ra2 studio - Fotolia
An overview of hardware support for virtualization
Intel, AMD and Arm processors optimize virtualization in multiple ways. Read up on the features for Intel VT, AMD-V, Armv9, Intel APICv, and AMD AVIC tech, as well as how they support VMs.
Chipmakers Intel, AMD and Arm Ltd. implement instruction set extensions that enable hardware support for virtualization,...
Continue Reading This Article
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
but it can be difficult to make sense of the alphabet soup of codes and acronyms involved.
Hardware support is an indispensable requirement for practical production-grade virtualization, as it enables the selected hypervisor to handle complex instruction privilege translations and manage virtualized memory resources at hardware clock speeds.
Instruction set extensions -- complete sets of new transistors added to processors and other chips that bring new capabilities and process specific new instructions directly -- provide hardware support for virtualization. Without extensions, the features and tasks necessary to support virtualization require software emulation, which is often too cumbersome and inefficient to handle vital virtualization tasks. Emulation limits number -- and performance -- of virtualized workloads on production servers and virtualization's value.
Virtualization requires comprehensive memory management and privileged access control. Consequently, major processor makers support virtualization with instruction set extensions and a complementary array of processor features.
Intel Virtualization Technology
In 2005, Intel first introduced hardware support for virtualization with Intel VT-x on two models of the Pentium 4 processor. VT-x added 10 new instructions that enabled VM creation and control. The virtualization software runs in a virtual execution mode where a guest OS has full privileges so the host OS is uninterrupted, protected and isolated.
In 2008, Intel added support for extended page tables (EPTs), which was Intel's implementation of second-level address translation (SLAT) or nested paging. It's a technology often termed memory virtualization.
Virtualization must translate physical memory addresses into virtual memory addresses. The problem is that this translation happens twice: once for the host VM and then a second time for each guest VM. This increases overhead and slows performance. SLAT technologies handle these translations to improve memory management and boost overall performance.
In 2010, Intel supported unrestricted guests -- also called IA-32e mode -- which enabled logical processors and virtual CPUs to run in real mode on the processor. This enables a VM guest to run in bare-metal mode with its own EPT. Shortly after IA-32's release, Intel developed CPUs that applied a 64-bit extension and reclassified it as IA-64.
One longstanding challenge with virtualization is the issue of nesting, which is running a VM within a VM. Every VM uses a unique data structure. When a VM runs within a VM, admins much change or swap the data structure for proper nesting.
By 2013, Intel introduced Virtual Machine Control Structure (VMCS) shadowing. Before that, admins cached each VMCS and used software to handle VMCS shadows, but this timely process reduced performance. The addition of VMCS shadowing to the processor makes VMCS handling far more efficient and boosts VM performance.
In 2022, most Intel CPUs support virtualization. Admins can use Xeon processors for servers, which offer large amounts of cache memory for performance. The latest release -- Rocket Lake -- has up to eight cores, uses Intel Xe graphics and supports Peripheral Component Interconnect (PCI) Express 4.0.
Intel's Core i5, i7 and i9 options integrate multithreading and multiple cores. Intel's upcoming 13th generation release, code-named Raptor Lake, has Gracemont power-efficient cores, uses a hybrid architecture and has socket compatibility with Alder Lake systems.
AMD added the command set extensions needed for virtualization support in several of its processor families in 2006, including the Athlon 64, Athlon 64 X2, Athlon 64 FX, Turion 64 X2 and some Opteron, Phenom and Phenom II processors. AMD-V commands enable developers to write software that creates and controls VMs and supports hypervisor use.
AMD later added support for SLAT or nested page tables to some K10 and Phenom II processors in the form of rapid virtualization indexing -- which is functionally identical to Intel's EPTs -- to speed the performance of physical-to-virtual memory translations.
In 2022, AMD's Zen-based processors all support AMD-V, though some motherboards may require admins to enable virtualization specifically in the firmware (BIOS) before applications can use VMs.
For servers, the company's Epyc 7003 Series of processors have 7 nanometer x86 CPU technology, multiple dual in-line memory module configurations and up to 32 MB of L3 cache per core.
The Ryzen Threadripper PRO 5000 WX-Series, which supports desktop hardware, provides up to 64 CPU cores, 128 threads and a maximum boost clock of 4.5 GHz.
Arm processors typically use reduced instruction sets, which require less energy and cooling because there are far fewer transistors, and they often provide better performance due to a simpler processor design. Arm chips have long been employed in embedded systems and servers intended for basic, high-volume workloads, such as web servers.
The industry-standard Arm architecture version eight -- Armv8-A -- supports virtualization capabilities and enables the Arm chip to run multiple VMs, each with a different OS.
Armv8.1 introduces virtualization host extensions (VHE), which provide enhanced support for Type 2 hypervisors. Armv8.1-VHE also provides basic address translation, and Armv8.3-NV added support for nested virtualization.
The next-generation Arm architecture, dubbed Armv9, was announced in March 2021 and focuses on architecture for secure AI and machine learning (ML) workloads. Armv9-A includes features for memory tagging, branch target identification and cache clean to point of deep persistence. Armv9.1-A offers fine-grained traps for virtualization and a high precision generic timer. With Armv9.2-A, admins have access to branch-record recording.
Where typical virtualization focuses on core processing and memory, I/O virtualization extends the virtual environment to abstract peripheral devices into virtual representations, which enables better hardware sharing between VM instances. Examples of I/O virtualization technology include the following:
- Intel VT for Directed I/O, or VT-d, builds on Intel VT technology with an I/O memory management unit (IOMMU). An MMU translates virtual to physical addresses; the IOMMU maps device addresses to physical addresses and enables VMs to directly use peripheral devices.
- Virtual Machine Device Queues, or VMDq, improves data processing performance by grouping and sorting network data at the network interface rather than in the VM manager (VM Monitor or hypervisor). Initially getting the right data to the hypervisor can enhance LAN behavior.
- Single-root I/O virtualization, or SR-IOV, provides standardized means for devices to announce their presence and availability to run on multiple VMs. This includes the ability to virtualize the PCI interface into multiple virtual PCI interfaces. Admins can divide the bandwidth of a single port into smaller virtualized portions that communicate directly with assigned VMs.
- Intel Data Direct I/O Technology (DDIO) is not a virtualization type, but is an enhancement that enables network controllers to communicate directly with the processor's cache rather than send data to the main memory first and then move the data from memory to cache. When combined with virtualization enhancements, DDIO can increase effective network bandwidth, reduce network latency and lower power use.
Intel APICv and AMD AVIC
Processors use interrupts that enable the system to be interrupted by real-world events, such as a keyboard signal or system condition. However, a high volume of interrupts can potentially affect the virtualization system performance, as interrupts require the workloads to stop and wait for the CPU to address other system tasks.
Interrupt virtualization sorts and queues interrupts to alleviate these potential performance effects. Sorting enables the system to address interrupts based on priority, while queuing lets the system address an interrupt at the optimal time.
Intel and AMD both added interrupt virtualization in 2012. AMD uses Advanced Virtual Interrupt Controller (AVIC), which is available on later-model Carrizo processors. Intel uses Advanced Programmable Interrupt Controller virtualization (APICv), which first appeared on several Xeon E5 processors in 2013 and 2014.
Virtualization support isn't always automatically enabled. Some system motherboards require administrators to enable virtualization features in the system's firmware (BIOS) before software can use virtualization capabilities.