What is Libvirt?
- C library, bindings
- Stable API
- Multiple hypervisors
- Host management
Domain configuration
<domain type='kvm'>
<name>fedora</name>
<uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
<memory unit='KiB'>1048576</memory>
<vcpu>2</vcpu>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
<disk/>
<interface/>
<hostdev/>
<graphics/>
</devices>
</domain>
Para- vs. full virtualization
- binary translation
- replace non-virtualizable instructions with trap
- whenever a privileged instruction is executed => trap & emulate
- Hypervisor exposes a set of APIs to guest OS
- Requires changes in guest OS
HW assisted virtualization
- eliminate need for CPU paravirtualization
- Intel VT-x (
vmx) or AMD-V (svm) - Enable in BIOS
- requirements for many hypervisors, e.g. KVM
KVM:
CONFIG_KVM{_INTEL,_AMD}- QEMU to emulate I/O
<domain type='kvm'> <name>fedora</name> <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid> ... </domain>
HW assisted virtualization
Boot time
KVM paravirtualization
- Don't emulate HW, just directly pass data between domain and hypervisor
- Defines set of APIs
- Requires guest OS drivers: Linux >= 2.6.25, Windows >= Vista
- Host drivers in hypervisor
KVM paravirtualization
<domain type='kvm'>
<name>fedora</name>
<uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
<devices>
<disk type='file' device='disk'>
<target dev='vda' bus='virtio'/>
</disk>
<interface type='network'>
<model type='virtio'/>
</interface>
<memballoon model='virtio'/>
</devices>
</domain>
KVM paravirtualization
VirtIO GPU
- Emulate real GPU with the help of the host GPU
- Pass OpenGL® commands from guest onto host GPU
- Use virglrenderer to render on the host GPU
Guest config
Quick recap
- What the format of domain configuration?
- XML
- How do you enable HW assisted virtualization?
- BIOS, KVM module,
<domain type='kvm'/>
- BIOS, KVM module,
- How do you enable VIRTIO?
- Pass correct value to model, type, bus, etc. attributes
CGroups
- Resource limitation, accounting, isolation
- Can be used for prioritization
- Set of controller groups: cpuset, blkio, memory, etc.
- Forms a hierarchical tree, PIDs placed anywhere / into leaves
Scheduling
- Completely Fair Scheduling, O(log N)
- Overhead, jitter
Pinning
- vCPU pinning
- memory pinning
- emulator pinning
<domain type='kvm'>
<name>fedora</name>
<vcpu placement='static'>4</vcpu>
<numatune>
<memory mode='strict' nodeset='0-3'/>
<memnode cellid='0' mode='strict' nodeset='0'/>
</numatune>
<cputune>
<vcpupin vcpu="0" cpuset="1-4,^2"/>
<emulatorpin cpuset="1-3"/>
<iothreadpin iothread="1" cpuset="5,6"/>
</cputune>
</domain>
Isolcpus
Storage
- Multiple layers of cache: guest OS, QEMU, host OS
- If possible, trust host and avoid caching in QEMU
<disk type='file' device='disk'> <driver name='qemu' type='qcow2' cache='none' io='native'/> <source file='/path/to/my_disk.qcow2'/> <target dev='vda' bus='virtio'/> </disk>
Visit talk Qemu Disk I/O: Which performs better, Native or Threads?
Storage
- I/O schedulers
- prealloc storage
- pass partition
Networking
- Bare metal performance
- Not shared
- Able to create multiple VF on the fly
- Share PCI device
<interface type='hostdev' managed='yes'>
<mac address='52:54:00:6d:90:02'/>
<source>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
</source>
</interface>
Networking
Overcommiting
- Giving more resources than have
- KSM, <nosharepages/>
Restricting resources
virt-host-validate
- Tool living in libvirt repository
# virt-host-validate QEMU: Checking for hardware virtualization : PASS QEMU: Checking if device /dev/kvm exists : PASS ... QEMU: Checking for device assignment IOMMU support : PASS QEMU: Checking if IOMMU is enabled by kernel : PASS LXC: Checking for Linux >= 2.6.26 : PASS LXC: Checking for namespace ipc : PASS LXC: Checking for namespace mnt : PASS ...
Where to go?
Live demo
Conclusion
- Use HW assisted virtualization
- Select virtio
- Pin
<Thank You!/>
mprivozn@redhat.com