[Virtualization] 01. Virtualization Fundamentals: Type 1 vs Type 2 Hypervisors

Introduction
- Why Virtualization Matters
What Is a Hypervisor?
Virtualization Techniques Compared
Comparison of Three Virtualization Techniques
Hands-On: Verifying KVM-Based Virtualization
CPU Privilege Level (Ring) Architecture
VM Exits and Performance
Summary

Introduction

Virtualization is the technology of creating multiple isolated virtual environments on top of physical hardware. It enables running several operating systems simultaneously on a single server, maximizing hardware utilization and reducing infrastructure costs.

Why Virtualization Matters

Hardware Consolidation: Boosts average CPU utilization from 15-20% to 60-80%
Isolation: Each VM has its own kernel, filesystem, and network stack
Flexible Provisioning: Deploy new server environments within minutes
Snapshots and Migration: Easy disaster recovery and zero-downtime migration
Cloud Foundation: AWS, Azure, and GCP all run on virtualization

What Is a Hypervisor?

A hypervisor is the software layer that creates and manages virtual machines (VMs). Also called a VMM (Virtual Machine Monitor), it abstracts physical resources (CPU, memory, storage, network) and distributes them to each VM.

Type 1 Hypervisors (Bare-Metal)

Type 1 hypervisors are installed directly on hardware. They operate without a host OS, resulting in lower overhead and better performance.

+-------------------------------------------+
|   VM 1      |   VM 2      |   VM 3        |
|  (Ubuntu)   |  (Windows)  |  (CentOS)     |
+-------------------------------------------+
|          Type 1 Hypervisor                 |
|     (ESXi / Hyper-V / Xen)                |
+-------------------------------------------+
|          Physical Hardware                 |
|   (CPU, RAM, Storage, NIC)                |
+-------------------------------------------+

Notable Type 1 Hypervisors:

Hypervisor	Vendor	Key Features
VMware ESXi	VMware (Broadcom)	Enterprise standard, vSphere ecosystem
Microsoft Hyper-V	Microsoft	Built into Windows Server, AD integration
Xen	Linux Foundation	Paravirtualization pioneer, early AWS foundation
KVM	Open Source (Red Hat)	Linux kernel module, paired with QEMU

Type 2 Hypervisors (Hosted)

Type 2 hypervisors run as regular applications on top of a host operating system.

+-------------------------------------------+
|   VM 1      |   VM 2      |   VM 3        |
|  (Ubuntu)   |  (Windows)  |  (Fedora)     |
+-------------------------------------------+
|          Type 2 Hypervisor                 |
|  (VirtualBox / VMware Workstation)        |
+-------------------------------------------+
|           Host OS (Windows/macOS/Linux)    |
+-------------------------------------------+
|          Physical Hardware                 |
|   (CPU, RAM, Storage, NIC)                |
+-------------------------------------------+

Notable Type 2 Hypervisors:

Hypervisor	Vendor	Key Features
Oracle VirtualBox	Oracle	Open-source, cross-platform, free
VMware Workstation	VMware (Broadcom)	Professional desktop virtualization
VMware Fusion	VMware (Broadcom)	macOS only, Apple Silicon support
Parallels Desktop	Parallels	macOS optimized, excellent integration

KVM: A Hybrid Approach

KVM (Kernel-based Virtual Machine) occupies a unique position. It operates as a Linux kernel module that transforms Linux itself into a Type 1 hypervisor.

+-------------------------------------------+
|   VM 1      |   VM 2      |   VM 3        |
|  (Ubuntu)   |  (Windows)  |  (Fedora)     |
+-------------------------------------------+
|     QEMU (Device Emulation / Management)  |
+-------------------------------------------+
|  Linux Kernel + KVM Module (Type 1-like)  |
+-------------------------------------------+
|          Physical Hardware                 |
|   (CPU + VT-x/AMD-V, RAM, Storage, NIC)  |
+-------------------------------------------+

The kvm.ko module directly leverages CPU hardware virtualization extensions (VT-x/AMD-V)
Guest CPU instructions execute directly on hardware (near-native performance)
The Linux kernel handles process scheduling, memory management, and I/O
QEMU provides device emulation and VM management
Technically Type 1, but runs within a full Linux OS, hence classified as "hybrid"

Virtualization Techniques Compared

Full Virtualization

In full virtualization, the guest OS runs completely unmodified. The hypervisor intercepts and translates privileged instructions from the guest.

Binary Translation approach:

Guest OS (runs in Ring 1)
    |
    v  Attempts privileged instruction
    |
Hypervisor (Ring 0) traps it
    |
    v  Translates to safe instructions and executes
    |
Physical Hardware

No guest OS modification needed (supports Windows, Linux, etc.)
Performance overhead from binary translation
VMware's original approach

Paravirtualization

In paravirtualization, the guest OS is aware it runs in a virtualized environment. Instead of privileged instructions, it uses hypercalls to directly request services from the hypervisor.

Guest OS (modified - includes hypercall interface)
    |
    v  Issues hypercall (direct communication instead of traps)
    |
Hypervisor (processes request)
    |
    v
Physical Hardware

Requires guest OS kernel modification (Linux possible, standard Windows not)
Lower overhead than full virtualization, better performance
Xen's original approach; VirtIO drivers also leverage the paravirtualization concept
VirtIO is the paravirtualization standard for I/O devices (network, storage)

Hardware-Assisted Virtualization

In 2005-2006, Intel and AMD introduced CPU-level virtualization support.

Key Technologies:

Intel VT-x (2005): Introduced VMX root/non-root modes
AMD-V (2006): SVM (Secure Virtual Machine) extensions
Ring -1 Concept: Added a dedicated privilege level for the hypervisor
VT-d / AMD-Vi: IOMMU-based DMA remapping, device passthrough support
EPT / NPT: Extended Page Tables for hardware-accelerated memory virtualization

+--------------------------------------------------+
|  Guest OS (Ring 3: User, Ring 0: Kernel)          |
|  --> Runs in VMX non-root mode                     |
+--------------------------------------------------+
|  Hypervisor (Ring -1 / VMX root mode)              |
|  --> Only intervenes on VM Exit                    |
+--------------------------------------------------+
|  Hardware (VT-x/AMD-V, EPT/NPT, VT-d/AMD-Vi)     |
+--------------------------------------------------+

No guest OS modification needed + near-native performance
Performance varies based on VM Exit frequency
Foundation of all modern x86 virtualization

Comparison of Three Virtualization Techniques

Aspect	Full Virtualization	Paravirtualization	HW-Assisted
Guest OS Modification	Not required	Required	Not required
CPU Overhead	High (binary translation)	Medium (hypercalls)	Low (HW traps)
I/O Performance	Slow (emulation)	Fast (hypercalls)	Optimal with VirtIO
Windows Support	Yes	Kernel modification difficult	Yes
Key Technology	VMware BT	Xen PV, VirtIO	VT-x, AMD-V
Current Usage	Legacy	Used for I/O optimization	Mainstream

Hands-On: Verifying KVM-Based Virtualization

# Check if CPU supports virtualization
# Look for vmx (Intel VT-x) or svm (AMD-V) flags
grep -E '(vmx|svm)' /proc/cpuinfo | head -1

# Verify KVM module is loaded
lsmod | grep kvm

# Example output:
# kvm_intel            368640  0
# kvm                 1028096  1 kvm_intel

# Create a VM using libvirt
virt-install \
  --name test-vm \
  --ram 2048 \
  --vcpus 2 \
  --disk size=20 \
  --os-variant ubuntu22.04 \
  --cdrom /path/to/ubuntu-22.04.iso

CPU Privilege Level (Ring) Architecture

[Before HW Virtualization]           [After HW Virtualization]

Ring 3: User Applications            Ring 3: User Applications
Ring 2: (unused)                     Ring 2: (unused)
Ring 1: (Guest OS - full virt)       Ring 1: (unused)
Ring 0: Hypervisor                   Ring 0: Guest OS (non-root)
                                      Ring -1: Hypervisor (VMX root)

With hardware virtualization, the guest OS operates normally at Ring 0 while the hypervisor controls everything from a higher privilege level (Ring -1).

VM Exits and Performance

In hardware-assisted virtualization, when a guest performs certain operations, the CPU switches from VMX non-root to root mode. This is called a VM Exit.

Common VM Exit Triggers:

I/O port access
Certain MSR (Model-Specific Register) access
Interrupt handling
Page faults (without EPT)
CPUID instruction execution

VM Exits cost hundreds to thousands of CPU cycles, so reducing their frequency is key to performance. Paravirtual drivers like VirtIO reduce VM Exits in the I/O path.

[VM Exit Processing Flow]

Guest Execution (non-root)
    |
    v  Executes sensitive instruction
    |
VM Exit (non-root -> root transition, ~hundreds of cycles)
    |
    v  Hypervisor processes the instruction
    |
VM Entry (root -> non-root transition)
    |
    v  Guest execution resumes

Summary

Criterion	Type 1	Type 2
Installation	Directly on hardware	On top of host OS
Performance	High	Medium
Primary Use	Server virtualization, cloud	Development, testing
Management Complexity	High	Low
Key Products	ESXi, Hyper-V, KVM	VirtualBox, VMware Workstation

Virtualization is the foundation of modern cloud infrastructure. Type 1 hypervisors serve production environments while Type 2 serves desktop use cases. The advent of hardware virtualization support (VT-x/AMD-V) dramatically reduced performance overhead, enabling the cloud computing era we live in today.

Quiz: Virtualization Fundamentals Check

Q1. What is the primary difference between Type 1 and Type 2 hypervisors?

Type 1 installs directly on hardware without a host OS, while Type 2 runs as an application on an existing host OS. Type 1 has lower overhead and is better suited for production environments.

Q2. Why is KVM classified as a "hybrid"?

KVM is a Linux kernel module that transforms Linux itself into a Type 1 hypervisor, but it operates within a full Linux OS environment. This gives it both Type 1 performance and Type 2 convenience.

Q3. What are "hypercalls" in paravirtualization?

Hypercalls are an interface through which the guest OS directly requests services from the hypervisor. Similar to how system calls request services from the kernel, hypercalls request services from the hypervisor, with less overhead than the trap mechanism.

Q4. What problem does Intel VT-x's "Ring -1" solve?

Previously, both the guest OS (Ring 0) and the hypervisor (Ring 0) conflicted at the same privilege level. Ring -1 (VMX root mode) was introduced so the hypervisor operates at a higher privilege level while the guest OS runs normally at Ring 0.

Q5. How does VirtIO improve performance?

VirtIO is a paravirtualization standard for I/O devices (network, storage) where the guest OS recognizes the virtualized environment and communicates with the hypervisor through an optimized path. This reduces VM Exits compared to full hardware emulation, improving performance.