Open main menu

OpenVZ Virtuozzo Containers Wiki β

Features

Revision as of 15:25, 14 June 2006 by Kir (talk | contribs) (created)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

The architecture of OpenVZ VEs is different from the traditional virtual machines architecture because it always runs the same OS kernel as the host system (while still allowing multiple Linux distributions in individual VEs). This single-kernel implementation technology enables running Virtual Environments with a near-zero overhead. Thus, OpenVZ offer an order of magnitude higher efficiency and manageability than traditional virtualization technologies.

Contents

OS Virtualization

From the point of view of applications and Virtual Environment users, each VE is an independent system. This independency is provided by a virtualization layer in the kernel of the host OS. Note that only a negligible part of the CPU resources is spent on virtualization (around 1-2%). The main features of the virtualization layer implemented in OpenVZ are the following:

  • A VE looks and behaves like a regular Linux system. It has standard startup scripts; software from vendors can run inside a VE without OpenVZ-specific modifications or adjustment;
  • A user can change any configuration file and install additional software;
  • Virtual Environments are completely isolated from each other (file system, processes, Inter Process Communication (IPC), sysctl variables);
  • Processes belonging to a VE are scheduled for execution on all available CPUs. Consequently, VEs are not bound to only one CPU and can use all available CPU power.

Network virtualization

The OpenVZ network virtualization layer is designed to isolate VEs from each other and from the physical network:

  • Each VE has its own IP address; multiple IP addresses per VE are allowed;
  • Network traffic of a VE is isolated from the other VEs. In other words, Virtual Environments are protected from each other in the way that makes traffic snooping impossible;
  • Firewalling may be used inside a VE (the user can create rules limiting access to some services using the canonical iptables tool inside the VE). In other words, it is possible to set up firewall rules from inside a VE;
  • Routing table manipulations and advanced routing features are supported for individual VEs. For example, setting different maximum transmission units (MTUs) for different destinations, specifying different source addresses for different destinations, and so on.

Resource Management

OpenVZ resource management controls the amount of resources available for Virtual Environments. The controlled resources include such parameters as CPU power, disk space, a set of memory-related parameters, etc. Resource management allows OpenVZ to:

  • Effectively share available Hardware Node resources among VPSs:
  • Guarantee Quality-of-Service (QoS);
  • Provide performance and resource isolation and protect from denial-of-service attacks;
  • Collect usage information for system health monitoring.

Resource management is much more important for OpenVZ than for a standalone computer since computer resource utilization in a OpenVZ-based system is considerably higher than that in a typical system.

Checkpointing and live migration

FIXME