Data Centre


It doesn't work with Docker, K8s right now, but everyone's going nuts anyway for AWS's Firecracker microVMs

If it's good enough for Lambda and Fargate, it's probably good enough for you

By Thomas Claburn in San Francisco


re:Invent Pay-or-else compute biz AWS lit the fuse for Firecracker, the virtualization technology it uses to power its serverless Lambda offering and its Fargate managed container contrivance.

Firecracker, now available as open source on GitHub, relies on the Linux Kernel-based Virtual Machine (KVM) to create a new flavor of lightweight VMs. These microVMs strive to combine the security and isolation of virtual machines with the speed and resource thrift of containers.

"You can launch lightweight micro-virtual machines (microVMs) in non-virtualized environments in a fraction of a second, taking advantage of the security and workload isolation provided by traditional VMs and the resource efficiency that comes along with containers," said Jeff Barr, chief evangelist for AWS, in a blog post.

The software represents an attempt to create a virtualization technology better suited to event-driven, transient workloads – serverless applications that sit around doing nothing then suddenly spin up resources before going idle again.

According to AWS, Firecracker can launch user space or application code in less than 125ms and microVMs at a rate of 150 per second per host. It churns out fairly compact microVMs too, with each requiring less than 5MiB of memory overhead, so thousands can co-exist on a single server. The compute-only guest CPU performance reaches more than 95 per cent of bare-metal, per the spec.

Other virtualization projects such as Kata Containers and gVisor, have pursued similar goals.

Firecracker strives to be more minimalistic: It emulates only four devices – virtio-net, virtio-block, serial console, and a single button keyboard controller to stop the microVM – and its kernel loading process has been optimized. It also includes a RESTful control API, handles resource rate limiting, and supports a microVM metadata service for passing config data between the host and guest.

Amazon's homegrown 2.3GHz 64-bit Graviton processor was very nearly an AMD Arm CPU


Firecracker was derived from Chromium OS's Virtual Machine Monitor (crosvm), an open source virtual machine monitor (VMM) written in Rust.

The project may be the highest profile production deployment of Rust, a programming language backed by Mozilla that has become more popular lately.

"In the fall of 2017, we decided to write Firecracker in Rust, a modern programming language that guarantees thread and memory safety and prevents buffer overflows and many other types of memory safety errors that can lead to security vulnerabilities," explained Arun Gupta, principal open source technologist, and Linda Lian, senior product marketing manager, in a blog post.

Firecracker is designed to be processor agnostic, though at present it runs only on Intel hardware, under Linux kernel version 4.14 or later; AMD and Arm support is coming in 2019 according to AWS.

It doesn't presently work with Docker or container orchestrator Kubernetes, but AWS has built prototype code that lets containerd, a container runtime, manage containers as Firecracker microVMs. With further work, Docker and Kubernetes compatibility may emerge.

By releasing Firecracker under an open source Apache 2.0 licensing, AWS hopes other developers and organizations will advance the virtualization tech even further. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

AWS adds conflict resolution, squash merge to its GitHub homage CodeCommit

Good – if you're eye-deep in Amazon's cloud, that is

AWS Security Hub takes half-hearted bite out of SIEM vendors' lunches

SIEMless pitch, amirite?

No support for CloudEvents standard as AWS does its own thing with EventBridge

We'd love to support the standard, says XML inventor Tim Bray - but why not adopt ours instead?

3 is the magic number for HPE execs hopping over to AWS recently

3PAR boss Ivan Ianaccone is the latest to jump ship

In the US? Using Medicaid? There's a good chance DXC is about to boot your data into the AWS cloud

Exclusive What could possibly go wrong?

AWS shucks: Nutanix dives into hybrid cloud, mines for secondary data gold

.NEXT New appliance runs your backup engine of choice

AWS goes live with Windows containers... but contain yourselves: It's going to be niche

Too many caveats to make this a slick option in most cases

Better late than never: Cisco's software-defined networking platform ACI finally lands on AWS

Go hybrid or go home