InterVirtualizationTechnology
长久以来一直对虚拟化一知半解,什么是虚拟化,为什么要虚拟化,虚拟化的优劣,虚拟化的原理是什么…… 这篇笔记收集自网上的信息,然后归纳一下。理解其中某些原因。
from :Everything you need to know about the Intel virtuallization technology
Several Intel CPUs come with the Intel Virtualization Technology (VT). Formerly known as Vanderpool, this technology enables a CPU to act as if you have several independent computers, in order to enable several operating systems to run at the same time on the same machine. In this tutorial we will explain everything you need to know about this technology.
部分 CPU 具有虚拟化技术。这种技术使 CPU 运行起来好像是有多个独立的电脑一样,让多个操作系统在同一时间、同一机器上运行。
Intel’s virtualization technology is available in two versions: VT-x, for x86 processors; and VT-i, for Itanium (i.e., IA-64) processors. In this tutorial we will be covering the details of the VT-x technology.
Inter 虚拟化技术应用于两个版本:VT-x(x86处理器),VT-i(IA-64处理器)
Virtualization technology is nothing new. There is some software on the market that enables virtualization; probably VMware is the most famous one. (Click here for a complete list of virtualization software available on the market.) With this technique, you can “partition” a single computer to act as if it were several independent computers, allowing the system to run several operating systems at the same time. These operating systems can even be different (e.g., you can run Windows in one virtual machine and Linux in another).
已有一些软件使用了虚拟化技术,其中 VMware 是最出名的之一。使用这个技术可以在单个电脑上运行多个操作系统,就像多个电脑一样。这些操作系统可以彼此不兼容。
Multi-core technology allows a single processor to have more than one physical processor inside. For example, a computer with one dual-core processor acts as if it were a computer with two CPUs installed, working under a mode called symmetrical multiprocessing (SMP). Even though multi-core CPUs have more than one processor inside, they cannot be used independently. The operating system is run by the first CPU core, and the additional cores the CPU may have must be used by the same operating system. So, based on any explanation, there is no difference between a single-core CPU and a multi-core one.
多核技术使单个处理器可以拥有多个物理处理器。一个双核的处理器可以像一个双 CPU 的电脑一样,运行于一个叫做对称多处理器的模式。即使多核处理器拥有多个处理单元,但不能独立使用。单核 CPU 和多核 CPU 并无太大区别。
Hyper-Threading technology simulates an additional processor per CPU core. For example, a dual-core CPU with Hyper-Threading technology is seen by the operating system as if it were a quad-core CPU. These additional processors cannot run separate operating systems, so for the operating system the Hyper-Threading technology has the same effect as the multi-core technology.
超线程技术将每个 CPU 核心模拟一个额外的处理单元。一个双核的 CPU 在超线程技术下,在操作系统的视角看起来就像一个四核的处理器。这些额外的处理器不能运行不同的操作系统。对操作系统而言,超线程技术带来的好处和多核技术是一样的。
The diagrams below may help you understand the differences between those technologies.
Figure 1: Multitasking
Figure 2: Multi-core or Hyper-Threading
Figure 3: Virtualization
(可以看出,虚拟化技术为每个 OS 提供了虚拟的 CPU)
If you pay close attention, Virtualization Technology uses the same idea as the Virtual 8086 (V86) mode, which has been available since the 386 processor. With the V86 mode you can create several virtual 8086 machines to run DOS-based programs at the same time, each one “thinking” that it is running in a completely independent computer. With VT you can create several “complete” virtual machines to run full operating systems simultaneously.
If there is software such as VMware that enables virtualization, why implement Virtualization Technology inside the CPU? The advantage is that CPUs with Virtualization Technology have some new instructions to control virtualization. With them, controlling software (called VMM, Virtual Machine Monitor) can be simpler, thus improving performance compared to software-based solutions. When the CPU has support to Virtualization Technology, the virtualization is said to be hardware-based or hardware-assisted.
如果已经有了类似 VMware 的软体支持虚拟化,为什么要在 CPU 中实现虚拟化技术呢?因为虚拟化技术使用了特殊的 CPU 指令,这些指令带来了额外的益处。(在 x86 instruction sets 中,带有 VM 开头的指令应该就是虚拟化指令)
Processors with Virtualization Technology have an extra instruction set called Virtual Machine Extensions or VMX. VMX brings 10 new virtualization-specific instructions to the CPU: VMPTRLD, VMPTRST, VMCLEAR, VMREAD, VMWRITE, VMCALL, VMLAUNCH, VMRESUME, VMXOFF, and VMXON.
There are two modes to run under virtualization: VMX root operation and VMX non-root operation. Usually, only the virtualization controlling software, called Virtual Machine Monitor (VMM), runs under root operation, while operating systems running on top of the virtual machines run under non-root operation. Software running on top of virtual machines is also called “guest software.”
有两种虚拟模式在虚拟化中运行:VMX root 和 VMX non-root 操作。通常只有虚拟化控制软件(VMM)才运行于 root 操作下,操作系统运行于虚拟机的顶层,处于 non-root 操作。运行于虚拟机顶层的软件又称“访客软件”
To enter virtualization mode, the software should execute the VMXON instruction and then call the VMM software. The VMM software can enter each virtual machine using the VMLAUNCH instruction, and exit it by using the VMRESUME instruction. If the VMM wants to shutdown and exit the virtualization mode, it executes the VMXOFF instruction.
软件通过执行 VMXON 指令并调用 VMM 软件进入虚拟模式。VMM 可以使用 VMLAUNCH 指令进入每个虚拟机,并通过使用 VMRESUME 指令退出。(为什么是 resume ?)通过使用 VMXOFF 指令关闭并推出虚拟模式。
Figure 4: Operation of the Virtualization Technology
Each guest shown in Figure 4 can be a different operating system, running its own programs (even several programs at the same time as we have shown in Figure 3).
每个“访客”可以是不同的操作系统,运行自己的程序。
More recent processors have an extension called EPT (Extended Page Tables), which allows each guest to have its own page table to keep track of memory addresses. Without this extension, the VMM has to exit the virtual machine to perform address translations. This exiting-and-returning task reduces performance. Therefore, the EPT increases virtualization performance.
处理器有额外的 EPT (扩展页表)功能,可以使“访客”拥有自己的页表,以用于追踪内存地址。如果没有这个额外扩展,VMM 必须退出虚拟机执行地址转换,这会影响性能/
Even though the Intel Virtualization Technology was released in 2005, not all current processors from Intel support this technology. The easiest way to verify if your CPU supports this technology is to run the Intel Processor Identification Utility. After you download and install this program, run it and go to the “CPU Technologies” tab. There you will see, besides “Intel (R) Virtualization Technology,” whether your CPU supports it or not. Also, you can see whether your CPU supports the Extended Page Tables (EPT), besides “Intel VT-x with Extended Page Tables.” See Figure 5.
Figure 5: Detecting support for the Intel Virtualization Technology
最后再补充一下 Intel 官方虚拟化技术文档 InterVitrualizationTechnololy
Virtualization abstracts hardware that allows multiple workloads to share a common set of resources. On shared virtualized hardware, a variety of workloads can co-locate while maintaining full isolation from each other, freely migrate across infrastructures, and scale as needed.o
虚拟化抽象硬件,使多个工作站共享同一份资源。在共享虚拟硬件上,多个工作站可以在保证其完全隔离的情况下协作,自由地在架构中迁移资源,按其所需自适应。
Businesses tend to gain significant capital and operational efficiencies through virtualization because it leads to improved server utilization and consolidation, dynamic resource allocation and management, workload isolation, security, and automation. Virtualization makes on-demand self-provisioning of services and software-defined orchestration of resources possible, scaling anywhere in a hybrid cloud on-premise or off-premise per specific business needs.
企业期望通过虚拟化减少支出,提高效率。
Intel® Virtualization Technology (Intel® VT) represents a growing portfolio of technologies and features that make virtualization practical by eliminating performance overheads and improving security. Intel® Virtualization Technology (Intel® VT) provides hardware assist to the virtualization software, reducing its size, cost, and complexity. Special attention is also given to reduce the virtualization overheads occurring in cache, I/O, and memory. Over the last decade or so, a significant number of hypervisor vendors, solution developers, and users have been enabled with Intel® Virtualization Technology
(Intel® VT), which is now serving a broad range of customers in the consumer, enterprise, cloud, communication, technical computing, and many more sectors.
Intel® Virtualization Technology (Intel® VT) portfolio currently includes (but not limited to):
CPU virtualization features enable faithful abstraction of the full prowess of Intel® CPU to a virtual machine (VM). All software in the VM can run without any performance or compatibility hit, as if it was running natively on a dedicated CPU. Live migration from one Intel® CPU generation to another, as well as nested virtualization, is possible.
CPU 虚拟化:为 VM 提供了 CPU 的抽象。所有 VM 运行的软件不会带来性能或兼容性的缺失。就像使用专有的 CPU 一样。
Memory virtualization features allow abstraction isolation and monitoring of memory on a per virtual machine (VM) basis. These features may also make live migration of VMs possible, add to fault tolerance, and enhance security. Example features include direct memory access (DMA) remapping and extended page tables (EPT), including their extensions: accessed and dirty bits, and fast switching of EPT contexts.
内存 虚拟化:提供基于每个虚拟机的抽象隔离和内存监视。这些特性可能使 VMs 的实时迁移可实现。增加容错力和安全性。比如直接内存访问(DMA),重映射和扩展页表(EPT),包括他们的扩展:访问和脏位,快速切换 EPT 上下文。
I/O virtualization** features facilitate offloading of multi-core packet processing to network adapters as well as direct assignment of virtual machines to virtual functions, including disk I/O. Examples include Intel® Virtualization Technology for Directed I/O (VT-d), Virtual Machine Device Queues (VMDQ), Single Root I/O Virtualization (SR-IOV, a PCI-SIG standard), and Intel® Data Direct I/O Technology (Intel® DDIO) enhancements.
Intel® Graphics Virtualization Technology (Intel® GVT) allows VMs to have full and/or shared assignment of the graphics processing units (GPU) as well as the video transcode accelerator engines integrated in Intel system-on-chip products. It enables usages such as workstation remoting, desktop-as-a-service, media streaming, and online gaming.
Intel® Graphics Virtualization Technology
Virtualization of Security and Network functions enables transformation of traditional network and security workloads into compute. Virtual functions can be deployed on standard high volume servers anywhere in the data center, network nodes, or cloud, and smartly co-located with business workloads. Examples of technologies making it happen include Intel® QuickAssist Technology (Intel® QAT) and the Data Plane Development Kit (DPDK).
其他有关 Intel VT 的信息: