logo

AWS Adds support for nested virtualization

Posted by sitole |3 hours ago |34 comments

boulos 39 minutes ago

I feel vindicated :). We put in a lot of effort with great customers to get nested virtualization running well on GCE years ago, and I'm glad to hear AWS is coming around.

You can tell people to just do something else, there's probably a separate natural solution, etc. but sometimes you're willing to sacrifice some peak performance just have that uniformity of operations and control.

anurag 2 hours ago[2 more]

This is a big deal because you can now run Firecracker/other microVMs in an AWS VM instead of expensive AWS bare-metal instances.

GCP has had nested virtualization for a while.

leetrout 6 minutes ago

> Nested virtualization is supported only on 8th generation Intel-based instance types (c8i, m8i, r8i, and their flex variants). When nested virtualization is enabled, Virtual Secure Mode (VSM) is automatically disabled for the instance.

ohthehugemanate 18 minutes ago

I wonder if this is connected to Azure launching OpenShift Virtualization on "Boost" SKUs? There are a lot of VMWare customers going to OpenShift Virt, and apparently the CPU/memory overhead on Azure maxes out around 10% under full load... but then hyper V has been doing a lot of work on it. No idea if nitro includes any of the KVM-on-KVM passthrough of full KVM, to give it an edge here.

sitole 3 hours ago

Support for nested virtualization has been added to the main SDKs. In the us-west-2 region, you can already see the "Nested Virtualization" option and use it with the new M8id, C8id, and R8id instance types.

This is really big news for micro-VM sandbox solutions like E2B, which I work on.

aliljet 14 minutes ago

I wonder if this will extend SEV-SNP and TDX to the child VMs?

ilaksh 37 minutes ago

I wonder if providers like Hetzner and Digital Ocean etc. will get this someday also.

blibble 2 hours ago[1 more]

welcome AWS to 2018!

gerdesj 2 hours ago[3 more]

Could someone explain why this is might be a big deal?

I remember playing with nested virty some years ago and deciding it is a backwards step except for PoC and the like. Given I haven't personally run out of virty gear, I never needed to do a PoC.

ATechGuy 2 hours ago

Would love to see performance numbers with nested virtualization, particularly that of IO-bound workloads.

dk8996 an hour ago[1 more]

Would these thing be good for openclaw, agents?

api 2 hours ago[3 more]

What's the performance impact for nested virtualization in general? I'd think this would be adding multiple layers of MMU overhead.

2 hours ago[1 more]

Comment deleted

farklenotabot 2 hours ago

Sounds expensive for legacy apps

dangoodmanUT 2 hours ago

hell yes, finally

bagels 2 hours ago

"* *Feature*: Launching nested virtualization. This feature allows you to run nested VMs inside virtual (non-bare metal) EC2 instances."