1

For a KVM host with an Ivy Bridge processor, which MODEL should use for CPU>CONFIGURATION in Virtual Machine Manager? Ivy Bridge is not available.

Gaia
  • 1,855
  • 5
  • 34
  • 60
  • 2
    libvirt can autoselect it for you. If you're using cmd line just use `-cpu host` – dyasny Apr 01 '14 at 03:34
  • "Copy host config" yields "Nehalem". But it is Ivy Bridge, hence the question. – Gaia Apr 01 '14 at 03:37
  • it should work with the `sandybridge` setting, both are pretty much at the same instruction set (two generations of E3 basically). If you're missing a CPU flag, check your BIOS settings, you might have CPU features disabled, or your PC manufacturer has a locked down BIOS disabling CPU features (I know Sony like to do that) – dyasny Apr 01 '14 at 03:46
  • It's a dedicated server at a professional DC. I doubt they messed up BIOS config. – Gaia Apr 01 '14 at 04:03
  • It's very easy to mess up, since most vendors ship hardware with everything virtualization related disabled (for security reasons). looks like you're missing the `aes` flag, do you see it in `/proc/cpuinfo` ? – dyasny Apr 01 '14 at 04:11
  • no aes flag there. – Gaia Apr 01 '14 at 08:30
  • 1
    Doubt all you want. Just because you leased a server from some big company doesn't mean that they didn't screw up the BIOS configuration. – Michael Hampton Apr 01 '14 at 12:14
  • With no AES, are you sure this is Ivy Bridge? – dyasny Apr 01 '14 at 14:15
  • AES was turned off at BIOS level. This hosting co is gonna get dropped soon. Thanks @dyasny – Gaia Apr 03 '14 at 19:51
  • 1
    @Gaia :) I've *seen* the cloud! – ewwhite Apr 03 '14 at 20:37

1 Answers1

2

Please use Sandy Bridge for your processor selection. Maybe Haswell?

Edit:

I worked at a large hosting company that was unable to set the right VMware EVC mode for most of their Supermicro ESXi hosts. It was just accepted that Westmere-based systems be set to the lower Nehalem instruction set. I saw this as a silly restriction...

I wrote:
One of the steps in our vSphere host install process is to enable VMware EVC mode on our clusters. When using Westmere systems (usually with Intel E5645 CPUs), we can't use the "Westmere" EVC level, and instead have to step down to the Intel 5500-series "Nehalem" level. I hadn't seen this with other Westmere servers in the past, so I looked into the BIOS setup.

VMware says: Export restrictions for some models (Clarkdale, Westmere-EP, Westmere-EX, Sandy Bridge, Ivy Bridge) of Intel CPUs require that the Advanced Encryption Standard (AES) and Carry-less Multiplication (PCLMULQDQ) features be disabled. Some OEM BIOS software might also have AES/PCLMULQDQ disabled by default.

This export restriction covers the Intel AES-NI BIOS switch. The systems we're using ship with this required feature off. Enabling it allows the use of the "Westmere" EVC level.

And from that day forward, setting this became part of the build checklist.

Lesson: Hosting companies suck and are often set in their ways. They can't help it!!

enter image description here enter image description here

ewwhite
  • 197,159
  • 92
  • 443
  • 809
  • `Error starting domain: unsupported configuration: guest and host CPU are not compatible: Host CPU does not provide required features: aes Traceback (most recent call last): ... libvirtError: unsupported configuration: guest and host CPU are not compatible: Host CPU does not provide required features: aes` – Gaia Apr 01 '14 at 03:36
  • AES was turned off at BIOS level. This hosting co is gonna get dropped soon. Thanks – Gaia Apr 03 '14 at 19:53
  • 1
    @Gaia See my edited answer. – ewwhite Apr 03 '14 at 20:28
  • That's what it was. If the only diff between SandyBridge and Nehalem is the AES flag, I don't think it will impact much the operation of a standard LAMP stack on openSSL, but it's good to get it right. – Gaia Apr 04 '14 at 00:00
  • So much for the amazing evc feature. I've always laughed at the amount of marketing bsaround it while libvirt was doing the same thing all along at no extra cost – dyasny Apr 04 '14 at 02:35