CLK2015 速記 - KVM 熱備方案 COLO

  • VM level HA solutino
  • Non-stop service with vm replication
    • typical non-stop service requires
      • expensive hardware for redundancy
      • extensive software customization
    • vm replication: cheap application-agnostic solution
  • existing vm replication approaches
    • replication per instruction: lock-stepping
      • execute in parallel for deterministic instructions
      • lock and step for un-deterministic instruction
    • replication per epoch: continuous checkpoint
      • secondary vm is synchronized with primary vm per epoch
      • output is buffered within an epoch
  • problems
    • lock-stepping
      • excessive replication ovrhead
        10 memory access in an MP-guest is un-deterministic
    • continous checkpoint
      • extra network latency
      • excessive
  • why COLO?
    • VM replication is an overly strong contition
      • why we care about the vm state?
        10 the client care about response only
      • can the control failover without "precise VM state replication"?
    • coarse-grain lock-stepping VMS
      • secondary VM si a replica, as if it can generate same reponse with primary so for
        10 be
  • Why better
    • comparing with continuous VM checkpoint
      • no b
  • Common Network configure
    • class by guest packets's path
      • go throught host's userpsace and host's kernel stack: e1000/rtl8139/virtio-net
      • go throught host's kernel stack but not userpsace: vhost-net
      • go throught host's userpsace but not host's kernel stack: vhost-user + dpdk + open vSwitch
      • 少用 - neither go through host's userpace nor go through host's kernel stack: NIC passthrought
  • network topology of COLO
    • eth0: client and vm communication
    • eth1: migration/checkpoint, storage replication and proxy
    • packets..
  • proxy design (kernel scheme)
  • proxy design (userspace scheme)
    • based on qmu's netfilter and SLIRP (userpsace tcp/ip stack)
  • summary
    • continuously vm replication development
    • suppoort shared storage
    • develop and send out for review
    • optimize performance (reduce checkpoint vm's downtime, storage and network performance)
  • primary vm panic 時, secondary vm 也會 panic, 不管 vm 執行狀態