Xen and the Art of Virtualization Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt & Andrew Warfield Presented by Judy Fischbach
CS533 - Concepts of Operating Systems Overview Motivations How Xen works Comparisons among Xen, hardware, and VMWare. Xen and VMWare both designed for x86 architecture 5/27/2019 CS533 - Concepts of Operating Systems
Virtualization Challenges Speed Performance Security Resource Isolation Functionality Xen’s design goal The authors came up with the design goal of being able to run 100 simultaneous virtual machine implementations with Binary Compatibility 5/27/2019 CS533 - Concepts of Operating Systems
Types of virtualization Two categories exist Full Virtualization Disco and VMWare Paravirtualization Xen 5/27/2019 CS533 - Concepts of Operating Systems
CS533 - Concepts of Operating Systems VMM Approach In traditional VMM (Virtual Machine Monitor) the virtual hardware is functionally equivalent to the physical hardware Possibly difficult to implement (x86 systems in particular) Potentially useful to provide real and virtual resource information The “guest” machine would not have access to this information 5/27/2019 CS533 - Concepts of Operating Systems
CS533 - Concepts of Operating Systems Xen Approach Virtual machine is NOT 100% functionally equivalent to the hardware Xen uses paravirtualization instead Paravirtualization is a process where the guest operating system is modified to run in parallel with other modified systems Advantage: Improved performance Disadvantage: The hosted operating system must be modified before it can be hosted by the Xen Hypervisor (can be difficult) 5/27/2019 CS533 - Concepts of Operating Systems
CS533 - Concepts of Operating Systems Xen Design 5/27/2019 CS533 - Concepts of Operating Systems
CS533 - Concepts of Operating Systems Definitions Guest Operating System The operating system that Xen hosts Domain The virtual machine under which a guest operating system executes Guest OS and a domain similar to idea of a program and a process Hypervisor A particular Xen version which handles low level functionality 5/27/2019 CS533 - Concepts of Operating Systems
CS533 - Concepts of Operating Systems Xen Implementation What Xen does differently-- CPU Virtualization of the CPU CPU Scheduling Time & Timers Memory Management Virtual Address Translation Physical Memory Device I/O Network Disk Control Transfer 5/27/2019 CS533 - Concepts of Operating Systems
CS533 - Concepts of Operating Systems CPU Most change is required here by the guest OS Xen takes exception to the basic idea that an OS is the most privileged Privileged instructions Instructions are paravirtualized by requiring to be validated/executed within Xen 5/27/2019 CS533 - Concepts of Operating Systems
CS533 - Concepts of Operating Systems CPU Virtualization Virtualization easier with x86 Why? Has built in security levels (Rings 0, 1, 2, 3) Ring 0 – OS Software (most privileged) Ring 3 – User software Ring 1 & 2 – Not used Xen modifies the OS to execute on Ring 1 5/27/2019 CS533 - Concepts of Operating Systems
CPU Scheduling and Timers Borrowed Virtual Time algorithm is used in scheduling domains Important to lessen problems of one domain executing code that might impact another domain. Provides several different types of timers Real Timer Virtual Timer Wall Clock Timer Real Timer - timer that always advances independent from the executing domain Virtual Timer - timer that advances within the context of the domain Wall Clock Timer – timer that takes in to account local offsets for time zone and DST 5/27/2019 CS533 - Concepts of Operating Systems
CS533 - Concepts of Operating Systems Control Transfer Exceptions and Events Memory faults and software traps Generally virtualized through Xen’s event handler Two most frequent exceptions are: System calls Page faults System calls and page faults are two examples of a ‘fast’ handler (one in which doesn’t use the hypervisor) 5/27/2019 CS533 - Concepts of Operating Systems
Paravirtualization of the MMU Full Virtualization 5/27/2019 CS533 - Concepts of Operating Systems
CS533 - Concepts of Operating Systems Virtual Memory When the guest OS requires a new page table, it allocates it from its own memory store After allocation it becomes registered with Xen OS then gives up all memory write privileges All subsequent updates must be validated by Xen Guest OS’s generally batch these update requests to amortize the cost of calling the hypervisor Segmentation is virtualized likewise 5/27/2019 CS533 - Concepts of Operating Systems
CS533 - Concepts of Operating Systems Virtual Memory Xen uses a design where The guest OS’s themselves are responsible for allocation and managing their own hardware pages Xen itself is located in an unused section at the top of address space to ensure that it is never paged out This differs from the approach that Disco takes Disco VMM goes a second level deeper in it’s indirection. A VMM within VMM 5/27/2019 CS533 - Concepts of Operating Systems
CS533 - Concepts of Operating Systems Memory Management Memory Management can be challenging The key points No software managed TLB exists in x86 The TLB is not tagged which implies it must be flushed on a context switch 5/27/2019 CS533 - Concepts of Operating Systems
CS533 - Concepts of Operating Systems Device I/O Management Data is transferred to and from domains through a buffer descriptor ring Based on producer consumer pointers One set used within guest OS Another set used within Hypervisor This allows separation between data and event notification 5/27/2019 CS533 - Concepts of Operating Systems
CS533 - Concepts of Operating Systems Hypervisor Control In Xen Domain0 is given greater access to the hardware and the hypervisor. It has: A guest OS running above the domain Hypervisor Manager software to manage elements within other existing domains. In VMWare Host OS acts underneath the domain. 5/27/2019 CS533 - Concepts of Operating Systems
CS533 - Concepts of Operating Systems Disk I/O Comparisons Disco VmWare Xen Interface for Disk I/O Allows the guest OS access to the raw device Domain0 has direct access to disk and houses virtual block device (VBD) mgmt software Allows a “virtual disk” creation (binary file in the host OS file system controlled by the VM) The VBD makes use of the ring mechanism Subsequent domains confine their disk access through the VBD management software Maintains tighter control over disk access and allows “batching” of disk requests 5/27/2019 CS533 - Concepts of Operating Systems
CS533 - Concepts of Operating Systems New Domain Creation Domain0 is privileged New domains are created by Domain0 Reduces the hypervisor complexity Allows for a better debug environment 5/27/2019 CS533 - Concepts of Operating Systems
CS533 - Concepts of Operating Systems Networking Networking in computers are important these days. Because of this, Xen provides a “Virtual Firewall” Domain0 creates firewall rules Data transmission uses a buffer ring for outgoing Data reception uses a different buffer ring for ingoing Incoming data packets are analyzed according to Virtual Firewall rules If any Virtual Firewall rules broken, packet is dropped 5/27/2019 CS533 - Concepts of Operating Systems
CS533 - Concepts of Operating Systems Other Hardware Block diagram for Xen illustrates that the idea of Xen enabled hardware drivers still exists VMWare operates similarly. Two examples: A sound card is installed, host machine will detect that you have a Sound Blaster enabled sound card. A video driver is installed on guest OS to improve video performance (from VMWare). Don’t forget, one more important part of virtualization. Any other resources that the guest OS can access must be virtualized, not just the memory and cpu! 5/27/2019 CS533 - Concepts of Operating Systems
CS533 - Concepts of Operating Systems Citations Diagrams from the following paper http://i30www.ira.uka.de/teaching/coursedocuments/90/Xen.pdf 5/27/2019 CS533 - Concepts of Operating Systems