VirtualBox KVM Public Release

Finally!

Every time I need to run a virtual machine, I choose libvirt because it's more performant and easy to deal with than Virtualbox (no kernel module, etc.), but the GUI choices are pretty terrible. The "best" libvirt GUI is virt-manager and it's very, very buggy and lacking features (i.e. doesn't play nice with HiDPI screens, no way of configuring IPv6, etc.)

Many times I have caved and chosen VirtualBox simply because at least it feels nice to use, even if not as performant as libvirt/kvm. Not anymore!

iam-TJ · 2 years ago

Regarding IPv6, there is support. In fact I run IPv6 only networks including for the hypervisors.

    $ virsh net-dumpxml default6
    <network>
      <name>default6</name>
      <uuid>73590ea2-eb15-4e67-b104-319721bdf302</uuid>
      <forward mode='route'/>
      <bridge name='virbr1' stp='on' delay='0'/>
      <mac address='52:54:00:ff:a7:2d'/>
      <domain name='default6'/>
      <ip family='ipv6' address='2001:db8:ffff::1' prefix='48'>
      </ip>
    </network>

One can also use DHCPv6 if required.

sph · 2 years ago

That's what I meant, I had to use virsh to set that up because it's not possible to do in the GUI.

remram · 2 years ago

In virt-manager?

WhyNotHugo · 2 years ago

virt-manager plays fine with hidpi on Wayland. On the opposite side, VirtualBox’s GUI is super buggy in Wayland.

It’s basically the opposite for both. I use virt-manager because the GUI is simpler (and setting up virtualbox is a nightmare anyway).

Regardless, this feature is a step in the right direction. I’m wondering if distributions will pick it up or if it will ever be integrated upstream.

asmor · 2 years ago

That's a very recent change to virt-manager, so recent it's on nixos-unstable, but not on nixos-23.11. So it might be in Fedora 39 and some rolling-release distros... and nowhere else.

_chu1 · 2 years ago

100% agree about the terrible GUI choices. That actually turned me away completely from libvirt for virtual machines because when I actually needed to work with virtual machines I didn't want to finick around with CLIs and I stuck to VMware until recently. (at the time I ran Windows 10 on my main PC and Windows has a pretty terrible CLI)

eVeechu7 · 2 years ago

I thought virt manager was ok but honestly your complaints about it are specific and fair.

eek2121 · 2 years ago

Virtual box has graphical configuration for a ton of different options. It also “just works” in many cases and is relatively easy to use.

I am surprised the open source community has not built better gui tools, and no project, closed or open has made configuring pcie passthrough easy.

I have always wanted to be able to run Windows in a virtualized session with my GPU for gaming, and use my onboard APU for the Linux host, but the configuration is daunting, and many of the games I play today don’t work on linux thanks to anticheat or DRM.

blitzclone · 2 years ago

Great! What guests do you typically run where you see better performance with libvirt/kvm?

sph · 2 years ago

Mostly Linux, but also Windows when I had a VFIO passthrough setup. I don't think it's even possible to set it up with Virtualbox to have decent enough performance.

lathiat · 2 years ago

Yeah this has always been a bit of a pain. Since LXD recently launched a web interface that includes graphical console support (plus VM support some time before that, it's not just a container host anymore, it can do both), I have been using that for remote VMs now. But it still has quite a few rough edges, but nicer than libvirt at least.

rubatuga · 2 years ago

If you use a network bridge there's no reason to have to configure any IP addresses at all.

pkulak · 2 years ago

Have you tried Gnome Boxes?

eek2121 · 2 years ago

I have, it is very limited compared to Virtual Box.

k8svet · 2 years ago

virt-manager is the kind of software that frustrates me, has lost me VM (due to beraking SPICE beyond it already having been broken for years). Bug reports go ignored. Yet, when it works, it works great. And KVM is great. But Christ, it's a nightmare sometimes. Features lag behind libvirt, sometimes years. Just not great. The virt-viewer port to Windows never made it past POC+1, IMO, also.

I'm honestly surprised there aren't more alternatives. Especially since SPICE has gstreamer instegration. Gstreamer can natively do webrtc video and data back channel. Someone could hack together a webrtc broweser-based VM viewer and I suspect there's a lot of interest, potentially money making things you could crate.

What does this give me that I don't already get from KVM and virt-manager on Linux? Not getting it.

blitzclone · 2 years ago

The out-of-the-box performance of Windows in VirtualBox is very good and usually better than virt-manager (Qemu). You can tune Qemu to great performance as well, but it takes some fiddling. VirtualBox is in general very user friendly.

Guest integration (drag'n'drop, clipboard), USB passhthrough and audio support is also top-notch in VBox.

prmoustache · 2 years ago

> The out-of-the-box performance of Windows in VirtualBox is very good and usually better than virt-manager (Qemu). You can tune Qemu to great performance as well, but it takes some fiddling. VirtualBox is in general very user friendly.

I haven't found a significative difference but if you have found one and can tune qemu to same level,why don't you share the xml template of your machine to the world and to upstream's virt-manager project?

> Guest integration (drag'n'drop, clipboard), USB passhthrough and audio support is also top-notch in VBox.

These things works well with libvirt too provided you are using the spice-guest-tools.

fbhabbed · 2 years ago

Until you want to pass a GPU to the VM

thaumaturgy · 2 years ago

I virtualize most of my desktop environment. I wanted to go with KVM and virt-manager initially, since I'm mostly using a Linux host and Linux guests, but there were two important features I wanted and couldn't figure out how to get that way: encryption and portability.

Most of the VMs are encrypted, so I feel safe traveling with them. Various secrets are also encrypted, but the encryption of the VMs themselves mean that I don't have to worry about losing my device at an airport and someone else potentially getting access to things they shouldn't. There are schemes that make this work in virt-manager and KVM, but I didn't like any of them as much; I didn't want to rely on the host for filesystem-level encryption (see portability), and I have previously had a bit of trouble with full disk encryption, so I wasn't comfortable relying on that. VirtualBox essentially is also doing full disk encryption, but it's invisible to the guest and seems to be reliable.

For portability, I should be able to use https://www.vbox.me/ to install the VMs and a host onto a flash drive and be able to run any of my environments from any Windows host without additional installations. Haven't actually tried this yet (happily, I no longer have easy access to Windows machines!), but it was a big point in favor.

Most of my environments now get auto-configured through Vagrant: https://github.com/robsheldon/vagrantfiles, so I get some of the benefits of virt-manager that way.

I really don't love relying on Oracle for anything

kiney · 2 years ago

A decent UI and hopefully support to use virtualbox appliances

markfeathers · 2 years ago

Anyone using VitualBox please be careful about the extension pack. Oracle is very litigous.

https://www.reddit.com/r/sysadmin/comments/147k6az/oracle_is...https://www.reddit.com/r/sysadmin/comments/d1ttzp/oracle_is_...https://www.theregister.com/2019/10/04/oracle_virtualbox_mer...

We banned virtualbox in our organization since vmware workstation (or virt-manager) is way cheaper than dealing with oracle.

politelemon · 2 years ago

Exactly what I came to comment. Same thing here, they seemed to hyperfixate on the extension pack which most VBox users would need. We had to get everyone off that as soon as possible.

Of course this isn't limited to VBox, but their database as well. Just avoid.

tech234a · 2 years ago

Just noting that USB 2.0/3.0 support no longer requires the extension pack, and the list of features [1] that require the extension pack has been gradually decreasing. It may not be as necessary as it once was.

[1]: https://www.virtualbox.org/manual/ch01.html#intro-installing

Deleted Comment

dheera · 2 years ago

What if you just ignored Oracle? Do they even have teeth? If they made a download free it should be free.

You can't hand someone a banana on the street and then come back 3 months later demanding $1000 for it.

yrro · 2 years ago

If your organization uses any Oracle software then I'm certain that the organization has agreed to let Oracle audit it for license compliance at any time.

NotSammyHagar · 2 years ago

Oracle is that awful practices company. Their software audits are a notorious issue, and a good reason to never ever use software from them.

ciceryadam · 2 years ago

See the Oracle org chart for reference: https://www.unix.com/what-is-on-your-mind-/240815-org-charts...

qwertox · 2 years ago

So this basically turns VirtualBox into a replacement for virt-manager and virsh?

AFAIK VirtualBox does not support PCI passthrough (like GPU), how is this case handled?

Since I've moved to QEMU/KVM on Linux I've never looked back at VirtualBox, but I use the latter on Windows and there I'm always remembered of how much nicer and friendlier the GUI is.

Edit: I just noticed that VirtualBox has experimental PCI passthrough via the extension package [0], could this be used with the KVM backend?

[0] https://docs.oracle.com/en/virtualization/virtualbox/6.0/adm...

gonzodaruler · 2 years ago

There is experimental support for VFIO PCI pass-through with VirtualBox-KVM, even for GPUs. Please have a look at https://www.cyberus-technology.de/products/hypervisor

You can use `VBoxManage --attach-vfio` if you want to experiment with pci passthrough. This is different from the Oracle `pciattach` call and does not require any support from the extension package.

mkesper · 2 years ago

Please evaluate the license of the extension package carefully before using!

organsnyder · 2 years ago

And don't download it from your employer's network if Oracle thinks they might have deep pockets.

zare_st · 2 years ago

Practical thing is not having to recompile 3rd party drivers (vbox ko) every time kernel gets upgraded. Tho DKMS tries to take care of that without admin intervention, it's not always bug free.

On the other side VirtualBox the software application is designed to integrate with the desktop well, VNCing into the guest is not an alternative to this.

I hope efforts will be made in FreeBSD world too against its bhyve hypervisor.

The terminology issue is curious but it has been already covered here lately in a topic about Linux direct rendering manager, DRM. The acronym was used in a narrow circle of people compared to "the whole ICT", as were keyboard-video-mouse devices. Less than 1% of professionals deal with Linux internals on that level, and less than 1% of professionals are server room on-site engineers. There wasn't collective consciousness about these terms so they got reused.

Also LVM is taken by something else (storage) and LKVM would be confusing.

flo123456 · 2 years ago

Doing this for FreeBSD would be a great project. Unfortunately it is also big enough that we couldn’t afford to do it without some kind of funding.

I cannot even imagine using a distro that can't manage to get DKMS/kernel module updates to be reliable. I don't think I've ever had a problem with DKMS in NixOS ever; not a single time.

edit: downvoting me won't make your distro any more competent.

progman32 · 2 years ago

dkms has worked fine for me in Gentoo, Debian, and Ubuntu.

I think the backlash has more to do with the comment's tone.

bradwood · 2 years ago

Y-bar · 2 years ago

I have ever only heard KVM in the context of a Keyboard Video Monitor-type device but somehow I can't fully fit that into the concept of a virtual machine. Does it mean something different here?

szszrk · 2 years ago

Yes, quite different. It's basically a project that allows you to use Linux as a hypervisor. A very popular project.

https://en.m.wikipedia.org/wiki/Kernel-based_Virtual_Machine

Thanks!

nyrikki · 2 years ago

While an over simplification, here is the context

There are two large hypervisors in the Linux world.

Xen, which extends the kernel to support virtual CPUs with time slices.

KVM, which assigns each virtual core a process that uses the Linux scheduler.

When a hardware vm vcpu core is preempted there is vmexit call that has to reset registers etc... and it is expensive.

Xen is what legacy AWS instances ran on and has advantages for being fair to guests is an easier task.

KVM has the advantage of gaining the benefits of the Linux scheduler which is red black tree based and well optimized.

When a new CPU comes out for example, KVM gains support from the upstream while Xen has to support it themselves.

Once technology like cgroups improved the benefits of letting your thread complete and not be preempted due to the time slice expiring avoided the cost of vmexit.

In theory, leveraging the inherently optimized core Linux features is what will also benefit virtualbox.

Most people who use KVM are using an abstraction layer like libvirt that hides how it is implemented.

In fact if you look at the processes you will see qemu even if KVM is how it is implemented.

izacus · 2 years ago

It means Kernel-Based Virtual Machine, a VM engine dating back to 2007: https://en.wikipedia.org/wiki/Kernel-based_Virtual_Machine

viraptor · 2 years ago

https://linux-kvm.org/page/Main_Page

nonrandomstring · 2 years ago

Is there a connection to User Mode Linux (UML) from around the same time? Or are these completely unrelated projects? I get that running a kernel in the user space provided by another kernel is not really the same as a proper hypervisor, but have never really dug deep into why and what the various tradeoffs are.

kitd · 2 years ago

Happy 10000 Day!

https://xkcd.com/1053/

Faelian2 · 2 years ago

I am really curious about this.

As a pentester, I run use Linux on my laptop and I spend a lot of time working inside a Kali VM with VirtualBox.

How much performance improvement can we expect with the KVM backend ?

NanoCoaster · 2 years ago

If you don't mind, I have a specific question regarding this setup. I've been looking into getting into pentesting, mostly for fun. I decided on messing around with HackTheBox as a starting point. Seeing as you need to connect to their VPN, it seems like a good idea to me to separate this activity from my personal network.

Which networking setup do you use for your pentesting VM? Ideally, I'd want a setup where the VM can access the internet (and therefore the HTB VPN), but not anything inside my local network. But I don't quite know how I could achieve that, at least in a way where I'd trust it to be reliable. Maybe the whole idea's a bit too paranoid to be practical in general, I don't know, so I'd love an expert opinion on this :)

Usually, I'd be using QEMU, but I'd be fine with using VirtualBox for this case if it includes something that makes this easier.

Manouchehri · 2 years ago

You can probably do this for VirtualBox (and any Linux program) by using tun2socks to create a network interface that routes through a proxy (SOCKS5 if you want UDP support), and then moving that network interface to a new namespace. You can run VirtualBox or any other programs in that new namespace, they don't have to be aware of the proxy at all (since they just see a regular gateway).

https://github.com/xjasonlyu/tun2socks

3np · 2 years ago

You could take a look at Whonix and Qubes - even if you don't use them you can roll your own setup with a similar approach: Have a dedicated "netvm"/"proxyvm" which only acts as a network bridge. "Minimal Whonix" consists of one workstation VM and one gateway VM (forcing everything over tor). Qubes integrates this approach into the UI of the hypervisor.

Then you can be more confident that (barring something escaping the VM), you have control of what a particular VM may or may not access. Also allows you to have a couple of different netvms (maybe one does give some access to your internal network, one connects only over tor, one via some VPN...) that you can switch between without needing to change anything on the actual VM of concern.

bongodongobob · 2 years ago

That's just a simple rule on your firewall. I don't understand why you think you need to do this though.

It depends on your setup and workload. On a recent Intel CPU, our performance dashboard shows +10% for some benchmarks. It's hard to make a general statement though.

Manozco · 2 years ago

I've contributed in the past to libvirt in order to support some Virtualbox features because some of our customers used VBox. It would have been handy to have this in the past, and have all of our customers use some KVM VMs ;)

Congrats for the work!

Thank you!