24 Nov 2008 mulix   » (Master)

new IOMMU paper available

New online for your perusing pleasure: "Direct Device Assignment for Untrusted Fully-Virtualized Virtual Machines", by Ben-Ami Yassour, Muli Ben-Yehuda and Orit Wasserman, IBM Research Report H-0263.

This is a short paper describing and evaluating our work earlier this year on direct device assignment in KVM, using Intel's VT-d IOMMU. Not much new here if you've read our other IOMMU papers, but it does make two contributions. First, it's the best (and only) available description (IMHO) of KVM's direct device assignment code, and second it's yet another data point on the relative performance of device emulation vs. virtual I/O drivers vs. direct device assignment. As always, comments appreciated. The abstract follows.

The I/O interfaces between a host platform and a guest virtual machine take one of three forms: either the hypervisor provides the guest with emulation of hardware devices, or the hypervisor provides virtual I/O drivers, or the hypervisor assigns a selected subset of the host's real I/O devices directly to the guest. Each method has advantages and disadvantages, but letting VMs access devices directly has a number of particularly interesting benefits, such as not requiring any guest VM changes and in theory providing near-native performance.

In an effort to quantify the benefits of direct device access, we have implemented direct device assignment for untrusted, fully-virtualized virtual machines in the Linux/KVM environment using Intel's VT-d IOMMU. Our implementation required no guest OS changes and---unlike alternative I/O virtualization approaches---provided near native I/O performance. In particular, a quantitative comparison of network performance on a 1GbE network shows that with large-enough messages direct device access throughput is statistically indistinguishable from native, albeit with CPU utilization that is slightly higher.

Syndicated 2008-11-24 18:35:51 from Muli Ben-Yehuda

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!