Do any Linode regions/instances support nested VM/virtualization?
Hi, Has anyone discovered in Linode instances 'quietly' support nested VM/virtualization? DO has such 'quite' functionality in NYC1 and NYC3, but not advertised. As yet?
$ lscpu | grep Virtualization
Virtualization: VT-x
$ lsmod | grep kvm
kvm_intel 200704 0
kvm 593920 1 kvm_intel
or
$ sudo apt-get update && sudo apt-get install -y cpu-checker
...
$ kvm-ok
INFO: /dev/kvm exists
KVM acceleration can be used
5 Replies
We don't support nested virtualization at the moment as it doesn't work with Live Migrations.
We're planning on having Bare Metal machines in the future, which would provide a different avenue to setting up KVM.
Please enable this feature by default or at least on demand. I only have limited use of systems which don't support that. Some other providers also support nested virtualization like scaleway, ovh, gce, azure (to some extend). Google also has a rather extensive documentation on this.
Enabling is simple, just change a config file. Yes it is slower than just a single virtualization layer but sometimes this is still fast enough. This feature would allow a much better (more secure) separation of applications or management and client network among lots of other things you can do with virtualization. Or sometimes you just need a small VM to test something but at the same time it is usually hard to get some custom image running on a VPS without going through several configuration steps. People / enterprises are more and more asking for this.
Wishlist:
For Bare Metal solutions please consider something like >Zen 2, For everything $cloud this is currently the most secure option and the price/performance ratio isn't that bad either ;)
Hetzner's Ryzen 3600 line is regularly sold out and cost about 40-50 bucks per month. I've also seen some other smaller providers using Ryzen CPU's and even something like 2400/3400G APU's. A second real NIC would be a nice enhancement for better segmentation (packet.com has those for their EPYC line)
I think the people asking for nested virtualization would also be happy with some (hourly billed) bare metal server with a similar price tag. I don't know how feasible this is but when I take a look at the Hetzner this is about 6cent/h. This is within the regions of what some VPS providers provide for their non bare metal solutions. Not everyone needs 64 cores and 128gb of RAM. Sometimes you just need 4 cores and 8-16gb RAM and virtualization + the things the average home lab or small business site can't provide yet cloud providers like Linode can. Like gbit upstream connection, bandwidth, automation, secured hosting location …
I'm obviously biased towards my applications ;)
Just my 0.02$
btw. Nested was enabled here: https://www.linode.com/community/questions/184/intel-xeon-gold-6148-amd-epyc-7501-announcements but probably just in a test scenario
Thanks for letting us know your thoughts! I'll share your feedback with the team here so we can keep it in mind.
If you have feedback about anything else, or have other features you'd like to see, please do let us know. If you want to send your thoughts directly to the team here, email us at feedback@linode.com
mjones: Regarding performance problems with nested virtualization, has linode's dev team looked into "shadow vmcs"? It's a feature on vPro/Xeon IIRC, and it allows acceleration of nested virtualization.