09-23, 09:45–10:15 (Europe/Rome), Hall A+B
Multi-tenant cloud environments demand secure and cost-effective workload isolation. Single Root I/O Virtualization (SR-IOV) tackles this challenge by extending PCI multifunction's capabilities. It introduces lightweight and isolated "virtual functions (VFs)" managed by a central "physical function (PF)". A PF exposes interfaces to configure the device for specific scenarios and optimize resource allocation.
For example, SR-IOV-enabled network interfaces can create VFs representing virtual network interfaces. This allows a host to assign VFs to guest VMs and configure the offloading of packet switching with the PF, minimizing network virtualization overhead.
However, current SR-IOV utilization is limited because the controllability of SR-IOV is not exposed to guests. We propose emulating SR-IOV on QEMU and integrating it with vDPA to grant guests control over SR-IOV while offloading the data path.
To showcase the effectiveness of this approach, we'll present a detailed performance benchmark using a PoC that offloads network containerazation on the guest. We'll also introduce a design for SR-IOV emulation that provides packet-switching configurability, further motivating its adoption.
Next, we describe the current development status of SR-IOV emulation on QEMU. QEMU already includes some SR-IOV device implementations, but they are based on physical designs, limiting flexibility, and lack datapath offloading. We're addressing this by developing an SR-IOV feature for virtio-net devices, which is fully configurable and enables integration with vDPA. While we leverage QEMU's existing PCI multifunction mechanism to support configuration flexibility, SR-IOV emulation presents unique implementation challenges that we'll discuss as well. The new SR-IOV feature in virtio-net will be valuable for immediate testing and serve as a foundation for the future development of practical SR-IOV designs.
Yui Washizu works for NTT (Nippon Telegraph and Telephone Corporation) Open Source Software Center,
where she has been in charge of research and development in system software for several years.
Her main focus is high-performance virtual networking of Linux and Qemu, such as hardware offload.
She also discussed this feature at Netdev 0x17, a conference for Linux network developers, with a presentation titled "Unleashing SR-IOV Offload on Virtual Machines."
Akihiko Odaki, a Ph.D. candidate at the University of Tokyo, is passionate about designing faster processors. His research focuses on processor microarchitecture, specifically using QEMU to analyze RISC-V programs and optimize processor designs for their execution speed.
He is also a software engineer at Daynix Computing, Ltd., and his contribution to the development of the TCG plugin’s register reading feature was supported by the company. His primary focus at the company is QEMU's networking subsystem. Notably, he is the maintainer of igb, a critical component that emulates an Intel network interface card with advanced virtualization capabilities. Akihiko's interests extend beyond networking and include macOS support, Asahi Linux (a port of Linux for Apple Silicon) support, and para-virtualized graphics.