Forgot your password?
typodupeerror

Xen Hacker Interviewed 95

Posted by ScuttleMonkey
from the under-the-hood dept.
Drawoc Suomynona writes "The Xen virtual monitor is a new generation virtualization software that enable running multiple OSes at the same time with unprecedented level of performances. Manuel Bouyer was recently interviewed about his work porting Xen to the NetBSD operating system. The interview touches on why some consider Xen to be so good, how hard it is to integrate such a software package into an OS, and more."
This discussion has been archived. No new comments can be posted.

Xen Hacker Interviewed

Comments Filter:
  • by nacturation (646836) <nacturation AT gmail DOT com> on Sunday February 19, 2006 @05:29PM (#14756772) Journal
    Anyone know Xen compares to jails in, say, FreeBSD? I've managed to setup a jail before where you do a "make world DESTDIR=/jaildir" and then do a jail on that directory, which gives someone the appearance of their own entire operating system. Is Xen similar to this, but allowing for many different operating systems rather than just another instance of the same one?

    Also, glad to see the BSD section is at least still around. I can't seem to get it to show up on the Sections list, regardless of how I set it up.
     
    • Re:Xen vs. jails (Score:5, Informative)

      by LLuthor (909583) <lexington.luthor@gmail.com> on Sunday February 19, 2006 @05:42PM (#14756844)
      BSD jails share the kernel, Xen systems have their own kernels (patched versions of the actual Linux/BSD/etc kernels) and communicate with the host kernel through the vizor. Xen can run multiple different kernels and also support all the features such as advanced routing and access to host hardware.

      Jails are lighter/faster but less secure (a kernel exploit in a jail will root the whole system).
      • Re:Xen vs. jails (Score:5, Informative)

        by WindBourne (631190) on Monday February 20, 2006 @12:00AM (#14758837) Journal
        The other major issue is that a jail is basically a chroot with some needed access to certain files. It will be one version of BSD / physical machine. In fact, jails are probably closer to UML on linux, then to Xen.

        In contrast, Xen can run multiple instances of different OS. That is, on one physical box, you could run Suse, Mandrake, Redhat, NetBSD, and even Windows. So Xen is closer to vmware than to jails.
  • Xen on Windows (Score:2, Interesting)

    by Aladrin (926209)
    I see a ton of comments about not being able to use Xen to run Windows inside Linux, but no information the other way around...

    Can Xen run Linux apps on my Windows installation? I am currently using Cygwin for that, and it's working okay, but some of my favorite apps are being run through SSH from my linux box to make all this happen.

    I do too much in Windows to even dual-boot the system... I'd spend as much time booting as I would working/playing.
    • Re:Xen on Windows (Score:2, Informative)

      by JoeGTN1 (836394)
      CoLinux is a wonderful thing. http://www.colinux.org/ [colinux.org]
    • Re:Xen on Windows (Score:3, Informative)

      by ocelotbob (173602)
      As modifications have to be made to the host OS to be a Xen host as well, I doubt windows will ever be a Xen host; MS is too headstrong with their own virtualization software. However, you can run coLinux [colinux.org], however, you will run into some performance problems.
    • Re:Xen on Windows (Score:5, Informative)

      by hawicz (449905) on Sunday February 19, 2006 @06:07PM (#14756961)
      You're not understanding how Xen works. Xen doesn't let you run one OS inside another, they run side by side, almost as if they were two processes.

      Running OSes inside of Xen and running MS Windows inside of Linux are two completely different things. If you can run MS Windows inside of Linux, whether or not that Linux kernel is running inside of Xen probably won't matter, since for that to work at all you probably have to trap any protected instructions and emulate them. Whether the emulation is implemented using actual ring 0 instructions or Xen hypervisor calls should be irrelevant.

      However, you _can_ run Windows inside Xen, and people have done so. It's difficult to do because you need to manage to get a Windows source license and build your own copy with the necessary modifications, but not impossible.
      • So what you're saying is that there is NO host OS, only 2 or more hosted OSes that share the hardware?
        • Re:Xen on Windows (Score:4, Informative)

          by SillyNickName4me (760022) <dotslash@bartsplace.net> on Sunday February 19, 2006 @07:17PM (#14757439) Homepage
          You could say that XEN itself is the 'host OS' abeit a very tiny one.

          Virtual machines on XEN are called 'domains', and besides using virtual devices, they can also provide them.

          Normally, domain 0 is responsible for providing almost all virtual devices (networking, disks etc). This may give the illusion that what runs in domain 0 is the host OS, but it is not, it is just another 'virtual machine', and while it is normal for domain 0 to do this, any domain running the proper kernel can provide devices to XEN.

      • Re:Xen on Windows (Score:5, Informative)

        by tinkertim (918832) * on Sunday February 19, 2006 @11:41PM (#14758758) Homepage
        You are correct and more so than you'd think. Xen provides true isolation of its dom-u's (user VM's). The xen hypervisor is most likely some of the most efficient code ever released to the open source community.

        Xen layering and management allows you to do tons of stuff, I'm already doing SSI clusters on single machines. Xen + Win2k3 has been accomplished. This with CVIP / HA-LVS all running on one nic. Slice a high end p4 into a 6 + 1 (x 128) MB cluster of isolated servers. Its truly HA in a box, and very very simple.

        The reason they call it a hypervisor is just that, its a step above a supervisory process. On VT enabled platforms (The new P4's / AMD's) you really start to see what xen can do without the bottlenecks of processor architecture.

        Personally I think the ease of clustering is more important (and useful to the internet at large) than the ability to play with Windows stabalized under Linux. (I love saying that knowing its actually happened hehehehhe).

        I can also say NetBSD does *very* well under xen.

        Here's a really cool example config of how xen could slice up a high end dual xeon.

        Assume .. Dual xeon .. 3.2 .. 4GB Registered 2x 250 GB SATA disks (one of my labs)

        2 nics at 1000 MBPS, Connected to a gig-e switch. 100 MBPS x2 uplinks from 13 blended carriers. Basically, the average server you lease at any datacenter. Remember, you don't ever get to physically touch them. Xen is easy enough to install without needing local access.

        You setup 2 smaller (maybe 256 MB each) netbsd firewalls , do some traffic shaping if you want. From there, you toss it over to an OpenSSI / Debian cluster running on the same machine.

        Here's the really cool part. The bsd machines can talk to dom-0 and tell it when its time to drop nodes or add nodes, or make nodes bigger.

        Need more servers? Simple . Xen them and load the ssi node image via pxe / etherboot.

        Its very very easy then to setup the bridging needed to get a working cvip configuration and start weighting ports. So now you have 2 failover netbsd front end routers , failover LAMP and failover nics. Stick those SATA's in RAID1 and your only single point of faliure becomes your power supply or something going horribly wrong on domain 0. At the price it costs for those servers, you can afford 2 and pay under 500 bucks for the whole shebang if you lease them. Buying outright and co-locating is the best way. Or if your one of the fortunates with fiber coming into your own building ...

        Now toss xen3 in there and you have yourself a win2k3 setup hosting your certificate authoirty, snaps, etc. bring it all into AD if you want. Its a networking "magic bag".

        I'm just scratching the surface. These Guys [option-c.com] Have a really, really useful wiki, as well as some "unofficial" Debian install packages. Your average Linux geek could get it going quickly.

        Keep your eyes on Xen. Its going to do good things for everyone - and its going to push commercial equals to .. well .. be more equal. Right now (afaic) Xen tips the scales in its direction.

        Windows is just one of the marvels folks. Look at the big picture. Some of us have been screaming Xen for a while now .. so its sort of a triumph to see it finally getting a larger following :) Virtuozzo just cant *touch* it.

        Off the soapbox. Hope someone found this useful. It took an awful long time to type. Course would help if I wasn't eating messy food ..

        • Re:Xen on Windows (Score:3, Interesting)

          by TallMatthew (919136)
          The reason they call it a hypervisor is just that, its a step above a supervisory process. On VT enabled platforms (The new P4's / AMD's) you really start to see what xen can do without the bottlenecks of processor architecture.

          I would think your bottlenecks would be constant context switches on your proc, cache misses on your virtual memory and seeks within your RAID (at the "hypervisor" level). No matter how good your top-level kernel delegates, it's still a level of indirection before control is pas

          • Re:Xen on Windows (Score:4, Informative)

            by tinkertim (918832) * on Monday February 20, 2006 @08:43AM (#14760516) Homepage
            You've basically just described what could happen to any processor (no matter how conjoined or how many) that could not return at or greater than the rate it was being fed, which is the point of using Xen in the first place :) I refer to it as 'meltdown' however.

            You also have to keep in mind that most clusters are application specific.

            With Xen and SSI you have two things that both do a very good job of :

            1 - Replace "dumb" round robin load balanced racks (it makes a very good load balancer)

            2 - Isolating applications (nevermind the os we're talking about a single image)

            I'm not going to go into number one because its obvious (or is to who I'm replying to).

            Lets look closer at #2. I'd like to (for demonstration) use as an example the vast number of people using an open source application on their website powered by Apache, PHP and MySQL.

            I'd also like to call attention to the fact that commonly those aren't the only 3 malloc()'ing hogs running on any given single server. In fact you'll find most public services running in one place. This means a mailer (exim for this example), Spam Assassin, Clam AV (if they care about their mailbox), MySQL, SMTP bandwidth logging generally using MySQL, SSH, most likely POP and IMAP. Eh, almost forgot DNS but bind is pretty small. Now they're all figting for cache, while trivial system processes live happily in dentry and watch the public ones choke to death. Xen helps you stop this.

            Imagine 300 http sessions (lets say some chat program mandated session keep alives), now someone rolls in with a brute force spam attack. There goes exim, spam assassin and clam AV.

            Pretty soon things just stop forking and said server needs its diaper changed. So what you described is also what most people have existing.

            Now take a look at any 20 places selling co-located servers , or leasing them. You've got about $200 - $300 a month you can spend. Your site was a hobby and now its a kick in your wallet. You'll find a nice Dual Xeon 3.2 (even a 2.8 would work) and you can get a few nics and 4 GB registered RAM.

            You can, then with Xen and OpenSSI solve your problem, isolate your services, make some of them highly available and you (can) do it on a single platform and increase its capacity drastically. We have a few things at play :

            1 - Xen's routing is very , very fast. That coupled with a sensible CVIP configuration can and will direct traffic as well as most medium line load balancers. I'm not talking about your $50k models that let you shape and direct down to the most miniscule trait of the session.. and I'm not talking about a cheapo. I'm also not calling out anything by brandname.. but I think you can relate for purposes of banter.

            2 - You can't (and should not) run one of these from one physical ethernet device. While you don't need to give each node a seperate (real) nic, you really should split things up. By doing so you're freeing up kernel resources to do other things (like direct traffic avoiding I/O bottlenecks).

            3 - You need to really play with your kernels. You really need to ensure you are taking advantage of your either (SATA) or preferably (SCSI) disks.

            4 - You need to use sensible applications that interact nicely with your sql server, and (as you pointed out) have a very good understanding of Linux and its I/O. Be smart.. use flatfiles when you can (in other words plan your cluster).

            5 - You can use xen in a more conventional setup too :) Just allocate 99% of any given server to your etherboot dom-u. iscsi / good gig-e nics and short copper runs to medium grade switches do this quite well.

            So should Ebay fire one up today? No .. that would be as dumb as driving on your spare tire to look cool. Can your forum, e-commerce shop or php based game stay up and running? Sure :)

            But what I just typed is several options available to site owners who 6 months ago only had much more expensive options.
    • Re:Xen on Windows (Score:5, Informative)

      by TheRaven64 (641858) on Sunday February 19, 2006 @06:15PM (#14756998) Journal
      You don't run Xen on Linux, exactly. You run Xen-and-a-modified-version-of-your-favourite-kerne l on your hardware, and then run other (modified) kernels on that. Running in domain 0 - the domain with access to the real hardware - actually requires more modification to the kernel, not less, so there is very little chance of getting Windows to run Xen.
    • I looked this up a while ago... Xen needs the HOST OS to be modified, at least with current CPUs. Fortunately, VMWare player if free as in beer, and it works. So, now I have a perfectly functioning Linux install which I couldn't do before (lack of WiFi support for my wireless chip). Xen is nice, but free VMWare is good and it works.
      • Re:VMWare Player... (Score:4, Interesting)

        by thehunger (549253) on Sunday February 19, 2006 @08:06PM (#14757754)
        You're right. Any you'll be glad to know that VMware has decided to provide a updated and FREE version of its GSX Server. This will allow you to CREATE virtual machines as well as run several VMs timultaneously. Also it can do SMP and 64-bit emulation, so you'll be able to install a 64-bit multi-processor version of an OS on your current 32-bit single processor computer...

          It's called VMware Server and is in beta now.

        However, it's not -entirely- free: VMware will charge for support, and there's no guarantee that updates and patches will be available for non-paying customers.
        • From what I understand, the guest/host requirements and capabilities are the same between the VMWare Server beta and the current release of VMWare Workstation (5.5). It's not possible to virtualize a 64bit CPU on a 32bit CPU.

          It is, however, possible to run a 64bit guest OS on a 32bit host OS if the underlying CPU is 64bit, but if both the host OS and host CPU are 32bit, then the guest OS invariably can only be 32 bit.
          • Correct, VMware doesn't virtualize the cpu hardware; it presents the CPU up directly as is to the guest virtual machine, if you only have a 32bit cpu you can only run 32bit. Which when you get to esx server and doing hot moves between physical boxes, means that all the capabilities (mmx, sse, etc) need to be supported on the target cpu as well.
  • Migration (Score:3, Interesting)

    by Stoned4Life (926494) on Sunday February 19, 2006 @05:35PM (#14756811) Homepage
    "Xen also offers virtual machine migration, where you freeze a Xen guest, move it to another machine and resume it there ... This also means that a similar environment for the guest has to exist on the remote system."

    And if a similar environment is not available when it is moved, what happens to the state of the user? Would the hardware in use when the state is saved have to be exactly alike on the target machine?

    Also, is the information retained on the backup until the full migration is completed and then deleted, or is deleting the backup during the migration optional, leaving a "frozen" and "restorable" state on the server? Is that a security risk if the workstation is compromised?
    • Re:Migration (Score:2, Informative)

      by dmp123 (547038)
      Xen provides a hardware virtualisation layer, so the images don't talk to the hardware directly, but talk through the Xen hypervisor. Therefore, the Xen hosting on the remote system will provide exactly the same 'hardware' as far as the image is concerned.

      David
    • The instant migrations are based on the vps being migrated between two host servers sharing the same storage system/SAN.

      If you don't have a shared storage system holding your domU file system then you'd have to move that over as well (e.g. 15 minutes or so for a 4GB file system).

      Oh and if you can't route the IPs betweens the two different hosts then you'd have to change the IPs to boot.

      --
      Xen-based VPS hosting [rimuhosting.com]

      • btw, Host58 migrated over to Xen 3.0 without a hitch.. thanks... you guys rock!
      • Which is still very usefull...
        You can have a single backend SAN, and hookup more machines to it as you need more images... And you can hook up newer hardware and migrate the images live to the new machines without needing to reboot any of them.
    • He he he, nope, that's what you do with LV's. xen's para-virtualizing allows you to move them while they are still running, really ;). http://www.cl.cam.ac.uk/Research/SRG/netos/xen/rea dmes/user/user.html [cam.ac.uk] Check out the introduction "Live migration of running virtual machines between physical hosts." Xen is going to mess with your head. Can you pass me that freebsd server when your done with it?
  • Now THIS is cool (Score:5, Interesting)

    by ScrewMaster (602015) on Sunday February 19, 2006 @05:40PM (#14756826)
    Xen virtual machines can be "live migrated" between physical hosts without stopping them. During this procedure, the memory of the virtual machine is iteratively copied to the destination without stopping its execution. A very brief stoppage of around 60-300 ms is required to perform final synchronisation before the virtual machine begins executing at its final destination, providing an illusion of seamless migration. Similar technology is used to suspend running virtual machines to disk and switch to another virtual machine, and resume the first virtual machine at a later date.

    (Quote from Wikipedia)

    Reminds of when I was watching the old Max Headroom show, and Max would shuffle himself off of one monitor onto a display on a portable "processing unit" and somebody would pick him up and carry him away.
  • What I want from OS virtualization is to be able to run one guest OS on multiple hosts for redundency. I don't have (personally) much use for running multiple guest OSs on a host. I want to have a setup where if apache is in the middle of processing a request and a whole machine does, the request is still completed by the remaining machine. RAID1 for the whole damn machine. If you could do this will F/OSS on dirt cheap comodity hardware, the utility would be huge.
    • What I want from OS virtualization is to be able to run one guest OS on multiple hosts for redundency.

      Then what you want is Marathon [marathontechnologies.com] style lock-style execution. It's a terribly hard problem because you have to make all software run deterministically (timers and IO events on both machines have to occur in the *exact* same moments in execution).

      Regards,

      Anthony Liguori
    • I'm sure that there would be some way to get a router to send the same request to two (or more) identical (as far as the server and content goes) machines and have them both process it. Then, just return the first response, and throw out all the later ones. That way, you get complete machine redundancy.
    • VMWare ESX Server 3 (currently in beta) will probably get as close as you can to having live fault tolarant servers. By sharing a storage such as SAN or iSCSI, it is able to instantly take over when it detects the failure of another physical box and should not lose any sessions or data. The other cool thing is that it can dynamically move a running virtual machine to a less loaded physical server. Still, it is not running two virtual machines simultaneously like you've described.
  • Limerick (Score:1, Funny)

    by DaSwing (902297)
    There's a dude who knows his stuff
    Sure his code is interestingly enough
    It will fulfill our wettest dreams
    Taking multitasking to the extremes
    Filling our machines with marshmallow fluff
  • Yeah, but does it run linux?

    Oh wait......
  • I personally have installed and ran generic Windows XP on Xen using the existing Intel chips with VT support. Performance basically sucks right now because Xen currently uses qemu to emulate bios/disk/network/video for these devices so with a lot of disk or network IO you can basically take the machine to its knees because it starts using up 100% cpu to emulate the IO.

Business is a good game -- lots of competition and minimum of rules. You keep score with money. -- Nolan Bushnell, founder of Atari

Working...