Xen network device mechanism-I/O ring

Note: This article describes the Xen semi-virtualized NIC vif mechanism, carding function.

The Xen block device driver uses the mechanism of the Xen IO ring.

The role of Xen Hyprevisor is to provide a layer of protection between the virtual machine and the IO device, so that the data transfer mechanism is to move between the systems while bringing in relatively small overhead. The two primary data transfer mechanisms affect I/O data transfer. One is resource management, the other is data transfer. Xen uses two mechanisms for minimizing overhead: IO describes the token and event channels, and the authorization table mechanism.

For network devices, Xen provides virtual bridges to virtual machines, each domain has one or more virtual interfaces vifs logically connected to the virtual bridge, and a vif looks like a physical network interface card NIC, but there are two buffer descriptions token, One is received and the other one is sent. Each of these two directions has its own rule form, and if satisfied, the corresponding action will be implemented (equivalent to the filtering function that the physical NIC might perform).

Send process

The virtual machine operating system directly puts a buffer descriptor (is the corresponding (vif driver) TX buffer? Buffer descriptor) into the Send ring (the descriptor's request producer). Xen replicates this descriptor and guarantees security, and then copies the packet's header to make some filtering rules (request consumer). (The payload of a packet is not complicated because we use the shared memory mechanism)

This is equivalent to Xen taking over the physical NIC portion, but at the same time allowing the virtual machine's memory buffer and physical NIC buffer to be shared memory, thus reducing overhead.

Receive process

When the package arrives from the virtual bridge, the guest OS uses an unused page to swap the incoming packets, which avoids the overhead of copying packages between the Xen and guest OS, although this requires the guest OS's receive buffers to queue at the network interface. When the package is received, Xen will quickly query the rules to determine the corresponding vif, and swap the packet with the packet buffer of the page frame on the receiving ring.

"If no frame is available,the packet is dropped. "So it is possible to lose packets during the reception process, which means that if the receiving ring is full, then the packet is dropped."

Note that this talk is similar to Netmap and Vale, but the Vale works at the bridge level, while the IO loop works on the NIC and the NIC driver (Xen).

Reference documents:

Xen and the Art of virtualization

P.S. Free Replenishment

Xen network device mechanism-I/O ring