microVM: Another Level of Abstraction for Serverless Computing

4 minute read

For years, cloud computing was a way to convince users and business to spend their money hosting their services on servers collocated on cloud data-centers. Things are changed and merely providing basic storage and processing power is a thing of the past. Cloud services are so complicated today that each one of them needs proper training to just be able to use them. Distributed data-stores, load-balancers, storages, serverless and container automation and orchestration services are just a few example of the vast number of cloud computing services.

One can now have a software running on cloud services (Software-as-a-Service) with five-nine SLA hosted on multiple cloud providers, effectively providing high-availability across the globe, all controlled from a central location, automated and orchestrated with the latest cutting-edge technologies on the market. And the number of these technologies are ever-growing.

Most of the cloud providers today use open-source model to distribute their technologies and software. Examples of which are kubernetes, docker and firecracker. Containerization and light-weight virtual machines are just two of the various ways to deploy applications on cloud. Each has its own pros and cons. But in this article I am going to present firecrack, a light-weight virtual machine, or microVM, management tool created by Amazon to run their serverless platform. In contrast to containerization, specifically docker, which uses a single shared Linux kernel with cgroups, namespaces, etc., microVMs use a separate Linux kernel virtualized on top of kernel-based virtual machine (KVM). The advantages of microVM are less memory overhead (5 MB), very minimal optimized kernel and security. The most interesting part is that it is written in Rust, has an awesome Go SDK and many tools are already developed for it:



Secure and fast microVMs for serverless computing. - firecracker-microvm/firecracker



firecracker-containerd enables containerd to manage containers as Firecracker microVMs - firecracker-microvm/firecracker-containerd



An SDK in Go for the Firecracker microVM API. Contribute to firecracker-microvm/firecracker-go-sdk development by creating an account on GitHub.



firectl is a command-line tool to run Firecracker microVMs - firecracker-microvm/firectl



Ignite a Firecracker microVM. Contribute to weaveworks/ignite development by creating an account on GitHub.

There is a demo project demonstrating the abilities and features of microVM by showing how quickly it can run 4k microVMs in less than a minute:



A demo running 4000 Firecracker microVMs. Contribute to firecracker-microvm/firecracker-demo development by creating an account on GitHub.

Months ago, I’ve started experimenting with it and wrote a bunch of bash scripts and a simple README to be able to show how to download project binaries or build the project(s) from source and start using microVMs very quickly:



A set of scripts to download or build firecracker and run a firecracker micro-VM - mostafa/firefighter

In order to use it, just clone the project somewhere on your disk and either run get_latest.sh or build_latest.sh. To get the latest binaries along with pre-built Debian and Alpine kernel and rootfs, you just need to have curl installed. But in order to build it from source code, you should have Rust compiler installed. The easiest way to install Rust compiler and toolchain, just download and install rustup installer to be able to easily install other things. A simple tutorial is present on Rust official website that provides instructions on how to do this. For building the latest version, I assume you have Debian GNU/Linux installed, because of APT.

Although building from source gives you full control and customizability, but for mere experimentation, just download the binaries and related files and you’re good to go!

$ git clone https://github.com/mostafa/firefighter
$ cd firefighter
$ ./get_latest.sh

This script downloads the latest firecracker, firectl and jailer binaries with a progress bar, along with Alpine and Debian kernel and rootfs in images directory.

Running the following command with no option or with help would print usage instructions:

$ ./run_microvm.sh
run_microvm.sh start <distro-name> | <vmlinuz.bin> <rootfs.ext4>  
run_microvm.sh stop  
run_microvm.sh config  
run_microvm.sh status  
run_microvm.sh help

Available distros:  
 - debian  
 - alpine

To run an Alpine microVM, just run the following command, it needs root/sudo privilege:

$ ./run_microvm.sh start alpine  
Giving read/write access to KVM to user  
[sudo] password for user:  
Booting kernel: images/alpine-vmlinuz.bin  
Image: images/alpine.ext4  
Enable routing from/to MicroVM  
Run MicroVM  
Welcome to Alpine Linux 3.8  
Kernel 4.14.55-84.37.amzn2.x86_64 on an x86_64 (ttyS0)

localhost login:

Using root as username and password, you can login to the microVM. Run the following commands inside the microVM to enable internet access:

$ ip addr add dev eth0  
$ ip route add default via dev eth0  
$ echo "nameserver" > /etc/resolv.conf  
$ ping -c 3 google.com  
PING google.com ( 56 data bytes  
64 bytes from seq=0 ttl=54 time=4.270 ms  
64 bytes from seq=1 ttl=54 time=5.979 ms  
64 bytes from seq=2 ttl=54 time=6.455 ms

--- google.com ping statistics ---  
3 packets transmitted, 3 packets received, 0% packet loss  
round-trip min/avg/max = 4.270/5.568/6.455 ms

Now you can stop the microVM with the following command on another terminal:

$ ./run_microvm.sh stop

That was it for now. You should figure out how you can leverage this to your advantage.

It’s a simple open-source project and any feedback and contribution is welcome.