Chapter 6. Virtualization

6.1. Kernel-Based Virtualization

Improved Block I/O Performance Using virtio-blk-data-plane

In Red Hat Enterprise Linux 7, the virtio-blk-data-plane I/O virtualization functionality is available as a Technology Preview. This functionality extends QEMU to perform disk I/O in a dedicated thread that is optimized for I/O performance.

PCI Bridge

QEMU previously supported only up to 32 PCI slots. Red Hat Enterprise Linux 7 features PCI Bridge as a Technology Preview. This functionality allows users to configure more than 32 PCI devices. Note that hot plugging of devices behind the bridge is not supported.

QEMU Sandboxing

Red Hat Enterprise Linux 7 features enhanced KVM virtualization security through the use of kernel system call filtering, which improves isolation between the host system and the guest.

QEMU Virtual CPU Hot Add Support

QEMU in Red Hat Enterprise Linux 7 features virtual CPU (vCPU) hot add support. Virtual CPUs (vCPUs) can be added to a running virtual machine in order to meet either the workload's demands or to maintain the Service Level Agreement (SLA) associated with the workload. Note that vCPU hot plug is only supported on virtual machines using the pc-i440fx-rhel7.0.0 machine type, the default machine type on Red Hat Enterprise Linux 7.

Multiple Queue NICs

Multiple queue virtio_net provides better scalability; each virtual CPU can have a separate transmit or receive queue and separate interrupts that it can use without influencing other virtual CPUs. Note that this feature is only supported on Linux guests.

Multiple Queue virtio_scsi

Multiple queue virtio_scsi provides better scalability; each virtual CPU can have a separate queue and interrupts that it can use without influencing other virtual CPUs. Note that this feature is only supported on Linux guests.

Page Delta Compression for Live Migration

The KVM live migration feature has been improved by compressing the guest memory pages and reducing the size of the transferred migration data. This feature allows the migration to converge faster.

Hyper-V Enlightenment in KVM

KVM has been updated with several Microsoft Hyper-V functions; for example, support for Memory Management Unit (MMU) and Virtual Interrupt Controller. Microsoft provides a para-virtualized API between the guest and the host, and by implementing parts of this functionality on the host, and exposing it according to Microsoft specifications, Microsoft Windows guests can improve their performance. Note that these functions are not enabled by default. Note that on Red Hat Enterprise Linux 7, Windows guest virtual machines are supported only under specific subscription programs, such as Advanced Mission Critical (AMC).

EOI Acceleration for High Bandwidth I/O

Red Hat Enterprise Linux 7 utilizes Intel and AMD enhancements to Advanced Programmable Interrupt Controller (APIC) to accelerate end of interrupt (EOI) processing. For older chipsets, Red Hat Enterprise Linux 7 provides para-virtualization options for EOI acceleration.

USB 3.0 Support for KVM Guests

Red Hat Enterprise Linux 7 features improved USB support by adding USB 3.0 host adapter (xHCI) emulation as a Technology Preview.

I/O Throttling for QEMU Guests

This feature provides I/O throttling, or limits, for QEMU guests' block devices. I/O throttling slows down the processing of disk I/O requests. This slows down one guest disk to reserve I/O bandwidth for other tasks on host. Note that currently it is not possible to throttle virtio-blk-data-plane devices.

Integration of Ballooning and Transparent Huge Pages

Ballooning and transparent huge pages are better integrated in Red Hat Enterprise Linux 7. Balloon pages can be moved and compacted so they can become huge pages.

Pulling System Entropy from Host

A new device, virtio-rng, can be configured for guests, which will make entropy available to guests from the host. By default, this information is sourced from the host's /dev/random file, but hardware random number generators (RNGs) available on hosts can be used as the source as well.

Bridge Zero Copy Transmit

Bridge zero-copy transmit is a performance feature to improve CPU processing of large messages. The bridge zero-copy transmit feature improves performance from guest to external traffic when using a bridge. Note that this function is disabled by default.

Live Migration Support

Live migration of a guest from a Red Hat Enterprise Linux 6.5 host to a Red Hat Enterprise Linux 7 host is supported.

Discard Support in qemu-kvm

Discard support, using the fstrim or mount -o discard command, works on a guest after adding discard='unmap' to the <driver> element in the domain's XML definition. For example:
<disk type='file' device='disk'>
	<driver name='qemu' type='raw' discard='unmap'/>
  <source file='/var/lib/libvirt/images/vm1.img'>
  ...
</disk>

NVIDIA GPU Device Assignment

Red Hat Enterprise Linux 7 supports device assignment of NVIDIA professional series graphics devices (GRID and Quadro) as a secondary graphics device to emulated VGA.

Para-Virtualized Ticketlocks

Red Hat Enterprise Linux 7 supports para-virtualized ticketlocks (pvticketlocks) that improve performance of Red Hat Enterprise Linux 7 guest virtual machines running over Red Hat Enterprise Linux 7 hosts with oversubscribed CPUs.

Error Handling on Assigned PCIe Devices

If a PCIe device with Advanced Error Reporting (AER) encounters an error while assigned to a guest, the affected guest is brought down without impacting any other running guests or the host. The guests can be brought back up after the host driver for the device recovers from the error.

Q35 Chipset, PCI Express Bus, and AHCI Bus Emulation

The Q35 machine type, required for PCI express bus support in KVM guest virtual machines, is available as a Technology Preview in Red Hat Enterprise Linux 7. An AHCI bus is only supported for inclusion with the Q35 machine type and is also available as a Technology Preview in Red Hat Enterprise Linux 7.

VFIO-based PCI Device Assignment

The Virtual Function I/O (VFIO) user-space driver interface provides KVM guest virtual machines with an improved PCI device assignment solution. VFIO provides kernel-level enforcement of device isolation, improves security of device access and is compatible with features such as secure boot. VFIO replaces the KVM device assignment mechanism used in Red Hat Enterprise Linux 6.

Intel VT-d Large Pages

When using Virtual Function I/O (VFIO) device assignment with a KVM guest virtual machine on Red Hat Enterprise Linux 7, 1GB pages are used by the input/output memory management unit (IOMMU), thus reducing translation lookaside buffer (TLB) overhead for I/O operations. 2MB and 1GB page sizes are supported. The VT-d large pages feature is only supported on certain more recent Intel-based platforms.

KVM Clock Get Time Performance

In Red Hat Enterprise Linux 7 the vsyscall mechanism was enhanced to support fast reads of the clock from the user space for KVM guests. A guest virtual machine running Red Hat Enterprise Linux 7 on a Red Hat Enterprise Linux 7 host will see improved performance for applications that read the time of day frequently.

QCOW2 Version 3 Image Format

Red Hat Enterprise Linux 7 adds support for the QCOW2 version 3 Image Format.

Improved Live Migration Statistics

Information about live migration is now available to analyze and tune performance. Improved statistics include: total time, expected downtime, and bandwidth being used.

Live Migration Thread

The KVM live migration feature now uses its own thread. As a result, the guest performance is virtually not impacted by migration.

Hot Plugging of Character Devices and Serial Ports

Hot plugging new serial ports with new character devices is now supported in Red Hat Enterprise Linux 7.

Emulation of AMD Opteron G5

KVM is now able to emulate AMD Opteron G5 processors.

Support of New Intel Instructions on KVM Guests

KVM guests can use new instructions supported by Intel 22nm processors. These include:
  • Floating-Point Fused Multiply-Add;
  • 256-bit Integer vectors;
  • big-endian move instruction (MOVBE) support;
  • or HLE/HLE+.

VPC and VHDX File Formats

KVM in Red Hat Enterprise Linux 7 includes support for the Microsoft Virtual PC (VPC) and Microsoft Hyper-V virtual hard disk (VHDX) file formats. Note that these formats are supported in read-only mode only.

New Features in libguestfs

libguestfs is a set of tools for accessing and modifying virtual machine disk images. libguestfs included in Red Hat Enterprise Linux 7 includes a number of improvements, the most notable of which are the following:
  • Secure Virtualization Using SELinux, or sVirt protection, ensures enhanced security against malicious and malformed disk images.
  • Remote disks can be examined and modified, initially over Network Block Device (NBD).
  • Disks can be hot plugged for better performance in certain applications.

WHQL-Certified virtio-win Drivers

Red Hat Enterprise Linux 7 includes Windows Hardware Quality Labs (WHQL) certified virtio-win drivers for the latest Microsoft Windows guests, namely Microsoft Windows 8, 8.1, 2012 and 2012 R2. Note that on Red Hat Enterprise Linux 7, Windows guest virtual machines are supported only under specific subscription programs, such as Advanced Mission Critical (AMC).

Host and Guest Panic Notification in KVM

A new pvpanic virtual device can be wired into the virtualization stack such that a guest panic can cause libvirt to send a notification event to management applications.
As opposed to the kdump mechanism, pvpanic does not need to reserve memory in the guest kernel. It is not needed to install any dependency packages in the guest. Also, the dumping procedure of pvpanic is host-controlled, therefore the guest only cooperates to a minimal extent.
To configure the panic mechanism, place the following snippet into the Domain XML devices element, by running virsh edit to open and edit the XML file:
<devices>
  <panic>
    <address type='isa' iobase='0x505'/>
  </panic>
</devices>
After specifying the following snippet, the crashed domain's core will be dumped. If the domain is restarted, it will use the same configuration settings.
<on_crash>coredump-destroy</on_crash>