1、云計算及云原生虛擬化平臺概述Cloud Hypervisor or Cloud Native HypervisorAgendaA Bunch of New Hypervisors and rust-vmmCloud Hypervisor with Cloud NativeFeature enabling in CLH: PMEM and vHost as exampleCommunity & RoadmapCloud Native HypervisorA Bunch of New Hypervisors and rust-vmmHypervisors and Virtual MachinesH

2、ardwareVirtual MachineVirtual MachineVirtual MachineHardwareClosed Source VMware ESXi Microsoft Hyper-VOpen SourceKVM/QEMUXen Project crosvm Firecracker Cloud HypervisorOpen Source Xen Project ACRNHypervisorApplicationHypervisorOperating SystemCrosVMAndroid application sandboxingRust implementationS

3、trong focus on securityLittle emulationCrosVMApril 2017FirecrackerAWS Lambda functionsRust implementationStrong focus on securityVery minimal emulationCrosVMApril 2017FirecrackerOctober 2017Common Virtualization ComponentsKVM API wrappersMemory/Device modelVirtio paravirtualizationKernel loaderCrosV

4、MApril 2017FirecrackerOctober 2017rust-vmmDecember 2018Rust-VMMcrosvmMemory ModelDevice ModelKVM Abstractionvirtio ParavirtualizationVMMGlue CodeACPIVFIOHotplugvhostPCIVMMGlue CodeFirecrackerCloud Hypervisor with Cloud NativeCloud workloads onlyNo legacy hardwareNo platform emulationSecurity, simpli

5、city, auditabilityEasy to be used in sandbox containersGoals11Narrow focusSecurity firstMinimal emulationHardware virtualization, no legacyModularityrust-vmm instance for the cloudShared Pattern12Cloud HypervisorA KVM-based Virtual Machine Monitor (VMM)Based on the rust-vmm cratesCloud workloadsClou

6、d images (Ubuntu, Centos, Windows)Containers (Kata)FunctionsSmall, simple, secure and fastReduced footprint, boot time, TCB and code baseminimal emulationLight and high-performance device modelCrosVMFirecrackerrust-vmmCloud HypervisorApril 2017October 2017December 2018May 2019Linux KernelHost Hardwa

7、reKVMHyper-VHypervisor abstractionKVMHyper-VVFIODeviceManagerCPUManagerMemoryManagerGuestPCIPassthroughvirtioACPIMigrationSnapshot/RestoreHotplugNUMAvhostImage LoaderVMM utilsBlock backendNetwork backendvhost-user backendsCloud HypervisorCloud Hypervisor Featuresx86_64 and aarch64Linux and windows g

8、uestHardware-reduced ACPISnapshot/Restore and Initial Live migrationGuest NUMA topology(CPU/MEMORY AFFNITY)Virtio-mem with multiple NUMA nodesGuest Persistent memory allocationNested guests (including VT-d)seccomp rules containedACPI-based hot plug (CPU, memory and devices)REST API control interface

9、Test Driven Development flow, Azure-based integration testsCloud Hypervisor Device ModelPCI-basedVirtio-memmemory hotplug and resizemultiple numa supportsDifferent memory types including PMEMVirtio-fs for container image sharingVhost-user for fast block/net transport with SPDK/DPDKParavirtualization

10、console, iommu, mem, pmem, rng, vsockvirtio (in VMM) and vhost-user=truevhost-user (Rust backends)Multi-queue, multi-threadedDevice passthrough through VFIOIO_uring supportMinimal legacy devices supportSerial, CMOS, ACPI virtual deviceFeature enabling in CLH: PMEM and vHost as examplePhysical NVDIMM

11、RawfsdaxdevdaxSectornamespace0.0namespace0.1namespace1.0namespace2.0DAX (Ext4/XFS)HostKMEMAbstractionDAXpartition ndctl modeOS LinuxStorage, No DAX/mmapstorageKMEMDRAMDRAMworkload. virtio-blkNuma node 0Numa node 1GuestCloud Hypervisornamespace1.1virtio-memFeature enabling in CLH: PMEMvirtio-memCommu

12、nity & RoadmapCloud Hypervisor Project StatusCurrently at version 0.11.0One new release every 6 weeksUnder the independent cloud-hypervisor github organizationIntel, ARM, Alibaba, Red Hat, Oracle, Microsoft, Coder, Phytium, etcNew governance modelInspired by Kata Containers modelArchitecture committ

13、eeDistributed commit access (Not only Intel)Cloud Hypervisor RoadmapTDX and Total Memory EncryptionLive Migration optimizationVMM live updateVM monitoringNet and block IO rate-limiting.Cloud Native HypervisorCloud NativeCloud HypervisorWhen Cloud Hypervisor falls in love with Cloud Native, they beco

14、me “Cloud Native Hypervisor”Container ImageContainer RuntimenydusrunCrunVrunEWhen OS virtualization cannot satisfy Cloud Nativesrequirements, what the plan?ualizationOSVirt (runC)Hardware Virtualization (runV/Kata Containers)IsrunV(Kata Containers) what the userneeds? Maybe not!Podcontainer containe

15、rHost Linux Kernelcgroup namespace seccompHost Linux Kernelcgroup namespace seccompKata RuntimeHardware virtualizationcgroup namespace seccomprunCKata ContainersagentPodagentcontaineragentcontainerGuest Linux KernelUnified Operation PlaneOpsdevsecuritymonitorlogsContainer runCLinux Native OS virtualizationContainer runDHardware enhanced OS virtualizaitonContainer runETrust enhanced OS virtualizationcontainerdkubeletUnified Control PlaneOS virtualization based container runtimeHardware VirtualizationLets talk ab