Four new virtualization technologies on the latest Intel Xeon 解读

OK,Chinese notes for those 4 features of E5v3 CPU on Virtualization side:



当然, 新技术都是Intel VT技术的部分子集.(BIOS中对映的,关闭就没有了.)



Cache Monitoring Technology (CMT)

其实是Cache Qos monitoring, 反正差不多. 本功能允许实时监控LLC(last level cache, L3 cache)中被每个VM占用的情况. 实现方法原文里面有, 不再罗嗦. 这个功能可以做到发现那些使用cache超常的VM, 从而可以针对这种情况, 通过编程,制定具体的策略, 不同的策略实现不同的功能, 基本上就是看, 发现占用大量内存的VM后, 我们的打算怎么处理这个情况. 具体的编程规则, 原文里面有注明. 但是我的理解是这个应该是写Hypervisor的人操心的事了, 对于一般用户来讲如果Hypervisor实现了,也就照着策略用了, 可能写好几种情况, 让用户自选. 但估计大部分人还是使用默认策略. 也就这样了. 
下一代技术, 内存带宽也是可以监控的了.


VMCS Shadowing

加速, 给在虚拟机上开虚拟机的情况加速.底层的hypervisor特性传递给第二层的hypervisor从而做到加速,使得第二层hpervisor消耗极小的资源. 为什么要在虚拟机上开虚拟机呢, 有点类似于盗梦空间.原因一, 省钱. 比如说在云上卖了一台机器的使用权吧, 你可以在上面装个Hypervisor,性能几乎不影响, 然后再在上面开出4台机器来,花了1台的前,用了4台机器不错吧,基本上这是一个云的打包虚拟化的概念.这么多还有第二个好处, 控制权. 第二层的这些机器,自己随便调.另外, 其他的例如软件开发,实验环境,培训和安全角度看,还是有很多情况需要多重梦境的, 不多重虚拟的. 值得一提的是, 当前VMCS Shadowing已经在KVM 3.1和Xen 4.3中了支持了. 个人偏好KVM, RHEL/CentOS 7里面自带的是KVM3.10,Xen种种原因不太推荐了就.实测数据也已经有了, >58%的kernel build加速, >50%的CPU信号降低, 和125%的IO提速, 证明VMCS Shadowing在多重虚拟下还是值得拥有的. 但是对一般不需要多重虚拟的普通用户来讲...没啥用.



Extended Page Table Accessed and Dirty bits (EPT A/D bits)

好长的名字...这个是在虚机迁移的时候用的技术. 可以认为是内存虚拟化. 

A/D位, 是一个标记位. EPT(Extended Page Table)是一个对映虚机的虚拟硬件内存地址和宿主机的物理地址的表格. 由于虚拟的内存对于虚拟机来说是要连续的, 但宿主机可以用不连续的内存给VM, 所以EPT是必然存在的. 有点类似与, 一个txt文件我们看到内容是连续的, 但是在磁盘上存放可能并不连续, 可以类似理解为文件系统中的FAT表. A/D bit,就是在VM迁移时的标记,告诉机器哪些已经迁移了, 不在旧的机器上了,那些还没有移. 新数据进来一看就知道该在新机器上去写还是还在旧机器上写数据了, 先把没有盖面的数据移了, 频繁改动的放最后. 最关键的是现在是硬件支持了. 在KVM 3.6里面已经有了, 再说一下CentOS的是3.10, 支持. Xen4.3支持, VMWare叫SLAT, 3天前发出文章来, 貌似也支持.(http://www.unixarena.com/2014/09/vmware-hardware-compatibility-guide.html)


Data Direct IO Enhancements

BIOS里和VT-d对映, IO虚拟化.

一直有的技术, 新v3做了些提高. 通过定义个别的硬件资源, 一般是PCIe上的, 比如网卡, GPU. 直接使VM的CPU core直接使用对映的资源, 从而达到加速的效果. 但是, 需要Hypervisor中代码实现.(目前大部分都支持了), 还有就是, 做了直接映射访问IO资源后, 在迁移VM的时候可能遇到麻烦.

PS:补个图, 从图中可以看出来Intel虚拟化技术的分类情况, 和现有的技术.

PSS:除了最后一个以外, 上面3个都是需要VMM支持的, 也需要在VMM中打开才可以真的发挥作用.

Four new virtualization technologies on the latest Intel� Xeon - are you ready to innovate? | 01.org

Four new virtualization technologies on the latest Intel� Xeon - are you ready to innovate? | 01.org

Here is a brief overview of the new Intel® VT technologies:

Cache Monitoring Technology (CMT) - allows flexible real time monitoring of the last level cache (LLC) occupancy on per core, per thread, per application or per VM basis. Read the raw value from the IA32_QM_CTR register, multiply by a factor given in the CPUID field CPUID.0xF.1:EBX to convert to bytes, and voila! This monitoring can be quite useful in detecting the cache hungry “noisy neighbors,” characterizing the quiet threads, profiling the workloads in multi-tenancy environments, advancing cache-aware scheduling and/or all of the above. Based on the CMT readings, schedulers can take subsequent intelligent actions to move and balance the loads to meet any service level agreement (SLA) in a policy driven manner. Intel® 64 and IA-32 Architectures Software Developer’s Manual (SDM) volume-3 chapter-17.14 provides the CMT programming details. CMT reference code is also available for evaluation under BSD license. For commercial use, please use the CMT cgroup and perf monitoring code being upstreamed for Linux, and both KVM and Xen.                                    

VMCS Shadowing - accelerates nested virtualization - basically a hypervisor in a hypervisor. The root HV privileges are extended to the guest HV. Thanks to the acceleration that the shadow VMCS provides, a guest software can run with minimal performance impact and without needing any modification. But why would you do that? Because this technology enables you to consolidate heterogeneous application VMs, containers, and workloads within a single super host VM. You could reduce your cost of using the cloud by extracting more benefit from a single licensed host VM – “virtualization of the cloud” if you will. Your cloud service providers (CSP) could make you feel more empowered in controlling your HV and software choices without intervention from the CSP. Other practical use cases include creating web based labs, software development and test environments, trainings, make shift arrangements during migration, disaster recovery, rapid prototyping, and reduction of security attack surfaces, etc. VMCS Shadowing code is upstreamed in KVM-3.1 and Xen-4.3 onwards. More than 58% reduction in kernel build time, >50% reduction in cpu signaling, and >125% increase in IO throughput have been reported on Haswell with VMCS Shadowing applied to nested virtualization test cases. Please refer to Intel (SDM) volume-3 chapter-24 for VMCS Shadowing programming details.

Extended Page Table Accessed and Dirty bits (EPT A/D bits) – This technology improves performance during memory migration and creates interesting opportunities for virtualized fault tolerance usages. You probably already understand that guest OS expects contiguous physical memory, and the host VMM must preserve this illusion. EPT maps guest physical address to host address that allows guest OS to modify its own page tables freely, minimizes VM exits and saves memory. The new addition of (A)ccessed and (D)irty flag bits in EPT further optimizes the VM Exits during live migration, especially when high-freq resetting of permission bits is required. Up to date memory is pre-migrated leaving only the most recently modified pages to be migrated at the final migration stage. In turn, this minimizes the migration overhead and the migrated VM downtime. EPT(A) bits code has been upstreamed in KVM-3.6 and Xen-4.3; and EPT(D) bits code up-streaming is in the works. Programing details for EPT A/D bits can be found in Intel SDM volume-3, chapter-28.

Data Direct IO Enhancements - improve application bandwidth, throughput and CPU utilization. Now in addition to targeting the LLC for IO traffic, you can also control the LLC way assignment to specific cores. On Haswell, a direct memory access (DMA) transaction can end up in 8 ways of the LLC without hitting the memory first. Because both the memory and in-cache utilization due to networking IO is reduced, the IO transaction rate per socket improves, latency shrinks and power is saved. Cloud and data center customers can profusely benefit from the increased IO virtualization throughput performance. Storage targets and appliances can practically eliminate the need of full offload solutions. Data Plane application and appliance makers can improve and optimize transaction rates, especially for small packets and UDP transactions. DDIO use cases galore. For a detailed discussion about your specific application, please do contact your local Intel representative.

Happy virtualizing with the latest Intel® Xeon® E5-2600 v3 Product Family! At Intel, we’ll be eagerly waiting to hear about all those cool innovations and new businesses that you’ll be building around these newly introduced virtualization technologies. Comments are very welcome!

Some research on performance KVM vs ESX

Case1: Tools: SPECvirt_sc2010 http://www.spec.org/virt_sc2010/results/specvirt_sc2010_perf.html Sames HW, ESXi 4.1 scores 3824 with 234 VMs, KVM 4603 and host 282 VMs, which is 20% higher. Case2: Tools: SPECvirt_sc2010 http://www.spec.org/virt_sc2010/results/specvirt_sc2010_perf.html 3894 vs 3723, KVM 4.5% higher. Case3: Tools: SPECvirt_sc2013 (New tools, as of 9/24/2014 only the below data avaiable) http://www.spec.org/cgi-bin/osgresults RHEL7 1614 with 90 VMs on a E5-2699v3 platform, which is much higher than last generation E5-2697v2 with 935 and 50VMs. KVM is clearly better on the performance side, and also the price side.