In recent years, with the development of parallel computing, clustering and other technologies, the field of virtual machines has been refreshed in the second spring. Virtualization refers to the computer architecture technology in which multiple virtual machines share a physical computer's hardware. The basic idea of virtualization is to partition hardware and software to produce better system performance (in fact, the hardware and software resources do not increase, but the utilization rate increases). An example is the common "virtual memory", by writing a portion of the unused disk as a paging file, you can get a larger memory address space, we can run a larger program.
1. Level we all know that the traditional way is the application running on the operating system, and the operating system needs to adapt to the host's specific architecture, such as x86 on the machine can only run Win,linux,maxos and so on, Aix can not run. With virtualization, the applications used are managed by the appropriate guest operating system, and the 1-N guest operating system can be run on the same hardware independently of the host's operating system, without the need for a specific architecture for the hardware. This is typically achieved by adding a virtualization layer called hypervisor or VMM (virtual machine Monitor). The virtualization layer makes the physical hardware resources of the host virtual hardware resources that can be used mutually exclusive by each virtual machine, which can be implemented at different levels, such as:
| Level |
Example |
| Application-level |
Jvm/.net CLR |
| Library Support (user-level API) level |
WINE |
| Operating system level |
Docker |
| Hardware abstraction Level |
Vmware/xen/kvm |
| Instruction set architecture level |
Bochs |
Let's look at it from the bottom up.
The instruction set architecture level: Also known as the ISA (instruction set Architecture) level, is implemented by using the physical host's Isa to simulate a given Isa. The basic simulation method is "code interpretation", a software translation layer of the program to translate the source instruction into the target instruction, a source instruction may correspond to hundreds of target directives to achieve the same function. In order to improve the performance, the dynamic binary translation technology is introduced, the basic block of dynamic source instruction is converted to the target instruction, and the basic block can be converted into Super block to further improve the efficiency of the conversion. Nonetheless, this approach is the least efficient of the five levels. A typical representative is Bochs, which can emulate the x86 platform in a variety of Unix like systems, including instruction set, I/O, memory, bios, and so on. Some love toss the big fairy on Android to install Windows is used this way (see http://bbs.hiapk.com/thread-4750312-1-1.html for an example), of course, the speed is appalling.
hardware abstraction level: This kind of virtualization is done directly on the original hardware. The method is virtual CPU, memory, and I/O devices to improve the utilization of hardware resources through multiple concurrent users. Typical representatives of this class are common VMware and Xen. This level of virtualization has full virtualization, semi-virtualized, and so on, see section 2nd. The first problem with the hardware level is CPU virtualization. If the CPU supports privileged and unprivileged instructions to run virtual machines in user mode when Vmm/hypervisor is running in administrative mode, the CPU architecture is virtualized. All RISC control-sensitive directives and behavior-sensitive instructions are privileged directives, so RISC CPUs are naturally virtualized (meaning that these instructions are automatically caught in hypervisor). While the x86 architecture is not designed for virtualization, it is less efficient to apply full virtualization, semi-virtualized, and so on. This paper presents a special processing of "hardware-assisted CPU virtualization", which introduces a special operation mode and instruction, so that the VMM and the operating system can run in different modes. In Intel and AMD's x86 processor, this mode is called the privileged mode (in the Ring 1), so the operating system is still running in the ring 0 (x86 operating system can only run in the ring 0, see http://baike.baidu.com/link?url= sxy1xewxddheqhspnaoliupnhf6vwlcrw1iyv67t3bpalacnb5-j0nqpdy_b0d8iifmuih6onengybajsegr1q), hypervisor runs on the ring 1, All privileged commands and sensitive instructions are automatically caught in the hypervisor. in general, hardware-assisted virtualization should be more efficient, however, due to the need to switch between processor modes (user mode and privileged mode) from hypervisor to guest operating systems, it can cause higher overhead. Sometimes it is not better than binary translation. Therefore, such as VMware now uses a hybrid approach, part of the task is given to the hardware, and the rest is still handled by the software. Memory virtualization is similar to the virtual memory of modern operating systems. The difference is that virtual memory has only one level of mapping, and the virtualization of the memory requires the client operating system and VMM to maintain the "virtual memory-Physical memory" and "Physical Memory-machine Memory" mapping, a total of two-level mapping. VMware uses shadow page tables for address translation of virtual memory to machine memory. But the technology is too inefficient (one of the reasons for the early VMware mega-slow), and IntelA hardware-based EPT (Extended page table) technique has been developed to improve the technology (the original text cannot be found for the pirate's sub-bar). (AMD also has a similar technology called the NPT)
I/O virtualization includes routing of I/O requests between the management of virtual appliances and shared physical hardware. There are three ways: full-device simulation, semi-virtualized, and direct I/O, and I don't know how to start talking. Just know that VMware is using full-device emulation. Because of the CPU-level support available for this class of virtualization, the performance is high, but VMM still needs to implement its own scheduler, memory manager and other components, so both VMware and Xen code are quite large.
Operating system level: Refers to the abstraction layer between the traditional operating system and the user application. Operating system-level virtualization creates isolated containers and operating system instances on a single physical server, often used to create virtual host environments, allocating hardware resources among a large number of mutually exclusive untrusted users. This virtual machine is also known as VE (Virtual execution Environment), VPS (Virtual private system) or container. ve has its own process, file system, user account, IP address, routing table, firewall rules and other settings. Although ve can be customized separately for different users, they still share the same operating system. The operating system-level virtualization solution solves many of the problems of hardware-level virtualization: First, the number of physical machines and virtual machine instances can be dynamically changed, second, hardware-level virtualized virtual machine initialization is slow, and operating system-level virtualization requires little time, and the third is that hardware full virtualization performance is low, Semi-virtualized also needs to modify the guest operating system (full virtualization and semi-virtualized), but operating system-level virtualization has little overhead. Several of these features make operating system-level virtualization ideal for cloud computing scenarios. A typical representative is Docker, which is based on Linux LXC, which is plainly cgroups. Docker hasn't been a fire in the last two years, but it's not really new, and once you use Docker, there's a huge change in the traditional OPS system, so it's very rare to see a good one in a big business (this topic is big and detailed later). The advantages of Docker are the advantages of the above operating system-level virtualization, the shortcomings are also obvious, first host and virtual machine can only be Linux, resource isolation than VMware These also have a gap, CPU and disk management is simpler. (Of course, sharing data between Docker is very easy, with the data volume on the line, I do not know that Docker knows this thing, in Monday, the brick house to understand Docker together did not expect this thing, I am also drunk bird)
Library Support Level: This scenario is based on the idea that most applications are based on user library APIs rather than system-level calls, so the connection between the application and other system parts can be controlled through API hooks, making it possible to virtualize with library interfaces. This way and online games offline plug In fact, the difficulty is not high. A typical representative is wine, which can run the Win32 application on a Unix like system. Of course, it is very difficult to use, just started playing Linux in high school, always want to use wine to run win on the game, but in addition to some simple EXE can run, DirectX games are not run, because the DLL relies on too complex, many also do not support. So many years have passed, the problem is getting worse, after all, the Microsoft thousands people write Api,wine development is so few, simulation to come over.
Application level: This level of virtualization is the virtualization of an application into a virtual machine. The most popular method is a high-level language virtual machine, in which case the virtualization layer is placed on top of the operating system as an application, and this layer abstracts out a virtual machine that can run programs written and compiled for a particular machine environment. The typical representative is the Java Virtual machine and Microsoft's. Net CLR, of course, because pure application-level virtualization is inefficient, both are now not pure virtual machines, such as a critical part of the JVM is JIT (instant compilation), The pure interpretation of the Java1.0 era is equivalent to an application-level virtual machine, the efficiency of who knows who.
Here are five levels of comparison, * The more the better (high performance, flexibility, low complexity, good isolation):
| implementation level |
High performance |
application flexibility |
Implementation of complexity |
application isolation |
| application-level |
** |
** |
* |
***** |
| library support (user-level API) level |
*** |
** |
**** |
** |
| OS level |
***** |
** |
*** |
** |
| hardware abstract level |
***** |
*** |
* |
**** |
| Instruction set architecture level |
* |
***** |
*** |
*** |
2. The mechanism can be divided into hardware virtualization and compiler support virtualization depending on whether the client operating system needs to be modified. Hardware virtualization is also divided into: Full virtualization and host-based virtualization (many materials equate the two, is not right). The compiler supports only one type of virtualization, called para-virtualization.
Full virtualization: In full virtualization, non-critical instructions run directly above the hardware, while key directives (privileged instructions, control sensitive instructions, behavior-sensitive instructions) are replaced by software-simulated vmm/hypervisor instructions. That is, (in a non-x86 system) The VMM runs in ring 0, the client operating system runs in Ring 1, the user application runs in Ring 3, the user application commands direct operating system hardware, and the client operating system commands the operating system hardware after the VMM binary translation. See. This mechanism is used by VMware.
Host-based virtualization: This mechanism is that the host's operating system is still responsible for managing the hardware, installing a virtualization layer on the host operating system, and installing and running the guest operating system on top of the virtualization layer. It can be seen that this mechanism, regardless of the instructions, need to be forwarded by the virtualization layer by the host operating system, and when the client operating system ISA and the underlying hardware ISA different, also need to do binary translation in the virtualization layer, so the efficiency is very low. It can be seen that this approach is different from full virtualization, so it must be said separately.
Semi-virtualized: Semi-virtualized technology is a technology that comes later, also calledquasi-virtualization technology, now more popular, it is on the basis of full virtualization, the customer operating system has been modified, adding a dedicated API, this API can be issued by the customer operating system to optimize the instructions, that is, do not need to vmm/hypervisor cost a certain amount of resources for translation operations, As a result, the workload of hypervisor has become very small and the overall performance has been greatly improved. The downside is that you want to modify the operating system that contains the API, but for some operating systems that do not contain the API (primarily Windows), this method cannot be used. See the semi-virtualized technology.
After all this, you can compare two other mainstream virtualization technologies: Xen and KVM. XEN (see Http://baike.baidu.com/link?url=J97539DMsA9HW2WZYsX7ZNliZUx9d2j3LarHw2yRd37Lh_ Ho6zae1gy5xfh-z-txulh3q6t2qfrnebdmumiaca) is primarily for the x86 platform, and when running the modified operating system, a semi-virtualized mechanism can be used when the CPU is supported and the operating system cannot be modified using the full virtualization mechanism. KVM (see http://baike.baidu.com/link?url= Kv4fsyys0tw-bhbpp6fofh4c6c5nqdkmy1etmir-bpblidsx0uyof97yppascqmsm96xt85ai4q89ro8xaee8_, it says KVM is full virtualization, is wrong) not specific to the schema, butNeedlesFor a particular host operating system, because it is built after the Linux kernel 2.6.20, the code is much less than Xen. Using the semi-virtualized mechanism when running the modified operating system, the improved host-based virtualization mechanism can be used when the CPU is supported, that is, although the hypervisor is on the main operating system, but has a hole in the kernel, if the CPU supports technologies such as Intel VT, The key instructions for the virtual machine operating system can be mapped directly to the physical hardware, which greatly improves performance (stolen from http://www.linuxidc.com/Linux/2015-03/114462.htm).
If hard to compare, Xen is better than KVM when the compiler supports virtualization (para-virtualization), and KVM is superior to Xen when it comes to hardware virtualization.
(This article refers to the cloud computing and distributed systems, but the relevant chapters of the original book is a bit confusing, there are some places that can't keep up with the situation, and modified)
The hierarchy and mechanism of virtualization
