![Page 1: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/1.jpg)
®
Xen and the Art of Virtualization
Ian Pratt
VP, Citrix Systems and
Chairman of Xen.org1
![Page 2: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/2.jpg)
®Outline
• A brief overview of Xen and Xen.org
• Why virtualization is important
• Virtualization frontiers:
– Virtualization Security
– IO Virtualization
– High-Availability
– Client Device Virtualization
– Multi-tenancy for Cloud2
![Page 3: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/3.jpg)
®Xen History
• Mar 1999 XenoServers HotOS paper
• Apr 2002 Xen hypervisor development starts
• Apr 2003 First public Xen Release
• Oct 2003 Xen SOSP paper
• Apr 2004 Xen 1.0 released
• Jun 2004 First Xen developer‟s summit
• 2004 Hardware vendors start taking Xen seriously
• 2005 RedHat, Novell, Sun and others adopt Xen
• 2006 VMware and Microsoft adopt paravirtualization
• Sep 2006 First XenEnterprise released
• May 2008 Xen embedded in Flash on HP/Dell servers3
![Page 4: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/4.jpg)
®Xen Project Mission
• Build the industry standard open source hypervisor– Core "engine" that is incorporated into multiple vendors‟ products
• Maintain Xen‟s industry-leading performance
• Maintain Xen‟s reputation for stability and quality– Security must now be paramount
• Support multiple CPU types; big and small systems– From server to client to mobile phone
• Foster innovation
• Drive interoperability
![Page 5: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/5.jpg)
®
Xen Hypervisor
First and Best to
support new
CPU, chipset,
and Smart IO
Technologies
Pioneers of
OS Para-virtualization
![Page 6: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/6.jpg)
®
Virtualization Benefits
6
![Page 7: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/7.jpg)
®Why Virtualization is „Hot‟
• Clearing up the mess created by the success of „scale-out‟
– One Application per commodity x86 server
– Leads to „server sprawl‟
– 5-15% CPU utilization typical
• Failure of popular OSes to provide
– Full configuration isolation
– Temporal isolation for performance predictability
– Strong spatial isolation for security and reliability
– True backward app compatibility
7
![Page 8: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/8.jpg)
®
8
First Virtualization Benefits
• Server consolidation– Consolidate scale-out success
– Exploit multi-core CPUs
• Manageability– Secure remote console
– Reboot / power control
– Performance monitoring
• Ease of deployment– Rapid provisioning
• VM image portability– Move image between different hardware
– Disaster Recovery
![Page 9: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/9.jpg)
®2nd Generation Virtualization Benefits
Avoid planned downtime with VM Relocation
Dynamically re-balance workload to meet app SLAs or to saver power
![Page 10: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/10.jpg)
®
Virtualization Security
10
![Page 11: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/11.jpg)
®Hypervisors and Security
• Exploitation of a hypervisor is a real threat
• Hypervisors add more software and thus increase the
attack surface
– Network-facing control stack
– VM containment
• Xen smaller and defensible than an OS
– Need a “strength in depth” approach
• Disaggregate, De-privilege, narrow interfaces
• Xen Security Modules
– Secure Boot
11
![Page 12: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/12.jpg)
®Improving Security with Hypervisors
• Hypervisors allow administrative policy enforcement from
outside of the OS
– Firewalls, IDS, malware scanning etc
• More robust as not so easily disabled
• Provides protection within a network rather than just at borders
– Backup policy, multi-path IO, HA, FT etc
• Availability and Reliability
– Hardening OSes with immutable memory, taint tracking, logging
and replay
– Introspection is an active research area
12
![Page 13: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/13.jpg)
®
Network IO Virtualization
13
![Page 14: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/14.jpg)
®Network Interface Virtualization
• Network IO is tough to virtualize
– High packet rate
• Batches often small
– Data must typically be copied to VM on Receive
– Some apps are latency sensitive
• Xen‟s network IO virtualization has evolved
significantly over time
– Need to take advantage of new NIC features
14
![Page 15: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/15.jpg)
®I/O Architecture
Event Channel Virtual MMUVirtual CPU Control IF
Hardware (SMP, MMU, physical memory, Ethernet, SCSI/IDE)
Native
Device
Driver
GuestOS
Device
Manager &
Control s/w
VM0
GuestOS
VM1
Front-End
Device Drivers
GuestOS
Applications
VM2
Device
Emulation
GuestOS
Applications
VM3
Safe HW IF
Xen Virtual Machine Monitor
Back-End
Applications
Front-End
Device Drivers
![Page 16: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/16.jpg)
®Xen Driver Domains
Event Channel Virtual MMUVirtual CPU Control IF
Hardware (SMP, MMU, physical memory, Ethernet, SCSI/IDE)
Native
Device
Driver
GuestOS
Device
Manager &
Control s/w
VM0
Native
Device
Driver
GuestOS
VM1
Front-End
Device Drivers
GuestOS
Applications
VM2
Device
Emulation
GuestOS
Applications
VM3
Safe HW IF
Xen Virtual Machine Monitor
Back-End Back-End
![Page 17: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/17.jpg)
®Isolated Driver VMs for High Availability
• Run device drivers in
separate domains
• Detect failure e.g.
– Illegal access
– Timeout
• Kill domain, restart
• E.g. 275ms outage from
failed Ethernet driver
0
50
100
150
200
250
300
350
0 5 10 15 20 25 30 35 40
time (s)
![Page 18: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/18.jpg)
®Multiple RX Queues
• NIC supports multiple free and RX buffer Q‟s– Choose queue based on destination MAC, VLAN
– Default queue used for multicast/broadcast
• Great opportunity for avoiding data copy for high-throughput VMs– Try to allocate free buffers from buffers the guest is
offering
– Still need to worry about broadcast, inter-domain etc
• Multiple TX queues with traffic shapping
![Page 19: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/19.jpg)
®IOMMU : Direct Device Assignment
Event Channel Virtual MMUVirtual CPU Control IF
Hardware (SMP, MMU, physical memory, Ethernet, SCSI/IDE)
Native
Device
Driver
GuestOS
Device
Manager &
Control s/w
VM0
GuestOS
VM1
Front-End
Device Drivers
GuestOS
Applications
VM2
Device
Emulation
GuestOS
Applications
VM3
Safe HW IF
Xen Virtual Machine Monitor
Back-End
Applications
Native
Device
Driver
![Page 20: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/20.jpg)
®SR-IOV : Hardware IO Virtualization
• NIC presents itself as multiple PCI devices, one
per guest– Relies on IOMMU for protection
– Still need to deal with the case when there are more VMs
than virtual h/w NICs
– h/w-specific driver in guest, loses some of the hardware
abstraction benefits of virtualization
• Full Ethernet switch functionality on NIC– Inter-domain traffic can go via NIC
• But data goes over PCIe bus twice, may be slow
![Page 21: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/21.jpg)
®SR-IOV NIC Demonstration
21
Dell 10G Switch
NFS Common Storage w/OpenFiler
Dell R710 Server
XenServer and Intel 10G SR-IOV NIC
Dell R710 Server
XenServer and Intel 10G SR-IOV NIC
Dell R710 Server
XenServer and Intel 10G SR-IOV NIC
• Full 20Gb/s bi-directional throughput to VMs
• Low latency, High CPU efficiency
• Live relocation between hosts - Even hosts with different NICs
![Page 22: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/22.jpg)
®Network Performance
Type-0
0
5
10
15
20
25
30
35
CP
U (
%)
usercopy
kern
xen1
grantcopy
kern0
xen0Multiple RX
queues
SR-IOV
NIC
native
201%
100%123% 103%
• New Smart NICs reduce CPU overhead substantially
• Care must be taken with SR-IOV NICs to ensure benefits
of VM portability and live relocation are not lost
s/w only
![Page 23: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/23.jpg)
®
High Availability and Fault Tolerance
23
![Page 24: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/24.jpg)
®Hardware Fault Tolerance
Restart-HA monitors hosts and VMs to keep apps running
Hardware Fault Tolerance with deterministic
replayor checkpointing
Xen‟s Software-Implemented Hardware Fault Tolerance enables true
High Availability for unmodified applications and operating systems
![Page 25: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/25.jpg)
®Hardware Fault Tolerance
• E.g. University of British Columbia‟s “Remus”
• Smart checkpointing approach yields excellent
performance– VM executes in parallel with checkpoint transmission, with all externally
visible state changes suppressed until checkpoint receipt acknowledged
– Checkpoints delta compressed
• Checkpointing possible across wide-area, even for multi-
vCPU guests
25
![Page 26: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/26.jpg)
®
Virtualization on Client Devices
26
![Page 27: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/27.jpg)
®The Xen Client Initiative
• Formed in 2007 to develop Xen for desktop and laptop
• Develop enhanced power management, USB, WiFi,
WWAN, 3D Graphics, fingerprint reader, multi-touch, etc
• Support for latest hardware technologies
• Tiny footprint hypervisor, Embeddable in Flash memory
or small disk partition
• Aiming to make virtualization ubiquitous on client
devices...
27
![Page 28: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/28.jpg)
®Client Hypervisor Benefits
• Security, Manageability, Supportability, Auditability
• Building Multi-Level Secure systems– Run multiple VMs with policy controlled information flow
• E.g. Personal VM; Corporate VM; VM for web browsing; VM for banking
– Trusted hypervisor provides secure isolation
• Enables “out-of-band” management and policy
enforcement– Malware detection, remote access, image update, backup, VPN, etc.
Requires a true type-1 hypervisor architecture
Xen is ideally suited to this!
28
![Page 29: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/29.jpg)
®Types of Virtual Machine Monitor
Type 2 VMMType 1 Hypervisor
Type-1 hypervisor
hardware
personal image corporate imageType-2 hypervisor
hardware
Personal Image
corporate image
![Page 30: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/30.jpg)
®
Xen Hypervisor
VM1 VM2
Audio USB
Disk ACPI
GPU
NIC
Xen Client Architecture
Control
Domain
Service
VM
x86 HardwareTXT
TPM
![Page 31: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/31.jpg)
®“Business” & “Personal” Environments
• Allows Local App Installs
• Minimal Management
– Virus Scanner
– Security Patches
• No SLA
– Self-Service Wipe
Business Personal
• Locked Down
• No Local App Installs
• Tightly Managed
• Self-Service Corporate App Installs
![Page 32: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/32.jpg)
®
Laptop
Policy
BackupImages
Data Sync
The XenClient Solution
• High Performance Client Virtualization• Provides a High QualityUser Experience
• Securely Run Multiple Hardware Independent Images
• Provide Ability to get under the client OS and manage it
• A New Way to Deliver Desktops• Use a Single Image for Initial Deployment and Ongoing Management
• Efficient Two-way Data Synchronization
• Flexible policy controls
• Integrated Encryption and Backup
![Page 33: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/33.jpg)
®From Laptops to Mobiles
• Smart phones and PDAs
– Xen ARM
– Smart phones now suffer from many of the same problems as PCs
• Simple restricted use cases:
– Three VMs running on one CPU:• Real time VM for controlling the radio
• VM for vendor/operator -supplied s/w
• VM for user-downloaded software
![Page 34: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/34.jpg)
®
Virtualization in the Cloud
34
![Page 35: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/35.jpg)
®XenoServers : University Project from 1999
• Incremental rollout
• Flexible platform
• Unified management
• Global services and apps
• Exploit network topology
• Open commercial platform
XenoServer
Deploy
Client
XenoCorp
![Page 36: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/36.jpg)
®XenoServers Vision is Becoming Reality
Amazon has thousands of servers running Xen
• Server consolidation and workload management
• EC2 (Elastic Computing Cloud) “Rent a VM”
Industry‟s largest production use of virtualization
![Page 37: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/37.jpg)
®Xen Cloud Platform (XCP)
• XCP Expands Xen.org‟s remit beyond the core
hypervisor, to create a full virtual infrastructure layer for
Cloud deployments– Simplify and streamline use of Xen by Cloud providers and vendors
– Promote greater standardisation of components between vendors
• Advanced virtual infrastructure to enable Virtual Private
Datacenters rather than just Virtual Private Servers– Multi-tenant hosts, networking, storage, etc
– Promote interoperability between xen-based clouds and other clouds
– Drive standards activities via DMTF
37
![Page 38: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/38.jpg)
®
New Open vSwitch
VM
Hypervisor
VM VMVMVM
Hypervisor
VM VMVMVM
Hypervisor
Isolation · Resource control · Multi-tenancy · Visibility · Security
VMVM
• Open Source Virtual Switch maintained at www.openvswitch.org
• Rich layer 2 feature set
![Page 39: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/39.jpg)
®
Distributed vSwitch
HypervisorHypervisorHypervisor
Built-in policy-based ACLs move with VMs
Distributed Virtual Switch
VMVM VM VM VM VM VM VM VM VMVM
Virtual Interface (VIF) {MAC, IP} ACLspermit tcp 10.0.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit tcp 192.168.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit tcp 172.16.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit udp 10.0.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit udp 192.168.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit udp 172.16.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit tcp 10.0.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq 123
Virtual Interface (VIF) {MAC, IP} ACLspermit tcp 10.0.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit tcp 192.168.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit tcp 172.16.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit udp 10.0.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit udp 192.168.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit udp 172.16.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit tcp 10.0.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq 123
![Page 40: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/40.jpg)
®
Distributed vSwitch
HypervisorHypervisorHypervisor
Isolation · Resource control · Multi-tenancy · Visibility · Security
Distributed Virtual Switch
VMVM VM VM VM VM VM VM VM VM VM
Distributed Virtual Switch
Tenant A
Tenant B
![Page 41: Xen and the Art of Virtualization - Intel® Software · PDF fileXen and the Art of Virtualization ... XenServer and Intel 10G SR-IOV NIC Dell R710 Server ... –Self-Service Wipe Business](https://reader031.vdocuments.net/reader031/viewer/2022021510/5ab041787f8b9a3a038e6e59/html5/thumbnails/41.jpg)
®Conclusions
• Open Source is a great way to get impact from
University research projects!
• Hypervisors will become ubiquitous, near zero
overhead, embedded in the hardware
• Virtualization may enable a new "golden age" of
operating system diversity
• Virtualization is a really fun area to be working in!