Data Centre


It doesn't work with Docker, K8s right now, but everyone's going nuts anyway for AWS's Firecracker microVMs

If it's good enough for Lambda and Fargate, it's probably good enough for you

By Thomas Claburn in San Francisco


re:Invent Pay-or-else compute biz AWS lit the fuse for Firecracker, the virtualization technology it uses to power its serverless Lambda offering and its Fargate managed container contrivance.

Firecracker, now available as open source on GitHub, relies on the Linux Kernel-based Virtual Machine (KVM) to create a new flavor of lightweight VMs. These microVMs strive to combine the security and isolation of virtual machines with the speed and resource thrift of containers.

"You can launch lightweight micro-virtual machines (microVMs) in non-virtualized environments in a fraction of a second, taking advantage of the security and workload isolation provided by traditional VMs and the resource efficiency that comes along with containers," said Jeff Barr, chief evangelist for AWS, in a blog post.

The software represents an attempt to create a virtualization technology better suited to event-driven, transient workloads – serverless applications that sit around doing nothing then suddenly spin up resources before going idle again.

According to AWS, Firecracker can launch user space or application code in less than 125ms and microVMs at a rate of 150 per second per host. It churns out fairly compact microVMs too, with each requiring less than 5MiB of memory overhead, so thousands can co-exist on a single server. The compute-only guest CPU performance reaches more than 95 per cent of bare-metal, per the spec.

Other virtualization projects such as Kata Containers and gVisor, have pursued similar goals.

Firecracker strives to be more minimalistic: It emulates only four devices – virtio-net, virtio-block, serial console, and a single button keyboard controller to stop the microVM – and its kernel loading process has been optimized. It also includes a RESTful control API, handles resource rate limiting, and supports a microVM metadata service for passing config data between the host and guest.

Amazon's homegrown 2.3GHz 64-bit Graviton processor was very nearly an AMD Arm CPU


Firecracker was derived from Chromium OS's Virtual Machine Monitor (crosvm), an open source virtual machine monitor (VMM) written in Rust.

The project may be the highest profile production deployment of Rust, a programming language backed by Mozilla that has become more popular lately.

"In the fall of 2017, we decided to write Firecracker in Rust, a modern programming language that guarantees thread and memory safety and prevents buffer overflows and many other types of memory safety errors that can lead to security vulnerabilities," explained Arun Gupta, principal open source technologist, and Linda Lian, senior product marketing manager, in a blog post.

Firecracker is designed to be processor agnostic, though at present it runs only on Intel hardware, under Linux kernel version 4.14 or later; AMD and Arm support is coming in 2019 according to AWS.

It doesn't presently work with Docker or container orchestrator Kubernetes, but AWS has built prototype code that lets containerd, a container runtime, manage containers as Firecracker microVMs. With further work, Docker and Kubernetes compatibility may emerge.

By releasing Firecracker under an open source Apache 2.0 licensing, AWS hopes other developers and organizations will advance the virtualization tech even further. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Automated Weather Source didn't see this cloud coming: Amazon snatches up

Uh, we'll be having that domain

Fed up with Oracle's Sith, AWS wades into Big Red's lawsuit over Pentagon JEDI contract

Long-standing cloud enemies to do battle in the courts

Oh snap: AWS has only gone and brought out its own Backup

Has it gotten backuppers' backs up? You bet it has

VMware, AWS preview database-on-vSphere

VMworld US Database ops need less 'muck' says AWS boss Andy Jassy

Cisco and AWS hop into bed for steamy hybrid Kubernetes action

Mixing up on-premises and cloudy containers

Reckon you can build the next Netflix? AWS has a cloud for you

re:Invent Amazon's chomps at edges of broadcasters' pies

AWS elbows Google Cloud aside in fight for SAP HANA customers

My box is bigger than your box

Whoop, whoop, evade, evade – incoming news missile: AWS-SAM fired at Jenkins installations

Would madam care for native support for SAM in madam's pipeline?

Pentagon cloud contract sueball: Oh no, Oracle doesn't need those docs, AWS tells court

Urges it to chuck Big Red's request to depose former Pentagon staffers, too

AWS will keep your traffic on-cloud – for a fee, of course

re:Invent Also: Transit Gateways and big bandwidth for C5 instances