Introduction to KVM nesting virtualization and the use of virtual ETP characteristics

Introduction to Nesting Virtualization

Nested virtualization (nested virtualization, recursive virtualization) is the process of running a hypervisor in a virtualized client, which is then virtualized to run a client. Nested virtualization includes not only the same hypervisor nesting (for example, KVM on KVM, Xen in Xen, VMware on VMware, and so on), but also the different hypervisor nesting (such as VMware on KVM, KVM on Xen, Xen on KVM, etc.). Based on the concept of nested virtualization, it includes not only two layers of nesting (such as KVM on KVM), but also multiple layers of nesting (such as KVM on KVM on KVM).

If nested virtualization is more mature and commercially available, it is possible to use VMware, KVM, Xen, and other virtual machines on Amazon's EC2 or Google's GCE on the leased virtual client.

Current status of KVM nested virtualization (virtual EPT)

Two or three years ago (about 2010 years), KVM began to support nested virtualization, which provides the most basic CPU hardware virtualization to L1. Then, because there is no ept support, only the shadow pagetable can be used in L1, and its memory access is inefficient; Recently, engineers at IBM and Intel (our team) started doing virtual ept to get L1 to use the features of the fictitious ept, Thus greatly improving the efficiency of memory access in L2. With virtual EPT, there are 3 possible types of L2 pagetable: Shadow on Shadow, shadow on EPT, EPT on EPT (where the performance of EPT on EPT is of course the best). At present, the virtual ept patch has not been sent to the upstream KVM, but should be able to go in soon.

In addition, recently IBM (and Intel) engineers in the KVM Maillist also sent a number of Vmcs shadowing patch, this is also a good way to improve the efficiency of the L2 (can be said later).

BTW, in the latest Xen, Intel engineers have developed nested in feature, such as virtual EPT and Vmcs shadowing, and have been formally added to the patch, seemingly with significant performance improvements ( There may be some data in the future). You can also refer to a speech in Xen Summit 2013: Http://www.slideshare.net/xen_com_mgr/nested-virtualization-update-from-intel

Performance data for KVM virtual ept

In the latest KVM kernel (3.9.0-RCX), the internal virtual ept associated patch is added, and the kernel build is tested for efficiency in L2. (The nested virtualization here is the KVM on KVM type)

On an Ivy bridge machine, L2 is a 4 vcpu and 4GB memory configuration, and the time required for kernel compilation is as follows

Without v-ept:32 ' 6″ (32 minutes 6 seconds) –> is shadow on EPT.

With V-ept:9 ' 56″–> is EPT on EPT

Visible, virtual ept performance is used in KVM virtualization, allowing the performance of the kernel build test scenario to be about 3 times times (3X).

It is believed that after the recent virtual EPT and Vmcs shadowing patch are added to the upstream KVM, the efficiency of the KVM's nesting virtualization will be greatly improved, so that nested virtualization becomes a truly practical technology.