Choosing the right EC2 Virtualization model is becoming increasingly important as part of selecting the right instance type for your workloads. As a quick recap, an EC2 instance is a virtual machine on top of bare metal with a hypervisor in between.
This can be depicted as below.
So which EC2 Virtualization model should you use? And how does it affect your instance type selection?
Para Virtualization (PV)
Circa 2014, Software-defined virtualization or Para Virtualization was all the rage. It was lightweight, offered benefits over other virtualization models ( like HVM). However, given that there is a software layer over bare metal, some compute capacity was spent for managing the virtualization layer as well. Also, the guest OS needs some modification before it can be Para Virtualized. The modifications are essentially replacing instructions that can’t be run natively with a HYPERCALL. ( Read more about Xen and PV at the https://www.XenProject.org and virtualization spectrum in particular (https://wiki.xenproject.org/wiki/Understanding_the_Virtualization_Spectrum)
From an EC2 perspective, PV has a few issues to note
- PV cannot expose the hardware acceleration that the specialized hardware can allow ( e.g. EBS
Optimized,Enhanced Networking etc).
- Kernel objects are region specific. This would limit the type of EC2 instance types that can be used for PV images ( especially now in 2018 ).
Hardware Virtual Machine (HVM):
Hardware virtual Machine: HMV allows the guest OS to be fully virtualized. The guest OS doesn’t know it is sharing Host resources and runs as if all the resources are available natively to it.
This means specialized hardware on the host can run much faster in HVM mode as if they are running directly on host systems. The underlying host should have the capacity to emulate the hardware for the VMs running on top. The guest OS also doesn’t need any modifications.
In addition some processor features are available on HMV only.
e.g. Intel Advanced Vector Extensions (Intel AVX, Intel AVX2 and Intel AVX-512) – These can be useful for specific applications. e.g 3D-modelling, image processing etc. More details here
Simply put, it is better bang for your buck. Nitro helps deliver more compute per hypervisor as many of the earlier functions of HVM are offloaded to custom hardware. Nitro takes many of the functions of the software virtualization to custom ASIC hardware and a bare minimum KVM ( Kernel Virtual Machine). This will keep more compute resources for the guest VMs and also reduce the jitter or variability of performance. The below figure indicates that all of the hardware is available for the guest OS and the hardware extensions of EBS optimized and Enhanced Networking are handled by custom hardware.
Another advantage is that it is applicable for Bare metal instances as well as this is at the hardware level.
The Nitro System Consists of
Local NVMe Storage – provides high-speed access to local storage and encryption using dedicated hardware. The new C5d, M5d introduced recently and bare metal EC2 instances feature Nitro local NVMe storage building block, It also provides hardware-level isolation between storage devices and EC2 instances so that bare metal instances can benefit from local NVMe storage.
Nitro Security Chip – It independently verifies firmware each time a system boots.
Nitro Hypervisor – Hypervisor that manages memory and CPU allocation, and delivers near identical performance to bare metal (Brendan Gregg of Netflix benchmarked it at less than 1%).
Networking – Hardware support for the software-defined network inside of each Virtual Private Cloud (VPC), Enhanced Networking, and Elastic Network Adapter.
As Amazon moves to build purpose-built data centers, hardware, and software for EC2, it is more likely that Nitro will be the future. C5 instances reportedly give 20% or more performance over C4 instances for similar workloads with less variability for similar price and up to 25% memory efficiency over C4. For more information check out these blogs. A great introduction to it from AWS
A note of caution:
Some of the early adopters were seeing some growing pains especially with EBS volumes and ENI. So, perhaps until the issues stabilize, it is best to test your workloads with C5/M5 instances and then only move to production.
While EC2 virtualization model isn’t something that we pay a lot of attention to, choosing the wrong model can have implications in terms of availability of instance types for a particular AMI and the net performance you can get out of a particular instance type. As of 2018, HVM is the broadly available virtualization for second generation and above instance types and should be the main stay. PV is fairly limited to the first generation of instances and few second generation of instances. The new kid on the block – Nitro is available for newest C5/C5d/M5d instance types is promised as the next in the evolution of virtualization for EC2 with better performance and performance for