01.Virtualization

💻 Virtualization Fundamentals cho AWS EC2: Từ cơ bản đến SR-IOV (Đủ hiểu EC2 architecture)¶

Lesson Links

http://www.brendangregg.com/blog/2017-11-29/aws-ec2-virtualization-2017.html¶

🎯 Tại sao cần hiểu Virtualization?¶

EC2 = Virtualization as a Service¶

EC2 là Infrastructure as a Service (IaaS) - cung cấp virtual machines
Hiểu virtualization = hiểu được EC2 features hoạt động như thế nào
Essential cho exam - nhiều câu hỏi về EC2 performance, enhanced networking, instance types

PHẦN 1: Pre-Virtualization Era (Thời kỳ trước ảo hóa)¶

Traditional Server Architecture¶

🖥️ Physical Server:
├── Hardware Resources
│   ├── CPU (Physical cores)
│   ├── Memory (RAM)
│   ├── Network Cards
│   └── Storage Devices
├── Operating System (Privileged Mode)
│   ├── Kernel (Direct hardware access)
│   └── OS Services
└── Applications (User Mode)
    ├── Bob's Application
    └── Julie's Application

Privilege Levels¶

🔐 CPU Privilege Levels:

Privileged Mode (Ring 0):
  ✅ Direct hardware access
  ✅ Memory management
  ✅ Only OS kernel operates here

User Mode (Ring 3):
  ❌ No direct hardware access
  ❌ Must use system calls
  ❌ Applications run here

Problem với Traditional Architecture¶

1 server = 1 OS = resource waste (server thường chỉ dùng 10-15% capacity)
Poor isolation - 1 app crash có thể ảnh hưởng toàn bộ server
High cost - cần separate physical server cho mỗi workload

PHẦN 2: Virtualization Evolution (Tiến hóa ảo hóa)¶

Challenge: Multiple OS on Single Hardware¶

❌ Problem:
  - Multiple OS muốn chạy privileged mode cùng lúc
  - CPU chỉ cho phép 1 process ở privileged mode
  - Conflict → system crash

✅ Solution: Virtualization!

PHẦN 3: Emulated Virtualization (Software Virtualization)¶

Architecture¶

🏗️ Emulated Virtualization:
├── Physical Hardware
├── Host OS (Privileged)
├── Hypervisor (Software layer)
└── Virtual Machines
    ├── Guest OS 1 + Apps
    ├── Guest OS 2 + Apps
    └── Guest OS 3 + Apps

How it Works¶

🔄 Process:
1. Guest OS attempts privileged call
2. Hypervisor intercepts call
3. Binary Translation (software)
4. Execute on real hardware
5. Return result to Guest OS

🐌 Performance: Very slow (50% performance penalty)

Characteristics¶

✅ Guest OS unmodified - chạy OS gốc không cần thay đổi
❌ Very slow - binary translation in software
❌ High CPU overhead - hypervisor phải translate mọi privileged call
📊 Use case: Test environments, low-performance workloads

PHẦN 4: Para-Virtualization¶

Core Concept¶

🔧 Para-Virtualization approach:
  - Modify Guest OS source code
  - Replace privileged calls → hyper calls
  - Direct communication với hypervisor
  - No binary translation needed

Architecture Changes¶

🔄 Modified Guest OS:
  Original: App → OS → Hardware
  Para-virt: App → Modified OS → Hypervisor → Hardware

  Hyper calls = optimized calls to hypervisor

Pros & Cons¶

✅ Pros:
  - Much faster than emulated
  - Lower CPU overhead
  - Better performance

❌ Cons:
  - Need modified OS (not all OS support)
  - Vendor-specific modifications
  - Limited OS compatibility

PHẦN 5: Hardware-Assisted Virtualization (Game Changer!)¶

CPU Virtualization Extensions¶

🚀 Hardware support:
  Intel: VT-x (Virtualization Technology)
  AMD: AMD-V (AMD Virtualization)

  CPU becomes "virtualization-aware"

How it Works¶

🔧 Process:
1. Guest OS makes privileged call
2. CPU traps call (hardware level)
3. Redirect to hypervisor (no software translation)
4. Hypervisor executes safely
5. Minimal performance impact

🏃‍♂️ Performance: Near-native speed!

Benefits¶

✅ Near-native performance - minimal overhead
✅ Unmodified Guest OS - run any OS
✅ Hardware-level isolation - better security
✅ CPU-level support - no software tricks needed

PHẦN 6: SR-IOV (Single Root I/O Virtualization) - AWS Enhanced Networking¶

The I/O Bottleneck Problem¶

❌ Traditional virtual I/O:
  VM1 → Virtual NIC → Hypervisor → Physical NIC
  VM2 → Virtual NIC → Hypervisor → Physical NIC
  VM3 → Virtual NIC → Hypervisor → Physical NIC

  Problem: Hypervisor becomes bottleneck for network I/O

SR-IOV Solution¶

✅ SR-IOV magic:
  Physical NIC presents itself as multiple "mini-NICs"
  Each VM gets dedicated virtual NIC
  Direct hardware access, bypass hypervisor

  VM1 → Dedicated Virtual NIC → Direct to Physical NIC
  VM2 → Dedicated Virtual NIC → Direct to Physical NIC

SR-IOV Benefits¶

🚀 Performance improvements:
  ✅ Higher bandwidth
  ✅ Lower latency
  ✅ Consistent latency (even under load)
  ✅ Lower CPU utilization
  ✅ Direct hardware access

AWS Implementation: Enhanced Networking¶

🌐 AWS Enhanced Networking:
  Based on: SR-IOV technology
  Available on: Most modern EC2 instance types
  Provides: 
    - Up to 100 Gbps networking
    - Single digit microsecond latency
    - Packet per second performance

  Examples: C5n, M5n, R5n instances

PHẦN 7: AWS Nitro System (Modern AWS Hypervisor)¶

Evolution to Nitro¶

📈 AWS Hypervisor evolution:
  Gen 1: Modified Xen (software)
  Gen 2: Hardware-assisted Xen
  Gen 3: Nitro System (custom AWS)

  Nitro = AWS custom hypervisor stack

Nitro Advantages¶

Better performance - purpose-built for cloud
Enhanced security - dedicated security chip
More instance types - enables bare metal instances
Better resource utilization - less hypervisor overhead

PHẦN 8: Virtualization Impact on EC2 Features¶

Instance Performance Tiers¶

📊 Performance correlation:

Basic instances (T3, T2):
  - Shared CPU, burstable
  - Software-based features

High-performance (C5, M5, R5):
  - Enhanced networking (SR-IOV)
  - Hardware acceleration
  - Nitro system

Specialized (C5n, M5n, R5n):
  - 100 Gbps networking
  - Advanced SR-IOV
  - Ultra-low latency

Feature Mapping¶

🔗 Virtualization → EC2 Features:

Hardware-assisted virtualization:
  → Most EC2 instances

SR-IOV:
  → Enhanced Networking
  → Elastic Network Adapter (ENA)
  → 100 Gbps networking

Nitro System:
  → Bare metal instances (*.metal)
  → Better performance/cost
  → Advanced security features

PHẦN 9: Checklist kiến thức thi cert & phỏng vấn¶

Core Concepts¶

[x] Virtualization cho phép multiple OS trên single hardware
[x] Hardware-assisted virtualization = near-native performance
[x] SR-IOV bypasses hypervisor cho I/O operations
[x] Enhanced Networking dựa trên SR-IOV
[x] Nitro System = AWS custom hypervisor

Performance Understanding¶

[x] Software virtualization = slow (binary translation)
[x] Para-virtualization = faster (modified OS)
[x] Hardware-assisted = near-native (CPU support)
[x] SR-IOV = best I/O performance (direct hardware)

Câu hỏi exam thường gặp¶

"Enhanced Networking based on technology nào?" → SR-IOV
"AWS custom hypervisor tên gì?" → Nitro System
"Muốn best network performance, dùng instance type nào?" → SR-IOV enabled types (C5n, M5n...)
"Tại sao một số instances có better performance?" → Hardware acceleration, Nitro

PHẦN 10: Real-world Applications¶

Khi nào quan tâm SR-IOV/Enhanced Networking?¶

💼 Use cases:

High-frequency trading:
  ✅ Need ultra-low latency
  ✅ SR-IOV critical

Big data processing:
  ✅ High network throughput
  ✅ Enhanced networking essential

Microservices:
  ✅ High packet-per-second
  ✅ Consistent latency important

Instance Selection Strategy¶

🎯 Choose instances based on virtualization features:

Basic workloads: T3, T2 (sufficient)
Network-intensive: C5n, M5n, R5n (SR-IOV)
Compute-intensive: C5, M5, R5 (Nitro)
Special requirements: *.metal (bare metal)

PHẦN 11: Tổng kết¶

Virtualization evolution: Software → Para-virt → Hardware-assisted → SR-IOV
AWS EC2 leverages latest virtualization tech for best performance
Understanding virtualization helps choose right instance types
SR-IOV = key to Enhanced Networking và high-performance applications
Nitro System = AWS's answer to modern virtualization challenges

Ghi nhớ: Virtualization knowledge giúp bạn hiểu tại sao certain EC2 features work the way they do, và cách optimize workloads cho best performance!

Next: Deep dive vào EC2 instance types và AWS Nitro System!