VSock
Let guest applications can communicate with host applications.
Use POSIX Sockets API: A new socket family AF_VSOCK
is hereby introduced.
This can be used to implement hypervisor services and guest agents.
Limitation of virtio-serial
N:1 connections are clunky over 1:1 serial port
- Applications have to multiplex over 1 stream
- Libvirt has to arbitrate access between qemu-guest-agent clients Relatively low number of ports available (~512)
- Limit is hardcoded by host Stream semantics (no message boundaries)
- Ugly for datagram protocols
Applications must use character devices instead of familiar sockets API…
CID
You can think it like the IP address.
The host and each VM have a 32 bit CID (Context IDentifier) and may connect or bind to a 32 bit port number.
Virtio-vsock / Vhost-vsock-pci
virtio-vsock is a vhost-based virtio device.
Both virtio-vsock
and vhost-vsock-pci
are virtual socket devices used to facilitate communication between a virtual machine and the host system in a virtualized environment. However, there are some differences between them.
Virtio-vsock
is a virtual socket device that uses the virtio framework. It is designed to be efficient and secure, with minimal CPU overhead and strong isolation between the guest and host systems.
On the other hand, vhost-vsock-pci
is a virtual socket device that uses the vhost framework, which is a Linux kernel module used for virtio-based virtualization. Vhost-vsock-pci is a more recent addition to the Linux kernel, it is specifically designed to work with the PCI bus, which may provide some performance advantages in certain scenarios.
In summary, Virtio-vsock uses the virtio framework, while vhost-vsock-pci uses the vhost framework and is specifically designed to work with the PCI bus.
VSock Example
sudo modprobe vhost_vsock
To create a VM with a vsock device with CID 123:
qemu-system-x86_64 -device vhost-vsock-pci,guest-cid=123
Example of guest as client, host as server: vsock notes (Note, guest can also be the server and host as the client, see the comment here).