Virtualization allows multiplexing of an underlying host machine between different virtual machines. The host computer allocates a certain amount of its resources to each of the virtual machines. Each virtual machine is then able to use the allocated resources to execute applications, including operating systems (referred to as guest operating systems). The software layer providing the virtualization is commonly referred to as a hypervisor and is also known as a virtual machine monitor (VMM), a kernel-based hypervisor, or a host operating system. The hypervisor emulates the underlying hardware of the host computer, making the use of the virtual machine transparent to the guest operating system and the user of the computer.
One such resource managed by the host computer is a networking device that may be used by multiple guests (i.e., virtual machines) operating at the same time. Each guest or virtual machine is assigned a different and unique network address, such as a virtual LAN (VLAN) tag and/or a media access control (MAC) address, or some other combination of data in a packet header. The networking device has multiple queues for managing incoming packets to be received by a virtual machine and outgoing packets transmitted by a virtual machine. Dedicated queues may be used which are mapped to a specific hardware address and dedicated to a specific virtual machine. In addition, shared queues may be employed which are shared by multiple virtual machines. However, the management of the multiple dedicated and shared queues of the virtual machine system creates a significant administrative burden for the host computer administrator including the continual monitoring, evaluating and re-allocating of the queues based on the frequently changing queue activity.
When a packet is received in a shared queue, the host computer needs to look at the received packet in order to determine which guest (virtual machine) should receive the packet. As such, the packet can not be placed directly into a memory of the guest virtual machine for which it is intended. Instead of maintaining a desirable zero copy environment, the host computer must make a copy of the packet, thereby expending additional computational and storage resources.
In addition, there may be a need to switch a virtual machine and its one or more associated receive paths from one receive queue (i.e., an old queue) to another receive queue (i.e., a new queue). However, if the virtual machine system immediately executes the switch there may be packets intended for the virtual machine that are outstanding on the old queue (i.e., one or more packets provided to a network device for delivery to the virtual machine, but not yet delivered to the intended virtual machine). Accordingly, if the switch occurs automatically without regard to the outstanding packets on the old queue, then the outstanding packets may be passed or delivered to an unintended virtual machine (i.e. a virtual machine that is newly assigned to the old queue). In such cases, the unintended virtual machine receives packets intended for a different virtual machine, resulting in a loss of privacy.