Last time I talked about the basics of virtualization, such as the application of virtualization, what technical paths each manufacturer uses to achieve it, etc. This article wants to record the knowledge I have learned about CPU memory virtualization and network virtualization , Create feedback by recording, so that you can learn more effectively. It should be noted that learning virtualization will inevitably deal with Linux .
Before that, let's review the basics of virtualization.
Virtualization has played an increasingly important role in our network industry. From VMware and EVE used in experiments at the beginning, to various virtual network devices running on the live network, all of them remind practitioners to pay more attention. Learn about this technique. Not only technicians will use virtualization, in fact, most people’s lives are inseparable from virtualization. For example, Windows we use is also a kind of virtualization because it is a time-sharing multiplexing system. The time-sharing system was first developed by IBM. Developed by engineers, it will divide resources into countless small fragments, thus realizing the simultaneous processing of multiple tasks. In a broad sense, virtualization is to virtualize multiple systems on a set of hardware platforms to improve the utilization efficiency of hardware.
Next, introduce CPU hardware-assisted virtualization. At this time, it is necessary to mention Intel and AMD, the two major CPU manufacturers. Among them, Intel uses VT-x technology, and AMD uses AMD-V technology to achieve. Their core idea is actually to make VMM and Guest OS run in ROOT mode and non-ROOT mode respectively by introducing new instructions and operating modes, and Guest OS runs in Ring 0. Usually, the Guest OS core instructions do not need to go through the VMM, and can be directly issued to the computer hardware for execution. Only when it executes a special instruction, it will switch to the VMM to process the special instruction.
When it comes to memory virtualization, we must first understand three concepts: VA (virtual address) virtual machine logical address, the logical address used by the process in the virtual machine; PV (phyiscal virtual address) virtual machine physical machine address, the virtual machine can see it by itself to its own physical address; MA is the real physical machine address of the host os. Memory virtualization is actually the mapping from MA to PV. The physical machine memory is a continuous address space, and each virtual machine on the upper layer of the virtual monitor (VMM) shares the memory address space of the physical machine. However, since the virtual machine accesses memory in a random manner, and it is necessary to ensure the continuity of the internal memory addresses of the virtual machine, the VMM needs to map PV and MA reasonably. The VMM manages the memory of the physical machine and reasonably allocates the requirements of the virtual machine. The mapping is done through the memory management unit in memory virtualization, and the technologies are divided into shadow page table method, page table writing method and extended page table EPT.
The shadow page table method realizes full memory virtualization. Among them, the VMM maintains a shadow page table for each Guest, and the mapping relationship from VA to MA is maintained in the table, and the Guest does not maintain the mapping relationship from VA to PV. When the VMM captures the change of the Guest page table, the VMM will look up the P2M page table or hash function responsible for the mapping of PV to MA, find the corresponding MA, and then fill it into the shadow page table that actually works on the hardware, and The Guest page table does not need to be changed.
The page table writing method is a kind of paravirtualization. By modifying the code of the operating system, the Guest OS is deprived of the right to write the page table, so the VMM can directly write its disciples to the page table of the Guest OS to realize page table virtualization. change. The details are that when the client computer accesses the page table, the VMM will also create a set of the same instrument, which stores the mapping between the physical address of the virtual machine and the physical machine address. When the client computer writes to the page table, the VMM deprives the client computer of The write operation permission of the operating system, and update the page table of the guest operating system, is that the Guest OS reads the real physical machine address from its own page table.
Extended page table EPT is hardware-assisted virtualization. It adds an EPT page table to the original page table to record the mapping relationship between PV and MA. VMM sets the EPT page table to the CPU, so there is no need for VMM to intervene. , during the conversion, the CPU automatically searches two page tables to complete the conversion from Guest to machine address, reducing the overhead of the entire memory virtualization.
In network virtualization, it is realized through SR-IOV technology. SR-IOV mainly solves the problem that pass-through can only be accessed by one virtual machine. The pass-through model allows the virtual machine to directly use physical devices to maximize network performance. The implementation of SR-IOV requires the cooperation of CPU, chipset and PIC to realize on hardware, realizing the "last mile" of virtualization. A network card that supports SR-IOV can register multiple network cards in VMM, and each device is assigned to a virtual guest machine through pass-through.
In the previous article, we introduced various virtualization software and technologies from different manufacturers, such as VMware, RedHat's QEMU-KVM, Microsoft's hyper-V, and Citrix's Xen. This article introduces the basics of memory virtualization and network virtualization in virtualization. It should be noted that learning virtualization will inevitably deal with Linux, because most of the time the operation is Linux system, here I recommend the book "Linux should learn this way" for students with weak Linux foundation, online reading : www.linuxprobe.com. There is an electronic version available on the website. If you feel that you have gained something, don’t forget to buy a physical book to support the author. There is no end to learning, and I hope to enrich myself with knowledge with everyone.