RPM Brotherhood:

KVM VIRTUALIZATION
TECHNOLOGY

Syamsul Anuar Abd Nasir

Fedora Ambassador Malaysia
1 RPM BROTHERHOOD | KVM VIRTUALIZATION
ABOUT ME
●
Technical Consultant for Warix Technologies -
www.warix.my
• Warix is a Red Hat partner
• Offers the services and solutions on building private cloud /
Virtualization based on Red Hat Enterprise Virtualization
and KVM
• Fedora Ambassador Malaysia

2 RPM BROTHERHOOD | KVM VIRTUALIZATION

INTRODUCTION
Ability to run multiple Operating System (Windows, Linux,
UNIX etc) on one single physical machine

Decoupling software and applications from single hardware

3 RPM BROTHERHOOD | KVM VIRTUALIZATION

VIRTUALIZATION VOCABULARIES

• VM: Virtual Machine

• Hypervisor / VMM : Virtual Machine Monitor or simple term,
OS for the VM Guests
• Guest OS: The OS that is run within a virtual machine
• Host OS: The OS that runs on the computer system
• Paravirtualized Guest: The guest OS that is modified to
have knowledge of a VMM. Mostly Xen
• Full Virtualization: The guest OS is run unmodified in this
environment

4 RPM BROTHERHOOD | KVM VIRTUALIZATION

TYPES OF HYPERVISOR

• TYPE 1 : Native or baremetal hypervisor that runs directly

on host hardware. E.g. Xen and KVM
• TYPE 2 : Hypervisor software running on top OS. E.g.
Virtualbox

• Containers: User Space server Virtualization method where

kernel and OS allows multiple solated instances of them
running. Eg. FreeBSD Jails, Solaris Zone, OpenVZ,
FreeVPS, and Linux Vserver

5 RPM BROTHERHOOD | KVM VIRTUALIZATION

HARDWARE ASSISTED VIRT
CPU Vendors extending x86 architecture
• Adding CPU features to support virtualization
• Feature added ~2006 available in
o Intel – VT (Xeon, Core Duo and Core 2 Duo)
o AMD – AMD-V (Opteron, Athlon and Phenom)

1st Generation
• Offloads “Ring compression” to CPU
• Effectively provides new privilege level
• Hypervisor no longer scan and rewrite kernel code
• CPU provides 'hooks' or 'traps' for privileged
instructions

6 RPM BROTHERHOOD | KVM VIRTUALIZATION

HARDWARE ASSISTED VIRT
2nd Generation
• Memory Management
o Offloads memory page table management
to CPU & Chipset
o Provides significant performance improvement

• Intel - Extended Page Tables (EPT)

o Available in Nehalem class Xeon
• AMD : Rapid Virtualization Indexing (RVI)
o was called NPT (Nested Page Tables)
o Available in quad core Opterons

7 RPM BROTHERHOOD | KVM VIRTUALIZATION

THE KVM VIRTUALIZATION
• KVM – the Kernel-based Virtual Machine – is a Linux
kernel module that turns Linux into a hypervisor
• Tightly integrated into Linux and upstream since kernel
2.6.20 (January 2007)
• Requires hardware virtualization extensions (Intel VMX
and AMD SVM)
• Offload most work to CPU & chip and NO binary
translation (So its faster)
• Leveraging all the capabilities of the Linux kernel
without breaking any compatability issue
• Cool features - memory and storage overcommit
(among others)

8 RPM BROTHERHOOD | KVM VIRTUALIZATION

BENEFITS OF KVM MODEL

• Leverage is the name of the game

o Linux – no need to re-invent the wheel
o Built on trusted, stable enterprise grade platform
o Ease of management – use same tools
for managing physical servers and hypervisors
• Advanced features
o Inherit scalability, NUMA support,
power management, hot-plug etc
o others have to develop from scratch
o SELinux security, S-Virt, Advanced scheduler,
RAS support (Intel Nehalem EX enablement)
9 RPM BROTHERHOOD | KVM VIRTUALIZATION
KVM AS HYPERVISOR

10 RPM BROTHERHOOD | KVM VIRTUALIZATION

11 RPM BROTHERHOOD | KVM VIRTUALIZATION
KVM FEATURES
MEMORY OVERCOMMIT
Kernel Same-Page Merging (KSM)

Memory Page Sharing

Securely shares identical memory pages between virtual
machine

12 RPM BROTHERHOOD | KVM VIRTUALIZATION

 KVM FEATURES
STORAGE OVERCOMMIT
Thin Provisioning
Allocate storage only when needed
Oversubscribe storage
Transparent to virtual machine
Improve Storage Utilization
Reduced Storage Costs
Works with NFS, iSCSI and Fiber
Channel
Storage reporting and alerting

13 RPM BROTHERHOOD | KVM VIRTUALIZATION

KVM FEATURES
SECURITY
Security

Inherits security features of Linux

Includes support for SELinux

Provides protection & isolation for virtual machines processes & host

Compromised virtual machine isolation
sVirt Project

Sub-project of NSA's SELinux community

Provides “hardened” hypervisors

Contain any hypervisor breaches

14 RPM BROTHERHOOD | KVM VIRTUALIZATION

KVM FEATURES
VIRTIO
Performance

Open Source Paravirtualized accelerated drivers for Linux Kernel
Virtualization

Improve performance for Full Hardware Virtualization

Virtualization disk, NIC etc

Collaboration between Red Hat and IBM

Not specific to KVM

15 RPM BROTHERHOOD | KVM VIRTUALIZATION

SOME KVM BENCHMARK (Iperf in KVM)

16 RPM BROTHERHOOD | KVM VIRTUALIZATION

SUMMARY OF RESULTS


One should use Virtio in favor of VT-d pass-through, or emulated
Network Driver

Emulated NICs are much slower than Virtio or VT-d

The MAX bandwidth of Virtio connecting to a remote is very close to
VT-d or Native

Using Virtio to connect to Dom0 is much faster than using VT-d
(since in our setup VT-d is a second NIC)

Source : http://vmstudy.blogspot.com/2010/04/network-speed-test-iperf-
in-kvm-virtio.html

17 RPM BROTHERHOOD | KVM VIRTUALIZATION

OTHER TECHNOLOGIES AROUND KVM

Libguestfs - libguestfs is a set of tools which you can use to examine
and modify virtual machine images from outside (ie. from the host)

NetCF - a library for configuring network interfaces.

Deltacloud – An API that abstract the differences between clouds.

QCOW2 - qcow2 is the native disk image file format of qemu. It
supports “copy-on-write” feature.

Cgroups - an upstream kernel feature that allows system resources
to be partitioned/divided up amongst different processes, or a
group of processes.

Condor - develop, implement, deploy, and evaluate mechanisms and
policies that support High Throughput Computing (HTC) on large
collections of distributively owned computing resources.

18 RPM BROTHERHOOD | KVM VIRTUALIZATION

 THANK YOU

ANY QUESTION ?

19 RPM BROTHERHOOD | KVM VIRTUALIZATION