From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: documentation@lists.ipfire.org Subject: Re: AW: Xen Documentation Date: Fri, 20 Feb 2015 16:50:47 +0100 Message-ID: <1424447447.17826.238.camel@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7593778094683641312==" List-Id: --===============7593778094683641312== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Markus, your emails are rejected by the list because you are sending them from a different email address you are not subscribed with. It sent you an invitation for the other email address. On Fri, 2015-02-20 at 09:17 +0100, Markus Helmke wrote: > Michel, i'm right with you. I've still some Ubuntu PV working, but > everything else I transverred to HVM and I can not mention that this > isn't felt slower than PV. On plus - Its easyer to handle things like > pci-passthrough. And on top there are spezial drivers, for example for > Windows they can be downloaded from Univention, which speeds up > Network- and Disk-Performance There are still some Benchmarks where pv > is working faster. =20 Great that you can deliver some facts to my assumptions. The only downside I forgot to mention is that you will need a CPU that supports virtualization. I guess that nowadays nobody is using a processor that doesn't support that because they are slow and consume too much energy. -Michael >=20 >=20 >=20 >=20 >=20 >=20 > Viele Gr=C3=BC=C3=9Fe, >=20 > Markus Helmke >=20 > Mail: markus(a)helmke.at >=20 > =20 >=20 > -----Urspr=C3=BCngliche Nachricht----- > > Von:Michael Tremer > > Gesendet: Fre 20 Februar 2015 02:05 > > An: R. W. Rodolico > > CC: documentation(a)lists.ipfire.org >> Wiki Mailingliste > > Betreff: Re: Xen Documentation > >=20 > > Hi, > >=20 > > On Tue, 2015-02-17 at 16:48 -0600, R. W. Rodolico wrote: > > > FYI, a brief (and hopefully accurate) reply to your questions. > > >=20 > > > paravirtualization (PV) uses the kernel from the underlying DOM0 (the OS > > > running on the bare machine, which runs everything else). > > >=20 > > > Hardware virtualization (HVM) is completely divorced from the underlying > > > operating system. Instead, it uses its own kernel and some fake hardware > > > exported by the underlying system. > > >=20 > > > PV's are much faster since one kernel controls everything. The kernel is > > > able to direct resource usage without any intermediate layer. However, > > > you must keep the virtual and the underlying system in sync. One thing I > > > remember is every time you upgrade the kernel on the DOM0, you must copy > > > the new lib's to every virtual. Obviously, you can not run non-Linux > > > systems on a PV. To move a PV from one DOM0 to another, the kernel's and > > > libraries must match, or you need to copy the libraries to the virtual > > > before running it. > > >=20 > > > HVM's have a layer between them and the underlying kernel. I think that > > > is QEMU, but I don't remember. Since it has to go through a second > > > translation layer, it uses more resources. However, you can have a 2.4 > > > kernel on the DOM0, and be running the latest kernel on the virtual, or > > > even Windows, BSD or OSX. HVM's can be moved between DOM0's with little > > > or no modification (generally a small line in the config file). > >=20 > > All the hypervisors we have base on QEMU. VMware put it in their kernel. > > VirtualBox is still using userspace but have added lots of graphics > > features. The Xen project put it in a micro kernel. Of course lots of > > development has been put in all of these projects and therefore they > > diverged a lot. > >=20 > > > For IPFire, I prefer HVM's because you have spent so much time making > > > sure the kernel and libraries are secure. Thus, even on an older DOM0, I > > > can have a very secure firewall/router. However, some things such as > > > automated shutdown of the IPFire instance are not available since IPFire > > > does not include the HVM device drivers (they use a generic device > > > driver when IPFire is installed). That can cause a problem during server > > > shutdown, since the backup is to "destroy" the virtual, ie pull the plu= g. > >=20 > > I think that we should have a short mentioning that the HVM version is > > the preferred one then. It is actually not that much slower any more. > > CPUs do everything in regards of their jobs. Some devices needs to be > > emulated which causes a bit more overhead yes. In perspective though > > IPFire does not read or write a lot of data from/to disk so that there > > will never be a bottleneck on that end. The virtual network drivers have > > also a negligible overhead. > >=20 > > The PV approach comes with way more difficulties and I guess that HVM is > > most used any way. > >=20 > > > As far as I know, tying a physical piece of hardware to a single DOMU is > > > still supported, though I have not used that since 3.x, > > > http://wiki.xenproject.org/wiki/XenPCIpassthrough indicates it is still > > > available. > >=20 > > Maybe someone else can contribute this later. > >=20 > > >=20 > > > Rod > > >=20 > > > On 02/17/2015 10:05 AM, Michael Tremer wrote: > > > > Hi, > > > >=20 > > > > if I may send you a little wishlist: > > > >=20 > > > > There are many many guides about how to set up a Xen server with Debi= an. > > > > I am not sure about the state of all of them. Some of them are based = on > > > > outdated versions of Debian. I suppose it is best to merge them all > > > > together and delete the rest. > > > >=20 > > > > http://wiki.ipfire.org/start?do=3Dsearch&id=3Dxen > > > >=20 > > > > Maybe it is a good idea to start a little virtualisation section > > > > (http://wiki.ipfire.org/en/virtualization/start) with subsections for > > > > Xen (http://wiki.ipfire.org/en/virtualization/xen/start), KVM and all > > > > the rest. > > > >=20 > > > > Explaining an installation of the IPFire system from scratch should n= ot > > > > be necessary but the differences to using Xen should be pointed out > > > > somewhere. > > > >=20 > > > > I personally am always confused about the HVM and PV thing. What shou= ld > > > > people use? What are the advantages/disadvantages? > > > >=20 > > > > There was also this: > > > >=20 > > > > http://planet.ipfire.org/post/dropping-support-for-xen-3-x-deprecatio= n-warning > > > > http://planet.ipfire.org/post/bye-bye-xen-legacy-kernel > > > >=20 > > > > Many people use the feature where you can hand over the physical > > > > hardware to the guest machine. Does this actually still work? What are > > > > the benefits of that? > > > >=20 > > > > All this information should be out there somewhere in the wiki. Putti= ng > > > > it all together in a nice section with small pages which are easy to > > > > find would be really great :) > > > >=20 > > > > -Michael > > > >=20 > > > > On Tue, 2015-02-17 at 03:10 -0600, R. W. Rodolico wrote: > > > >> David, > > > >> > > > >> It would be great if you could get some notes on this. Even if they = are > > > >> rough, it would be better than nothing. Having never messed with KVM > > > >> (I'm Debian/Xen for the most part), I really don't know much about i= t, > > > >> though I do engage in "religious wars" over KVM vs Xen vs Virtual Box > > > >> with from friends/associates of mine. > > > >> > > > >> Anyway, if you had some brief notes, it would be great to include th= em. > > > >> > > > >> Rod > > > >> > > > >> On 02/16/2015 11:07 PM, David J. Allen wrote: > > > >>> On 02/16/2015 08:11 PM, R. W. Rodolico wrote: > > > >>>> I am in the process of creating documentation for a Xen virtual IP= Fire > > > >>>> install. If anyone else is doing it also, please let me know so we= can > > > >>>> collaborate. I'm hopeful to have it complete Friday 20 Feb. > > > >>>> > > > >>>> I am trying an install using the scon image. Assuming that works, = should > > > >>>> I also write documentation on how to do it from a standard "instal= ler" > > > >>>> installation? > > > >>>> > > > >>>> Again, if anyone else is doing this, please let me know so we do n= ot > > > >>>> duplicate efforts. > > > >>>> > > > >>>> Rod > > > >>> > > > >>> I am not writing docs on doing so* but I have been running Ipfire i= n a > > > >>> VM under KVM on Scientific Linux 6.x for a couple of years now. I t= hink > > > >>> setting up Ipfire was easier than getting the KVM set up right. > > > >>> > > > >>> The VM host box has 2 onboard NICs, but I'm using a dual-NIC card i= n the > > > >>> box which is dedicated to the Ipfire VM. The tricky part was figuri= ng > > > >>> out how to give Ipfire exclusive access to the WAN NIC without it b= eing > > > >>> accessible to the KVM host and the other VM guests. > > > >>> > > > >>> > > > >>> * Although I should do it at least for myself - had to redo my > > > >>> installation a while back after moving and had left no notes for my= self. > > > >>> Which of course resulted in re-inventing my own wheel! ;) > > > >>> > > > >>> > > > >>> _______________________________________________ > > > >>> Documentation mailing list > > > >>> Documentation(a)lists.ipfire.org > > > >>> http://lists.ipfire.org/mailman/listinfo/documentation > > > >> > > >=20 > > _______________________________________________ > > Documentation mailing list > > Documentation(a)lists.ipfire.org > > http://lists.ipfire.org/mailman/listinfo/documentation > >=20 --===============7593778094683641312== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUFC Q2dBR0JRSlU1MWZYQUFvSkVJQjU4UDl2a0FrSDhOQVAvaVkxc3BKMW81RGhQcVhZT1ErUzZoNG0K aWNlVjRNTmxMZVdJaFl5YjVKOWJnSit4cUpJRlp4Y0dqWDczVVE2SnV4dm9SZy9CbW4wRFVTbWlL RzYvVENQKwpXTjN5OExnaWZsQytQY0ozV2lPUldwVXdiRk9BdUlPVWhwWTZsRTFlRnZ1eGZNc2Z6 bU9RTWt5UDVLb0tRYnpvCjBTZ0UrTWd5YU5PL0RneStwak5NMDREWjdSTjRmS0xmZyttQVd6YzFB cXhlRUdRU1BjblB6NmtwVHVmbWd5NTIKMFlRVjNYZ1VZRHZLZG80dE0xVUEvNkhMT2tKekppa1lZ ODZFclZtRVdiQy9vaUJrNGtXZjNJeU5ZU2dOQmpWLwpTZkt1c1F6Z1RJY0Y2SlNMNVVNMmdWdERR MUtib2pWS3BtS2x6S0hJNE5mUE5BVHdTQzJoWlJBZlpzOG5CZkZtCkx6dkhacW55eTFMTzI3U2U1 eVdEdUV0M1VDOE41aGhCdDEzM2JNVlNreW53NXNPNGZDaFh4L1ZNWCtkR0wvVnIKa0NBVFlVcFBM Z1hycVJWWjZ0Z3hEWHI0VTVONDF1d0hGNHdKNi94dzIyZGdKVWxaelhEeFdKZ0g0VWN4Um56eApX V09hRGpsTGVCdU91NUoxMHp6MkpWcjhIU2twT2JBMnRkWjRGNVF3V0NQTEk3VlpFdU5DaGJ2VjF1 WHIxUk5WCjZ4NXJpOGVKM0txU0NyODQxb2xmRzM1WlpYWlZSQXByY3JNN3hlVlE2Nk84eUxWM3lv N0k0dzJucHhLMW51SnYKOFBGVjZxamlrM2hsYzNVT2ZSVzdhamNDZEdHVE9ldVNXVURPQ3ozT09F Tk1EVDM5ZXFVSndGU1czc0RPSk4wMQpSamRDekxhVHR1MlZaQlNuWEhzVQo9Q1BnSQotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============7593778094683641312==--