I feel vindicated :). We put in a lot of effort with great customers to get nested virtualization running well on GCE years ago, and I'm glad to hear AWS is coming around.
You can tell people to just do something else, there's probably a separate natural solution, etc. but sometimes you're willing to sacrifice some peak performance just have that uniformity of operations and control.
anurag
This is a big deal because you can now run Firecracker/other microVMs in an AWS VM instead of expensive AWS bare-metal instances.
GCP has had nested virtualization for a while.
show comments
leetrout
> Nested virtualization is supported only on 8th generation Intel-based instance types (c8i, m8i, r8i, and their flex variants). When nested virtualization is enabled, Virtual Secure Mode (VSM) is automatically disabled for the instance.
ohthehugemanate
I wonder if this is connected to Azure launching OpenShift Virtualization on "Boost" SKUs? There are a lot of VMWare customers going to OpenShift Virt, and apparently the CPU/memory overhead on Azure maxes out around 10% under full load... but then hyper V has been doing a lot of work on it. No idea if nitro includes any of the KVM-on-KVM passthrough of full KVM, to give it an edge here.
sitole
Support for nested virtualization has been added to the main SDKs. In the us-west-2 region, you can already see the "Nested Virtualization" option and use it with the new M8id, C8id, and R8id instance types.
This is really big news for micro-VM sandbox solutions like E2B, which I work on.
aliljet
I wonder if this will extend SEV-SNP and TDX to the child VMs?
ilaksh
I wonder if providers like Hetzner and Digital Ocean etc. will get this someday also.
blibble
welcome AWS to 2018!
show comments
gerdesj
Could someone explain why this is might be a big deal?
I remember playing with nested virty some years ago and deciding it is a backwards step except for PoC and the like. Given I haven't personally run out of virty gear, I never needed to do a PoC.
show comments
ATechGuy
Would love to see performance numbers with nested virtualization, particularly that of IO-bound workloads.
dk8996
Would these thing be good for openclaw, agents?
show comments
api
What's the performance impact for nested virtualization in general? I'd think this would be adding multiple layers of MMU overhead.
show comments
[deleted]
show comments
farklenotabot
Sounds expensive for legacy apps
dangoodmanUT
hell yes, finally
bagels
"* *Feature*: Launching nested virtualization. This feature allows you to run nested VMs inside virtual (non-bare metal) EC2 instances."
I feel vindicated :). We put in a lot of effort with great customers to get nested virtualization running well on GCE years ago, and I'm glad to hear AWS is coming around.
You can tell people to just do something else, there's probably a separate natural solution, etc. but sometimes you're willing to sacrifice some peak performance just have that uniformity of operations and control.
This is a big deal because you can now run Firecracker/other microVMs in an AWS VM instead of expensive AWS bare-metal instances.
GCP has had nested virtualization for a while.
> Nested virtualization is supported only on 8th generation Intel-based instance types (c8i, m8i, r8i, and their flex variants). When nested virtualization is enabled, Virtual Secure Mode (VSM) is automatically disabled for the instance.
I wonder if this is connected to Azure launching OpenShift Virtualization on "Boost" SKUs? There are a lot of VMWare customers going to OpenShift Virt, and apparently the CPU/memory overhead on Azure maxes out around 10% under full load... but then hyper V has been doing a lot of work on it. No idea if nitro includes any of the KVM-on-KVM passthrough of full KVM, to give it an edge here.
Support for nested virtualization has been added to the main SDKs. In the us-west-2 region, you can already see the "Nested Virtualization" option and use it with the new M8id, C8id, and R8id instance types.
This is really big news for micro-VM sandbox solutions like E2B, which I work on.
I wonder if this will extend SEV-SNP and TDX to the child VMs?
I wonder if providers like Hetzner and Digital Ocean etc. will get this someday also.
welcome AWS to 2018!
Could someone explain why this is might be a big deal?
I remember playing with nested virty some years ago and deciding it is a backwards step except for PoC and the like. Given I haven't personally run out of virty gear, I never needed to do a PoC.
Would love to see performance numbers with nested virtualization, particularly that of IO-bound workloads.
Would these thing be good for openclaw, agents?
What's the performance impact for nested virtualization in general? I'd think this would be adding multiple layers of MMU overhead.
Sounds expensive for legacy apps
hell yes, finally
"* *Feature*: Launching nested virtualization. This feature allows you to run nested VMs inside virtual (non-bare metal) EC2 instances."