Shulou(Shulou.com)06/02 Report--

Server virtualization technology can be traced back to the virtualized z/VM of the IBM mainframe, implementing server virtualization on the z-series mainframe (the non-virtualized operating system is z/OS). Hundreds of virtual machines can be run based on z/VM. The later KVM technology on Power is PowerKVM; and AIX Virtualization PowerVM, which supports both vSCSI and NPIV technologies (the virtual exit system is called VIOS). Today's content covers CPU virtualization, memory virtualization, Intel hardware assistive technology, IO virtualization and GPU virtualization, etc., with in-depth popular science articles; please give way to drivers and ignore today's content.

Many readers may think that server virtualization technology has been impacted by container technology and may be out of date. In fact, in many scenarios, virtualization technology can not be replaced by containers. So as beginners who want to step into the field of cloud computing, it is still necessary to have an in-depth understanding of server virtualization. Let's take a look at the development of virtualization and its external factors and driving forces.

Partition technology enables the virtualization layer to divide server resources for multiple virtual machines; it enables you to run multiple applications on a single server, and each operating system can only see the virtual hardware provided by the virtualization layer.

Virtual machine isolation allows virtual machines to be isolated from each other, and the crash or failure of one virtual machine (for example, operating system failure, application crash, driver failure, and so on) does not affect other virtual machines on the same server.

Encapsulation means that the entire virtual machine (hardware configuration, BIOS configuration, memory state, disk state, CPU state) is stored in a small set of files separate from the physical hardware. In this way, you only need to copy a few files to copy, save, and move virtual machines anytime, anywhere, as needed.

CPU Virtualization Development

According to the degree of virtualization, server virtualization can be divided into full virtualization, semi-virtualization and hardware-assisted virtualization.

The conditions and technical difficulties of CPU virtualization. CPU itself has different running levels, which correspond to different permissions. When the virtual machine executes these sensitive instructions, errors are likely to occur, which will affect the stability of the whole machine, so VM is not allowed to execute directly. Then a virtualization platform is needed to solve this problem.

Full virtualization: the location of VMM in the software stack is the traditional location of the operating system, while the location of the operating system is the traditional location of applications. Each Guest OS needs binary conversion for specific instruction access communications in order to provide interfaces to physical resources such as processors, memory, storage, video cards, and network cards to simulate the hardware environment.

Paravirtualization: part of the code in Guest OS is changed so that Guest OS converts all operations related to privileged instructions into Hypercall (super calls) sent to VMM, where VMM continues processing and returns the result.

Hardware-assisted virtualization: new instructions and operation modes are introduced to make VMM and Guest OS run in different modes (ROOT mode and non-ROOT mode), and Guest OS runs under Ring 0. So that the core instructions of Guest OS can be directly executed by the hardware of the computer system without going through VMM.

Classification of Virtualization Software Architecture

Server virtualization is one of the key technologies in cloud computing. Virtualization has a wide range of meanings, including server, storage, network and data center virtualization. Its purpose is to abstract any form of resources into another form of technology is virtualization. Today we discuss the classification of server virtualization architectures.

Host Virtualization: virtualization management software, as a common application on the underlying operating system (Windows or Linux, etc.), then creates the corresponding virtual machine and shares the underlying server resources.

Bare metal virtualization: Hypervisor is a hypervisor that runs directly on physical hardware. It mainly implements two basic functions: first, it identifies, captures and responds to the CPU privileged instructions or protection instructions issued by the virtual machine; secondly, it is responsible for handling the queue and scheduling of the virtual machine, and returns the processing results of the physical hardware to the corresponding virtual machine.

Operating system virtualization: there is no separate hypervisor layer. Instead, the host operating system itself is responsible for allocating hardware resources among multiple virtual servers and making them independent of each other. One obvious difference is that if operating system layer virtualization is used, all virtual servers must run the same operating system (although each instance has its own application and user account), Virtuozzo/OpenVZ/Docker, and so on.

Hybrid virtualization: the hybrid virtualization model uses the host operating system like hosted virtualization, but instead of placing the hypervisor on top of the host operating system, a kernel-level drive is inserted into the host operating system kernel. This driver acts as a virtual hardware manager (VHM) to coordinate hardware access between the virtual machine and the host operating system. As you can see, the hybrid virtualization model relies on the memory manager and the CPU scheduling tool of the existing kernel. Like bare metal virtualization and operating system virtualization architecture, the lack of redundant memory managers and CPU scheduling tools greatly improves the performance of this pattern.

Comparison of various architectur

Bare metal virtualization architecture and hybrid virtualization architecture will be the development trend of virtualization architecture in the future. with hardware-assisted virtualization, the performance of physical machines can be achieved. Mainstream server virtualization, such as KVM, Hyper-V, and VMware, all support hardware-assisted virtualization.

Memory virtualization

In a virtual environment, the virtualization manager simulates so that the virtual memory still conforms to the client OS's assumption and understanding of the memory. From the virtual machine's point of view, physical memory should be used by multiple customer OS at the same time; solve the problem of physical memory being distributed to multiple systems, and client OS memory continuity.

To solve the above problems, a new layer of client physical address space is introduced to let the virtual machine OS see a virtual physical address, and the virtualization hypervisor is responsible for converting the physical address to the physical processor for execution. That is, given a virtual machine, maintain the mapping relationship between the physical address of the client and the physical address of the host, intercept the access of the virtual machine to the physical address of the client and convert it into a physical address.

Full virtualization of memory: the virtualization manager maintains a shadow page table for each Guest, and the shadow page table maintains a mapping of virtual addresses (VA) to machine addresses (MA).

Memory paravirtualization technology: when Guest OS creates a new page table, it registers the page table with VMM, and then while Guest is running, VMM will constantly manage and maintain the table so that programs on Guest can directly access the appropriate address.

Hardware-assisted memory virtualization: on the basis of the original page table, an EPT (extended page table) page table is added, through which the physical address of Guest can be directly translated into the physical address of the host.

IBO Virtualization Technology

When virtualized, the Ethernet ports of the server are divided into multiple, and the traffic between the network, storage, and servers may be insufficient. When the bottleneck is encountered, CPU will be idle to wait for data, which will greatly reduce the computational efficiency. So virtualization must also be extended to the Istroke O system, where bandwidth is dynamically shared among workloads, storage, and servers to maximize the use of network interfaces.

The goal of virtualization is not only to let virtual machines access the resources they need, but also to isolate them and, more importantly, to reduce the overhead caused by virtualization.

Full Virtualization: virtualization is achieved by simulating Ihammer O devices (disks, network cards, etc.). As far as Guest OS is concerned, all it can see is a set of unified Icano devices. VMM intercepts Guest OS's access requests to Icano devices, and then simulates the real hardware through software. This approach is very transparent to Guest, regardless of the underlying hardware. For example, Guest operates on disk types, physical interfaces, and so on.

Paravirtualization: through the front-end and back-end architectures, the Guest's I am O requests are passed through a ring queue to the privilege domain (also known as Domain0). Because there are many details about this way, it will be analyzed in depth later.

Hardware-assisted virtualization: nothing is more representative than Intel's VT-d/VT-c,AMD 's IOMMU and PCI-SIG 's IOV. This technology also needs the corresponding network card to cooperate with the implementation. At present, the common network card is divided into ordinary network card, VMDq through and SR-IOV.

The common network card adopts Domin0 bridge queue.

VMDq assigns an independent queue to each virtual machine in the physical network card of the server through VMM, and the traffic from the virtual machine can be sent to the designated queue directly through the software switch, and the software switch does not need to sort and route. Hyper-V adopts this mode.

By creating different virtual functions (VF), SR-IOV uses a physical independent network card for the virtual machine, which enables the virtual machine to communicate directly with the hardware network card without going through the software switch, thus reducing the address translation of the virtualization hypervisor layer.

Intel hardware support for virtualization

VT-x technology adds VMX root operation and VMX non-root operation operation modes to IA 32 processor. VMM itself runs in VMX root operation mode, and GuestOS runs in VMXnon-root operation mode. Both modes of operation support the Ring0-Ring 3 privileged run level, so both VMM and Guest OS are free to choose the run level they expect. Allow virtual machines to execute certain instructions directly, reducing the burden on VMM. VT-x refers to the VT technology of Xeon processors, and VT-i refers to the VT technology of Anton processors.

VT-d (VT for Direct VT for Direct O) is mainly implemented in the chipset, which allows the virtual machine to access the device directly so as to reduce the burden of VMM and CPU. Its core idea is to let the virtual machine use the physical device directly, but this will involve the problems of Imax O address access and DMA, and VT-d solves these two problems by using DMA remapping and Imax O page table, so that the virtual machine can access the physical server device directly.

VT-c (VTfor Connectivity) is mainly implemented on the network card, including two core technologies: VMDq and VMDc. VMDq pre-classifies the packets of different virtual machines through the specific hardware on the network card, and then distributes them to each virtual machine through VMM, thus reducing the CPU overhead of packet classification by VMM. VMDc allows virtual machines to access network card devices directly. Single Root Virtualization O Virtualization (SR-IOV) is a PCI-SIG specification that assigns a PCIe device to multiple virtual machines for direct access.

Trusted execution technology (TXT) can effectively protect users' computers from various security threats by using advanced module chips. The accessed computer resources are mainly controlled by hardware kernels and subsystems. Computer viruses, malicious code, spyware and other security threats will cease to exist.

GPU and GPU Virtualization Technology

GPU pass-through connects GPU devices to virtual machines; GPU sharing connects GPU devices to GPU server virtual machines, and GPU server can share its GPU devices with GPU client; GPU virtualization means that GPU devices can be virtualized into n vGPU, and the corresponding n virtual machines can directly use the GPU devices at the same time, and GPU devices that support virtualization can be configured as pass-through or virtualization types.

Through the VGX GPU hardware virtualization function, GPU virtualization virtualizes a physical GPU device into multiple virtual GPU devices for virtual machines to use. Each virtual machine can directly access part of the hardware resources of the physical GPU through the bound vGPU. All vGPU can share time-sharing access to the 3D graphics engine and video codec engine of the physical GPU, and have independent video memory.

The GPU virtualization feature enables a physical GPU device to be used by multiple virtual machines at the same time, while a GPU device in GPU pass-through can only be used by one virtual machine. GPU virtualization enables virtual machines using the same GPU physical device to not affect each other, and the system automatically allocates the processing power of physical GPU devices to multiple virtual machines, while GPU sharing mounts GPU devices through GPU server and establishes a high-speed communication mechanism between GPU Server and GPU client on the host, so that GPU client can share GPU server GPU devices. Whether GPU client enjoys GPU function or not depends on GPU server.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.