SR-IOV (Single Root I/O Virtualization) is a technology that is on the cutting edge of today’s virtualized architectures. This technology is not unique to storage devices; it enables the virtualization of hardware resources by allowing a single physical PCIe® device to be divided into multiple virtual functions that can then be assigned directly to virtual machines.
Prior to SR-IOV, virtualized systems would rely on resource provisioning at the hypervisor level - the hypervisor interfaces with hardware resources and creates an array of virtual devices for network, CPU, and storage resources that could be assigned to the virtual machines hosted on the system. This model features a natural bottleneck in the hypervisor and cannot scale with the performance demands of modern workloads. Direct hardware pass-through is an alternative access method that gives a virtual machine direct access to a hardware resource in order to bypass most of the hypervisor virtualization and associated performance penalties. Direct hardware pass-through can achieve much higher performance, but lacks the flexibility – you can only have so many physical devices in a system available for direct access. SR-IOV is a breakthrough technology that marries the best features of virtualized provisioning and direct access – enabling both high flexibility and high performance.
SR-IOV enables efficient virtualization of resources at the hardware level, without the need for complex resource provisioning management at the hypervisor level. An SR-IOV enabled device can be configurable into multiple physical functions and further into many virtual functions. A device that supports multiple physical functions will function as a single device at the hardware level, but each physical function can be addressed and configured individually similarly to individual PCIe devices. Each physical function can support many virtual functions. Virtual functions are like lightweight PCIe devices – they look and feel like dedicated PCIe resources and can be assigned directly to virtual clients. Unlike physical functions, virtual functions cannot configure underlying hardware. Virtualized functions are a method of resource provisioning that is managed by the hardware device itself, without the need for hypervisor intervention. This technology effectively side-steps the bottlenecks associated with managing virtual resources through a hypervisor and yields many benefits:
- In terms of performance, SR-IOV significantly reduces the overhead associated with traditional virtualization by bypassing the hypervisor and allowing for direct communication between the virtual function and the virtual machine. This results in improved performance and reduced latency, as there is less overhead in the datapath between the virtual client and device.
- In terms of flexibility, SR-IOV allows for improved resource utilization as virtual functions can be assigned and reassigned dynamically, allowing resources to be used more effectively and efficiently. Unlike direct pass-through access, SR-IOV enabled hardware can be “right sized” for many virtual clients and system administrators can better take advantage of underutilized resources that would otherwise go to waste.
- In terms of scaling, the flexibility offered by SR-IOV can be utilized to efficiently disaggregate storage and further optimize hardware utilization. Utilizing the dynamic configuration and reconfiguration of SR-IOV functions can enable an efficient dynamic allocation of hardware resources to application or user demands.
- In terms of security, SR-IOV also has an advantage when compared to traditional virtualization methods. By assigning a virtual function directly to a virtual machine, SR-IOV provides isolation between virtual machines, reducing the risk of one virtual machine interfering with the operations of another. Additionally, because the virtual function is assigned directly to a virtual machine, there is no need for a hypervisor to manage the communication between the virtual machine and the virtual function, reducing the attack surface and can help increase the overall security of the system. Essentially, SR-IOV enables the peripheral security benefits of a direct pass-through model while retaining the resource flexibility found in traditional methods of resource provisioning.
KIOXIA is among the first storage vendors to enable the SR-IOV feature-set on broadly available enterprise SSDs. The KIOXIA CM7 Series of PCIe 5.0, NVMe™ SSDs brings together unprecedented PCIe 5.0 (32GT/sx4) saturation performance and the flexibility of SR-IOV to enable the next generation of virtualized architectures. KIOXIA CM7 Series enterprise NVMe SSDs are available now.
PCIe is a registered trademark of PCI-SIG
The NVMe word mark is a registered and unregistered trademark and service mark of NVM Express, Inc.
The product image shown is a representation of the design model and not an accurate product depiction.
The views and opinions expressed in this blog are those of the author(s) and do not necessarily reflect those of KIOXIA America, Inc.