In our previous article exploring Functions as a Service (FaaS) – Glue Architectures Engineers guided readers through all the steps necessary to get an interesting serverless function up and running on AWS Lambda. The technology that Amazon utilizes to deliver Lambda to its customers is valuable to understand as an architectural concept, and as an open source contribution back to the technology community.
That technology is Firecracker, an open source microVM Hypervisor.
MicroVMs
If you’re wondering – “What is a microVM?” The answer is that it is just the same as a standard virtual machine, just with a device model that only includes the absolute essentials to support the operation of the virtual machine. Firecracker microVMs, as an example, only emulate 5 devices – net, block, and vsock virtio, a serial console, and a keyboard controller (itself so minimal its only good for stopping the virtual machine).
By asking the Hypervisor to emulate a virtualized device with such a small footprint, an efficiently built microVM can be initiating application code in as few as 125 milliseconds. A rather small amount of overhead compared to dozens of seconds it can take to spin up a standard EC2 node. Further, the resource overhead they demand is small enough (5MiB for Firecracker’s flavor of microVM) that one can densely pack instances onto bare metal.
It’s an impressive feat of engineering and ingenuity, but given that containers already exist, and can be deployed into environments with even greater ease and velocity – why bother with microVMs at all?
Firecracker
For Amazon, it was all about AWS Lambda.
On the surface, Lambda seems like the ideal use case for a container deployment scheme. Simply upload one’s code to AWS, let Lambda package it into the proper container run time, and then spin that container up on demand. However, this neglects the fact that containers gain their agility by virtue of sharing the kernel and host that their runtime process is running upon. Having this shared layer, by itself, presents a significant challenge to properly isolating customer’s Lambda functions from one another.
Amazon first solved this problem by creating a unique EC2 instances for each Lambda customer, isolating that customer’s functions from anyone else. This solution was acceptable for awhile, but once Lambda’s popularity began to grow, the economics of spinning up EC2 instances for each new Lambda customer ceased scaling.
Firecracker was the solution they engineered to enable Lambda to continue scaling. By utilizing the aforementioned ultra-minimalist VM design, and leveraging the Linux Kernel-based Virtual Machine (KVM), a single server becomes able to host hundreds of isolated workloads.
Limitations
Naturally, this level of optimization comes with some cost to flexibility. As it is leveraging Linux KVM technology, you can only run Firecracker (or a platform implementing it) on a Linux host with an Intel CPU (with AMD and ARM support in developer preview). Further, Firecracker is only capable of running Linux and OSv guests.
Implementations
If you have an interest in leverage microVMs in your solution designs, we highly recommend checking out one of the packages that has integrated Firecracker into their platform. At Glue Architectures, we’ve been having a good deal of fun playing with WeaveWorks’ Ignite, which is a GitOps centered infrastructure solution. However, if a container framed solution is more your speed, Firecracker has also been integrated with Kata Containers and firecracker-containerd. Further, if you have an interest in experimenting with Unikernels – UniK has also taken the time to make firecracker an available option. There’s nothing quite like a little hands on experience to aid the learning process after all!
Resources
- Firecracker Landing Page
- Firecracker Roadmap
- Firecracker – Lightweight Virtualization for Serverless Computing
- Announcing the Firecracker Open Source Technology
If you’ve got a questions about utilizing MicroVMs in your business’ use cases – drop us a line at contact@gluearchitectures.com. Our team of experienced developers will be happy to work with you to analyze, architect, and optimize the solution that’s right for you.