Introduction to virtualization technology

1 1
 01 History of the Virtualization

CPU, Memory and IO Virtualization

1
02 Technologies of KVM

Confidential 保密 www.h3c.com 2
Current Plight of IT Industry

High cost

Slow business deployment

Decentralized management
strategy
3 3
 Evolution of Server Virtualization Applications

Outbreak period (NOW!)

• While the virtualization technology

of mainframes and UNIX platforms
Development period (60s to 90s
of last century) continues to develop, the x86
platform is insulated from
• In 1972, IBM released virtual virtualization due to defects in
Budding period (60s of last machine technology for creating architecture and performance.
century flexible mainframes. Mainframes • Intel and AMD modified the
such as IBM 360/40 and IBM instruction set of the x86 processor,
• In June 1959, in an academic report
360/67 are generated on physical coupled with the emergence of
entitled “Time Sharing of Large-
hardware through VMM (Virtual multi-core processors, making
scale High-Speed Computers”, the
Machine Monitor) technology. virtualization technology develop
concept of “virtualization” was
Many independent virtual rapidly on the x86 platform.
first proposed。
machines that can run the
operating system。
4 4
Original x86 architecture cannot suite to virtualization

Ring3 App(Ring3) App(Ring3)

App

OS(Ring1) OS(Ring1)
Nonprivileged
Ring2 instruction Sensitive non- Sensitive non-
privileged privileged
instructions instructions

Privileged Privileged
Ring1 Sensitive
instructions instructions
instructio
ns

Privileged
Ring0 instructions OS In a simulated
Ring0（VMM）

X86 Privilege resources X86 Privilege resources

5 5
Para-virtualization
Working principle
Ring3 App Ring3 App • The Guest OS running on the Hypervisor has integrated
code related to para-virtualization, which enables the
Ring1 OS Ring1 OS Guest OS to work well with the Hypervisor to achieve
virtualization.
Sensitive non-privileged Sensitive non-privileged
instructions instructions • Hypervisor provides Hyper call interface to meet the key
kernel operations of Guest OS, such as memory
privileged privileged
instructions instructions management, interrupt and time synchronization

Advantage
Stuck in simulation
• The performance is very close to a physical machine
Hypercalls
Ring0（VMM） Disadvantage

X86 Privileged resource • Does not support unmodified operating systems

6 6
Full virtualization
Solution: BT (Binary Translation, binary translation)
Working principle
Ring3 App Ring3 App • The Guest OS instruction segment performs the entire translation
before execution, and replaces the sensitive non-privileged
instructions with the corresponding privileged instructions in Ring0.
Ring1 OS Ring1 OS • Non-privileged instructions are executed directly.
Sensitive non- Sensitive non-
privileged privileged
• The privileged instruction is first trapped in the VMM, and the VMM
instructions instructions
implements this privileged instruction through a series of simulation

privileged privileged operations

instructions instructions
Advantage
• The Guest OS does not need to be modified, and the Guest
translation Stuck in simulation translation OS cannot perceive whether virtualization has occurred.
Ring0（VMM） Disadvantage
X86 Privileged resource • Performance is low when the load is large and sensitive
instructions are executed frequently.
7 7 7
Dilemma of Virtualization

Large workload and difficult development

Software virtualization instruction translation,
code implementation workload is large,
development is difficult

High performance loss

Software virtualization requires high participation
of VMM, and software simulation execution slows
down virtualization performance

Technical bottleneck
Software simulation, which can be optimized and
can be improved. The space is small. It is urgent to
introduce new technologies to break technical
barriers.
8 8
 Hardware Assisted Virtualization
virtual machine#1 virtual machine#2 virtual machine#3 virtual machine#N

application application application application

Virtual
machine operating operating operating operating
system system system system

VMM function
Resource management/system scheduling/user interface

VMM CPU virtualization Memory virtualization Output/output device virtualization

Input/input
VT—xconfiguration EPT configuration
Device simulation

VT—x
Physical
platform VT—x EPT VT-d
CPU0
resources Network
CPUn Storage
9 9
 01 History of the Virtualization

CPU, Memory and IO Virtualization

1
02 Technologies of KVM

10 10
Hardware-assisted virtualization-CPU

11 11
 CPU hardware virtualization—Intel VT-i

virtual machine #1 virtual machine #2 01

App(Ring3) App(Ring3) Breaking the limits: Expand the working mode of the
CPU in the virtualized environment, and accurately
Ring 2 distinguish the sensitive instructions issued by the
Ring 2
VMX non-root mode virtual machine through the non-root identifier

Ring 1 Ring 1 02
OS(Ring0) First: Break the limits: Expand the working mode of the
OS(Ring0)
CPU in the virtualized environment, and accurately
distinguish the sensitive instructions issued by the virtual
machine through the non-root identifier
VMCS VMCS
03
App（Ring3） Soul element: Introduce VMCS and new virtualization,
VMM can easily call new instructions, and the CPU
VMX root mode automatically completes the switch between root and
Ring 1 non-root modes

VMM(Ring0)
12 12
Hardware-assisted virtualization-memory
virtual machine #1 virtual machine #2 virtual machine #3 virtual machine #4

VMM Introduce virtual

machine physical
Responsible for
address space
managing and
allocating the
physical memory of
each virtual machine

13 13
Hardware-assisted virtualization—memory (continued)
Virtual memory space

Virtual address

Page table in the virtual

machine operating system
Store the mapping
relationship between
Virtual machine physical memory Shadow the virtual address of
space
Virtual machine page table the virtual machine
physical address （vTLB） and the physical
address of the host
Virtual machine physical machine
address and host
EPT+TLB physical address
mapping table

Host physical memory space

Host physical
address
14 14
IO Virtualization
Process:
• The client‘s device driver initiates an I/O
request operation request。
• The I/O operation capture code in the KVM
module intercepts this I/O request。
• After processing, put the information of
this I/O request on the I/O sharing page,
and notify the QEMU program of the user
space.
• After the QEMU program obtains the
specific information of the I/O operation, it
is handed over to the hardware simulation
code to simulate this I/O operation。
• After completion, QEMU puts the result
back into the I/O sharing page and notifies
the I/O operation capture code in the KMV
module.
• The capture code of the KVM module reads
the operation result in the I/O shared page
and puts the result back to the client.
15 15
Mainstream Hypervisor products

16 16
 Summary

 History of the Virtualization

 CPU, Memory and IO Virtualization Technologies of KVM
Thanks！

H3C Technologies Co. Limited

www.h3c.com/en/

18 18