Kvm optimizations
5 likes3,030 views
This document summarizes a presentation on KVM optimizations and best practices for both desktop and datacenter use. It covers tools like Libvirtd and virt-manager, virtio drivers, image backends like Qcow2, CPU pinning and cgroups, networking configurations, desktop sharing with SPICE, and challenges in cloud deployments around live migration, storage, and network isolation.
Kvm optimizations
- 1. CentOS Dojo 2013 KVM Optimizations and Best Practices From the Desktop to the Datacenter Jaime Melis (opennebula.org)
- 2. Summary ● Tools ● Drivers ● Image Backends ● CPU ● Memory ● Networking ● Desktop Sharing ● Cloud point-of-view Challenges
- 3. Tools ● Libvirtd !!!!!! ● virt-manager ● virt-install ● qemu-img ● virt-alignment-scan (libguestfs) ● lstopo ● OpenNebula
- 4. Drivers ● Easy... use virtio!!! ● Huge performance gain ● No emulation ● Cooperation with the hypervisor ● Integrated into the linux kernel
- 5. Image Backends ● Regular file ● Qcow2 – snapshots (beware of the sync!) – additonal layer, less performance – compressed ● LVM → block device (san storage) ● Virt-alignment-scan ● Cache – Writethrough (host page on, guest disk write cache off) – Writeback (host page on, guest disk write cache on) ● Good overall I/O Performance – None (host page off, guest disk write cache on) ● Good write performance
- 6. CPU - pinning ● NUMA (Non-Uniform Memory Access) ● Shared cache ~ 15% improvement ● Bad for different tasks ● Processor availability ● virsh capabilities ● lstopo
- 7. CPU - pinning <cputune> <vcpupin vcpu="0" cpuset="1-4,^2"/> <vcpupin vcpu="1" cpuset="0,1"/> <vcpupin vcpu="2" cpuset="2,3"/> <vcpupin vcpu="3" cpuset="0,4"/> ... </cputune>
- 8. CPU - cgroups ● Limit, account and ● Bad for different tasks ● Processor availability ● virsh capabilities ● lstopo
- 9. CPU - cgroups ● Limit, account and isolate resource usage <cputune> <shares>2048</shares> ... </cputune>
- 10. CPU - model ● Subset of features ● Increase performance ● Nested virtualization ● /usr/share/libvirt/cpu_map.xml <cpu match='exact'> <model fallback='allow'>core2duo</model> <vendor>Intel</vendor> <topology sockets='1' cores='2' threads='1'/> <feature policy='disable' name='lahf_lm'/> </cpu>
- 11. Memory - KSM ● Kernel Samepage Merging ● Combines memory private pages ● Very useful for VMs !!!! ● Increases VM density ● Enable by default
- 12. Networking7 ● MacVTap (direct)... NO! ● Bridged networking... way to go! ● Disable STP ● Optimal configuration ● NAT (masquerading) ● iptables
- 13. Desktop Sharing ● VNC ● SPICE – qlx driver – Redirect printers – Usb (mass-storage) – Audio
- 14. Cloud Challenges ● Virt-manager + LVM + DHCP => 10 hosts ● Live-migration to any host ● Image layout – don't waste space ● Contextualization: install once and deploy many ● Network Isolation ● Mac/IP spoofing ● Multi-tenancy
- 15. Cloud Challenges - ebtables ● Isolate ● Prevent mac spoofing # Drop packets that don't match the network's MAC Address -s ! <mac_address>/ff:ff:ff:ff:ff:0 -o <tap_device> -j DROP # Prevent MAC spoofing -s ! <mac_address> -i <tap_device> -j DROP
- 16. Cloud Challenges – What storage? ● No Storage Holy Grail LVM2 iSCSI Qcow2 + DFS Provisioning time + ++ +++ I/O ++ ++ + Network ++ +++ + Snapshotting - - + Livemigration + - +
- 17. Thanks for attending! jmelis - #opennebula @Freenode