I/O virtualization, o virtual
Note:This article mainly records my understanding of I/O virtualization. I hope this article will be helpful to anyone who wants to know about virtualization I/O. This is the io virtualization technology I summarized when I read the paper [vale, a switched ethernet for virtual machines]. The general and thinking results are many and the details are few.
We assume that most of the computer services are now migrated to a virtualized environment (in fact, it is a fact). The main benefit is resource sharing and reduced overhead. Virtual machines also need to access peripheral devices, such as disks and networks. Even in a non-virtualized environment, network access is a very challenging technology (applications use system calls), so it is difficult to access the network at the virtual machine level to achieve the speed of hardware. So how should we deal with virtualization I/O? There are three main methods to virtualize I/O: full virtualization, semi-virtualization, and Direct I/O accsss. They use different processing methods for communication between guest and hypervisor, as well as the hypervisor and host architectures.
The simplest way to achieve full virtualization is to provide a virtual network interface for the guest operating system. The hypervisor then intercepts the virtual machine's Accesses (to critical resources), and uses a module to simulate the hardware functions (emulator) of the NIC ). This method is intuitive and easy to understand. Historically, this is also the first I/O virtualization method, which was first adopted by VMware and QEMU.
(This is just the most basic explanation. How to Write a simulator? I have never written it. If you are interested, You can google it ~~)
After the hypervisor intercepts the packet of the guest, it needs to use the network stack of the host to send the packet to the network (including both the internal network and the external network, for example, TCP/UDP sockets (encapsulation ).
Full virtualization looks intuitive, easy to use, and easy to configure. But the simulation overhead will be very large. Generally, it is a very large system (so it takes a lot of work to write a simulator ......).
Semi-Virtualization: full virtualization. Compared with full virtualization, semi-virtualization means that the guest operating system can perceive itself as a virtual machine. For the I/O system, as long as the guest driver can communicate with the hypervisor ,. Different hypervisors use different technologies to achieve semi-virtualization. For example, xen enables communication between the driver (front-end driver) in the Virtual Machine and the driver (backend driver) in the host through the event channel, authorization table, and shared memory mechanism. Finally, the standard Linux kernel of the device domain is used to process IO.
In addition, kvm uses virtio, which is similar to the xen semi-virtualization network driver. There is also the Guest tools of VMware, which should be similar to the semi-virtualization mechanism of xen.
So what are the advantages of semi-virtualization over full virtualization? Although the same as full virtualization, software is used to complete virtualization, but because of the different mechanisms, this method is not as complex as the simulator, and the software processing is not so slow, so there is a higher bandwidth, better performance. However, there are still performance problems and the hardware speed is still insufficient.
Break:So far, I have asked a question, why is the performance of the software poor? For example, the speed cannot be reached with hardware support (as mentioned below? Does hardware support speed up and software speed down? Can you design a software that is faster than hardware support? (If you want to continue reading this question, I will give you my understanding at the end of the article)
The previous two methods of Direct I/O Access require the interaction between guest and hypervisor, whether it is analog or communication, here we will talk about this method to avoid communication between guest and hypervisor, so that guest can directly send traffic to the hardware. It looks strange, isn't it? But what should I do in this way? How does the host or hypervisor transfer control of the NIC to the host? Is there any network adapter that can be transferred to multiple virtual machines? (This is just a question. You may be able to come up with more questions .) To solve these problems, we need a set of mechanisms to support the hardware.
First, consider a simple scenario. assign a NIC to a guest (neither the host nor other guest can see this NIC). The current method is through pci passthrough technology. A network card is usually a pci device. After the system recognizes the network card, a corresponding pci configuration space is allocated in the memory. To support pci passthrough, the modern cpu architecture provides a mechanism to map the physical pci address to the memory of the guest operating system. For example, intel's vt-d and amd's iommu (cpu support for virtualization hardware ). The ing function is then implemented through the software such as the pci passthrough command. But is it necessary to use the virtualization support of CPU? I think as long as you are awesome, you can write a software with the ing function and isolation mechanism to achieve the same function.
In addition, if you want to allocate a NIC to multiple guest, I think it's SR-IOV technology. It is to virtualize multiple VF of a network card, and then assign each VF to different guest through pci passthrough. In addition to the virtualization support of the cpu, such as intel's vt-d, the NIC virtualization technology also needs to virtualize multiple vf functions, and mailbox mechanisms and other functions (I can't do hardware virtualization, just talk about functional requirements ).
I have different understandings about these three methods. I have used all three methods. Full virtualization uses a simulator (it is too difficult to write a simulator, without trying to write or reading the Code). xen's semi-virtualization mechanism has read the source code, some functions have been implemented by calling its api. As for pci passthrough, I used to use the SRIOV FUNCTION OF THE 82599 Nic, virtualize the NIC into multiple vf, and then allocate multiple vf to multiple virtual machines for experiments. This way, the bandwidth of the virtual machine is indeed high.
Break:For that problem, the speed of software running is not necessarily slower than that of pure hardware. In the final analysis, the software runs on the cpu. (We recommend that you take a look at csapp "deep understanding of computer systems".) For the same function, different software designs may lead to different running speeds. Some are fast and some are slow. When the software design is perfect, the bottleneck affecting the software operation is the CPU frequency and memory bandwidth. For software that implements the switch function, if the switch is properly designed, the cpu frequency can basically be reached. If the bandwidth of the corresponding physical Nic is less than this value, therefore, this software switch has a great design compared with the physical Nic. We will think that the network I/O performance of the virtual machine is really great.
In addition, if the network card bandwidth is greater than the CPU clock speed or memory bandwidth, if the switch software is also designed to be quite good, the bottleneck is the CPU clock speed.
P.sBecause I am too lazy to draw pictures, I hope that my understanding will not be affected. Some of my views have not been expanded, my details are too small, and some have no focus. Will be updated and supplemented slowly. Comments and suggestions are welcome:-I
Intel targeted I/O virtualization technology (VT
Intel's targeted I/O virtualization technology (VT-d) is an extension of Intel's virtualization technology (VT), which provides assistance with virtualization solutions to hardware. Based on the existing virtualization support for IA-32 (VT-x) and anteng processor (VT-I), VT-d has also added support for I/O device virtualization.
Intel VT-d can help users improve system security and reliability, and improve the performance of I/O devices in a virtualized environment.
Core i5 2300 supports targeted I/O virtualization technology (VT
Core i5 2300 adopts the most advanced 32 nm technology and is designed with a native four-core design. The default frequency is 2.8 GHz, and turbo frequency is up to 3.1 GHz Through Turbo frequency technology. Core i5 2300 adopts a three-level cache design. Each core has an independent one-level and two-level cache, which are 64 KB and kb respectively. The four core shares 6 MB of three-level cache. Core i5 2300 adopts a more advanced Sandy Bridge micro-architecture and has advanced technologies such as turbo boost 2.0 and intelligent cache technology. It also supports AVX and AES commands, in addition, thanks to the 32nm process, the power consumption is greatly reduced, and the performance is stronger.