Forgot your password?
typodupeerror

Xen Hacker Interviewed 95

Posted by ScuttleMonkey
from the under-the-hood dept.
Drawoc Suomynona writes "The Xen virtual monitor is a new generation virtualization software that enable running multiple OSes at the same time with unprecedented level of performances. Manuel Bouyer was recently interviewed about his work porting Xen to the NetBSD operating system. The interview touches on why some consider Xen to be so good, how hard it is to integrate such a software package into an OS, and more."
This discussion has been archived. No new comments can be posted.

Xen Hacker Interviewed

Comments Filter:
  • by eggoeater (704775) on Sunday February 19, 2006 @06:19PM (#14756713) Journal
  • by HitScan (180399) on Sunday February 19, 2006 @06:23PM (#14756735)
    As I understand, vmware does do some limited emulation, at least VGA and Network cards. Xen instead traps all attempts to access the real devices in the machine and schedules them so that each operating system still thinks that they have full access to all of the real equipment. This requires some special kernel hooks, and that's why things like Windows and OS X aren't fully supported.

    Also, I've seen this story in at least 3 places and I don't think it's right to say anyone ported Xen to NetBSD, NetBSD was updated (It's not exactly a "port") to take advantage of Xen features. It's possible that patches were sent to the Xen team to make things work more smoothly, but it's hardly porting.
  • Re:Xen vs. jails (Score:5, Informative)

    by LLuthor (909583) <lexington.luthor@gmail.com> on Sunday February 19, 2006 @06:42PM (#14756844)
    BSD jails share the kernel, Xen systems have their own kernels (patched versions of the actual Linux/BSD/etc kernels) and communicate with the host kernel through the vizor. Xen can run multiple different kernels and also support all the features such as advanced routing and access to host hardware.

    Jails are lighter/faster but less secure (a kernel exploit in a jail will root the whole system).
  • Re:Xen on Windows (Score:2, Informative)

    by JoeGTN1 (836394) on Sunday February 19, 2006 @06:44PM (#14756854) Journal
    CoLinux is a wonderful thing. http://www.colinux.org/ [colinux.org]
  • Re:Migration (Score:2, Informative)

    by dmp123 (547038) on Sunday February 19, 2006 @06:45PM (#14756861)
    Xen provides a hardware virtualisation layer, so the images don't talk to the hardware directly, but talk through the Xen hypervisor. Therefore, the Xen hosting on the remote system will provide exactly the same 'hardware' as far as the image is concerned.

    David
  • Re:Xen on Windows (Score:3, Informative)

    by ocelotbob (173602) <ocelotNO@SPAMocelotbob.org> on Sunday February 19, 2006 @06:46PM (#14756864) Homepage
    As modifications have to be made to the host OS to be a Xen host as well, I doubt windows will ever be a Xen host; MS is too headstrong with their own virtualization software. However, you can run coLinux [colinux.org], however, you will run into some performance problems.
  • Re:OS X ? (Score:5, Informative)

    by MBCook (132727) <foobarsoft@foobarsoft.com> on Sunday February 19, 2006 @06:49PM (#14756878) Homepage
    My understanding is that Xen does not require the guest OS to be changed if the hardware supports virtualization (Vanderpool or Pacifica, depending on your chip maker). That means that with the right chip (I'm not sure if Core Duo has it or not) you could run OS X as a guest OS (I assume the host OS still needs to have support, which may be done with a simple application running as root).
  • by Anonymous Coward on Sunday February 19, 2006 @06:50PM (#14756888)
    so guest OSes that support that hardware can run with standard drivers. Xen creates a synthetic virtual device that's easier and more efficient to emulate than standard hardware. The downside is that there usually aren't any drivers for these virtual devices on most OSes since no one's written them yet. So if you go on Apple's web site and look for supported video hardware, you probably won't see Xen virtual video device. The other way of looking at it is Xen is the device maker and is supplying the driver directly rather than through Apple. And device makers don't always supply drivers for all OSes, at leat right away.
  • Re:Xen on Windows (Score:5, Informative)

    by hawicz (449905) on Sunday February 19, 2006 @07:07PM (#14756961)
    You're not understanding how Xen works. Xen doesn't let you run one OS inside another, they run side by side, almost as if they were two processes.

    Running OSes inside of Xen and running MS Windows inside of Linux are two completely different things. If you can run MS Windows inside of Linux, whether or not that Linux kernel is running inside of Xen probably won't matter, since for that to work at all you probably have to trap any protected instructions and emulate them. Whether the emulation is implemented using actual ring 0 instructions or Xen hypervisor calls should be irrelevant.

    However, you _can_ run Windows inside Xen, and people have done so. It's difficult to do because you need to manage to get a Windows source license and build your own copy with the necessary modifications, but not impossible.
  • Re:Xen on Windows (Score:5, Informative)

    by TheRaven64 (641858) on Sunday February 19, 2006 @07:15PM (#14756998) Journal
    You don't run Xen on Linux, exactly. You run Xen-and-a-modified-version-of-your-favourite-kerne l on your hardware, and then run other (modified) kernels on that. Running in domain 0 - the domain with access to the real hardware - actually requires more modification to the kernel, not less, so there is very little chance of getting Windows to run Xen.
  • by horacerumpole (877156) on Sunday February 19, 2006 @07:34PM (#14757133)
    I think you should update your information [wikipedia.org] about this.

    Xen 3.0 on the newer Intel/AMD chips should be able to run Windows (or any other OS) without modification to the hosted OS.

  • Re:Xen on Windows (Score:4, Informative)

    by SillyNickName4me (760022) <dotslash@bartsplace.net> on Sunday February 19, 2006 @08:17PM (#14757439) Homepage
    You could say that XEN itself is the 'host OS' abeit a very tiny one.

    Virtual machines on XEN are called 'domains', and besides using virtual devices, they can also provide them.

    Normally, domain 0 is responsible for providing almost all virtual devices (networking, disks etc). This may give the illusion that what runs in domain 0 is the host OS, but it is not, it is just another 'virtual machine', and while it is normal for domain 0 to do this, any domain running the proper kernel can provide devices to XEN.

  • Re:Xen on Windows (Score:4, Informative)

    by ozmanjusri (601766) <aussie_bob@nOsPAm.hotmail.com> on Sunday February 19, 2006 @08:58PM (#14757697) Journal
    MS is too headstrong with their own virtualization software.

    Microsoft are planning to release their own Hypervisor next year, and you're right, their version will be built into the Windows Server product.
    http://news.com.com/Microsoft+hypervisor+plan+take s+shape/2100-1016_3-5735876.html [com.com]

  • by TheUser0x58 (733947) on Monday February 20, 2006 @12:12AM (#14758654) Homepage
    the main reason why Windows and Mac OS X are not supported in older Xen systems is because Xen allows guest OSes to run without trying to intercept privileged instructions. Thus, operating systems which haven't been "ported" to Xen wont run because they expect these instructions to work (but they dont). VMWare "ports" guest OSes at runtime, actively changing these privileged instructions in the guest OS, so that it doesnt need to be modified beforehand by the user.

    And also, the Cambridge guys did come up with a Windows XP port for their own academic purposes, but they obviously cant release it for licensing reasons, etc.

  • Re:Xen on Windows (Score:5, Informative)

    by tinkertim (918832) * on Monday February 20, 2006 @12:41AM (#14758758) Homepage
    You are correct and more so than you'd think. Xen provides true isolation of its dom-u's (user VM's). The xen hypervisor is most likely some of the most efficient code ever released to the open source community.

    Xen layering and management allows you to do tons of stuff, I'm already doing SSI clusters on single machines. Xen + Win2k3 has been accomplished. This with CVIP / HA-LVS all running on one nic. Slice a high end p4 into a 6 + 1 (x 128) MB cluster of isolated servers. Its truly HA in a box, and very very simple.

    The reason they call it a hypervisor is just that, its a step above a supervisory process. On VT enabled platforms (The new P4's / AMD's) you really start to see what xen can do without the bottlenecks of processor architecture.

    Personally I think the ease of clustering is more important (and useful to the internet at large) than the ability to play with Windows stabalized under Linux. (I love saying that knowing its actually happened hehehehhe).

    I can also say NetBSD does *very* well under xen.

    Here's a really cool example config of how xen could slice up a high end dual xeon.

    Assume .. Dual xeon .. 3.2 .. 4GB Registered 2x 250 GB SATA disks (one of my labs)

    2 nics at 1000 MBPS, Connected to a gig-e switch. 100 MBPS x2 uplinks from 13 blended carriers. Basically, the average server you lease at any datacenter. Remember, you don't ever get to physically touch them. Xen is easy enough to install without needing local access.

    You setup 2 smaller (maybe 256 MB each) netbsd firewalls , do some traffic shaping if you want. From there, you toss it over to an OpenSSI / Debian cluster running on the same machine.

    Here's the really cool part. The bsd machines can talk to dom-0 and tell it when its time to drop nodes or add nodes, or make nodes bigger.

    Need more servers? Simple . Xen them and load the ssi node image via pxe / etherboot.

    Its very very easy then to setup the bridging needed to get a working cvip configuration and start weighting ports. So now you have 2 failover netbsd front end routers , failover LAMP and failover nics. Stick those SATA's in RAID1 and your only single point of faliure becomes your power supply or something going horribly wrong on domain 0. At the price it costs for those servers, you can afford 2 and pay under 500 bucks for the whole shebang if you lease them. Buying outright and co-locating is the best way. Or if your one of the fortunates with fiber coming into your own building ...

    Now toss xen3 in there and you have yourself a win2k3 setup hosting your certificate authoirty, snaps, etc. bring it all into AD if you want. Its a networking "magic bag".

    I'm just scratching the surface. These Guys [option-c.com] Have a really, really useful wiki, as well as some "unofficial" Debian install packages. Your average Linux geek could get it going quickly.

    Keep your eyes on Xen. Its going to do good things for everyone - and its going to push commercial equals to .. well .. be more equal. Right now (afaic) Xen tips the scales in its direction.

    Windows is just one of the marvels folks. Look at the big picture. Some of us have been screaming Xen for a while now .. so its sort of a triumph to see it finally getting a larger following :) Virtuozzo just cant *touch* it.

    Off the soapbox. Hope someone found this useful. It took an awful long time to type. Course would help if I wasn't eating messy food ..

  • Re:Xen vs. jails (Score:5, Informative)

    by WindBourne (631190) on Monday February 20, 2006 @01:00AM (#14758837) Journal
    The other major issue is that a jail is basically a chroot with some needed access to certain files. It will be one version of BSD / physical machine. In fact, jails are probably closer to UML on linux, then to Xen.

    In contrast, Xen can run multiple instances of different OS. That is, on one physical box, you could run Suse, Mandrake, Redhat, NetBSD, and even Windows. So Xen is closer to vmware than to jails.
  • Re:Xen on Windows (Score:4, Informative)

    by tinkertim (918832) * on Monday February 20, 2006 @09:43AM (#14760516) Homepage
    You've basically just described what could happen to any processor (no matter how conjoined or how many) that could not return at or greater than the rate it was being fed, which is the point of using Xen in the first place :) I refer to it as 'meltdown' however.

    You also have to keep in mind that most clusters are application specific.

    With Xen and SSI you have two things that both do a very good job of :

    1 - Replace "dumb" round robin load balanced racks (it makes a very good load balancer)

    2 - Isolating applications (nevermind the os we're talking about a single image)

    I'm not going to go into number one because its obvious (or is to who I'm replying to).

    Lets look closer at #2. I'd like to (for demonstration) use as an example the vast number of people using an open source application on their website powered by Apache, PHP and MySQL.

    I'd also like to call attention to the fact that commonly those aren't the only 3 malloc()'ing hogs running on any given single server. In fact you'll find most public services running in one place. This means a mailer (exim for this example), Spam Assassin, Clam AV (if they care about their mailbox), MySQL, SMTP bandwidth logging generally using MySQL, SSH, most likely POP and IMAP. Eh, almost forgot DNS but bind is pretty small. Now they're all figting for cache, while trivial system processes live happily in dentry and watch the public ones choke to death. Xen helps you stop this.

    Imagine 300 http sessions (lets say some chat program mandated session keep alives), now someone rolls in with a brute force spam attack. There goes exim, spam assassin and clam AV.

    Pretty soon things just stop forking and said server needs its diaper changed. So what you described is also what most people have existing.

    Now take a look at any 20 places selling co-located servers , or leasing them. You've got about $200 - $300 a month you can spend. Your site was a hobby and now its a kick in your wallet. You'll find a nice Dual Xeon 3.2 (even a 2.8 would work) and you can get a few nics and 4 GB registered RAM.

    You can, then with Xen and OpenSSI solve your problem, isolate your services, make some of them highly available and you (can) do it on a single platform and increase its capacity drastically. We have a few things at play :

    1 - Xen's routing is very , very fast. That coupled with a sensible CVIP configuration can and will direct traffic as well as most medium line load balancers. I'm not talking about your $50k models that let you shape and direct down to the most miniscule trait of the session.. and I'm not talking about a cheapo. I'm also not calling out anything by brandname.. but I think you can relate for purposes of banter.

    2 - You can't (and should not) run one of these from one physical ethernet device. While you don't need to give each node a seperate (real) nic, you really should split things up. By doing so you're freeing up kernel resources to do other things (like direct traffic avoiding I/O bottlenecks).

    3 - You need to really play with your kernels. You really need to ensure you are taking advantage of your either (SATA) or preferably (SCSI) disks.

    4 - You need to use sensible applications that interact nicely with your sql server, and (as you pointed out) have a very good understanding of Linux and its I/O. Be smart.. use flatfiles when you can (in other words plan your cluster).

    5 - You can use xen in a more conventional setup too :) Just allocate 99% of any given server to your etherboot dom-u. iscsi / good gig-e nics and short copper runs to medium grade switches do this quite well.

    So should Ebay fire one up today? No .. that would be as dumb as driving on your spare tire to look cool. Can your forum, e-commerce shop or php based game stay up and running? Sure :)

    But what I just typed is several options available to site owners who 6 months ago only had much more expensive options.
  • by stedo (855834) on Monday February 20, 2006 @12:57PM (#14761736) Homepage
    I don't think it's right to say anyone ported Xen to NetBSD


    You're right, nobody ported Xen to NetBSD. That's not how Xen works. What happened was someone ported NetBSD to Xen. Instead of this new version of NetBSD accessing hardware, it asks Xen to do it. This required no modification of Xen, just modification of the NetBSD kernel to avoid accessing hardware directly. It's comparable with porting NetBSD to a new chip architecture.

Anyone can do any amount of work provided it isn't the work he is supposed to be doing at the moment. -- Robert Benchley

Working...