Which virtualization system is better?
Good afternoon.
People who have experience raising virtual machines on different systems, tell me:
What kind of virtualization system (from opensource) to put on the server, taking into account that the guest systems will mainly be engaged in routing?
Our company now has a zoo of servers (ordinary PC-shki) that do everything - from packet routing to FTP servers. All this eats electricity, requires cooling, and replacing parts as it ages.
Putting a new server into operation, for example, replacing the old one requires buying hardware, installing and configuring.
Then you need to keep both servers on for some time, so that if there are any problems on the new one (they don’t tweak, they encounter an unexpected glitch) quickly switch everything to the old one.
')
The solution is to drag all these iron monsters inside one machine.
Because most of our “servers” in power were far behind a modern computer based on Core 2 Duo or Core 2 Quad - we assumed that we could drag at least 4 to a computer based on Core 2 Duo E6400 @ 3GHz / 4096 RAM real cars.
The most important servers were selected as candidates for the transfer: VPN (about 500 simultaneous sessions), a couple of soft Linux routers, a radius server, and a couple of servers displaying the admin web interface.
Then began the selection of virtualization systems. Of the candidates were:
-OpenVZ
-KVM
-Xen
-VMWare ESXi
The selection resulted in the following:
-OpenVZ. Experience with him already. It does not actually demarcate the system at all, and it works purely at the level of kernel call emulation. In addition, it does not allow to raise new network interfaces within the system, which means that the VPN server on it will not work. For web hosting still goes. For routers - no
-VMWare ESXi could not run on any of the computers available to us. The installer either simply did not start, or the system after installation was simply not loaded.
-Xen - was dropped because every guest machine should have the same kernel as the host machine. Besides. Actually, I couldn’t make it work at all. Maybe it's my pen curves. So we moved on to the last candidate ...
-KVM - it doesn't matter to him which guest machine runs inside the host machine. Although with Windows, at least with OS / 2. Essentially complete isolation of machines from each other. Bribed and the fact that RedHat relies on this system, and advises it for Enterprise applications. According to all our requirements, it met.
Put the KVM. Quickly figured out how to put inside the system, set up the grid and routing between virtuals.
The scheme was so. The host machine has 2 network cards, inside they are connected to the following system:
eth0-hosts - virtual br0 - [eth0-guest-machine-1 - eth1-guest-machine-1] - virtual br1 - [eth0-guest-machine-2 - eth1-guest-machine-2] - virtual br2 - eth1 host machines
Began to test. In tests, such a scheme behaved remarkably. Almost no load. It works stably.
Put in production. And then bam! The load has increased significantly.
It turned out that with the traffic through the virtual machine about 15 Mbit, it eats 40% of the processor (according to top) on the host machine. Accordingly, already 2 machines devour almost all the processor power on the host machine. At the same time inside the virtualok download 1-2%.
They read that normal people do not live without virtio. These are such special drivers that directly forward physical hardware to a virtual machine, without emulating it. Actually it reduces the load on the host machine.
Have tried. And faced with two strange things:
1) When you turn on virtio, the guest machine can simply fall down without giving a reason after 3-8 hours of operation
2) The load on the host machine is not reduced, but remained at the same level.
On the host machine, the Gentoo system, with a 2.6.30 kernel, manually compiled. All that is needed for virtualization is already compiled into it.
On guest machines tried Ubuntu and ArchLinux. No difference. Everyone is falling.
We tried to update the kernel on the host machine, update the KVM, update the guest machine ... as long as it did nothing. Everything works without virtio and is sometimes overloaded
Now I continue to experiment with KVM on another machine, but the thought has already crept in to try out Xen ... and generally, maybe I’m doing something wrong?
For example, to work virtio, you can not combine the virtual interface with a real network card in the soft bridge ... Or maybe I’m doing everything right, and it should be so? Such a load, such problems ...
In general, the help of competent people is needed.
P / S: Huge request, do not give advice like "replace everything with Cisco", "Linux garbage, put fryaha." If you think a little, you will understand why these tips are quite far from reality.
People who have experience raising virtual machines on different systems, tell me:
What kind of virtualization system (from opensource) to put on the server, taking into account that the guest systems will mainly be engaged in routing?
Our company now has a zoo of servers (ordinary PC-shki) that do everything - from packet routing to FTP servers. All this eats electricity, requires cooling, and replacing parts as it ages.
Putting a new server into operation, for example, replacing the old one requires buying hardware, installing and configuring.
Then you need to keep both servers on for some time, so that if there are any problems on the new one (they don’t tweak, they encounter an unexpected glitch) quickly switch everything to the old one.
')
The solution is to drag all these iron monsters inside one machine.
Because most of our “servers” in power were far behind a modern computer based on Core 2 Duo or Core 2 Quad - we assumed that we could drag at least 4 to a computer based on Core 2 Duo E6400 @ 3GHz / 4096 RAM real cars.
The most important servers were selected as candidates for the transfer: VPN (about 500 simultaneous sessions), a couple of soft Linux routers, a radius server, and a couple of servers displaying the admin web interface.
Then began the selection of virtualization systems. Of the candidates were:
-OpenVZ
-KVM
-Xen
-VMWare ESXi
The selection resulted in the following:
-OpenVZ. Experience with him already. It does not actually demarcate the system at all, and it works purely at the level of kernel call emulation. In addition, it does not allow to raise new network interfaces within the system, which means that the VPN server on it will not work. For web hosting still goes. For routers - no
-VMWare ESXi could not run on any of the computers available to us. The installer either simply did not start, or the system after installation was simply not loaded.
-Xen - was dropped because every guest machine should have the same kernel as the host machine. Besides. Actually, I couldn’t make it work at all. Maybe it's my pen curves. So we moved on to the last candidate ...
-KVM - it doesn't matter to him which guest machine runs inside the host machine. Although with Windows, at least with OS / 2. Essentially complete isolation of machines from each other. Bribed and the fact that RedHat relies on this system, and advises it for Enterprise applications. According to all our requirements, it met.
Put the KVM. Quickly figured out how to put inside the system, set up the grid and routing between virtuals.
The scheme was so. The host machine has 2 network cards, inside they are connected to the following system:
eth0-hosts - virtual br0 - [eth0-guest-machine-1 - eth1-guest-machine-1] - virtual br1 - [eth0-guest-machine-2 - eth1-guest-machine-2] - virtual br2 - eth1 host machines
Began to test. In tests, such a scheme behaved remarkably. Almost no load. It works stably.
Put in production. And then bam! The load has increased significantly.
It turned out that with the traffic through the virtual machine about 15 Mbit, it eats 40% of the processor (according to top) on the host machine. Accordingly, already 2 machines devour almost all the processor power on the host machine. At the same time inside the virtualok download 1-2%.
They read that normal people do not live without virtio. These are such special drivers that directly forward physical hardware to a virtual machine, without emulating it. Actually it reduces the load on the host machine.
Have tried. And faced with two strange things:
1) When you turn on virtio, the guest machine can simply fall down without giving a reason after 3-8 hours of operation
2) The load on the host machine is not reduced, but remained at the same level.
On the host machine, the Gentoo system, with a 2.6.30 kernel, manually compiled. All that is needed for virtualization is already compiled into it.
On guest machines tried Ubuntu and ArchLinux. No difference. Everyone is falling.
We tried to update the kernel on the host machine, update the KVM, update the guest machine ... as long as it did nothing. Everything works without virtio and is sometimes overloaded
Now I continue to experiment with KVM on another machine, but the thought has already crept in to try out Xen ... and generally, maybe I’m doing something wrong?
For example, to work virtio, you can not combine the virtual interface with a real network card in the soft bridge ... Or maybe I’m doing everything right, and it should be so? Such a load, such problems ...
In general, the help of competent people is needed.
P / S: Huge request, do not give advice like "replace everything with Cisco", "Linux garbage, put fryaha." If you think a little, you will understand why these tips are quite far from reality.
Source: https://habr.com/ru/post/70608/
All Articles