL (HYPERVISOR)
- 168. VMs VM A VM B VM C Processus A Processus B Processus C CPU RAM NET. STOR. CPU RAM NET. STOR. CPU RAM NET. STOR. Virtualisation du HARDWARE GUEST LINUX KERNEL GUEST LINUX KERNEL GUEST LINUX KERNEL Kernels dédiés Cycle de vie lourd /LENTEUR de démarrage ? HOST LINUX KERNEL (HYPERVISOR)
- 170. #DevoxxFR 170 Containers in VMs
- 171. VM A VM B VM C Processus A Processus B Processus C CPU RAM NET. STOR. CPU RAM NET. STOR. CPU RAM NET. STOR. Virtualisation du HARDWARE GUEST LINUX KERNEL GUEST LINUX KERNEL GUEST LINUX KERNEL Kernels dédiés HOST LINUX KERNEL (HYPERVISOR) Containers in VMs Cycle de vie lourd /LENTEUR de démarrage ?
- 172. VM Légère A VM Légère B VM Légère C Processus A Processus B Processus C CPU RAM NET. STOR. CPU RAM NET. STOR. CPU RAM NET. STOR. Virtualisation du HARDWARE GUEST LINUX KERNEL GUEST LINUX KERNEL GUEST LINUX KERNEL Kernels dédiés HOST LINUX KERNEL (HYPERVISOR) Containers in VMs
- 173. VM Légère A VM Légère B VM Légère C Processus A Processus B Processus C CPU RAM NET. STOR. CPU RAM NET. STOR. CPU RAM NET. STOR. Virtualisation du HARDWARE GUEST LINUX KERNEL GUEST LINUX KERNEL GUEST LINUX KERNEL Kernels dédiés HOST LINUX KERNEL (HYPERVISOR) Containers in VMs Container A Container B Container C
- 174. VM Légère A VM Légère B VM Légère C Processus A Processus B Processus C CPU RAM NET. STOR. CPU RAM NET. STOR. CPU RAM NET. STOR. Virtualisation du HARDWARE GUEST LINUX KERNEL GUEST LINUX KERNEL GUEST LINUX KERNEL Kernels dédiés HOST LINUX KERNEL (HYPERVISOR) Rapidité de démarrage / cycle de vie facilité Containers in VMs Container A Container B Container C
- 175. Containers in VMs VMs Légères (e.g. Firecracker) Intégration avec CRI (Containerd, Kubernetes…) RuntimeClass pour (par exemple) n’exécuter que des payloads non trustées dans des conteneurs.
- 176. Containers in VMs Standard containers
- 177. Containers in VMs Standard containers
- 178. Containers in VMs Intégration simplifiée Standard containers
- 179. Containers in VMs Kubernetes Kubernetes KERNEL POD CONTAINER CONTAINER CONTAINER POD CONTAINER POD CONTAINER CONTAINER KERNEL POD CONTAINER CONTAINER CONTAINER KERNEL POD CONTAINER CONTAINER KERNEL KubE. C. P. KubE. C. P. Kubernetes control plane
- 180. Containers in VMs Kubernetes Kubernetes KERNEL POD CONTAINER CONTAINER CONTAINER POD CONTAINER POD CONTAINER CONTAINER KERNEL POD CONTAINER CONTAINER CONTAINER KERNEL POD CONTAINER CONTAINER KERNEL Isolation through multiple KUBE NODES Kubernetes control plane KubE. C. P. KubE. C. P.
- 181. Containers in VMs Kubernetes Kubernetes KERNEL Kubernetes KERNEL POD CONTAINER CONTAINER CONTAINER POD CONTAINER POD CONTAINER CONTAINER KERNEL POD CONTAINER CONTAINER CONTAINER KERNEL POD CONTAINER CONTAINER KERNEL KERNEL POD POD POD POD POD KATA VM KATA VM KATA VM KATA VM KATA VM CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER Isolation through multiple KUBE NODES Kubernetes control plane KubE. C. P. KubE. C. P. Kubernetes control plane
- 182. Containers in VMs Kubernetes Kubernetes KERNEL Kubernetes KERNEL POD CONTAINER CONTAINER CONTAINER POD CONTAINER POD CONTAINER CONTAINER Kubernetes control plane POD CONTAINER CONTAINER CONTAINER KubE. C. P. POD CONTAINER CONTAINER KubE. C. P. Kubernetes control plane POD POD POD POD POD KATA VM KATA VM KATA VM KATA VM KATA VM CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER Multi-tenancy Isolation through multiple KUBE NODES