Proxmox Nested Virtualization - BRS MEDIA TECHNOLOGIES
Nested Virtualization

Proxmox Nested Virtualization

What is it?
Nested virtualization is when you run a hypervisor, like PVE or others, inside a virtual machine (which is of course running on another hypervisor) instead of on real hardware. In other words, you have a host hypervisor, hosting a guest hypervisor (as a VM), which can hosts its own VMs.

Requirements
In order to have the fastest possible performance, near to native, any hypervisor should have access to some (real) hardware features that are generally useful for virtualization, the so called ‘hardware-assisted virtualization extensions’.

In nested virtualization, also the guest hypervisor should have access to hardware-assisted virtualization extensions, and that implies that the host hypervisor should expose those extension to its virtual machines.

You will need to allocate plenty of CPU, RAM and disk space for those guest hypervisors.

Proxmox VE and nesting
Proxmox VE can: host a nested (guest) hypervisor
By default, it does not expose hardware-assisted virtualization extensions to its VMs. Do not expect optimal performance for virtual machines on the guest hypervisor, unless you configure the VM’s CPU as “host” and have nested hardware-assisted virtualization extensions enabled on the physical PVE host.

be hosted as a nested (guest) hypervisor
The host hypervisor needs to expose the hardware-assisted virtualization extensions. Proxmox VE can use them to provide better performance to its guests. Otherwise, as in the PVE-inside-PVE case, any VM (KVM) needs to turn off the KVM hardware virtualization (see VM options).

Enable Nested Hardware-assisted Virtualization

Prerequisite

To be done on the physical PVE host (or any other hypervisior)

To have nested hardware-assisted virtualization, you have to:

  • use AMD cpu or very recent Intel one
  • Use kernel >=3.10 (is always the case after Proxmox VE4,x)
  • enable nested support

to check if is enabled do (“kvm_intel” for intel cpu, “kvm_amd” for AMD)

root@proxmox:~# cat /sys/module/kvm_intel/parameters/nested
N

N means it’s not enabled, to activate it (“kvm-intel” for intel):

# echo “options kvm-intel nested=Y” > /etc/modprobe.d/kvm-intel.conf

(or “kvm-amd” for AMD, note the 1 instead of Y):

# echo “options kvm-amd nested=1” > /etc/modprobe.d/kvm-amd.conf
and reboot or reload the kernel module

modprobe -r kvm_intel
modprobe kvm_intel

check again

root@proxmox:~# cat /sys/module/kvm_intel/parameters/nested
Y

(pay attention where the dash “-” is used, and where it’s underscore “_” instead)

Then create a guest where you install e.g. Proxmox as nested Virtualization Environment.

set the CPU type to “host”
args: -cpu host

in case of AMD CPU: add also “+svm” in the configuration file:
args: -cpu host,+svm


Once installed the guest OS, if GNU/Linux you can enter and verify that the

hardware virtualization support is enabled by doing

root@guest1# egrep ‘(vmx|svm)’ –color=always /proc/cpuinfo

Related Article

PCI Complaince Hosting Server Configuration

PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard defined by the Payment Card Industry […]

Linux-Interview-Questions

Linux Interview Questions

S. No Notes 1 What is Linux? Linux is an open-source operating system inspired by UNIX.It was first introduced by […]

Computer Boot Loader

Computer Boot Loader

A boot loader, also called a boot manager, is a small program that places the operating system (OS) of a […]