1. Unikraft – Crafting Unikernels
Simon Kuenzer, Felipe Huici, Florian Schmidt
<firstname.lastname>@neclab.eu
SYSML Group
NEC Laboratories Europe
http://sysml.neclab.eu

2. 2 © NEC Corporation 2017
Advantages and the Problem with Specialization
▌Standard OS/VM/container image:
lots of unnecessary code
lots of overhead!
Nginx
Kernel
Services
Libraries
User Application
m em cached bash
3rd Party
Applications
libc
libssl
ssh
init
ext4 netfront
blkfront
Nginx
m em cached
bash
libc
libssl
ssh
init
ext4
netfront
blkfront
▌Specialized image: only what’s
needed is there but lots of
development time! (have to
change code by hand
Nginx
Kernel
Services
Libraries
User Application
m em cached bash
3rd Party
Applications
libc
libssl
ssh
init
ext4 netfront
blkfront
unused!
unused!
unused!

3. 3 © NEC Corporation 2017
Unikraft: The Insight
▌In a perfect world…
We would have a menu of libraries for all possible components applications
might need
We would be able to use that menu to select only the functionality needed (and
possibly automate the selection process)
A system would automatically build a lean, high performance image for the
application we’re interested in and the platforms we care for
Unikraft is precisely this system!

4. 4 © NEC Corporation 2017
Unikraft – Operating System Decomposition
▌Standard operating systems are monolithic: they are not modular
so it’s not possible to separate their parts
Application(s)
profiling
memory
allocator scheduler
drivers
timers
filesystem
network stack

5. 5 © NEC Corporation 2017
Unikraft – Operating System Decomposition
▌Could we decompose, i.e., break apart an operating system?
network stack
Application(s)
profiling
filesystem
memory
allocator
timers
scheduler
drivers

6. 6 © NEC Corporation 2017
Unikraft – Operating System Decomposition
▌Could we decompose, i.e., break apart an operating system?
network stack
Application(s)
profiling
filesystem
memory
allocator
timers
scheduler
drivers
Once decomposed, we can pick and
choose which parts/libraries we
actually need for our application!

7. 7 © NEC Corporation 2017
The Unikraft Library and Build System
arch lib
pool
platform lib
pool
unikernel
binaries
main
lib
pool
CUSTOM
ABI/API
libmipsarch.olibarm32arch.olibx86_64arch.o
libkvmplat.olibxenplat.oliblinuxuplat.olibbareplat.o
unikraft_linuxuunikraft_bare_x86_64
unikraft_bare_ARM32
unikraft_bare_MIPS
unikraft_xen_x86_64
unikraft_xen_ARM32
unikraft_xen_MIPS
unikraft_kvm_x86_64
unikraft_kvm_ARM32
unikraft_kvm_MIPS
RUNBUILDSELECT&CONFIGLIBS
SELECT
APP
1234
snort
mysql QEMU
nginx memcached
mailman
myapp
drivers
libconsole.o
libixgbe.o
libnetfront.o
network stack
liblwip.o
libtcpip.o
libhttp.o
memory allocators
libbuddy.o
libheap.o
libmempool.o
filesystems
libvfs.o
libfat.o
libext3.o
runtimes
libocaml.o
libpython.o
liberlang.o
schedulers
libcoop.o
libpreempt.o
librt.o
debug&profiling
libgdb.o
libucdebug.o
libperf.o
standard libs
libc.o
libnewlibc.o
libopenssl.o

8. 8 © NEC Corporation 2017
Building a Specialized Image in One Minute
▌Type “make menuconfig”
▌Choose options in the menu that you want for your application
▌Choose your target platform(s) (e.g., Xen, KVM, Linux, baremetal)
▌Save config and type “make”

9. 9 © NEC Corporation 2017
An Unikraft Image Example
▌Xen PV x86_64 binary
▌Compiles to a 32.7kB image
▌Boots and prints message to debug console (with min. 208kB RAM)
libnolibc.o
libukboot.o
libukdebug.o
libxenplat.o
unikraft_xen-x86_64.o (50,2kB)
unikraft_xen-x86_64
(32,7kB)
Final
linking

10. 10 © NEC Corporation 2017
Potential Unikraft-built Systems
▌Specialized Python images for Xen, KVM and ARM, x86_64
liballocbuddy.o
libxenplat.o libarmarch.o
libconsole.o
libfilesystem.o
liblwip.o
libschedrr.o
libpython.o
▌Verticals:
IoT gateways
Smart city gateways
Cloud computing platforms (e.g., AWS Lambda)

11. 11 © NEC Corporation 2017
Potential Unikraft-built Systems
▌Specialized NFV image for KVM on x86_64
liballocbuddy.o
libkvmlat.o libx86_64arch.o
libconsole.olibschedcoop.o
▌Verticals:
 vCPE
 vRouters
 vBRAS
 Your network application here!
libdpdk.o