Re: Kernel based virtual machine

[Jean-Yves Migeon <jeanyves.migeon%free.fr@localhost>]

Le 14/10/12 21:42, Lukas Laukamp a écrit :
> I don't know if I think right, but I would say that the most work is
> already done with the QEmu Port, so just the KVM core component kernel
> modules must be ported. So I don't know how much the APIs, driver
> structures etc. distinguish from Linux and NetBSD but I would say it
> would be possible.
>
> Also this would be a great step for NetBSD I think because then there
> are Xen, QEmu and KVM are supported so there is paravirtualization, full
> virtualization and emulation supported.

I don't think that having multiple OS-level virtualization technologies 
available is a good point. You scatter ressources that can help 
tremendously elsewhere.

And you forgot the biggest contender out there: VMWare.

> That there is no KVM port for NetBSD is for me the only point which
> prevents me to switch completely to NetBSD. I see also big potential in
> the Solaris derivats but the BSDs are the best and I wan't to get away
> from the very chaotic, "unstable" and very differing linux world.
>
> PS: Sorry for my bad english

KVM and Xen are not that far away, at least in terms of functionality. 
Please remember that KVM turns a Linux/Solaris into an hypervisor, while 
with Xen it is a separate component. Other than that they have similar 
offerings.

The biggest advantage KVM has over Xen is its tight integration with the 
Linux kernel, so it makes its installation and use easier than with Xen 
("just load a module"). That's a sad tendency in the Linux world though: 
lots of technologies have to be merged in the kernel to be successful, 
which tends to bloat the kernel even more.

Although this argument has been mentioned countless times by 
KVM-defenders, you have other technologies that are way closer to Xen in 
concept than KVM, and that are also very successful: VMWare.

IMHO porting the whole "turn the kernel into an hypervisor" in NetBSD 
will not really bring anything useful:

- NetBSD already runs a dom0 Xen; ease of use does not depends on a 
choice of technology, more on a matter of tight integration of tools and 
what they can offer to you. See VMWare. They were talks to turn Xen into 
a loadable module, but I lost track of it.

- KVM is fairly close to Linux kernel, and so are its internals. Unless 
you can dedicate man power to track and maintain these (like SmartOS), 
you have one more component that is bitroting on a daily basis. There is 
an attempt to do that though: BHyve.

- from a system and security standpoint, I believe that the hypervisor 
should be the only privileged component on the system. The current 
"state of the art" adds the whole dom0 to the TCB, making this point 
moot. But you can design an OS where dom0 is kept to a minimum (Qubes).

--
Jean-Yves Migeon
jeanyves.migeon%free.fr@localhost