Weiwei Jia,Cheng Wang,Xusheng Chen,Jianchen Shan,Xiaowei Shang,Heming Cui,Xiaoning Ding,Luwei Cheng,Francis C. M. Lau,Yuexuan Wang,Yuangang Wang

2018-01-01

Abstract:In clouds where CPU cores are time-shared by virtual CPUs (vCPU), vCPUs are scheduled and descheduled by the virtual machine monitor (VMM) periodically. In each virtual machine (VM), when its vCPUs running I/O bound tasks are descheduled, no I/O requests can be made until the vCPUs are rescheduled. These inactivity periods of I/O tasks cause severe performance issues, one of them being the utilization of I/O resources in the guest OS tends to be low during I/O inactivity periods. Worse, the I/O scheduler in the host OS could suffer from low performance because the I/O scheduler assumes that I/O tasks make I/O requests constantly. Fairness among the VMs within a host can also be at stake. Existing works typically would adjust the time slices of vCPUs running I/O tasks, but vCPUs are still descheduled frequently and cause I/O inactivity.Our idea is that since each VM often has active vCPUs, we can migrate I/O tasks to active vCPUs, thus mitigating the I/O inactivity periods and maintaining the fairness. We present VMIGRATER, which runs in the user level of each VM. It incorporates new mechanisms to efficiently monitor active vCPUs and to accurately detect I/O bound tasks. Evaluation on diverse real-world applications shows that VMIGRATER can improve I/O performance by up to 4.42X compared with default Linux KVM. VMIGRATER can also improve I/O performance by 1.84X to 3.64X compared with two related systems.

Mengyuan Li,Shashvat Srivastava,Mengjia Yan

2024-03-06

Abstract:Trusted I/O (TIO) is an appealing solution to improve I/O performance for confidential VMs (CVMs), with the potential to eliminate broad sources of I/O overhead. However, this paper emphasizes that not all types of I/O can derive substantial benefits from TIO, particularly network I/O. Given the obligatory use of encryption protocols for network traffic in CVM's threat model, TIO's approach of I/O encryption over the PCIe bus becomes redundant. Furthermore, TIO solutions need to expand the Trusted Computing Base (TCB) to include TIO devices and are commercially unavailable.

Cryptography and Security

Liangwei Zhu,Jianhai Chen,Qinming He,Dawei Huang,Shuang Wu

DOI: https://doi.org/10.1007/978-3-642-40820-5_11

2013-01-01

Abstract:Live migration of virtual machines (VMs) plays an important role in grids, clouds and datacenters, and has become the cornerstone of resource management in virtualized systems. The efficiency of live migration depends on the downtime, total migration time and total transferred data. However, while migrating a memory-intensive VM, XEN/KVM often do many useless iterations of memory copy in order to reach expected downtime which can never be reached, leading to a great deal of useless data transferring and insufferable total migration time. It consumes mass of network bandwidth and CPU resource when transferring memory from one to another node. Hence, a critical task is to determine the optimal time to terminate the copy iteration for live migration. In this paper, we propose a smart iteration-termination criterion based live migration which is termed as ITC-LM, to self adaptively control when to terminate iteration. We have implemented ITC-LM into KVM/QEMU. The improvement is significant, especially when migrate a memory-intensive VM. The experimental results show that, our approach can decrease 50.33% of total transferred data on average without impairing migration downtime.

Diming Zhang,Fei Xue,Hao Huang,Shaodi You

DOI: https://doi.org/10.1007/s11704-017-6466-1

IF: 2.6688

2018-01-01

Frontiers of Computer Science

Abstract:Barely acceptable block I/O performance prevents virtualization from being widely used in the High-Performance Computing field. Although the virtio paravirtual framework brings great I/O performance improvement, there is a sharp performance degradation when accessing high-performance NAND-flash-based devices in the virtual machine due to their data parallel design. The primary cause of this fact is the deficiency of block I/O parallelism in hypervisor, such as KVM and Xen. In this paper, we propose a novel design of block I/O layer for virtualization, named VBMq. VBMq is based on virtio paravirtual I/O model, aiming to solve the block I/O parallelism issue in virtualization. It uses multiple dedicated I/O threads to handle I/O requests in parallel. In the meanwhile, we use polling mechanism to alleviate overheads caused by the frequent context switches of the VM’s notification to and from its hypervisor. Each dedicated I/O thread is assigned to a non-overlapping core to improve performance by avoiding unnecessary scheduling. In addition, we configure CPU affinity to optimize I/O completion for each request. The CPU affinity setting is very helpful to reduce CPU cache miss rate and increase CPU efficiency. The prototype system is based on Linux 4.1 kernel and QEMU 2.3.1. Our measurements show that the proposed method scales graciously in the multi-core environment, and provides performance which is 39.6x better than the baseline at most, and approaches bare-metal performance.

Kun Cheng,Yuebin Bai,Yongwang Zhao,Yao Ma,Duo Lu,Yuanfeng Peng,Minxuan Zhou

DOI: https://doi.org/10.1016/j.jss.2015.12.002

IF: 3.5

2016-01-01

Journal of Systems and Software

Abstract:Despite the rapid development and the wide use, virtualization confronts new challenges on improving network I/O performance. For virtual machines co-existed on a server, inter-VM network performance turns out to be worse than expected. Although many efforts have been dedicated to that issue on paravirtualized (PV) machines, HVMs (Hardware Virtual Machines) get less attention. However, co-resident HVMs are also suffering from low network I/O performance which troubles IaaS cloud infrastructure providers. Such problem is prominent as in the front-back network model several performance bottlenecks appear when inter-VM traffic is being handled.In this paper, we propose a novel approach and implement a prototype called "(HVM)-M-2" to optimize inter-HVM network performance, which mainly address the throughput issues. (HVM)-M-2 takes advantages of the existing mechanisms for HVMs provided by Xen and is totally hardware independent. Unlike the existing idea, (HVM)-M-2 pushes data to the receivers without using shared memory buffer to transfer the pending network data. To evaluate our work, we test and compare network response time, network throughput and CPU utilization with other popular approaches such as SR-IOV. The result shows that the new communication model has great improvements in network delay and throughput with little pressure on Domain-0. (c) 2015 Elsevier Inc. All rights reserved.

Kejiang Ye,Xiaohong Jiang,Siding Chen,Dawei Huang,Bei Wang

DOI: https://doi.org/10.1109/HPCC.2010.79

2010-01-01

Abstract:Virtualization technology is currently widely used due to its benefits on high resource utilization, flexible manageability and powerful system security. However, its use for high performance computing (HPC) is still not popular due to the unclearness of the virtualization overheads. It's worthy to evaluate the virtualization cost and to find the performance bottleneck when running HPC applications in virtual cluster. We first evaluate the basic performance overheads due to virtualization. Then we create a 16-node virtual cluster and perform a performance evaluation for both para-virtualization and full virtualization. After that, we evaluate the MPI (Message Passing Interface) scalability to investigate the impact of MPI and network communication between virtual machines. In addition to the macro assessment, we use the Oprofile/Xenoprof to investigate the architecture characterization like CPU cycle, L2 cache misses, DTLB misses and ITLB misses which is an auxiliary explanation to the performance bottleneck. Experimental results indicate that performance overheads of virtualization are acceptable for HPC, para-virtualization is very suitable for HPC due to the high virtualization efficiency and efficient inter-domain communication. Finally, we use the non-linear regression modeling technology to present a performance model for network latency and bandwidth to predict the performance in virtual cluster environment.

Yuxia Cheng,Wenzhi Chen,Zonghui Wang,Xinjie Yu

DOI: https://doi.org/10.1109/jsyst.2015.2469652

IF: 4.802

2015-01-01

IEEE Systems Journal

Abstract:Virtualization technology enables multiple virtual machines (VMs) to share a single physical server. Commercial servers increasingly use the nonuniform memory access (NUMA) architecture due to its scalable memory performance. However, multiple VMs running on a NUMA physical server will cause performance overheads such as remote memory access latency and shared microarchitectural resource contention, which makes the VM performance less efficient and stable. These performance overheads are mainly caused by memory traffic from data-intensive workloads. In this paper, we propose a traffic-aware VM optimization (TAVO) scheme on NUMA systems. Based on the performance monitoring of the data traffic and CPU/memory resource usages in the system, TAVO addresses VM memory access locality and shared resource contention problems via automatic VM initial placement and NUMA-aware VM online scheduling. Our experimental results show that TAVO improves VM performance in terms of benchmark runtime by up to 22.6% compared with the default KVM CFS scheduler. TAVO also achieves a much stable performance with benchmark's average runtime variation under 3%.

Zongpu Zhang,Chenbo Xia,Cunming Liang,Jian Li,Chen Yu,Tiwei Bie,Roberts Martin,Daly Dan,Xiao Wang,Yong Liu,Haibing Guan

DOI: https://doi.org/10.1109/tc.2024.3375589

IF: 3.183

2024-01-01

IEEE Transactions on Computers

Abstract:I/O virtualization is utilized by cloud platforms to provide tenants with efficient, scalable, and manageable network and storage services. The de-facto industrial standard, paravirtualization, offers rich cloud functionality by introducing split front-end and back-end drivers in the guest and host operating systems, respectively. Given this fact, paravirtualization incurs host inefficiency and performance overhead. Thus, emerging hardware virtio accelerators (i.e., SRIOV-capable devices that conform to virtio specification) with device passthrough technologies mitigate the performance issue. However, adopting these devices presents the challenge of insufficient support for live migration.This paper proposes Un-IOV, a novel I/O virtualization system that simultaneously achieves bare-metal level I/O performance and migratability. The key idea is to develop a new hybrid virtualization stack with: (1) a host-bypassed direct data path for virtio accelerators, and (2) a relayed control path guaranteeing seamless live migration support. Un-IOV achieves high scalability by consuming minimum host resources. Extensive experiment results demonstrate that Un-IOV achieves superior network and storage virtualization performance than software implementations with comparable performance of direct passthrough I/O virtualization, while imposing zero guest modification (i.e., guest transparency).

Jiexiong Xu,Yue Qiu,Yiquan Chen,Yijing Wang,Wenhai Lin,Yiquan Lin,Shushu Zhao,Yuqi Liu,Ying Wang,Wenzhi Chen

DOI: https://doi.org/10.1145/3688351.3689154

2024-01-01

Abstract:The NVMe-over-Fabrics (NVMe-oF) is gaining popularity in cloud data centers as a remote storage protocol for accessing NVMe storage devices across servers. With the rapid increase in throughput of the NVMe storage devices, the NVMe-oF stack consumes a significant amount of valuable CPU resources. To release these valuable computing power to other tasks, many smartNICs now support NVMe-oF Target offloading. However, this emerging NVMe-oF offloading scheme's performance has not been fully investigated. In this work, we conducted comprehensive evaluations on smartNIC NVMe-oF target offloading and non-offloading NVMe-oF with TCP and RDMA. Our results demonstrate that the target offloading can achieve comparable throughput compared to NVMe/RDMA in most synthetic and real-world application workloads while releasing up to 38.7% CPU resources. Additionally, target offloading benefits from host bypass and peer-to-peer communication between smartNIC and NVMe SSD, resulting in only 68.9% to 95.8% average latency of NVMe/RDMA. However, we also found that target offloading schemes lack flexibility for specific storage device models, leading to abnormal performance degradation. Finally, we provide insight for system architects to select the appropriate scheme based on the workload and storage device features to fully leverage the advantages of target offloading.

Diming Zhang,Hao Wu,Fei Xue,Liangqiang Chen,Hao Huang

DOI: https://doi.org/10.1109/ICPADS.2017.00047

2017-01-01

Abstract:Today extending virtualization technology into high-performance, cluster platforms generates exciting new possibilities, including dynamic allocation of resources to job, easier to share resources between different jobs, easy checkpointing of jobs, and deployment of job-specific work environment. However, there still exists an I/O scalability problem in virtualization layer which may impede virtualization technology to be widely used in high-performance computing. Because we meet a sharp performance degradation when a virtual machine uses the multiqueue high performance non-volatile storage device as the secondary storage. Such a problem is caused by the current virtual block I/O layer which uses only one I/O thread to handle all I/O operations to a virtualized storage device. As the number of I/O intensive workloads increases, the rate of mutex contention of the I/O thread is accelerated because only one of them is allowed to run at any given instant. Therefore, it is the key problem that should be settled immediately so as to improve block I/O performance in virtualization. In this paper, we propose a novel design of high performance block I/O stack to solve this problem. The workloads will be free of the I/O contention inside the hypervisor by using the proposed method which uses multi-threaded I/O threads to handle all I/O operations to one storage device in parallel. Meanwhile, we use switch-less mechanisms to reduce the overhead caused by sending notification between a VM and its hypervisor; and improve I/O affinity by assigning a distinct dedicated core to each I/O thread in order to eliminate unnecessary scheduling. The prototype system is implemented on Linux 3.19 kernel and Quick Emulator (QEMU) 2.3.1. We deploy it to the POWER8 server for a detailed evaluation. The experimental results show that the proposed architecture scales graciously with multi-core environment. For example, test on 10-ways parallel I/O intensive workloads gets an 800\% increase than the single core implementation, indicating that the block I/O performance in a virtual machine is close to that of a bare metal system.

Huailiang Tan,Yanjie Tan,Xiaofei He,Kenli Li,Keqin Li

DOI: https://doi.org/10.1109/tpds.2018.2865341

IF: 5.3

2018-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:In modern virtual computing environment, the 2D/3D rendering performance and parallel computing potential of GPU (graphics processing unit) must be fully exploited for multiple virtual machines (VMs). Existing GPU virtualization techniques are unable to take full advantage of a GPU's powerful 2D/3D hardware-accelerated graphics rendering performance or parallel computing potential, or it has not been considered that the internal resources of a GPU domain are fairly allocated between VMs with different performance requirements. Therefore, we propose a multi-channel GPU virtualization architecture (VMCG), model the corresponding credit allocating and transferring mechanisms, and redesign the virtual multi-channel GPU fair-scheduling algorithm. VMCG provides a separate V-Channel for each guest VM (DomU) that competes with other VMs for the same physical GPU resources, and each DomU submits command request blocks to its respective V-Channel according to the corresponding DomU ID. Through the virtual multi-channel GPU fair-scheduling algorithm, not only do multiple DomUs make full use of native GPU hardware acceleration, but the fairness of GPU resource allocation is significantly improved during GPU-intensive workloads from multiple DomUs running on the same host. Experimental results show that, for 2D/3D graphics applications, performance is close to 96 percent of that of the native GPU, performance is improved by approximately 500 percent for parallel computing applications, and GPU resource-allocation fairness is improved by approximately 60-80 percent.

Lei Xia,Zheng Cui,John Lange,Yuan Tang,Peter Dinda,Patrick Bridges

DOI: https://doi.org/10.1007/s10586-013-0274-7

2013-01-01

Cluster Computing

Abstract:A collection of virtual machines (VMs) interconnected with an overlay network with a layer 2 abstraction has proven to be a powerful, unifying abstraction for adaptive distributed and parallel computing on loosely-coupled environments. It is now feasible to allow VMs hosting high performance computing (HPC) applications to seamlessly bridge distributed cloud resources and tightly-coupled supercomputing and cluster resources. However, to achieve the application performance that the tightly-coupled resources are capable of, it is important that the overlay network not introduce significant overhead relative to the native hardware, which is not the case for current user-level tools, including our own existing VNET/U system. In response, we describe the design, implementation, and evaluation of a virtual networking system that has negligible latency and bandwidth overheads in 1-10 Gbps networks. Our system, VNET/P, is directly embedded into our publicly available Palacios virtual machine monitor (VMM). VNET/P achieves native performance on 1 Gbps Ethernet networks and very high performance on 10 Gbps Ethernet networks. The NAS benchmarks generally achieve over 95 % of their native performance on both 1 and 10 Gbps. We have further demonstrated that VNET/P can operate successfully over more specialized tightly-coupled networks, such as Infiniband and Cray Gemini. Our results suggest it is feasible to extend a software-based overlay network designed for computing at wide-area scales into tightly-coupled environments.

Yiquan Chen,Zhen Jin,Yijing Wang,Yi Chen,Hao Yu,Jiexiong Xu,Jinlong Chen,Wenhai Lin,Kanghua Fang,Chengkun Wei,Qiang Liu,Yuan Xie,Wenzhi Chen

DOI: https://doi.org/10.48550/arXiv.2304.05148

2023-04-11

Abstract:NVMe(Non-Volatile Memory Express) is an industry standard for solid-state drives (SSDs) that has been widely adopted in data centers. NVMe virtualization is crucial in cloud computing as it allows for virtualized NVMe devices to be used by virtual machines (VMs), thereby improving the utilization of storage resources. However, traditional software-based solutions have flexibility benefits but often come at the cost of performance degradation or high CPU overhead. On the other hand, hardware-assisted solutions offer high performance and low CPU usage, but their adoption is often limited by the need for special hardware support or the requirement for new hardware development. In this paper, we propose LightIOV, a novel software-based NVMe virtualization mechanism that achieves high performance and scalability without consuming valuable CPU resources and without requiring special hardware support. LightIOV can support thousands of VMs on each server. The key idea behind LightIOV is NVMe hardware I/O queues passthrough, which enables VMs to directly access I/O queues of NVMe devices, thus eliminating virtualization overhead and providing near-native performance. Results from our experiments show that LightIOV can provide comparable performance to VFIO, with an IOPS of 97.6%-100.2% of VFIO. Furthermore, in high-density VMs environments, LightIOV achieves 31.4% lower latency than SPDK-Vhost when running 200 VMs, and an improvement of 27.1% in OPS performance in real-world applications.

Hardware Architecture,Operating Systems

Zhe Liu,Xiaojian Liao,Fei Li,Zhe Yang,Youyou Lu,Jiwu Shu

DOI: https://doi.org/10.1007/978-3-030-60245-1_29

2020-01-01

Abstract:A longstanding goal of virtual machines (VMs) isolation running on commercial Solid State Drives (SSDs) is to avoid performance degradation which could be quite severe in certain cases. However, it has been a challenge due to the limitations of the traditional flash translation layer (FTL). We propose OCVM, a novel storage stack that optimizes the isolation of VMs in a multiple VMs environment. By providing channel-granular and block-granular isolation for VMs, OCVM significantly reduces storage internal resource conflicts and eases the pressure of garbage collection (GC). To achieve good VM isolation as well as hardware utilization, OCVM applies a dynamic allocation mechanism for the underlying storage resources of the open-channel SSD (OCSSD). The evaluation results demonstrate that the average execution time of data-intensive applications on OCVM shortens by 28%, compared to those on a baseline system. In addition, OCVM achieves better GC efficiency by reducing the frequency of data migration.

Chengyuan Huang,Feiyang Xue,Peiwen Yu,Xiaoliang Wang,Yanqing Chen,Tao Wu,Lei Han,Zifa Han,Bingquan Wang,Xiangyu Gong,Chen Tian,Wanchun Dou,Guihai Chen,Hao Yin

DOI: https://doi.org/10.1109/tnet.2024.3443600

2024-01-01

Abstract:RDMA over Converged Ethernet (RoCEv2) has been widely deployed to data centers (DCs) for its better compatibility with Ethernet/IP than Infiniband (IB). As cross-DC applications emerge, they also demand high throughput, low latency, and lossless network for cross-DC data transmission. However, RoCEv2’s underlying lossless mechanism Priority-based Flow Control (PFC) cannot fit into the long-haul transmission scenario and degrades the performance of RoCEv2. PFC is myopic and only considers queue length to pause upstream senders, which leads to large queueing delay. This paper proposes Bifrost, a downstream-driven lossless flow control that supports long distance cross-DC data transmission. Bifrost uses virtual incoming packets, which indicates the upper bound of in-flight packets, together with buffered packets to control the flow rate. It minimizes the buffer space requirement to one-hop bandwidth delay product (BDP) and achieves low one-way latency. Moreover, we extend Bifrost and propose BifrostX, to accommodate the multi-priority queue of the current switch implementation. BifrostX enables flow control for each queue separately while maintaining low buffer reservation, no throughput loss, and no packet loss. Real-world experiments are conducted with prototype switches and 80 kilometers cables. Evaluations demonstrate that compared to PFC, Bifrost reduces average/tail flow completion time (FCT) of inter-DC flows by up to 22.5%/42.0%, respectively. Bifrost is compatible with existing infrastructure and can support distance of thousands of kilometers.

LI Ding-Ji,MI Ze-Yu,WU Bao-Dong,CHEN Xun,ZHAO Yong-Wang,DING Zuo-Hua,CHEN Hai-Bo

DOI: https://doi.org/10.21655/ijsi.1673-7288.00248

2020-01-01

Journal of Software

Abstract:PDF HTML XML Export Cite reminder Accelerator Virtualization Framework Based on Inter-VM Exitless Communication DOI: 10.21655/ijsi.1673-7288.00248 Author: Affiliation: Clc Number: Fund Project: Article | Figures | Metrics | Reference | Related | Cited by | Materials | Comments Abstract:The increasing deployment of artificial intelligence has placed unprecedent requirements on the computing power of cloud computing. Cloud service providers have integrated accelerators with massive parallel computing units in the data center. These accelerators need to be combined with existing virtualization platforms to partition the computing resources. The current mainstream accelerator virtualization solution is through the PCI passthrough approach, which however does not support fine-grained resource provisioning. Some manufacturers also start to provide time-sliced multiplexing schemes and use drivers to cooperate with specific hardware to divide resources and time slices to different virtual machines, which unfortunately suffer from poor portability and flexibility. One alternative but promising approach is based on API forwarding, which forwards the virtual machine's request to the back-end driver for processing through a separate driver model. Yet, the communication due to API forwarding can easily become the performance bottleneck. This paper proposes Wormhole, an accelerator virtualization framework based on the C/S architecture that supports rapid delegated execution across virtual machines. It aims to provide upper-level users with an efficient and transparent way to accelerate the virtualization of accelerators with API forwarding while ensuring strong isolation between multiple users. By leveraging hardware virtualization feature, the framework minimizes performance degradation through exitless inter-VM control flow switch. Experimental results show that Wormhole's prototype system can achieve up to 5 times performance improvement over the traditional open-source virtualization solution such as GVirtuS in the training test of the classic model. Reference Related Cited by

Benshan Mei,Saisai Xia,Wenhao Wang,Dongdai Lin

2024-07-18

Abstract:Confidential computing safeguards sensitive computations from untrusted clouds, with Confidential Virtual Machines (CVMs) providing a secure environment for guest OS. However, CVMs often come with large and vulnerable operating system kernels, making them susceptible to attacks exploiting kernel weaknesses. The imprecise control over the read/write access in the page table has allowed attackers to exploit vulnerabilities. The lack of security hierarchy leads to insufficient separation between untrusted applications and guest OS, making the kernel susceptible to direct threats from untrusted programs. This study proposes Cabin, an isolated execution framework within guest VM utilizing the latest AMD SEV-SNP technology. Cabin shields untrusted processes to the user space of a lower virtual machine privilege level (VMPL) by introducing a proxy-kernel between the confined processes and the guest OS. Furthermore, we propose execution protection mechanisms based on fine-gained control of VMPL privilege for vulnerable programs and the proxy-kernel to minimize the attack surface. We introduce asynchronous forwarding mechanism and anonymous memory management to reduce the performance impact. The evaluation results show that the Cabin framework incurs a modest overhead (5% on average) on Nbench and WolfSSL benchmarks.

Cryptography and Security

Wei Jiang,Yisu Zhou,Yan Cui,Wei Feng,Yu Chen,Yuanchun Shi,Qingbo Wu

DOI: https://doi.org/10.1109/ICPADS.2009.83

2009-01-01

Abstract:Multi-core architecture provides more on-chip parallelism and powerful computational capability. It helps virtualization achieve scalable performance. KVM (kernel based virtual machine) is different from other virtualization solutions which can make use of the Linux kernel components such as completely fair scheduler (CFS). However, CFS treats the KVM threads as normal tasks without considering about their unique features such as thread allocation mechanism and lock inside guest virtual machine, which may harm the KVM virtualization performance. In this paper, we analyze a phenomenon that some guest multi-threaded applications have very low performance when scheduled by CFS. As a solution to this problem, we introduce two kinds of optimizations in CFS: (1) configuration optimizations (2) lock optimizations. Our contributions are: (1) implement 5 original and 2 newest proposed optimizations in the newest Linux kernel. (2) Classify and compare them, a brief analysis is also given. They are all very simple and general to other virtual machine monitors such as Xen and schedulers as O(1). The performance of our CFS optimizations to KVM threads is measured by running some well-known benchmarks in two guest virtual machines on an 8-core server which models the real world applications. The results indicate our scheduling optimizations can improve the overall system performance. This paper can provide useful advices to KVM developers and virtualization data center administrators.

Yuezhi Zhou,Yaoxue Zhang,Hao Liu,Naixue Xiong

DOI: https://doi.org/10.1109/infcomw.2011.5928892

2011-01-01

Abstract:This paper presents the design, implementation, and evaluation of AVMM, a symmetric partition-based bare-metal client virtualization approach that tries to achieve maximum near-native performance for end-users while supporting new out-of-OS mechanism for value-added services for network system administration. To achieve these goals, AVMM divides the underlying network client platform into two asymmetric partitions: user and service partitions. The user partition runs a commodity OS, which is assigned to most portions of the CPU and memory resources and a set of peripheral devices to retain the end-user experience. The service partition runs a specialized OS, which consumes only the essential resources for its tasks. By letting user OS possess the most part of resources and access some peripheral devices directly, the AVMM overhead is reduced greatly, improving the whole network system performance. We have implemented a preliminary network prototype that can supportWindows and Linux. Our experimental evaluation results show that AVMM has achieved its designed goals and provides a feasible and efficient approach for client virtualization.

Matheus Stolet,Liam Arzola,Simon Peter,Antoine Kaufmann

2024-02-05

Abstract:Virtualization improves resource efficiency and ensures security and performance isolation for cloud applications. Today, operators use a layered architecture with separate network stack instances in each VM and container connected to a virtual switch. Decoupling through layering reduces complexity, but induces performance and resource overheads at odds with increasing demands for network bandwidth, connection scalability, and low latency. We present Virtuoso, a new software network stack for VMs and containers. Virtuoso re-organizes the network stack to maximize CPU utilization, enforce isolation, and minimize processing overheads. We maximize utilization by running one elastically shared network stack instance on dedicated cores; we enforce isolation by performing central and fine-grained per-packet resource accounting and scheduling; we reduce overheads by building a single-layer data path with a one-shot fast-path incorporating all processing from the TCP transport layer through network virtualization and virtual switching. Virtuoso improves resource efficiency by up to 82%, latencies by up to 58% compared to other virtualized network stacks without sacrificing isolation, and keeps processing overhead within 6.7% of unvirtualized stacks.

Networking and Internet Architecture,Operating Systems