WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] RHEL xen vs kvm

To: Dustin.Henning@xxxxxxxxxxx
Subject: Re: [Xen-users] RHEL xen vs kvm
From: Grant McWilliams <grantmasterflash@xxxxxxxxx>
Date: Thu, 22 Apr 2010 08:25:16 -0700
Cc: Arpan Jindal <jindalarpan@xxxxxxxxx>, Jeff Sturm <jeff.sturm@xxxxxxxxxx>, Xen List <xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 22 Apr 2010 08:27:03 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:received:message-id:subject:to:cc:content-type; bh=fVwxYVRrRkl/6XNa1m+G/Llg4sGZ8gXxyN0xQdHagac=; b=L0cCcEc9dBJT5p2KMW/XtVUNt2PMoFXPfs19rA+q+k+GxQf8W8t6k51bNlI3A76+Ca V/o9+a5cL99tqnlZU6skQE5hi1K3DzfbwMlF/ayEcAzBnVNEki15QPcXBDHont8X0CHu NgW/hXpfWy+MTtx+ZjEXm1IfH0sY+YDXtU1aE=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=RhSYo0t7k7HnNgvWIE8Mo12LkGtqm6xw0qO0EvsfVQCTKTVwVA5R1hbK7cP2lk3IE2 I2ik6AAFvI551Wjpfr4P6SHBIH6lX2Ztyv1vyh+CcWK97YTY5fDQbdFMkzZrn4SP3DHb Qyrk9tuKTpPEuDoV/D+OGk0HkaOYfb3la2g+k=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <-6468568757725837269@unknownmsgid>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <z2mb2d4ab9d1004211020j3c723a96t30d8617f31390eb@xxxxxxxxxxxxxx> <64D0546C5EBBD147B75DE133D798665F055D9071@xxxxxxxxxxxxxxxxx> <v2oed123fa31004212342ldb7032acob01c537bb415f525@xxxxxxxxxxxxxx> <-6468568757725837269@unknownmsgid>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx




On Thu, Apr 22, 2010 at 6:22 AM, Dustin Henning <Dustin.Henning@xxxxxxxxxxx> wrote:

The other mode with Xen is HVM which is full virtualization and is necessary to virtualize Windows. KVM does a better job of this then Xen and is faster for full virt. However KVM isn't as fast as Xen PV even with KVM PV drivers. It


It might look like I lean toward KVM from this list but I still prefer Xen in most cases because of category 2.

Grant McWilliams

 

I don’t spend the majority of my time messing with this, but I do follow the list, and I can share my thoughts and experience.  My thoughts are that yes, a hypervisor should be better, it is compact and shouldn’t have as many potential security flaws, so shouldn’t need upgraded as often.  Simple or not, each upgrade brings potential new problems, so stick with a stable hypervisor unless you need to fix a security issue, are seeking new features, or are squashing a bug. 

Agreed. 

 I was able to get better performance in Windows out of Xen using the GPLPV drivers, and unless additional drivers have been developed for KVM in the past few years, I don’t see how fully virtualized KVM machines could be faster than Xen HVM machines using PV drivers.

KVM uses PV drivers as well in addition to taking advantage of newer versions of qemu then Xen. Xen always seems to merge qemu slower. Xen also has other architecture problems in that data has to travel from DomU to the hypervisor to Dom0 to pass through the drivers and then out. With KVM each guest acts like an application running and has more direct access to hardware. I see a fairly large DomU to DomU network performance hit too but only in one direction in Xen. I don't think we've ever really tracked that down.

However, KVM uses virtio which has a performance hit over the Xen rebased kernel. Xen will inherit this performance hit though when we move to the pvops kernal. At that point the optimizations done to virtio will effect both hypervisors. It's not known how big this hit is quite yet but Intel was throwing around 5% numbers.

One thing that hasn't been addressed though is security. Xen is the most secure Virtualization platform out there. There are still vulnerabilities but it's in the lead for security. In order to get KVM to be anywhere near as secure you will need to rely heavily on SELinux.
I think in the coming two years none of this will matter and we'll be focusing on how you manage VMs, this change is already happening in the industry as Citrix is supporting XenServer and HyperV with their software.
 

Dustin




Grant McWilliams


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
<Prev in Thread] Current Thread [Next in Thread>