XEN or KVM - performance/stability/security?
 

On Mon, Apr 23, 2012 at 11:11 PM, aurfalien <aurfalien@gmail.com> wrote:
> As for stock kernels, you mean HVMs right?
>
> I was speaking more about PVMs which is faster and more flexible then HVMs.

No, with pygrub you can run a stock kernel on a PVM domU:
http://wiki.xensource.com/xenwiki/PyGrub


> I never had any issues with Xen other then VGA and USB pass through.
>
> But Xen ran well for me.
>
> As for convenience, I'm into KVM now, very cool features with pass throughs, graphics etc...

USB pass through has worked fine for me under Xen. Never had the need
for graphics for my servers. For desktops I've been happy with
Parallels and VirtualBox.

But from comments it sounds like KVM is maturing and I should perhaps
give it a try.


Regards,
Peter
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

XEN or KVM - performance/stability/security?
 

On 04/23/2012 10:11 PM, aurfalien wrote:
> On Apr 23, 2012, at 4:01 PM, Peter Peltonen wrote:
>
>> Hi,
>>
>> On Mon, Apr 23, 2012 at 10:54 PM, aurfalien <aurfalien@gmail.com> wrote:
>>>
>>> I also prefer KVM over Xen, mainly I don;t have to do anything special when maintaining the env.
>>>
>>> But I haven't notice an improvement over Xen.
>>>
>>> I really like the fact that the guest OS has a stock kernel, etc..
>>
>> I do not quite see how Xen requires one to do something special for
>> maintenance?
>
> Regarding Centos 6 there are some extra things to install.
>
> Even when I deviated from the included version of Xen in 5, I had to pay special attention.
>
> As for stock kernels, you mean HVMs right?
>
> I was speaking more about PVMs which is faster and more flexible then HVMs.
>

The PVM/HVM distinction isn't really that relevant any more on modern
hardware and modern hypervisors since most of the overhead is eliminated
with hardware features (Nested Page Tables, etc.) and special guest drivers.

Regards,
Dennis
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

XEN or KVM - performance/stability/security?
 

On 04/23/12 5:12 PM, Dennis Jacobfeuerborn wrote:
> The PVM/HVM distinction isn't really that relevant any more on modern
> hardware and modern hypervisors since most of the overhead is eliminated
> with hardware features (Nested Page Tables, etc.) and special guest drivers.

"special guest drivers" is pretty much what paravirtualization is about.



--
john r pierce N 37, W 122
santa cruz ca mid-left coast

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

XEN or KVM - performance/stability/security?
 

On 04/24/2012 03:08 AM, John R Pierce wrote:
> On 04/23/12 5:12 PM, Dennis Jacobfeuerborn wrote:
>> The PVM/HVM distinction isn't really that relevant any more on modern
>> hardware and modern hypervisors since most of the overhead is eliminated
>> with hardware features (Nested Page Tables, etc.) and special guest drivers.
>
> "special guest drivers" is pretty much what paravirtualization is about.

Exactly, but only since CPU got hardware extensions for virtualization.
Before that the CPU could also be paravirtualized and that made a
significant difference in performance.

With that advantage gone though the old distinction between a "PVM guest"
and "HVM guest" doesn't really matter that much any more (virt-manager asks
you which of the two you want to install for example). Now you only have a
"guest" that may or may not run certain paravirtualized drivers.

Regards,
Dennis
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

XEN or KVM - performance/stability/security?
 

On 04/23/2012 06:44 PM, Peter Peltonen wrote:
>> I would add some LXC pins for quick ehanced chroot, depending on the use
>> case
> LXC sounds interesting: are there any yum repositries / RPMs /
> tutorials for CentOS available?

You dont need rpms: the libvirt directly use the LXC API.
A tutorial: http://goo.gl/kQOxm

All you need is to
- setup the XML
- define a VM from it
- start the VM

No more, for the "basic" example.
Really fun.
Of course, when you need a custom environment, you'll need to read
further: but it's still fun :-)


--
RMA.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

XEN or KVM - performance/stability/security?
 

On 04/24/2012 11:58 AM, Mihamina Rakotomandimby wrote:
> On 04/23/2012 06:44 PM, Peter Peltonen wrote:
>>> I would add some LXC pins for quick ehanced chroot, depending on the use
>>> case
>> LXC sounds interesting: are there any yum repositries / RPMs /
>> tutorials for CentOS available?
>
> You dont need rpms: the libvirt directly use the LXC API.
> A tutorial: http://goo.gl/kQOxm
>
> All you need is to
> - setup the XML
> - define a VM from it
> - start the VM
>
> No more, for the "basic" example.
> Really fun.
> Of course, when you need a custom environment, you'll need to read
> further: but it's still fun :-)

Remember that currently LXC isn't very secure (as mentioned in the tutorial
link) so you probably don't want to use it for important stuff in a
production environment.


Regards,
Dennis
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

XEN or KVM - performance/stability/security?
 

On 04/24/2012 10:58 AM, Mihamina Rakotomandimby wrote:
>> LXC sounds interesting: are there any yum repositries / RPMs /
>> tutorials for CentOS available?
>
> You dont need rpms: the libvirt directly use the LXC API.
> A tutorial: http://goo.gl/kQOxm
>

there are some limitations with libvirt/lxc at the moment - eg. needing
to build the root images outside of libvirt.

--
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
ICQ: 2522219 | Yahoo IM: z00dax | Gtalk: z00dax
GnuPG Key : http://www.karan.org/publickey.asc
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

XEN or KVM - performance/stability/security?
 

On Mon, Apr 23, 2012 at 01:02:03PM -0400, Steve Thompson wrote:
> On Mon, 23 Apr 2012, Peter Peltonen wrote:
>
> > I've been quite happy with Xen under CentOS5. For CentOS6 the
> > situation is a bit more problematic, as RH switched to KVM and left
> > Xen behind.
>
> I used Xen for about four or five years before switching to KVM. I like
> KVM better in every way, and for my fork-heavy workloads, the performance
> is a lot better than Xen. It is also much easier to use and is in my
> experience more stable.
>

with "fork performance" I assume you're comparing Xen PV to KVM ?

Yes, PV has disadvantage (per design) for that workload, since the hypervisor
needs to check and verify each new process page table, and that has some performance hit.

For good "fork performance" you can use Xen HVM VMs, which will perform well for that workload,
and won't have the mentioned performance hit.

And of course with Xen HVM VMs you should use the Xen PVHVM drivers so the disk/net
IO paths are optimized and bypassing all the emulation.

CentOS5 and CentOS6 do have Xen PVHVM drivers.

-- Pasi

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

XEN or KVM - performance/stability/security?
 

On Mon, Apr 23, 2012 at 11:01:12PM +0300, Peter Peltonen wrote:
> Hi,
>
> On Mon, Apr 23, 2012 at 10:54 PM, aurfalien <aurfalien@gmail.com> wrote:
> >
> > I also prefer KVM over Xen, mainly I don;t have to do anything special when maintaining the env.
> >
> > But I haven't notice an improvement over Xen.
> >
> > I really like the fact that the guest OS has a stock kernel, etc..
>
> I do not quite see how Xen requires one to do something special for
> maintenance? With pygrub you can use the stock kernel with your Xen
> domUs just fine. I have not seen any issues with stability either, but
> then again I am running mostly just web and mail servers without
> really high traffic.
>
> But if KVM would offer improvements for performance over Xen, I should
> perhaps try it out, as sometimes when doing backups and other things
> that require a lot of disk I/O a better performance could be wished
> for...
>

Disk performance is usually mainly limited by the number of physical disk spindles,
and the raid level, and not so much about virtualization.

Anyway some Xen PV vs. Xen PVHVM vs. KVM benchmarks from XenSummit 2011:
http://xen.org/files/xensummit_santaclara11/aug3/6_StefanoS_PVHVM.pdf

-- Pasi

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

XEN or KVM - performance/stability/security?
 

A late reply, but hopefully a useful set of feedback for the archives:

On 04/20/2012 05:59 AM, Rafał Radecki wrote:
> Key factors from my opint of view are:
> - stability (which one runs more smoothly on CentOS?)

I found that xenconsoled could frequently crash in Xen dom0, and that
guests would be unable to reboot until it was fixed. I also found that
paravirt CentOS domUs would not boot if they were updated before the
dom0. In short, Xen paravirt was very fragile and troublesome. I never
tested Xen with hardware virtualization.

I have had no such problems with KVM. In my experience KVM is much more
stable than Xen paravirtualization. Xen HVM probably would suffer at
least some of the same problems.

> - performance (XEN PV/HVM(with or without pv drivers) vs KVM HVM(with or
> without pv drivers))

PV drivers will make some difference, but the biggest performance
difference you'll see is probably the difference between file-backed VMs
and LVM-backed VMs. File-backed VMs are extremely slow. Whichever
system you choose, use LVMs as the backing for your guests.

> - security

There have been bugs that allow guests to escalate privileges and access
host resources, but they're relatively few. I don't think there's a
significant difference between the two in this area.

Overall I advise the use of KVM. It should be more stable, and has the
advantage of Red Hat support.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos