P99 CONF Unikernels are famous for providing excellent performance in terms of boot times, throughput and memory consumption, to name a few metrics. However, they are infamous for making it hard and extremely time consuming to extract such performance, and for needing significant engineering effort in order to port applications to them. We introduce Unikraft, a novel micro-library OS that (1) fully modularizes OS primitives so that it is easy to customize the unikernel and include only relevant components and (2) exposes a set of composable, performance-oriented APIs in order to make it easy for developers to obtain high performance. Our evaluation using off-the-shelf applications such as nginx, SQLite, and Redis shows that running them on Unikraft results in a 1.7x-2.7x performance improvement compared to Linux guests. In addition, Unikraft images for these apps are around 1MB, require less than 10MB of RAM to run, and boot in around 1ms on top of the VMM time (total boot time 3ms-40ms). Unikraft is a Linux Foundation open source project and can be found at www.unikraft.org.

1. Brought to you by
Unikraft: Fast, Specialized
Unikernels the Easy Way
Felipe Huici
Chief Researcher
NEC Europe Laboratories GmbH

2. Specialization = High Performance
software hardware

3. Unikernels = Specialized Virtual Machines
GOALS
• Easy to build and run
• Easy or no app porting
• Great performance

4. Unikernel Power
▌Fast start/stop/migration times
● 10s of milliseconds or less (and as little as 2.3ms)
REFS: LigthVM [Manco SOSP 2017], Jitsu [Madhvapeddy, NSDI 2015]
▌Low memory footprint
● Few MBs of RAM or less
REFS: ClickOS [Martins NSDI 2014], Unikraft [Kuenzer, Eurosys 2021. Best Paper Award]
▌High density
● 8k guests on a singlex86 server
REFS: LigthVM [Manco SOSP 2017]
▌High Performance
● ~300K reqs/sec nginx with a single guest CPU
REFS: Unikraft [Kuenzer, Eurosys 2021. Best Paper Award], Elastic CDNs [Kuenzer VEE 2017]
▌Security Features
● Small trusted compute base
● Strong isolation by hypervisor
● Per-library isolation
REFS: FlexOS [Lefeuvre HotOS 2021], CubicleOS [Sartakov ASPLOS 2021])

5. Unikernels in One Slide
Web server
General Purpose OS (e.g., Linux)
3rd
party
libraries
OS
libraries
OS
kernel
Web server
Unikernel
Lots of devel time!

6. Design Principles
1. Fully modular kernel
2. Provide high performance specialized APIs

7. Design Principles
1. Fully modular kernel

8. Why not Linux?
Unikraft is built from scratch to be fully modular

9. With Unikraft

10. Doing it with existing unikernels?
(1) Require significant expert work to build
(2) They are often non-POSIX compliant
(3) The (uni)kernels are still monolithic
Unikraft is built from scratch (with borrowing)

11. Design Principles

12. application
glibc
POSIX sockets
network
stack
High-perf API
UDP
Specialized API Example

13. application
LIBC
LAYER
musl newlib
POSIX
COMPAT
LAYER
syscall-shim
posix-fdtab posix-process pthread
…
posix-socket
ramfs
OS
PRIMITIVES
LAYER
PLATFORM
LAYER
vfscore
lwip
NW
STACKS
mtcp
uknetdev
9pfs
FILESYSTEMS
ukblockdev
ext4
uksched
ukpreempt
SCHEDULERS
ukcoop
ukboot
dynamicboot
BOOTERS
ukcoop
ukalloc
buddyalloc
MEM
.
ALLOC.
tinyualloc
tlsf
mimalloc
oscar
KVM
virtio-net
clock
virtio-block
memregion
XEN netfront
clock
blockfront
memregion
…

14. GOALS
• Easy to build and run
• Easy or no app porting
• Great performance

15. Towards Seamless Integration
KRAFT
ready
BUILD
ongoing
KUBERNETES
DEPLOY
ongoing
PROMETHEUS
MONITOR

16. KRAFT
ready
BUILD

18. ongoing
KUBERNETES
DEPLOY

20. ongoing
PROMETHEUS
MONITOR

22. GOALS
• Easy to build and run
• Easy or no app porting
• Great performance

23. Application Binary
(unmodified ELF)
POSIX Compatibility – Two Approaches
Application Sources
(object files, native build)
libc (musl) ELF reader/loader
AUTO PORTING BINARY
COMPATIBILITY
syscall shim layer
syscalls
trap syscall
musl
link obj files
closed
source
open
sources

24. What about syscall support?

25. Syscall Support
Unikraft: 160 syscalls (so far)
Linux: ~350 syscalls

26. Syscall Support
Top 30 Debian Popcon Apps
160 syscalls currently supported

27. Apps are Resilient to Missing Syscalls
(Redis)

28. Dynamic Analysis: What we Really Need

29. GOALS
• Easy to build and run
• Easy or no app porting
• Great performance

30. Unikraft Boot Times

31. Minimum Memory Requirements

32. nginx Throughput

35. Unikraft: Fast, Specialized Unikernels the Easy Way
P99 Conf, October 6-7 2021
Simon Kuenzer
Sharan Santhanam
Cyril Soldani
Costi Răducanu
Răzvan Deaconescu
Vlad-Andrei Bădoiu
Alexander Jung
Costin Lupu
Cristian Banu
Costin Raiciu
Hugo Lefeuvre
Gaulthier Gain
Stefan Teodorescu
Laurent Mathy
Felipe Huici

36. Brought to you by
Info: https://unikraft.org/
Code: https://github.com/unikraft
High performance POSIX unikernels are now a reality!