Total Pageviews

Tuesday, September 6, 2011

KVM on Illumos

Illumos for those who don't know is the community fork of opensolaris.  Openindiana is a robust operating system distribution based on illumos.   Now, that we've got the introductions out of the way what's the deal with KVM?

Engineers at Joyent have added what appears to be one of the most significant additions to the opensolaris platform since the fork - a significant effort, the porting of the Linux KVM capability to the illumos kernel.

It's a great achievement, but it's not a complete port at the moment.  The focus is currently only on systems with VT-x extensions, AMD SVM isn't on the current roadmap, but during the port no design choices were made that excludes that possibility.   From a performance perspective, the port is on par with Linux KVM with some of the simpler, more abstract benchmarks.  No formal testing, such as SpecVirt has been performed as yet to get a more realistic understanding of the performance.

Notably, and deliberately, there is no guest memory overcommit, no KSM providing memory de-duplication and no nested virtualistion.  The latter being a feature I really enjoy in my test lab.

It's not all about features being missing though, the Illumos KVM port has added CPU performance counter virtualisation and implements all KVM timers using the cyclic subsystem.    Of course, Illumos has ZFS as the underlying operating system and for a hypervisor platform there are some great features in ZFS.  

From a security perspective, the QEMU guest is run inside a local zone, this gives further isolation of the guest from the underlying system as well as providing resource management, i/o throttling, billing and instrumentation hooks etc.   This is a nice approach.  Linux tackles this in a different way with selinux and cgroups for example.   Further exploitation of the container capability occurs with network virtualisation where a vnic is created for each KVM guest which inherits the vnic capability from the container - anti-spoofing, resource management.  Further enhancements were made in the area of kernel stats and of course DTRACE.

This is a great addition to the KVM community, it's a different approach and i'm certain the injection of any fresh ideas and concepts is only going to enrich KVM capability.