Virtualization makes it possible to run multiple virtual machines on a single physical server, which shares the CPU, memory, and IO hardware resources of the physical machine, but is isolated from one another on a logical virtual machine.
Physical machines We are generally referred to as host, the virtual machine above the host is called the guest. Hypervisor is the full name of a virtual machine, such as KVM, Xen, VMware, and Hyper-V, all of which belong to Hypervisor.
Host uses hypervisor to virtualize its own hardware resources and provide it to Guest.
Virtualization is divided into two types:
1. Full Virtualization
The hypervisor is installed directly on the physical machine and then runs multiple virtual machines on the hypervisor. Xen, VMware, and ESXi all belong to full virtualization!
2, semi-virtualized
Install the operating system on the physical machine before running the virtual machine on the operating system on the physical machine.
KVM, VirtualBox, and VMWare Workstation are semi-virtualized.
3. Comparison of two types of virtualization
A, full virtualization is typically optimized for hardware virtualization features, which are better than semi-virtualized.
b, semi-virtualized more flexible, support virtual machine nesting.
This article mainly introduces the HYPERVISOR--KVM of the more mainstream semi-virtualized
Kvm
KVM full name is Kernel-based Virtual machine. This means that KVM is implemented based on the Linux kernel.
KVM has a kernel module called Kvm.ko, which is used only to manage virtual CPUs and memory.
Who does the IO virtualization, such as storage and network equipment, do?
This is given to the Linux kernel and to QEMU.
As a Hypervisor,KVM itself focuses only on the two aspects of virtual machine scheduling and memory management . the task of the IO device is given to the Linux kernel and Qemu.
Libvirt
Libvirt is the KVM management tool, in addition to the management of KVM this Hypervisor, but also to manage xen,virtualbox and so on.
Libvirt contains 3 things: Background daemon program LIBVIRTD, API Library, and command line tool Virsh.
1, LIBVIRTD is the service procedure, receives and processes the API request;
2. The API Library enables others to develop advanced libvirt-based tools such as Virt-manager, a graphical KVM management tool.
3. Virsh is a frequently used KVM command-line tool.
CPU Virtualization
To see if the system is turned on virtualization: Egrep-o ' (VMX|SVM) '/proc/cpuinfo
A KVM virtual machine is actually a QEMU-KVM process in the host, and is dispatched just like any other Linux process.
Each virtual Vcpus in the VM corresponds to a thread in the QEMU-KVM process. See
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/8B/69/wKiom1hNQpTAZnjyAAM52-W3j3w360.png "title=" 1.png " Style= "Float:none;" alt= "Wkiom1hnqptaznjyaam52-w3j3w360.png"/>
In this example, the host has two physical CPUs, up to two VMs VM1 and VM2.
VM1 has two vcpu,vm2 with 4 Vcpus. You can see that VM1 and VM2 have two and 4 threads scheduled on two physical CPUs, respectively.
Another point of knowledge is shown here that the total number of Vcpus in a virtual machine can exceed the number of physical CPUs, which is called CPU overcommit (over-provisioning).
But the premise is that at the same time, not all the VMs are running at full capacity. Of course, if each VM is busy, it will affect overall performance.
Memory Virtualization
KVM shares physical system memory through memory virtualization and is dynamically allocated to virtual machines.
In order to run multiple virtual machines on a single machine, KVM requires a direct address translation of the PA (physical memory)---MA (machine memory), which is VA (virtual memory).
The VM OS controls the mapping of the virtual address to the physical address of the client's memory (VA-PA), but the virtual machine OS does not have direct access to the actual machine memory, so KVM is responsible for mapping the client's physical memory to the actual machine memory (PA-to-MA).
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/8B/65/wKioL1hNQpWgl07xAAFxvIkSn0U097.png "title=" 2.png " Style= "Float:none;" alt= "Wkiol1hnqpwgl07xaafxviksn0u097.png"/>
Storage Virtualization
KVM storage virtualization is managed through storage pools (Storage pool) and volumes (Volume).
The Storage Pool is a piece of storage space that you can see on your host.
Volume is a space that is partitioned in the Storage Pool, where the host assigns Volume to the virtual machine, and Volume sees a hard disk in the virtual machine.
Storage Pool Type:
1. Local directory or remote mount point directory (e.g. NFS, Glusterfs)
2, the host on the VG in the LV, no MBR boot record, can only do data disk. In this case, the VG on the host is a Storage POOL,VG in the LV is the advantage of VOLUME,LV is better performance;
The lack of management and mobility is inferior to image files and cannot be used remotely over the network.
3, Iscsi,ceph and many other types.
Take LVM as an example to view and add storage Pool:
Created a definition file/etc/libvirt/storage/hostvg.xml for Storage Pool, with the contents of
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/8B/65/wKioL1hNQpaCkb5DAAAS_QP2e3g433.png "title=" 3.png " Style= "Float:none;" alt= "Wkiol1hnqpackb5daaas_qp2e3g433.png"/>
Virsh Pool-list–all
Virsh Pool-define/etc/libvirt/storage/hostvg.xml
Virsh Pool-start HOSTVG
Volume file Format:
1, raw, the default format, that is, the original disk image format, good portability, good performance, but fixed size, can not save disk space, does not support snapshots.
2, qcow2,cow means copy on write, can save disk space, support AES encryption, support zlib compression, multi-snapshot support, many functions.
3. VMDK is the virtual disk format of VMware and VMware Virtual machine can be run directly on KVM.
Network Virtualization
Linux Bridge:
Linux Bridge is a device used on Linux for TCP/IP Layer two protocol switching, and its function can be easily understood as a two-layer switch or Hub.
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/8B/65/wKioL1hNQpfgxfd-AAB5HNO9Zpg586.png "title=" 4.png " Style= "Float:none;" alt= "Wkiol1hnqpfgxfd-aab5hno9zpg586.png"/>
Virbr0 is a Bridge created by the KVM by default, which provides NAT access to the extranet on the virtual machine NIC connected to it . The VIRBR0 is assigned an IP 192.168.122.1 by default.
Brctl Show can be viewed, the configuration file is located in/etc/libvirt/qemu/networks/default.xml
The initial template is located in/usr/share/libvirt/networks/default.xml
VIRBR0 uses DNSMASQ to provide DHCP services that can be used to view the process information in a host.
Ps-elf|grep DNSMASQ
Vlan
The VLAN represents the virtual Local area Network, and a switch with VLAN capability can partition its own ports across multiple LANs. A LAN represents a broadcast domain. VLANs divide a switch into multiple switches, limiting the range of broadcasts. The isolation of VLANs is two layers of isolation, and A and B cannot access each other refers to the two layer broadcast packets (such as ARP) cannot cross the boundaries of the VLAN. But on the three layer (such as IP) can be through the router to let a and B interoperability.
There are typically two configuration modes for a switch's port: Access and Trunk
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/8B/69/wKiom1hNQpnRT5MyAAGcHTFNeZE111.png "title=" 5.png " Style= "Float:none;" alt= "Wkiom1hnqpnrt5myaagchtfneze111.png"/>
Access Port
These ports are tagged with a VLAN that indicates which VLAN the port belongs to.
Different VLANs are distinguished by VLAN IDs, and the range of VLAN IDs is 1-4096.
Access ports are directly connected to the computer's network card, so that packets coming out of the NIC flow into the access port and are tagged with the VLAN on which they reside.
An Access port can belong to only one VLAN.
Trunk Port
Suppose there are two switches a and B.
A on the VLAN1 (red), VLAN2 (yellow), VLAN3 (blue), B also have VLAN1, 2, 3
So how can we communicate between the same VLANs on AB?
The solution is to connect A and B together, and the ports of A and B are allowed to pass data for VLAN1, 2, 33 VLANs. Such a port is the trunk mouth.
VLAN1, 2, and 3 packets always carry their own VLAN tags as they reach the opposite switch through the Trunk port.
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/8B/69/wKiom1hNQpriJT1uAABsiF5NDzM809.png "title=" 6.png " Style= "Float:none;" alt= "Wkiom1hnqprijt1uaabsif5ndzm809.png"/>
The eth0 is the physical network card on the host and has a sub-device named eth0.10 connected to it.
eth0.10 is a VLAN device, and its VLAN ID is VLAN 10
Eth0.10 hangs on the Linuxbridge named Brvlan10, the virtual machine VM1 the dummy network card vent0 also hangs on the brvlan10.
The effect of this configuration is:
The host uses software to implement a switch (which is, of course, virtual), which defines a VLAN10.
Eth0.10,brvlan10 and Vnet0 are respectively connected to the VLAN10 access port. And Eth0 is a Trunk mouth.
VM1 packets sent through Vnet0 will be labeled VLAN10.
The role of eth0.10 is: Define VLAN10
The role of BRVLAN10 is that other network devices on Bridge are automatically added to the VLAN10.
KVM's Network Virtualization summary:
1. There are multiple VLANs in the physical switch, with multiple ports per VLAN.
The same VLAN port can be exchanged for forwarding between different VLAN ports isolated.
So the switch has two layers of functionality: switching and isolation.
2, Linux VLAN device realizes the isolation function, but does not have the Exchange function.
A VLAN parent device (such as eth0) cannot have two VLAN sub-devices of the same ID, so there is no possibility of data exchange.
3. Linux Bridge is dedicated to exchanging functions.
The sub-devices of the same VLAN are mounted on a Bridge, and data can be exchanged between devices.
The content originates from the network, organizes!
This article from "Life is endless, struggle not only!" "Blog, be sure to keep this provenance http://linuxnote.blog.51cto.com/9876511/1881721
Overview of Virtualization