Hi
As a small web hosting provider we are planning to switch from physical-only servers to virtualization. So far, our favorite virtualization platform is OpenVZ under Debian Squeeze. We might consider running Proxmox as host system but prefer sticking with plain Debian (even though the future of the OpenVZ-kernel is not guaranteed). Our main goals: hardware independency, reliability, maintenance (single kernel virtualization), power efficiency (reduce number of physical servers), cost.
We're looking for a Swiss hosting provider who is actively using such a single kernel virtualization technology. What's your experience with OpenVZ? How about resource separation of containers (VPS)? Have you got any experience running complete containers off a NFS-mounted NAS/SAN? How about performance in a web hosting environment with resource peaks on various servers? We would greatly appreciate if anybody could share his experience with OpenVZ (or similar single-kernel virtualization) and get in touch with us for some consulting.
Thanks. Regards, Philip
-- DATENPARK Badenerstrasse 69, Postfach CH-8026 Zürich
Tel +41 44 299 33 66 Fax +41 44 299 33 91 info@datenpark.ch www.datenpark.ch
Dear Philip
While we're not a hosting provider, we still do have a lot of experience with virtualization platforms. We are currently running ~150 vSphere and Citrix XenServer servers and we've played around with Xen, KVM and others.
Two things I would like to give as advice:
- Storge is often underestimated. With virtualization you'll need a lot more storage throughput and access speed than with physical machines. NFS/NAS/iSCSI arenot a good ideas and are not a replacement for a real SAN. - Networking and network separation is an important factor in virtual environments. You might keep an eye on that aspect as well.
Kind regards, Viktor
On 04.05.2011 11:03, Philip Iezzi wrote:
On 2011-May-04 11:03, Philip Iezzi wrote:
Check out LXC in that case as it is in-kernel and thus does not require any patches and as you note OpenVZ is probably going away, just "apt-get install lxc" on a default Debian box and you are done.
OpenVZ works fine, it is just that the future is uncertain. Thus, go LXC. If you have hardware accelerated virtualisation though, KVM is the best thing you can get.
The "why KVM or containers (OpenVZ/LXC)" question really boils down on where you want to virtualize. If you require different kernels (or even operating systems) etc, then it is a clear where to separate.
I tend to use KVM on boxes that have hardware virtualisation and LXC when I just want functional separation.
Works like a charm. The NAS/SAN part is handled in the host though. Like every NAS/SAN setup though the main problem is locking.
How about performance in a web hosting environment with resource peaks on various servers?
That is why one has caching, generally in the form of a local disk.
Greets, Jeroen
Hi Philip
Am Mittwoch, 4. Mai 2011 schrieb Philip Iezzi:
OpenVZ is running stable, I can't remember any outage because of OpenVZ.
How about resource separation of containers (VPS)?
Resource separation with the old (2.6.18, working up to the Lenny Release) kernel is ok concerning memory, CPU-time (and number of CPU Cores) as well as disk space. Disk IO is a different story (I think fair limiting of disk IO is hard to implement). The 2.6.18 Kernel no longer works with squeeze. The stock Debian kernel is somehow of a step back, at the moment there is no absolute (Grant only 1 core to a virtual machine) limiting of CPUs or CPU time. Stability is still good, I haven't seen any crash because of OpenVZ.
Have you got any experience running complete containers off a NFS-mounted NAS/SAN?
There were some bugs with NFS (leading to kernel oops) in the Debian kernel. Please check the bug reports for more details, this may have been fixed with the point release. I have no experience with NAS/SAN.
How about performance in a web hosting environment with resource peaks on various servers?
We don't do dynamic reallocation of virtual servers based on load or resource peaks, if this was your question. Without a fast Disk subsystem, disk IO will most likely be the limiting factor, unless your software needs a lot of CPU. I can't tell how well the dynamic provisioning of various resources works, because we don't use that (We dont overbook our hardware, the customer always gets what he pays for).
Greetings, Peter
Hi Philip
Viktor's advice really sums it up.
Since this is a network operator's list, I'll dig a little bit more into the network part:
You probably want to invest some time to separate the network, implement QoS, configure firewalls and design for redundancy (also first hop redundancy such as HSRP), especially if you use IP based storage on a shared network, depending on how reliable and secure you want your network to be.
Also if you grant control of the network interface to your clients (be it virtual or not) you probably want to take a look at private VLANs, ARP inspection, IP source guard and DHCP snooping or similar techniques to secure your network and prevent IP address waste.
Bear in mind that you may loose some functionality with such virtualization technologies like IPSec VPNs inside virtual containers ...
Oh and don't forget IPv6 :)
Regards - Mathias
On 4 May 2011, at 11:03, Philip Iezzi wrote:
Mathias Seiler
MiroNet GmbH, Strassburgerallee 86, CH-4055 Basel T +41 61 201 30 90, F +41 61 201 30 99
mathias.seiler@mironet.ch www.mironet.ch
On 2011-May-05 00:17, Mathias Seiler wrote: [..]
Bear in mind that you may loose some functionality with such virtualization technologies like IPSec VPNs inside virtual containers
Can't say if IPSEC works, as I don't use it anywhere, but as the interfaces are just 'not seen by other vms' I can't see why it would not work. Try to know but indeed a good thing to check.
Oh and don't forget IPv6 :)
Works in both OpenVZ and LXC.
For OpenVZ one can even tell that the 'tun' adapter needs to be available inside a container.
With LXC, one can bridge and delegate everything based on the character device.
If you are going to start setting up stuff today and you don't want to use hardware virtualisation (read: KVM and others) then I would go for LXC, as it is in the main line kernel and has more flexibility.
(the combo of running KVM and then in one of the VMs having LXC containers, is the trick I use ;)
Greets, Jeroen