kernel level virtualisation requirements.

Julian Elischer julian at elischer.org
Mon Oct 15 17:09:29 PDT 2007 

Ade Lovett wrote:


> 
> On Oct 13, 2007, at 00:53 , Julian Elischer wrote:
>> Generally, you can run several hundred (or more) virtual jail/vimage 
>> style machines. xen/vmware uses so much more resources that you are 
>> usually limited to
>> so number like 20. it is possible in a virtual networking setup to 
>> have a single process
>> spanning several virtual environments (for example one process with a 
>> socket in each of the child universes).
>> It is a valid question, but there is I think a place for both types of
>> partitioning.

> I'll take anything that can *reliably* allow me to run RELENG_5,6,7 (and 
> possibly HEAD) on the same (reasonably) beefy machine. Bonus points for 
> being able to do /i386 on /amd64 (or vice versa).
> 
> Right now, the only solution that comes even close to doing this is 
> vmware on Windows XP. Bleh.

ok, but that 's full virtualisation.

There are many levels of virtualisation.



I'm cribbing this description from: 

http://lass.cs.umass.edu/~shenoy/courses/spring07/lectures/Lec05.pdf

as it's as good a description as I've seen..



. Machine Emulation
 – VM emulates/simulates complete hardware
 – Unmodified guest OS for a different PC can be run
  + Bochs, VirtualPC for Mac, QEMU



• Full/native Virtualization
 – VM simulates “enough” hardware to allow an unmodified guest OS to be run in isolation
  + Needs same hardware CPU
  + IBM VM family, VMWare Workstation, Parallels,…



• Para-virtualization
 – VM does not simulate hardware
 – Use special API that a modified guest OS must use
 – Hypercalls trapped by the Hypervisor and serviced
  + Xen, VMWare ESX Server



• OS-level virtualization
 – OS allows multiple secure virtual servers to be run
 – Guest OS is the same as the host OS, but appears isolated
  + apps see an isolated OS
  + Solaris Containers, BSD Jails, Linux Vserver



• Application level virtualization
 – Application is gives its own copy of components that are not shared
  + (E.g., own registry files, global objects) - VE prevents conflicts
  + JVM



Each of these has advantages and disadvantages.
The one I'm particularly interested in is the kind of which "jails" is a member.
It's the one that requires us to make architectural changes to our kernel the most,
but it is also the one that can be the most efficient. It does NOT however allow
running of different OS's (other than possibly allowing one to have a virtual system
that runs a userland we can emulate, e.g. some Linux an dearlier versions of FreeBSD.

More information about the freebsd-arch mailing list