Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentENTERPRISE LINUX 5 - VIRTUALIZATION GUIDE

221

222

223

224

225

226

227

228

229

230

Chapter 21. Xen live migration

The Xen hypervisor supports Virtualization Migration for para-virtualized guests and fully virtualized

guests. Migration is only supported on Red Hat Enterprise Linux 5.1 and newer systems. Migration

can be performed offline or live.

Offline migration suspends the guest on the original host, transfers it to the destination host and

then resumes it once the guest is fully transferred. Offline migration uses the virsh migrate

command.

# virsh migrate GuestName libvirtURI

A live migration keeps the guest running on the source host and begins moving the memory

without stopping the guest. All modified memory pages are monitored for changes and sent to the

destination while the image is sent. The memory is updated with the changed pages. The process

continues until the amount of pause time allowed for the guest equals the predicted time for the

final few pages to be transfer. The Xen hypervisor estimates the time remaining and attempts to

transfer the maximum amount of page files from the source to the destination until Xen predicts the

amount of remaining pages can be transferred during a very brief time while the guest is paused.

The registers are loaded on the new host and the guest is then resumed on the destination host. If

the guest cannot be merged (which happens when guests are under extreme loads) the guest is

paused and then an offline migration is started instead.

Live migration uses the --live option for the virsh migrate command.

# virsh migrate--live GuestName libvirtURI

Important

Migration is presently unsupported on the Itanium® architecture.

To enable migration with Xen a few changes must be made to the /etc/xen/xend-config.sxp

configuration file. By default, migration is disabled as migration can be a potential security hazard if

incorrectly configured. Opening the migration port can allow an unauthorized host to initiate a

migration or connect to the migration ports. Authentication and authorization are not configured for

migration requests and the only control mechanism is based on hostnames and IP addresses.

Special care should be taken to ensure the migration port is not accessible to unauthorized hosts.

Important

IP address and hostname filters only offer minimal security. Both of these attributes can be

forged if the attacker knows the address or hostname of the migration client. The best method

for securing migration is to isolate the network from external and unauthorized internal

connections.

En ablin g mig rat io n

Modify the following entries in /etc/xen/xend-config.sxp to enable migration. Modify the

values, when necessary, and remove the comments (the # symbol) preceding the following

parameters:

⁠Chapt er 2 1 . Xen live migrat ion

221