![Page 1: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/1.jpg)
Unikernels: in search of a killer app and a killer ecosystem
RomanShaposhnik,DirectorofOpenSource@Pivotal,@rhatr
![Page 2: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/2.jpg)
![Page 3: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/3.jpg)
![Page 4: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/4.jpg)
![Page 5: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/5.jpg)
![Page 6: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/6.jpg)
![Page 7: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/7.jpg)
Unikernels• “Unikernels:libraryopera?ngsystemsforthecloud”cameoutin2013
• A“library”opera?ngsystem• Akernelthatcanonlysupportoneprocess• An‘executable’thatneedsvirtualiza?ontorun– Qemu,VB,VMWare,Xen,PublicCloud
![Page 8: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/8.jpg)
Anykernels• Programmingdisciplineforkernelcodereuse• “TheDesignandImplementa?onoftheAnykernelandRumpKernels”byAnVKantee
• Capabili?es– NetBSDfilesystemsasLinuxprocesses– User-spaceTCP/IPstack
• Buildingblocksfor…anykernels
![Page 9: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/9.jpg)
AnVKantee:Back-AlleyDoctorofNetBSD
![Page 10: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/10.jpg)
Whatunikernelsareavailable• MirageOS– EmergedfromXen,OCamlspecific,research
• Clive– Gospecific,Plan9lineage,research
• RumpKernels(broughttoyoubyA.Kantee)– Rumprununikernel,“sta?clinking”downtothekernel
• OSv
![Page 11: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/11.jpg)
UniK:UnikernelBuilds&Deployment• Anopensourcetool– heps://github.com/emc-advanced-dev/unik
• AfamiliarDocker-likeCLI• Abstractsawaydetailsofvirtualiza?onbackends• IntegrateswithDocker&CloudFoundry• PluggablesupportforUnikernels– OSv&rump
![Page 12: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/12.jpg)
Interac?veIntermission:Disaggrega?ontrend
![Page 13: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/13.jpg)
![Page 14: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/14.jpg)
![Page 15: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/15.jpg)
TheraiseofthePaaS:CloudFoundry
![Page 16: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/16.jpg)
CloudFoundry
![Page 17: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/17.jpg)
No,butseriously?
myApp $cfpush …
service#N
service#1
…
App#N
App#1
…
![Page 18: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/18.jpg)
Cloud-na?veappsAKA12factor.net• Codebase• Dependencies• Config• Backingservices• Build,deploy,run• Statelessprocesses
• Portbinding• Concurrency• Disposability• Dev==prod• Logs==streams• Adminprocesses
![Page 19: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/19.jpg)
> cd /path/to/my/app > tree . ├── README.md ├── app.groovy ├── application.properties ├── manifest.yml
![Page 20: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/20.jpg)
> cat manifest.yml --- applications: - name: cf-spring memory: 512M instances: 3 random-route: true
![Page 21: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/21.jpg)
> cf push my-app
Using manifest file /Users/verney/workspace/cf-sample-app-spring/manifest.yml
Creating app cf-spring in org pivot-jules / space test as [email protected]...
OK
![Page 22: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/22.jpg)
Uploading cf-spring...
Uploading app files from: /Users/vereny/workspace/cf-sample-app-spring Uploading 1M, 44 files Done uploading OK
![Page 23: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/23.jpg)
Runtime Container
Droplets
Staging Container
App Source Code
Buildpack
DropletFile System (‘Stack’)
![Page 24: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/24.jpg)
> cf scale my-app –i 8
![Page 25: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/25.jpg)
![Page 26: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/26.jpg)
Anatomyofadroplet
Hardware
“Stuff”
[Java]VirtualMachine
μservicecode
![Page 27: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/27.jpg)
Howarewedoingittoday?
JailedFS,net,etc.
Hardware
[Java]VirtualMachinelibFS,libC,libJVM
μservicecode
Applica?on-specificsta?clinking
OCI“runc”image
Common,sharedkernel
![Page 28: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/28.jpg)
Isthereabeeerway?
vHardware
Hardware
[Java]VirtualMachinelibFS,libC,libJVM
μservicecode
Applica?on-specificsta?clinking
TinyVMimageAKAunikernel
Hardware-assistedvirtualiza?on
![Page 29: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/29.jpg)
Imageby@GrahamDumpleton
![Page 30: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/30.jpg)
OSvfromCloudiusSystems• Aunikernelfor“POSIX”andmemorymanagedplaqorms(JVM,Go,Lua)
• Anykernel’ish– E.g.ZFS
• RunsontopofKVM,Xen,VirtualBox,VMWare• LookslikeanapptothehostOS• Small,fastandeasytomanageatscale
![Page 31: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/31.jpg)
OSvmanifesto• Runexis?ngLinuxapplica?ons• Runexis?ngLinuxapplica?onsfaster• Makeboot?me~=exec?me• ExploreAPIsbeyondPOSIX• Leveragememorymanagedplaqorms(JVM,Go)• Stayopen
![Page 32: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/32.jpg)
What’sinside?
singleaddressspacein“kernelmode”
“kernelthreads”“userthreads”
diskZFS vir?oC++kernelcode
dynamiclinker
libjvm.soifconfig.so
TCP/IP
iface
![Page 33: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/33.jpg)
Anythingitcan’tdo?• A100%replacementforaLinuxkernel– Nofork()ing
• Noprocessisola?on• Theleastamountofdevicedriversever
![Page 34: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/34.jpg)
Virtualiza?onvs.performance• Network-intensiveapps:– unmodified:25%gaininthroughput47%decreaseinlatency
– non-POSIXAPIsuseforMemcached:290%increaseinperformance
• Compute-intensiveapps:– YMMV
![Page 35: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/35.jpg)
VanJacabson’snetchannelssocket
TCP
IP
iface
socket
TCP
IP
iface
lock
lock
lock
Tradi?onalTCP/IPstack
appthreadkernel(IRQ)
send/recv
socket
TCP
IP
iface
channel
classifier
iface
lock
OSvTCP/IPstack
appthreadkernel(IRQ)
send/recv
![Page 36: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/36.jpg)
MemorymanagementinUNIX
OSMemory
ProcessMemory
JVMHeap
ProcessMemory
JVMHeap
![Page 37: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/37.jpg)
MemorymanagementinOSv
OSMemory
ProcessMemory
JVMHeap
![Page 38: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/38.jpg)
JVMbalooning(nomore-Xmx)
JVMHeap
OSobject
![Page 39: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/39.jpg)
TurbochargingJVMGC
object1 object2
![Page 40: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/40.jpg)
TurbochargingJVMGC
object1 object2
![Page 41: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/41.jpg)
TurbochargingJVMGC
object1 object2
CPUMMUassistedtrackingtable
![Page 42: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/42.jpg)
Whyshoulditworkthis?me?• Unikernels/exokernelsbackin’90• JVM-on-bare-metal(Azul,BEA,etc.)backin‘00• Thingstheydidn’thavebackthen– HW-assistedvirtualiza?on(KVM,XEN,etc.)– Elas?cinfrastructureorientedarchitectures– CloudFoundry(PaaS)
![Page 43: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/43.jpg)
No,reallyweneedPaaS
![Page 44: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/44.jpg)
No,reallyweneedPaaS
![Page 45: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/45.jpg)
Elas?c,nextgenera?ondatacenter• Commodity,rack-provisionedHardware• JeOS(CoreOS,SmartOS,Xen+JeOS)– aglorifieddevicedriver:anything2vir?o– op?onally:awaytovirtualizea“dom0”kernel
• Docker++asthenewELFformat– witheithernokernelorunikernelinside
• CloudFoundrytorulethemall
![Page 46: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/46.jpg)
FinallykillingDevOps• Ops(IT)maintainsthebareOS• Devsmaintaintheμservices• PaaSmapsμservicestoimagesandorchestrates
![Page 47: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/47.jpg)
FinallykillingDevOps• Ops(IT)maintainsthebareOS• Devsmaintaintheμservices• PaaSmapsμservicestoimagesandorchestrates
![Page 48: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/48.jpg)
Andonemorething…
![Page 49: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/49.jpg)
Ques?ons?
By@cloud_opinionImaginenoplaqormsIwonderifyoucanNoneedforxAASAbrotherhoodofbaremetalImaginethereisnoVMIt'seasyifyoutryNohostbelowusAboveusonlyapps
![Page 50: Unikernels: in search of a killer app and a killer ecosystem](https://reader031.vdocuments.net/reader031/viewer/2022021922/5877b45f1a28ab2c668b5515/html5/thumbnails/50.jpg)