In this talk, we describe our ongoing initiative to re-architect “network function virtualization (NFVs)” using the Unikernel concept as the main building block. A quick look at current telco and IT markets trends reveals two main intertwined technologies. On one side, and in order to reduce complexities and drawbacks inherited from creating multiple instances of the operating system, there is a strong desire to migrate from virtual machines towards micro-services enablers, namely containers (e.g., Docker). On the other side, it is becoming evident that none of these virtualization techniques would be viable in a real world deployment without an efficient “stitching” technique which would enable intelligent traffic steering between different VMs and/or containers. For this particular purpose, SDN technology is considered as leading candidate to address the “services chaining” problem.
There are multiple advantages behind adopting containers in terms of memory footprint resulting in higher density, single operating system, faster start/shutdown, etc. However, security concerns (e.g., ever- growing kernel complexities, apps isolation, etc), OS limitation (i.e., apps confined to one host should all run on a particular kernel), distributed storage, underlying networking infrastructure have been frequently cited as hurdles towards wide adoption.
Our proposed architecture departs from current market trends as it explores using Unikernel concept as the building block for NFVs and also, embedding “traffic steering” capabilities underlying the designated set of NFVs. Leveraging unikernel features enable operators to provide more granular, highly secure, on- demand services (e.g., per user and/or per device and/or per service) and a better use of their datacenter infrastructure. In our talk, we discuss challenges, performance and ways forward to speed up unikernel adoption.