version 1.147, 2018/07/26 10:47:25
|
version 1.151, 2018/07/26 11:16:22
|
Line 6 Introduction
|
Line 6 Introduction
|
[![[Xen |
[![[Xen |
screenshot]](https://www.netbsd.org/gallery/in-Action/hubertf-xens.png)](https://www.netbsd.org/gallery/in-Action/hubertf-xen.png) |
screenshot]](https://www.netbsd.org/gallery/in-Action/hubertf-xens.png)](https://www.netbsd.org/gallery/in-Action/hubertf-xen.png) |
|
|
Xen is a hypervisor (or virtual machine monitor) for x86 hardware |
Xen is a hypervisor for x86 hardware, which supports running multiple guest |
(i686-class or higher), which supports running multiple guest |
|
operating systems on a single physical machine. Xen is a Type 1 or |
operating systems on a single physical machine. Xen is a Type 1 or |
bare-metal hypervisor; one uses the Xen kernel to control the CPU, |
bare-metal hypervisor; one uses the Xen kernel to control the CPU, |
memory and console, a dom0 operating system which mediates access to |
memory and console, a dom0 operating system which mediates access to |
other hardware (e.g., disks, network, USB), and one or more domU |
other hardware (e.g., disks, network, USB), and one or more domU |
operating systems which operate in an unprivileged virtualized |
operating systems which operate in an unprivileged virtualized |
environment. IO requests from the domU systems are forwarded by the |
environment. IO requests from the domU systems are forwarded by the |
hypervisor (Xen) to the dom0 to be fulfilled. |
Xen hypervisor to the dom0 to be fulfilled. |
|
|
|
Xen supports different styles of guest: |
|
|
|
[[!table data=""" |
|
Style of guest |Supported by NetBSD |
|
PV |Yes (dom0, domU) |
|
HVM |Yes (domU) |
|
PVHVM |No |
|
PVH |No |
|
"""]] |
|
|
|
In Para-Virtualized (PV) mode, the guest OS does not attempt to access |
|
hardware directly, but instead makes hypercalls to the hypervisor; PV |
|
guests must be specifically coded for Xen. In HVM mode, no guest |
|
modification is required; however, hardware support is required, such |
|
as VT-x on Intel CPUs and SVM on AMD CPUs. |
|
|
Xen supports two styles of guests. The original is Para-Virtualized |
|
(PV) which means that the guest OS does not attempt to access hardware |
|
directly, but instead makes hypercalls to the hypervisor. This is |
|
analogous to a user-space program making system calls. (The dom0 |
|
operating system uses PV calls for some functions, such as updating |
|
memory mapping page tables, but has direct hardware access for disk |
|
and network.) PV guests must be specifically coded for Xen. |
|
|
|
The more recent style is HVM, which means that the guest does not have |
|
code for Xen and need not be aware that it is running under Xen. |
|
Attempts to access hardware registers are trapped and emulated. This |
|
style is less efficient but can run unmodified guests. |
|
|
|
Generally any machine that runs NetBSD/amd64 will work with Xen and PV |
|
guests. In theory i386 computers (without x86_64/amd64 support) can |
|
be used for Xen <= 4.2, but we have no recent reports of this working |
|
(this is a hint). For HVM guests, hardware support is needed, but it |
|
is common on recent machines. For Intel CPUs, one needs the VT-x |
|
extension, shown in "cpuctl identify 0" as VMX. For AMD CPUs, one |
|
needs the AMD-V extensions, shown in "cpuctl identify 0" as SVM. |
|
There are further features for IOMMU virtualization, Intel's VT-d and |
There are further features for IOMMU virtualization, Intel's VT-d and |
AMD's AMD-Vi. TODO: Explain whether Xen on NetBSD makes use of these |
AMD's AMD-Vi. TODO: Explain whether Xen on NetBSD makes use of these |
features. TODO: Review by someone who really understands this. |
features. TODO: Review by someone who really understands this. |
|
|
Note that a FreeBSD dom0 requires VT-x and VT-d (or equivalent); this |
|
is because the FreeBSD dom0 does not run in PV mode. |
|
|
|
At boot, the dom0 kernel is loaded as a module with Xen as the kernel. |
At boot, the dom0 kernel is loaded as a module with Xen as the kernel. |
The dom0 can start one or more domUs. (Booting is explained in detail |
The dom0 can start one or more domUs. (Booting is explained in detail |
in the dom0 section.) |
in the dom0 section.) |
|
|
NetBSD supports Xen in that it can serve as dom0, be used as a domU, |
|
and that Xen kernels and tools are available in pkgsrc. This HOWTO |
|
attempts to address both the case of running a NetBSD dom0 on hardware |
|
and running domUs under it (NetBSD and other), and also running NetBSD |
|
as a domU in a VPS. |
|
|
|
Xen 3.1 in pkgsrc used to support "PCI passthrough", which means that |
|
specific PCI devices can be made available to a specific domU instead |
|
of the dom0. This can be useful to let a domU run X11, or access some |
|
network interface or other peripheral. |
|
|
|
NetBSD 6 and earlier supported Xen 2; support was removed from NetBSD |
|
7. Xen 2 has been removed from pkgsrc. |
|
|
|
Prerequisites |
|
------------- |
|
|
|
Installing NetBSD/Xen is not extremely difficult, but it is more |
|
complex than a normal installation of NetBSD. |
|
In general, this HOWTO is occasionally overly restrictive about how |
|
things must be done, guiding the reader to stay on the established |
|
path when there are no known good reasons to stray. |
|
|
|
This HOWTO presumes a basic familiarity with the Xen system |
This HOWTO presumes a basic familiarity with the Xen system |
architecture, with installing NetBSD on i386/amd64 hardware, and with |
architecture, with installing NetBSD on i386/amd64 hardware, and with |
installing software from pkgsrc. See also the [Xen |
installing software from pkgsrc. See also the [Xen |
website](http://www.xenproject.org/). |
website](http://www.xenproject.org/). |
|
|
|
This HOWTO attempts to address both the case of running a NetBSD dom0 |
|
on hardware and running domUs under it (NetBSD and other), and also |
|
running NetBSD as a domU in a VPS. |
|
|
Versions of Xen and NetBSD |
Versions of Xen and NetBSD |
========================== |
========================== |
|
|
Line 84 which version to choose. Versions not i
|
Line 57 which version to choose. Versions not i
|
versions of NetBSD are intentionally ignored. |
versions of NetBSD are intentionally ignored. |
|
|
The term "amd64" is used to refer to both the NetBSD port and to the |
The term "amd64" is used to refer to both the NetBSD port and to the |
hardware architecture on which it runs. (Such hardware is made by |
hardware architecture on which it runs. Such hardware is generally |
both Intel and AMD, and in 2016 a normal PC has this CPU |
made by both Intel and AMD, and common on PC computers. |
architecture.) |
|
|
|
Xen versions |
Xen versions |
------------ |
------------ |
Line 157 Architecture
|
Line 129 Architecture
|
------------ |
------------ |
|
|
Xen itself can run on i386 (Xen < 4.2) or amd64 hardware (all Xen |
Xen itself can run on i386 (Xen < 4.2) or amd64 hardware (all Xen |
versions). (Practically, almost any computer where one would want to |
versions). Practically, almost any computer where one would want to |
run Xen today supports amd64.) |
run Xen today supports amd64. |
|
|
Xen, the dom0 system, and each domU system can be either i386 or |
Xen, the dom0 system, and each domU system can be either i386 or |
amd64. When building a xenkernel package, one obtains an i386 Xen |
amd64. When building a xenkernel package, one obtains an i386 Xen |
Line 168 be i386. With an amd64 Xen kernel, an a
|
Line 140 be i386. With an amd64 Xen kernel, an a
|
work, and an i386 dom0 kernel should in theory work. An amd64 |
work, and an i386 dom0 kernel should in theory work. An amd64 |
Xen/dom0 is known to support both i386 and amd64 domUs. |
Xen/dom0 is known to support both i386 and amd64 domUs. |
|
|
i386 dom0 and domU kernels must be PAE (except for an i386 Xen 3.1 |
i386 dom0 and domU kernels must be PAE. PAE kernels are included in |
kernel, where one can use non-PAE for dom0 and all domUs); PAE kernels |
the NetBSD default build. |
are included in the NetBSD default build. (Note that emacs (at least) |
|
fails if run on i386 with PAE when built without, and vice versa, |
|
presumably due to bugs in the undump code.) |
|
|
|
Because of the above, the standard approach is to use an amd64 Xen |
Because of the above, the standard approach is to use an amd64 Xen |
kernel and NetBSD/amd64 for the dom0. For domUs, NetBSD/i386 (with |
kernel and NetBSD/amd64 for the dom0. For domUs, NetBSD/i386 (with |
Line 194 caution that the total situation is comp
|
Line 163 caution that the total situation is comp
|
understood. On top of that caution, the post is about Linux, not |
understood. On top of that caution, the post is about Linux, not |
NetBSD. TODO: Include link to benchmarks, if someone posts them. |
NetBSD. TODO: Include link to benchmarks, if someone posts them. |
|
|
Stability |
|
--------- |
|
|
|
Mostly, NetBSD as a dom0 or domU is quite stable. However, just like every |
|
other architecture, there are some open PRs indicating problems. |
|
|
|
Note also that there are issues with sparse vnd(4) instances, but |
|
these are not about Xen -- they just are noticed with sparse vnd(4) |
|
instances in support of virtual disks in a dom0. |
|
|
|
Recommendation |
|
-------------- |
|
|
|
Therefore, this HOWTO recommends running xenkernel46, xl, the NetBSD 7 |
|
stable branch, and therefore to use an amd64 kernel as the dom0. |
|
Either the i386PAE or amd64 version of NetBSD may be used as domUs. |
|
|
|
A tentative replacement recommendation is xenkernel48, xl, and NetBSD |
|
8. |
|
|
|
Because bugs are fixed quite often, and because of Xen security |
|
advisories, it is good to stay up to date with NetBSD (tracking a |
|
stable branch), with the Xen kernel (tracking a Xen version via |
|
pkgsrc), and with the Xen tools. Specifically, NetBSD (-7 and |
|
-current) got an important fix affecting dom0/domU timesharing in |
|
November, 2015, and xentools46 got a fix to enable Ubuntu guests to |
|
boot in December, 2016. |
|
|
|
NetBSD as a dom0 |
NetBSD as a dom0 |
================ |
================ |
|
|