Virtualization of network devices provides many advantages in virtualized environments. It allows for sharing a single physical device amongst multiple virtual machines, setting resource limits (e.g., CPU for processing, packet rate and throughput limits for isolation), packet inspection, migration of virtual machines, and enables many features such as fault-tolerance and high availability. However, virtualization of network devices also adds considerable CPU processing overheads. In some cases, workloads show an overhead of 30% to 200% over a purely non-virtualized implementation. High packet rate applications such as firewalls, routers, and Dynamic Host Configuration Protocol (DHCP) servers require performance in the order of a few million to a few tens of million packets processed per second and the virtual device processing overhead limits performance to a million to a few million packets/sec.
Single Root IO Virtualization (SR-IOV) is a mix of hardware and software solutions to support high performance networking workloads on virtualized environments. SR-IOV allows for capabilities such as device sharing and moving of virtual machines between different hosts on some virtualization platforms. However, SR-IOV requires special hardware and SR-IOV enabled physical network interface controllers (PNICs) and SR-IOV capable drivers. Implementing other virtualization features such as memory over-commit or virtual machine fault-tolerance might require future hardware and software updates while features such as packet inspection might not be possible.