KVM Nested Virtualization in the works

KVM - The Linux Kernel-Based Virtual Machine

News, Blogs and Resources on the Linux (KVM) Kernel-Based Virtual Machine

Thursday, September 4, 2008 - 08:00 Haydn Solomon

Lead Maintainer of KVM development team , Avi Kivity, posted an article on his blog recently on what I think is an exciting development in KVM: nested virtualization. Up until now, nested virtualization has been a ‘nice to have’ feature of KVM (or any hypervisor I would imagine) but , as it turns out, two developers have been working behind the scenes putting together some patches for developing nested virtualization utilizing AMD svm technology. Apparently, due to the way amd implements it’s cpu extensions, it’s easier to develop nested virtualization using amd technology compared to intel. Avi notes in his blog.

Yesterday I found a nice surprise in my inbox - a post, by Alex Graf, adding support for virtualizing AMD's SVM instruction set when running KVM on AMD SVM.

What does this mean? up until now, when kvm virtualizes a processor, the guest sees a cpu that is similar to the host processor, but does not have virtualization extensions. This means that you cannot run a hypervisor that needs these virtualization extensions within a guest (you can still run hypervisors that do not rely on these extensions, such as VMware, but with lower performance). With the new patches, the virtualized cpu does include the virtualization extensions; this means the guest can run a hypervisor, including kvm, and have its own guests.

There are two uses that immediately spring to mind: debugging hypervisors and embedded hypervisors. Obviously having svm enabled in a guest means that one can debug a hypervisor in a guest, which is a lot easier that debugging on bare metal. The other use is to have a hypervisor running in the firmware at all times; up until now this meant you couldn't run another hypervisor on such a machine. With nested virtualization, you can.

The reason the post surprised me was the relative simplicity in which nested virtualization was implemented: less than a thousand lines of code. This is due to the clever design of the svm instruction set, and the ingenuity of the implementers (Alex Graf and Jörg Rödel) in exploiting the instruction set and meshing the implementation so well with the existing kvm code.

I don’t think anyone will be running a guest within a guest for any practical purposes but certainly there can be some uses on the development side as Avi noted. One use that I would be personally interested in is testing other hypervisors within KVM such as vmware, xen etc. . I’m really interested in hearing how you would use this technology?

News

Comments

You could...

Friday, September 5, 2008 - 11:26 Dan VerWeire (not verified)

If you were providing a hosting service to a customer, you could give the customer a guest virtual machine to work with which they could then partition up themselves into other guest systems. I'm sure there would be a ton to think about as far as networking and security though.

Re: Hosting nested virtualization

Friday, September 5, 2008 - 19:09 Haydn Solomon

That's an interesting idea. As long as performance is not an issue, that could be an application. With hardware computing power continuing to increase at an exponential rate, performance may not be an issue in the long run.

Practical usage

Monday, June 28, 2010 - 11:10 Josias Wolhuter (not verified)

I don't know if it counts as a practical usage but I am interested in using nested virtualization to test if virtual networking in VMs will work for DHCP and various MAC related scripts when many hypervisors are running copied VM images. In theory such a complicated setup will work but since I am prohibited from testing on the real network, running this inside a QEMU/KVM hypervisor will give me a chance to provide some results to show that my implimentation will work and to develop the scripts needed.

The end result of that should be a network where every pc runs a hypervisor and users are then able to choose from varios OS images that are copied from an image server. Scripts on the hypervisor sets the printer that is located near the PC according to the PC MAC. Why not just use multi-boot options? Because distributing VMs that "just work" rather than installations that need custom drivers in proprietry OS for each of 200 PCs which may or may not have the same hardware is much less time consuming. Also the network is not fast enough to run VMs directly from a server in a client-server model, and neither is the server capable of running 200+ VMs.

Nested Virtualization for cluster development

Thursday, October 14, 2010 - 20:53 David Egolf (not verified)

At Bull we use virtualization to test the installation of cluster reference nodes. These reference nodes are used to populate the hundreds or thousands of cluster nodes using a variant of systemimager.

In our test environment for a small cluster there is one admin node, one login/IO node, and two compute nodes. Large clusters cannot be managed by a single admin node. The administrative responsibilities are delegated to a tree of admin nodes. Our architecture happens to run the delegated administrative functions in a set of workstations each of which run virtual admin nodes.

In order to continue to support our testing with virtualization, we need to be able to build virtualized workstation nodes which, in turn, install the virtual admin nodes. Thus, we have a real need for nested virtualization.

I am currently setting up a 32 node server running Fedora 12 using KVM virtualization. This server has Nehalem processors. Unless an Intel solution arrives, we will have to move this activity to a server with AMD processors early next year.

Similar to the previous poster, we use DHCP and PXE booting between virtual guests during the install process. This traffic is routed over virtualized networks with some tweaking of the network and guest xml files. For instance, we found that life is a lot easier if all the emulated network cards are identical in order to eliminate driver race conditions during startup leading to the scrambling of interface names across boots.

kvm over qemu

Saturday, December 18, 2010 - 13:49 joel (not verified)

Nice Article. I have a query: Is it possible to run kvm on top of qemu.

Nested VM's Simulate Red Hat Training

Saturday, March 12, 2011 - 12:33 Scott (not verified)

I would love to make this happen but have not been successful in my attempts thus far. My reason for wanting this is simply to simulate/duplicate the Red Hat training environment for practicing for their exams.

The Training environment provides a RHEL6 Server setup like a Workstation and in run level 5 with a RHEL6 Server KVM already built within it that is set to run level 3.

My laptop has a 32 bit processor so I must use our 64 bit VMware environment to host my Linux Servers...and trying to create a RHEL6 Server VM on a Server that's already running on VMWare...well...how far down the rabbit hole shall we go? :-)
-Scott

Post new comment

Your name:

E-mail:

The content of this field is kept private and will not be shown publicly.

Homepage:

Subject:

Comment: *

Input format

Filtered HTML

Web page addresses and e-mail addresses turn into links automatically.
Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
Lines and paragraphs break automatically.

Full HTML

Web page addresses and e-mail addresses turn into links automatically.
Lines and paragraphs break automatically.
Pairs of<blockquote> tags will be styled as a block that indicates a quotation.
Pairs of<blockquote> tags will be styled as a block that indicates a quotation.

More information about formatting options

Word verification: * Type the characters you see in this picture.

(verify using audio)

Type the characters you see in the picture above; if you can't read them, submit the form and a new image will be generated. Not case sensitive.