Interesting read on Baremetal vs. Xen vs. KVM benchmark
In short: Xen with HVM guests + PV drivers (that is, full virtualization mode with paravirtualised drivers, as opposed to paravirtualized mode) and KVM are equally effective. In some tests one was marginally faster, in some tests it was the other.
If you read my old posts, I was in favor of Xen for better performance of its PV (paravirtualized) guests and ability to run on older CPUs. Today all my boxes have hardware support for virtualization and I don't even use PV mode. While it's still slightly faster, it's not worth the additional complexity. If you've ever had a VM that failed to boot when PyGrub couldn't find the right kernel, you know what I mean. HVM + drivers/tools, that's the way to do it on any platform - be it Xen server or Virtualbox on a desktop.
Even shorter: virtualization platforms are so mature there's no real difference in performance or stability. For large installations, advanced features and management tools are the important factors. For one machine - familiarity and ease of use.
Wednesday, November 30, 2011
Friday, November 25, 2011
How to run a network monitoring station on a XenServer VM
I spent way too much time on this seemingly simple task, I hope someone will find this guide useful.
Network monitoring applications require a promiscous mode on a network interface. Easy on a physical machine, didn't work on XenServer. Interface inside a VM switched to promiscous mode, but the traffic was filtered before it reached VM. Only for a brief period I could see all the packets, then only broadcasts got through. Just like on the switch that's learning - that should have pointed me to the right answer.
Open VSwitch
I googled for a solution and found some (e.g. this one from Citrix), but nothing worked. Until I remembered that XenServer 6 uses Open VSwitch by default and all the answers I found were for earlier versions using bridging backend. Now it should be easy. VSwitch works like a high-end, configurable switch so I'll just put the right port into traffic mirroring mode, right? Wrong.
To configure Open VSwitch in XenServer you use a VSwitch Controller virtual appliance. Installation is simple - just download the file, open it with XenCenter and select a VM. Then configure an IP address if you don't use DHCP, point the web browser at it and enter a pool to use. At this point it complained it can't work with free XenServer license. Which Citrix failed to mention on their website.
The other solution
It's always good to have a backup plan. Mine was simple: set XenServer to use the old bridging code. I rejected it at first for two reasons:
- it requires a reboot,
- VSwitch has more features (which I didn't need at the moment, but I might one day) and should perform better.
After scheduling a downtime for VMs, I typed one simple command into a CLI:
Forcing promiscous mode - the old way
Now all you have to do is put the right interfaces into promiscous mode. Interfaces - because you need to do it on both PIF and VIF (physical and virtual interface, one that connects to the real network and one that connects to VM). First, find the UUIDs of the interfaces with:
Other possible ways
Some howtos for older XenServers used: brctl setageing xenbr0 0 (or whatever Xen bridging interface you use). I didn't need it, but you can try it if xe ...param-set fails.
I could probably configure VSwitch without Citrix controller appliance. I might one day.
Network monitoring applications require a promiscous mode on a network interface. Easy on a physical machine, didn't work on XenServer. Interface inside a VM switched to promiscous mode, but the traffic was filtered before it reached VM. Only for a brief period I could see all the packets, then only broadcasts got through. Just like on the switch that's learning - that should have pointed me to the right answer.
Open VSwitch
I googled for a solution and found some (e.g. this one from Citrix), but nothing worked. Until I remembered that XenServer 6 uses Open VSwitch by default and all the answers I found were for earlier versions using bridging backend. Now it should be easy. VSwitch works like a high-end, configurable switch so I'll just put the right port into traffic mirroring mode, right? Wrong.
To configure Open VSwitch in XenServer you use a VSwitch Controller virtual appliance. Installation is simple - just download the file, open it with XenCenter and select a VM. Then configure an IP address if you don't use DHCP, point the web browser at it and enter a pool to use. At this point it complained it can't work with free XenServer license. Which Citrix failed to mention on their website.
The other solution
It's always good to have a backup plan. Mine was simple: set XenServer to use the old bridging code. I rejected it at first for two reasons:
- it requires a reboot,
- VSwitch has more features (which I didn't need at the moment, but I might one day) and should perform better.
After scheduling a downtime for VMs, I typed one simple command into a CLI:
xe-switch-network-backend bridgeReboot and it's done. You can check with 'cat /etc/xensource/network.conf' to be sure.
Forcing promiscous mode - the old way
Now all you have to do is put the right interfaces into promiscous mode. Interfaces - because you need to do it on both PIF and VIF (physical and virtual interface, one that connects to the real network and one that connects to VM). First, find the UUIDs of the interfaces with:
xe vif-list xe pif-listIf you've got many VMs and NICs, you'll get a long list. You can try filtering, e.g. xe vif-list vm-name-label="My monitoring VM", see xe help vif-list for details. However, some filters didn't work for me. Once you have UUIDs, do:
xe pif-param-set uuid=Check if it worked:other-config:promiscuous="true" xe vif-param-set uuid=other-config:promiscuous="true"
xe pif-param-list uuid=Disconnect VIF from VM and connect it back:xe vif-param-list uuid=
xe vif-unplug uuid=Note: unplug/plug only works if you have XenServer Tools installed. Otherwise reboot the VM.xe vif-plug uuid=
Other possible ways
Some howtos for older XenServers used: brctl setageing xenbr0 0 (or whatever Xen bridging interface you use). I didn't need it, but you can try it if xe ...param-set fails.
I could probably configure VSwitch without Citrix controller appliance. I might one day.
Subscribe to:
Posts (Atom)
Posts
