A Software-only Mechanism for Device Passthrough and Sharing
Piyus Kedia, Sorav Bansal
TL;DR
This paper introduces a secure, software-only mechanism for device passthrough and sharing in virtual machines, achieving high throughput and flexibility without requiring specialized hardware support like SR-IOV or IOMMU.
Contribution
It presents a novel paravirtual interface enabling secure device sharing among multiple VMs and the host, with improved performance and dynamic resource allocation.
Findings
Supports up to 2x higher throughput than existing interfaces
Eliminates need for SR-IOV or IOMMU hardware support
Enables seamless VM migration and higher consolidation ratios
Abstract
Network processing elements in virtual machines, also known as Network Function Virtualization (NFV) often face CPU bottlenecks at the virtualization interface. Even highly optimized paravirtual device interfaces fall short of the throughput requirements of modern devices. Passthrough devices, together with SR-IOV support for multiple device virtual functions (VF) and IOMMU support, mitigate this problem somewhat, by allowing a VM to directly control a device partition bypassing the virtualization stack. However, device passthrough requires high-end (expensive and power-hungry) hardware, places scalability limits on consolidation ratios, and does not support efficient switching between multiple VMs on the same host. We present a paravirtual interface that securely exposes an I/O device directly to the guest OS running inside the VM, and yet allows that device to be securely shared…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSoftware-Defined Networks and 5G · Security and Verification in Computing · Cloud Computing and Resource Management