Reducing the complexity of virtual machine networking

Virtualization is an enabling technology that improves scalability, reliability, and flexibility. Virtualized networking is tackled by emulating or paravirtualizing network interface cards. This approach, however, leads to complexities (implementation and management) and has to conform to some limitations imposed by the Ethernet standard. RINA turns the current approach to virtualized networking on its head: instead of emulating networks to perform inter-process communication on a single processing system, it sees networking as an extension to local inter-process communication. In this article, we show how RINA can leverage a paravirtualization approach to achieve a more manageable solution for virtualized networking. We also present experimental results performed on IRATI, the reference open source implementation of RINA, which shows the potential performance that can be achieved by deploying our solution

EbbRT: Elastic Building Block Runtime - case studies

We present a new systems runtime, EbbRT, for cloud hosted applications. EbbRT takes a different approach to the role operating systems play in cloud computing. It supports stitching application functionality across nodes running commodity OSs and nodes running specialized application specific software that only execute what is necessary to accelerate core functions of the application. In doing so, it allows tradeoffs between efficiency, developer productivity, and exploitation of elasticity and scale. EbbRT, as a software model, is a framework for constructing applications as collections of standard application software and Elastic Building Blocks (Ebbs). Elastic Building Blocks are components that encapsulate runtime software objects and are implemented to exploit the raw access, scale and elasticity of IaaS resources to accelerate critical application functionality. This paper presents the EbbRT architecture, our prototype and experimental evaluation of the prototype under three different application scenarios

EbbRT: Elastic Building Block Runtime - overview

EbbRT provides a lightweight runtime that enables the construction of reusable, low-level system software which can integrate with existing, general purpose systems. It achieves this by providing a library that can be linked into a process on an existing OS, and as a small library OS that can be booted directly on an IaaS node

VirtIO infrastructure for a static partition hypervisor: VirtIO-Net

Dissertação de mestrado em Engenharia Eletrónica Industrial e ComputadoresO uso de sistemas embebidos tem crescido exponencialmente em indústrias como a automóvel ou aeronáutica. Isto tem levado a um aumento na complexidade dos sistemas, onde é necessário consolidar várias camadas de software com diferentes níveis de criticidade numa única plataforma de hardware. Para aumentar a segurança destes sistemas, a indústria tem-se focado na tecnologia de virtualização, uma vez que a mesma permite a integração e o isolamento dos vários subsistemas. Recorrendo a um hipervisor é possível partilhar os recursos de hardware entre múltiplas máquinas virtuais (VMs). No entanto, os hipervisores tradicionais não foram desenhados para garantir os requisitos de tempo-real e de segurança. Por este motivo, hipervisores de particionamento estático, como o Jailhouse, que alocam os recursos de hardware estaticamente para as VMs em tempo de design, têm ganho cada vez mais protagonismo. Porém, o Jailhouse depende do Linux para iniciar e gerir as VMs, criando alguns problemas de tempo-real e segurança. Assim sendo, o nosso grupo de investigação focou-se em desenvolver o hipervisor Bao. O Bao implementa uma camada minimalista de software e não tem qualquer dependência de bibliotecas externas. A implementação atual do Bao dá acesso pass-through aos periféricos, não sendo possível a partilha de dispositivos. O trabalho desenvolvido nesta dissertação consiste no desenvolvimento de uma infraestrutura que permite a partilha de dispositivos utilizando VirtIO. Esta infraestrutura deve ser genérica e deve ser com patível com as front-ends já existentes. A infraestrutura do VirtIO é implementada numa máquina virtual dedicada (service guest), cuja função é gerir as múltiplas virtqueues que permitem transmitir e receber dados de outras VMs que utilizam VirtIO. Ao contrário das soluções existentes, nesta dissertação, as back ends do VirtIO são implementadas não no hipervisor, mas numa VM, resultando numa TCB reduzida para o sistema. A segunda parte da dissertação foca-se em implementar duas drivers back-end, i.e., uma para o VirtIO-console e outra para o VirtIO-net. A primeira driver é uma driver simples e é utilizada essencial mente para garantir a validação adequada da interface implementada. A segunda é mais complexa, mas é essencial para qualquer hipervisor moderno.The use of embedded systems has grown exponentially in industries such as the automotive or aero nautics. This led to an increase in the complexity of systems where it is necessary to consolidate several layers of software with different levels of criticality onto a single hardware platform. To enhance the security of these systems, industry has been shifting towards virtualization, as the technology enables the safe integration and isolation of the various sub-systems. By leveraging a hypervisor it is possible to share hardware resources between multiple Virtual Machines (Virtual Machine (VM)s). However, traditional hypervisors were not designed to meet real-time and security requirements. For this reason, static partitioning hypervisors, such as Jailhouse, that statically allocate hardware resources to VMs at design time, have gained increasing attraction. However, Jailhouse depends on Linux to boot and manage VMs, which creates some issues for real-time, safety, and security. Under this light, our research group has designed and implemented Bao. Bao is a very thin layer of self-contained software, not having any external dependency. Bao’s current implementation gives pass-through access to peripherals and device sharing is not possible. The work developed in this dissertation is the implementation of an infrastructure that allows device sharing using Virtual Input Output (VirtIO). This infrastructure is generic and must be compatible with the existing front-ends. VirtIO’s infrastructure is implemented in a dedicated virtual machine (service guest), whose aim is to manage the multiple virtqueues that allow transmitting and receiving data from the other VMs that use VirtIO. Unlike existing solutions, in our case, the VirtIO’s back-ends are not implemented in the hypervisor but in a VM, resulting in a reduced Trusted Computing Base (TCB) for the overall system. The second part of the dissertation focuses on implementing two back-end drivers, i.e., one for VirtIO console and another for VirtIO-net. The first driver is a simple driver, so it is used essentially to guarantee the proper validation of the implemented interface. The second one is more complex but is essential to any modern hypervisor

An Approach for Fast Fault Detection in Virtual Network

The diversity of applications in cloud computing and the dynamic nature of environment deployment makes virtual machines, containers, and distributed software systems to often have various software failures, which make it impossible to provide external services normally. Whether it is cloud management or distributed application itself, it takes a few seconds to find the fault of protocol class detection methods on the management or control surfaces of distributed applications, hundreds of milliseconds to find the fault of protocol class detection methods based on user interfaces, and the main time from the failure to recovery of distributed software systems is spent in detecting the fault. Therefore, timely discovery of faults (virtual machines, containers, software) is the key to subsequent fault diagnosis, isolation and recovery. Considering the network connection of virtual machines/containers in cloud infrastructure, more and more intelligent virtual network cards are used to connect virtual network elements (Virtual Router or Virtual Switch). This paper studies a fault detection mechanism of virtual machines, containers and distributed software based on the message driven mode of virtual network elements. Taking advantage of the VIRTIO message queue memory sharing feature between the front-end and back-end in the virtual network card of the virtualization network element and the virtual machine or container it detects in the same server in the cloud network, when the virtualization network element sends packets to the virtual machine or container, quickly check whether the message on the queue header of the previously sent VIRTIO message has been received and processed. If it has not been received and processed beyond a certain time threshold, it indicates that the virtual machine, the container and distributed software have failed. The method in this paper can significantly improve the fault detection performance of virtual machine/container/distributed application (from the second pole to the millisecond level) for a large number of business message scenarios, and provide faster fault detection for the rapid convergence of virtual network traffic, migration of computing nodes, and high availability of distributed applications

Flexible virtual machine networking using netmap passthrough

The rising interest in Network Function Virtualization (NFV) requires Virtual Machines (VMs) to operate with diversified networking workloads, from traditional, bulk TCP transfers to novel ones featuring extremely high packet rates. In response, researchers have explored and proposed new solutions for high performance VM networking, including optimizations to virtual network adapters (such as VirtIO) to support high speed bulk traffic, and alternative frameworks for userspace networking and physical or virtual passthrough. To date, we are still missing a comprehensive solution that supports such extreme workloads across multiple operating systems and hypervisors, while at the same time addressing other requirements such as ease of configuration, operating system independence, scalability and isolation. In this paper we present ptnet, an approach to network I/O virtualization that provides high performance for both traditional TCP/IP and high packet rate applications. ptnet leverages the features of the netmap framework (including virtualization and passthrough support), and defines a simple yet performant network device model that can be easily supported in different operating systems and hypervisors. We prove the effectiveness of our approach by comparing ptnet's performance with one of the state of the art I/O virtualization solutions, namely VirtIO on Linux and QEμKVM. ptnet is available under a BSD license as part of the netmap distributions on github