VIRTIO is the open standard for virtual I/O, supported by a wide range of hypervisors and operating systems. Typically, device emulation is performed directly inside the Virtual Machine Monitor (VMM), like QEMU. However, modern virtualization stacks support multiple implementation models: keeping the device in the VMM, moving it to the kernel (vhost), offloading it to an external user-space process (vhost-user), or offloading it directly to the hardware (vDPA).

Each approach comes with specific trade-offs. Emulating in the VMM is straightforward but can be a bottleneck. In-kernel emulation offers high performance but increases the attack surface of the host system. External processes provide excellent isolation and flexibility, but introduce complexity. Finally, vDPA (vhost Data Path Acceleration) enables wire-speed performance with standard VIRTIO drivers, but introduces hardware dependencies.

So, how do we decide which approach is best for a specific use case?

In this talk, we will explore all four methods for emulating VIRTIO devices. We will analyze the architectural differences, discuss the pros and cons regarding performance and security, and provide guidance on how to choose the right architecture for your use case.