Nesting isn’t just for the birds anymore. Nested virtualization is really taking hold, and as a part of my IT portfolio for learning, there is nothing better. That brings us to the first question: what is nested virtualization, and where should we use it?
By Eric Wright
Nested in an Nutshell
Nested virtualization takes place when you use a hypervisor which is running inside of a virtual instance on top of another hypervisor. It sounds confusing sometimes, but trust me it isn’t as bad as you’d think.
A great example is containers. This is the fruit of the nested virtualization is being able to run multiple virtual instances inside of another virtual instance. The idea is to be able to have a portable, internal environment, with multi-node operations capable using nested private networking and an exposed interface to access from the outside.
In hypervisors, this can be running vSphere on top of another vSphere instance for example.
How do we Nest a Hypervisor?
The first thing that is needed is the ability to present hypervisor capabilities of the CPU. This is known as Intel-VT or AMD-V which allows us to run a Level 0, or L0 hypervisor. Once the L0 hypervisor is installed, we can then present the same CPU virtualization technology using virtual settings to the guest environment which lets us install a Level 1, or L0 hypervisor.
This capability has been present for a few years on different platforms, but was generally unsupported and lacked a real business use-case. Where we had L1 guests, they are now called Level 2, or L2 because of the additional layer of virtualization.
Nested Labs – Powerful Learning using Nested Virtualization
Using nested virtualization, you can now run a multi-node environment and nested guest operating systems. This means running an OpenStack lab inside another hypervisor, or a vSphere cluster, or KVM or Xen as well. The power of this is that you have the option to test out more complex networking topologies because of the availability of nested virtual interfaces. You can have more virtual interfaces than your physical lab may traditionally have.
Storage in a nested environment also gains flexibility. You have the ability to run lots of scenarios for sharing storage infrastructure with network storage and multiple endpoints within the L1/L2 environment.
This introduces the capability to study for testing scenarios which would have normally required significant hardware spending to provide shared storage, network switching, host counts and more. This also means that you could run the nested environment and quiesce the guests to store them away and run multiple hypervisor environments within the same physical host.
Challenges of Nested Virtualization
Networking. Period. That’s the biggest challenge that most encounter because using nested networks will mean that you have to be acutely aware of IP address conflicts and also how to bridge to the outside world. Nested networking can introduce complexity for using NAT (Network Address Translation) to let internal L2 guests communicate to the external networks and internet.
If anything, running nested virtualization is a learning experience itself. If you want to give some basic stuff a try, it is as simple is running VirtualBox on your desktop or laptop to start. That is a free virtualization option which lets you run on Windows, Mac OSX, or Linux. The challenge you may find there is that running larger labs can be a strain on the physical memory within your desktop or laptop.
Nested Cloud Labs
There are also numerous commercial options to run a nested platform in the cloud. These include Ravello Systems, vCloud Air, with more companies offering standalone physical servers that can run nested virtualization such as baremetalcloud.com, and others.
Using these capabilities, you can see how development and infrastructure testing is made much easier. What is interesting is that we are seeing more options to run production implementations as well, but that is still early on as we are still working towards fully embracing virtualization and cloud across the various parts of the world.
One thing is for certain, that the movie Inception can be something you can experience in your lab and it is truly a powerful tool in the IT toolkit that every systems and network admin should make use of.