2. Computing virtualization
1. Introduction to computing virtualization
1.1 Introduction to virtualization
a. What is virtualization
Logicalize physical devices and convert them into files or folders. This file or folder must contain two parts: one part is used to record device configuration information, and the other part records user data.
The virtual machine is freed from the confinement of the server, allowing the migration of the virtual machine within the cluster.
b. History of Computing Virtualization
c. Important concepts in computing virtualization
Host Machine: physical machine; it must be transferred to the operating system (Host OS)
Hypervisor: virtualization software layer/virtual machine monitor (Virtual Machine Monitor, VMM); virtualization core, responsible for monitoring the status of virtual machines, assigning CPUs to virtual machines, and IO virtualization.
Guest Machine: A virtual machine that is virtualized.
Guest OS: virtual machine operating system.
d. Classification of computing virtualization
① Bare metal virtualization (Bare Metal Server, BMS, Type I model)
Hypervisor can directly call hardware resources without the underlying Host OS. It can also be understood that in Type I virtualization, Hypervisor itself is a customized Host OS. In addition to being able to play the role of VMM, generally it cannot be installed on this Host OS. other applications.
The hypervisor mainly implements two basic functions, the first is to identify, capture, and respond to the CPU privileged instructions or protection instructions issued by the virtual machine, and the second is to process the virtual machine queue and scheduling, and return the processing results of the physical hardware to the corresponding virtual machines. machine.
Hypervisor will be responsible for managing all resources and virtual environments. VMM can be used as a complete operating system for virtualization, controlling all resources (memory, CPU, IO devices, etc.) The machine is used to run the Guest OS, and is responsible for the connection with the hardware.
**Main products:**VMware ESXI, Proxmox VE, Microsoft Hyper-V, Alibaba Cloud Shenlong, Huawei Cloud BMS, Tencent Cloud Blackstone
**Advantages: **The virtual machine does not depend on the operating system; it has good compatibility and supports multiple operating systems and applications; it has good performance and low loss
**Disadvantages: **Virtualization kernel development is difficult
② Host-based virtualization (Host-based Model, Type II model) The
physical resources of this model are managed by the Host OS, and the virtualization function is provided by the VMM. The VMM is a common application program on the underlying operating system (Host OS). Create corresponding virtual machines to share underlying server resources. VMM obtains resources by scheduling Host OS services to realize virtualization of memory, CPU, and IO devices. Virtual machines created by VMM usually participate in scheduling as a process of Host OS.
Main products: VMware Workstation, VirtualBox, Parallels Desktop
Pros: simple, easy to implement
Disadvantages: installation and application depend on component-dependent operating system support for devices; high management overhead; high performance loss
e. Features of virtualization
Partition: A server can divide many virtual machines, each virtual machine has its own operating system, they do not interfere with each other, each operating system can only see its own allocated resources (CPU, memory, network card wait).
Isolation: Multiple Guest OSes run on one server. If one Guest OS is attacked, other Guest OSs will not be affected and can run normally.
Encapsulation: The essence of virtualization is to logically divide a server into multiple files or folders. Each virtual machine is a folder, which is divided into many files. This is encapsulation. After encapsulation, the operating system and hardware can be decoupled, and the operating system can run across hardware.
Independent: When creating a virtual machine, a folder will be generated. When this folder is copied to the specified directory of another host, it can also run normally.
1.2 Fields of Computing Virtualization
a.CPU virtualization
①CPU Hierarchical Protection Domain
In the hierarchical protection domain of the CPU, the CPU is divided into 4 rings/permissions. The system is more stable.
In virtualization, HostOS and GuestOS or Hypervisor are also operating systems, and they should all have Ring 0 permissions. The hardware does not know whose instructions to listen to. At this time, a new instruction-sensitive instruction is used. There are two solutions: full virtualization and paravirtualization
② When the fully virtualized
Guest OS executes sensitive instructions, the Hypervisor will also get the message. The Hypervisor translates the instructions and then executes the sensitive instructions, calls the hardware and returns the result to the Guest OS.
Disadvantage: During the full virtualization process, the Guest OS does not know that when the virtual machine executes a command, the Hypervisor also translates and executes the command, which is equivalent to executing the command twice, so there is a certain performance consumption.
③Paravirtualization
After the Guest OS discovers that it is a sensitive instruction, it invokes a hypercall (Hypercall), and sends the sensitive instruction to the Hypervisor. The Hypervisor executes the sensitive instruction, invokes the hardware, and returns the result to the Guest OS.
Disadvantages: Many closed-source operating systems do not support paravirtualization (such as: Windows).
④Hardware virtualization
The CPU no longer divides the protection domain into Ring 0 to Ring 3, but into root mode and non-root mode. Each root mode has the authority of Ring 0 and Ring 3, and the Guest OS runs in Ring 0 in non-root mode. , the Host OS runs on Ring 0 in root mode.
b. Memory virtualization
Physical memory cannot meet the memory requirements of multiple virtual machines on the host, so memory virtualization appears.
When the physical host allocates memory address space, it must start from 0, and the memory address space is continuous. However, after the introduction of virtualization, it is impossible to meet the renewal requirements of all virtual machines for memory usage starting from physical address 0, and it is also difficult. Guaranteed memory continuity.
The solution is to perform address mapping. When doing memory virtualization, a new address space is introduced to make the virtual machine mistakenly think that it is 
running in the real physical space. In fact, what it sees is the virtual memory mapped by the VMM to the virtual machine; Each virtual machine feels that the addresses are continuous, but in fact they are discrete on the physical machine side, and these are all realized through VMM.
c. IO virtualization
There are three types of IO virtualization: simulation, paravirtualization, and IO transparent transmission
①Simulation (full virtual): use software to simulate real hardware, simulate common hardware, such as mouse and keyboard, capture by focus, whichever host captures the focus will be used by the host, and the performance is very poor
②Paravirtualization: It is common for hardware drivers to be directly transferred from the front end (IO frontend) to the back end (IO backend). It is usually only used for hard disks and network cards, with high performance
③IO-through: IO transparent transmission, directly assigned to the physical device of the virtual machine, such as directly assigning a hard disk or network card to the virtual machine, requires the hardware to have IO transparent transmission technology, which is allocated by Dom0 under xen, but the access is used directly without going through Dom0, requires hardware support
1.3 The difference between virtualization and cloud computing
Virtualization is to improve the utilization of hardware. One physical host is virtualized into multiple logical hosts, which can run different applications independently. Since the virtual host logic is converted into a file or folder, the strong coupling of software and hardware is broken. By automatically migrating files or folders you can improve the performance of your business running on virtual machines.
In cloud computing, virtualization is used to simply realize IaaS cloud services. Part of IaaS and Paas are realized based on virtualization, and the other part is realized based on physical hardware and distributed computing.
1.4 Mainstream Computing Virtualization Technology
KVM: full virtualization, is a module in the Linux kernel, used to realize the virtualization of CPU and memory, is a process of Linux, other IO devices need KVM to realize).
Xen: full virtualization/paravirtualization, running directly on the hardware, the virtual machines in Xen are divided into two categories: Dom0 and DomU; Dom0 is a privileged virtual machine, which has the right to directly access hardware and manage other DomU, in Dom0 needs to be started in advance before other virtual machines start; DomU is an ordinary virtual machine and cannot directly access hardware resources. All operations need to be forwarded to Dom0 in the form of front-end and back-end drivers, and then Dom0 will return the results to Dom0 after completing specific operations. DomU.
2. Introduction to KVM
2.1 What is KVM
The full name of KVM is Kernel-based Virtual Machine. It is a kernel-based virtual machine and is a typical type II full virtualization. When this module is installed in an ordinary Linux, three operating modes will be added, namely: virtual mode, user mode, kernel mode.
Virtual mode: mainly refers to the virtual machine, including virtual devices such as CPU, memory, and disk of the virtual machine, which is placed in a limited CPU mode.
User mode: mainly runs KVM, and simulates and executes IO-like operations for the virtual machine.
Kernel mode: It can perform hardware operations. When the Guest OS performs IO operations or privileged instruction operations, it needs to submit a request to the user mode, and then the user mode initiates the request again and sends it to the kernel mode to perform real operations.
2.2KVM system
KVM is usually divided into three parts: management tools, KVM, QEMU
Management tools: used to manage the hardware resources of virtual machines.
KVM: Realize CPU virtualization and memory virtualization.
QEMU: Implement IO virtualization.
2.3Libvirt
Libvirt is a powerful management tool that can manage virtual platforms, including KVM, Xen, VMware, Hyper-V, etc. The virtual platform itself does not support the operation of multiple languages. Libvirt supports interfaces of various development languages. Connecting Libvirt facilitates the application of plug-ins of various development languages on the virtual platform.
2.4 KVM I/O operation process - default
- Guest OS initiates an operation request and sends it to the virtual device driver
- There is an I/O Trap code in the KVM module, which will capture this IO request
- After capture, KVM puts the IO request into the I/O shared page
- At the same time, KVM will also notify QEMU, and QEMU will go to the I/O sharing page to obtain this request and check the specific requirements of the IO request.
- QEMU simulates according to the IO request and sends a request to the real device driver
- After the device driver receives the request from QEMU, it will deliver it to the physical hardware to process the request
- After the processing is completed, QEMU puts the processing results in the I/O shared page
- At the same time, notify the KVM module of the processing result
- The KVM module fetches the result from the I/O shared page and sends it to the virtual device driver
- The virtual device driver simulates the results and sends the simulation results to the Guest OS, so that the entire IO request is completed
2.5KVM I/O operation process-Virtio
Allowing the Guest OS to communicate directly with QUEM without going through KVM can simplify the request steps and improve performance.
In Virtio, IO requests and QEMU returns no longer pass through KVM, but are placed in a space called vring, which is paravirtualization.
3. Introduction to Fusion Compute
3.1FusionCompute Architecture
The FC architecture is very similar to the KVM architecture. Both are management tools to manage products. The management tool of FC is VRM. VRM can provide administrators and users with a web-based graphical management interface. On it, you can see the status of virtual machines and virtual resources. The state of the pool, the information of the physical hardware, the information of the virtual machine, etc.
The cluster provides computing resources, storage resources, and network resources upwards
3.2 Advantages of Fusion Compute
①Unified management of virtualization and physical resources
②VRM can quickly issue virtual machines, copy, templates, etc.
3.3 FusionCompute components
FC consists of two components, VRM and CAN
| components | Function |
|---|---|
| CNA | ① Provide virtual computing ② Manage virtual machines on computing nodes ③ Shut down computing, storage, and network resources on computing nodes |
| VRM | ① Manage block storage resources in the cluster ② Manage network resources (IP/vlan) in the cluster and assign addresses to virtual machines ③ Manage the life cycle of virtual machines in the cluster and the distribution and migration of virtual machines on computing nodes ④ Manage clusters Dynamic adjustment of resources ⑤Through unified management of virtual resources and user data, external services such as elastic computing, storage, and network are provided ⑥By providing a unified maintenance and management interface, operation and maintenance personnel can remotely access and operate through the web management interface |