From: Praveen Rao (psrao_at_windows.microsoft.com)
Date: Sun Feb 29 2004 - 23:51:57 PST
Denali takes a completely different approach for VMs compared to Disco.
It does not attempt to emulate the underlying architecture completely,
thereby giving up backward compatibility. This has its benefits in terms
of scalability and performance and hence such setup can be used for
specialized servers/applications.
Denali has the following design principles:
1. expose low-level resources rather than high-level abstractions:
exokernel like approach
2. prevent direct sharing
3. zipf's law implies need for scale: most requests go to a small set of
popular services, but a significant fraction of requests go to a large
set of unpopular services
4. modify the virtualized architecture for simplicity, scalability and
perf
Denali is a thin software layer that directly runs over x86. It can do
secure multiplexing of many VMs on a single machine. Its ISA is close to
x86 ISA. x86 ISA is not completely virtualizable, such instructions are
not really supported. There are a couple of new virtual instructions -
idle-with-timeout and terminate. Denali adds virtual registers to expose
system information. These also serve as a lightweight sharing mechanism.
Memory architecture: A VM may only access a subset of 32-bit address
space, the size and range of which is chosen by isolation kernel when VM
is instantiated. The kernel itself is mapped into a portion of address
space that VM can't access. This avoids TLB flushes on VM/VMM switches.
By default a VM can't virtualize its (virtualized) physical addresses. A
VM OS's runs in a single address space along with all the applications.
Virtual devices: These have different interfaces than just emulating
hardware. There are software interrupts. Denali supports batching of
software interrupts. I am not clear if batched interrupts introduce any
semantics issues.
Isolation kernel: implements virtual architecture and multiplexes
physical resources between VMs. There is strict separation between
policy and mechanism. Isolation kernel is pinned in memory but VMs are
paged.
A static configuration for swap file is used, the swap file is already
initialized to be as big as the address space assessable by a VM - this
would be a problem if address space was enlarged to, say, 64-bit. Denali
emulates a switched Ethernet LAN connecting all VMs. Denali uses virtual
disks for efficient sharing.
Measurements show that Denali has very small overhead for
virtualization. Only noticeable overhead was in case of a web server
serving medium-sized documents. This was because of TCP/IP stack of
Denali running in user mode.
Batched interrupt model provides significant perf gains in case of a
large number (800) of VMs. Similarly idle-with-timeout model also
provides perf boost in case of large number of VMs.
Denali tradesoff backward compatibility for scalability and performance,
which is good for new servers/applications.
This archive was generated by hypermail 2.1.6 : Sun Feb 29 2004 - 23:52:12 PST