The document discusses Firecracker, an open source microVM technology for serverless computing. Firecracker uses a lightweight hypervisor to launch and run microVMs, allowing thousands to run on a single server. It provides better security isolation and faster launch times than alternatives like QEMU. The document outlines how Firecracker helps optimize server utilization for Lambda and other serverless workloads.

1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Firecracker,
서버리스 컴퓨팅을 위한 오픈소스
microVM 기술
류한진
Cloud Architect
Eland systems

2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
류한진
Cloud Architect, Eland Group
Fashion, Food, Retail, Hotel & Resort
AWSKRUG 오거나이저
- 데이터과학 소모임
- 컨테이너 소모임
- CLI 소모임

3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
개요
• Lambda 로 보는 서버리스 컴퓨팅
• Lambda worker 구조
• Firecracker

4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
이벤트 기반 서버리스 컴퓨팅
서버 유지 관리, 용량 프로비저닝, 배포,
모니터링, 로깅 등 컴퓨팅 리소스 관리를
자동으로 수행
실제로 이벤트를 처리한 시간*용량만큼
과금

6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
우리가 신경 쓰지 않아도
Lambda는 알아서 해줍니다.
• Load Balancing
• Auto Scaling
• Handling Failures
• Security Isolation
• Managing Utilization
• 기타 등등…

8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
: 동기/비동기 호출 조율
: Concurrency 추적/제한 설정
: Worker 상태 트래킹/스케쥴링
: Sandbox, 어플리케이션 코드 실행
: Sandbox 배치할 위치 결정

10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Cloud
Region
Lambda customer
(New Function or
Scaling Up)
Availability zone 2
Availability zone 1
Invoke
Front End
Invoke
Front End
Worker Mgr
Worker Mgr
Reserve Sandbox
Invoke
Init
Placement
Claim Worker
Worker
Worker
Worker

11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lambda는 관리하지 않아도 유연한 확장성을
주고 자동화된 가용성을 내장
= 유연한 확장성과 가용성을 얻기 위한 아키텍처를
설계하고 유지하기 위한 노력을 하지 않아도 된다

12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Hardware
Host OS
Hypervisor
Guest OS
Sandbox
Lambda Runtime
Our Code
Worker의 layer

14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Worker의 layer 격리
per One Function
per One Account
Our Code
Lambda
Runtime
Sandbox
Guest OS
Hypervisor
Host OS
Hardware
Guest OS
Sandbox Sandbox Sandbox
Our Code
Lambda
Runtime
Our Code
Lambda
Runtime
Our Code
Lambda
Runtime

15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
cgroups
namespaces
seccomp
iptables
chroot
Our Code
Lambda
Runtime
Sandbox
Guest OS
Hypervisor
Host OS
Hardware
Guest OS
Sandbox Sandbox Sandbox
Our Code
Lambda
Runtime
Our Code
Lambda
Runtime
Our Code
Lambda
Runtime
Sandbox / Function간 격리

16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
virtualization &
device emulation
Our Code
Lambda
Runtime
Sandbox
Guest OS (Amazon Linux)
Hypervisor
Host OS
Hardware
Guest OS (Amazon Linux)
Sandbox Sandbox Sandbox
Our Code
Lambda
Runtime
Our Code
Lambda
Runtime
Our Code
Lambda
Runtime
VM / Account간 격리

17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
그리고 Nitro...
Our Code
Lambda
Runtime
Sandbox
Guest OS (Amazon Linux)
Nitro Hypervisor
Hardware
Guest OS (Amazon Linux)
Sandbox Sandbox Sandbox
Our Code
Lambda
Runtime
Our Code
Lambda
Runtime
Our Code
Lambda
Runtime

18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Nitro: AWS re:Invent 2017
2017년 11월 발표
2013부터 개발 시작
최신 인스턴스는 모두 Nitro
hardware/software를 의도적으로 만듬
AWS를 위해 Hypervisor 빌드
AWS Nitro

19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Nitro Hypervisor
KVM-based hypervisor with
custom MM and small
userspace
실제로 인스턴스가
사용하는 기능만 남김
Nitro는 hypervisor를 빠르고 간단하게 만듭니다.

20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
현재의 Woker
Our Code
Lambda
Runtime
Sandbox
Guest OS (Amazon Linux)
Nitro Hypervisor
Hardware
Guest OS (Amazon Linux)
Sandbox Sandbox Sandbox
Our Code
Lambda
Runtime
Our Code
Lambda
Runtime
Our Code
Lambda
Runtime

21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Firecracker기술이 적용된 Worker
OurCode
Lambda
Runtime
Sandbox
GuestOS
Firecraker Hypervisor
Hardware (EC2 Bare Metal)
Our
Code
Lambda
Runtime
Sandbox
Guest
OS
OurCode
Lambda
Runtime
Sandbox
GuestOS
Our
Code
Lambda
Runtime
Sandbox
Guest
OS
OurCode
Lambda
Runtime
Sandbox
GuestOS
Our
Code
Lambda
Runtime
Sandbox
Guest
OS
OurCode
Lambda
Runtime
Sandbox
GuestOS
Our
Code
Lambda
Runtime
Sandbox
Guest
OS
OurCode
Lambda
Runtime
Sandbox
GuestOS
Our
Code
Lambda
Runtime
Sandbox
Guest
OS
OurCode
Lambda
Runtime
Sandbox
GuestOS
Our
Code
Lambda
Runtime
Sandbox
Guest
OS
OurCode
Lambda
Runtime
Sandbox
GuestOS
Our
Code
Lambda
Runtime
Sandbox
Guest
OS
per One Function
Many Accounts

22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
re:Invent 2018 공개

23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Firecracker
• Linux KVM 을 사용하여 microVM을
만들고 관리하는 VMM
• User space에서 실행
• microVM의 빠른 시작시간과 낮은
메모리오버헤드로 수천개의
microVM을 한 서버에 패킹
• QEMU의 대안
• Restfull API로 Firecracker 프로세스 제어
• 보안적으로 안전한 Host-guestOS간
설정 정보 공유서비스제공

24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Firecracker 호스트와 통합
최소한의 디바이스
모델만 제공
• virtio-net
• virtio-io
• Serial console
• 1-버튼
키보드컨트롤러

25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Firecracker 내부 아키텍처
API thread
• API 서버, 컨트롤 플레인
VMM thread
• 컴퓨터 모델
• 최소한의 레거시 디바이스 모델
• MicroVM Metadata Service
• Net, Block 장치
vCPU thread
• guestOS CPU 코어 수

26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Firecracker Micro-VMs
보안 속도를 위한 디자인 Scale과 efficiency
최소한의 device model은 memory
footprint를 줄이고 공격받을 수
있는 영역을 줄입니다
User-space code in <125ms,
150 microVM
per second per host
적은 memory overhead.
각 서버에 높은 밀도 (수천개) 의
microVM

27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Firecracker 오픈소스 프로젝트
Open Source and on GitHub
Serverless를 위한 빌드
AWS Lambda and AWS Fargate
Rust 로 작성
아직 초기단계, 해야할 것들
Containerd integration
Linux improvements
Kata integration

28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Hardware
Host OS
Hypervisor
Guest OS
virtio drivers
virtio host in Firecracker
Physical
Devices

31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lambda 사용자 :
Pay only for useful work.

33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lambda 운영자 :
항상 서버가 바쁘도록 최적화

34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Bad:
60% 60% 60% 60% 60% 60% 60%

35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Good:
99% 99% 99% 99% 0% 0% 0%
Cache Locality
Ability to Autoscale

36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Server
Bad: 한 워크로드를 packing
Workload
Workload
Workload
Workload
Workload
Workload

37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Server
Better: 다수 워크로드를 packing
Workload
Workload
Workload
Workload
Workload
Workload

38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Server
Best: 배치 최적화
Workload
Workload
Workload
Workload
Workload
Workload

42. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

43. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Worker
Lambda
Function
ENI in
your VPC
Your VPC
Local NAT

44. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Worker
Lambda
Function
Improving VPC start-up and scaling: 2019 예정
ENI in
your VPC
Your VPC
Remote
NAT

45. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

46. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

47. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Firecracker Hypervisor vs 그외
↓
↓
↑

48. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Firecracker 는
Higher Utilization와
Scale을 가능케 합니다

49. Thank you!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
류한진
Cloud Architect
Eland Systems