Abstract | ||
---|---|---|
With serverless computing, providers deploy application code and manage resource allocation dynamically, eliminating infrastructure management from application development.
Serverless providers have a variety of virtualization platforms to choose from for isolating functions, ranging from native Linux processes to Linux containers to lightweight isolation platforms, such as Google gVisor [7] and AWS Firecracker [5]. These platforms form a spectrum as they move functionality out of the host kernel and into an isolated guest environment. For example, gVisor handles many system calls in a user-mode Sentry process while Firecracker runs a full guest operating system in each microVM. A common theme across these platforms are the twin goals of strong isolation and high performance.
In this paper, we perform a comparative study of Linux containers (LXC), gVisor secure containers, and Firecracker microVMs to understand how they use Linux kernel services differently: how much does their use of host kernel functionality vary? We also evaluate the performance costs of the designs with a series of microbenchmarks targeting different kernel subsystems.
Our results show that despite moving much functionality out of the kernel, both Firecracker and gVisor execute substantially more kernel code than native Linux. gVisor and Linux containers execute substantially the same code, although with different frequency.
|
Year | DOI | Venue |
---|---|---|
2020 | 10.1145/3381052.3381315 | VEE '20: 16th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments
Lausanne
Switzerland
March, 2020 |
DocType | ISBN | Citations |
Conference | 978-1-4503-7554-2 | 0 |
PageRank | References | Authors |
0.34 | 0 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Anjali | 1 | 0 | 0.34 |
Tyler Harter | 2 | 225 | 12.32 |
Michael M. Swift | 3 | 1903 | 91.39 |