Jailhouse: A Linux-based Partitioning Hypervisor(github.com) |
Jailhouse: A Linux-based Partitioning Hypervisor(github.com) |
It's a shame they haven't provided some benchmarks...
I can see using this for real-time applications alongside management stuff and for separating critical and possibly buggy kernel drivers to where they can't harm the rest of the system.
I don't think the benchmarks make much sense in this situation, unless you measure server utilization and performance guarantees (which is the dimension in which they differentiate themselves).
This is not supposed to fit into the same space as Xen or KVM; it's supposed to give the guest pretty much bare-metal control over the resources that you give it, with minimal interference from the host, so it can be used for real-time applications even if the host kernel is not real-time.
For those who don't know, a FreeBSD Jail is a virtualization on the OS level (rather than Hardware level as provided by VirtualBox et al). It's similar in concept to creating a chroot, but you're also locking down processes.
Jailhouse appears to be almost like an exokernel.
One could use LXC for completely allocating a CPU for some container so they can compete on one aspect. LXC still doesn't run on bare-metal and so can't take on the cpu separation for hardware accesses but there is a dimension in which they compete.
LXC is the exact opposite. It uses a shared kernel, while isolating various resources like networking, RAM, user IDs, etc between the different containers.
Xen or KVM provide something that looks like a bare metal computer.
The difference here, as far as I can understand, is that this is designed to be even more minimalist than what Xen or KVM gives you. Xen and KVM will still use some non-trivial amount of CPU resources on the CPU used by the guest (and depending in the setup may even share the CPU between different guests). This is designed to give the guest nearly complete control over the CPU, to allow you to run, say, a real-time operating system on one CPU, without interfering with the Linux kernel running on the others.
Xen and KVM also traditionally provide emulated devices that the guest talks to, while this just gives the guest direct access to the devices it needs.
So this is pretty much in exactly the opposite direction as LXC. The advantage of LXC is that containers are very lightweight, while still giving you a full Linux environment, as they share the kernel and lots of resources (like their root filesystem) with the host or other containers.
The advantage of Jailhouse is that the guest really gets full control of the CPU and hardware and very little interference, so you really can run a RTOS alongside a traditional Linux system.
There are a continuum of different virtualization designs; this extends the options available in a new direction. You use LXC if you want everything to be a Linux system sharing a kernel, and want control of what resources are shared vs. isolated. This can allow you to run a lot more VMs a lot more quickly and with lower resource impact than the other solutions. Xen or KVM if you want a full emulated virtual machine, which can run any OS that you want, and can share CPU, disk, and other resources with the host or other guests. Jailhouse if you basically want to have a separate computer sitting on the same motherboard.