Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
125 tokens/sec
GPT-4o
53 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Are Unikernels Ready for Serverless on the Edge? (2403.00515v1)

Published 1 Mar 2024 in cs.DC

Abstract: Function-as-a-Service (FaaS) is a promising edge computing execution model but requires secure sandboxing mechanisms to isolate workloads from multiple tenants on constrained infrastructure. Although Docker containers are lightweight and popular in open-source FaaS platforms, they are generally considered insufficient for executing untrusted code and providing sandbox isolation. Commercial cloud FaaS platforms thus rely on Linux microVMs or hardened container runtimes, which are secure but come with a higher resource footprint. Unikernels combine application code and limited operating system primitives into a single purpose appliance, reducing the footprint of an application and its sandbox while providing full Linux compatibility. In this paper, we study the suitability of unikernels as an edge FaaS execution environment using the Nanos and OSv unikernel tool chains. We compare performance along several metrics such as cold start overhead and idle footprint against sandboxes such as Firecracker Linux microVMs, Docker containers, and secure gVisor containers. We find that unikernels exhibit desirable cold start performance, yet lag behind Linux microVMs in stability. Nevertheless, we show that unikernels are a promising candidate for further research on Linux-compatible FaaS isolation.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (58)
  1. Firecracker: Lightweight Virtualization for Serverless Applications. In Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation (Santa Clara, CA, USA) (NSDI ’20). USENIX Association, Berkeley, CA, USA, 419–434.
  2. FaaSnap: FaaS made fast using snapshot-based VMs. In Proceedings of the Seventeenth European Conference on Computer Systems (Rennes, France) (EuroSys ’22). Association for Computing Machinery, New York, NY, USA, 730–746. https://doi.org/10.1145/3492321.3524270
  3. Serverless Computing: Current Trends and Open Problems. In Research Advances in Cloud Computing. Springer, 1–20.
  4. Fran Ballesteros. 2014. Clive. Retrieved February 12, 2024 from https://lsub.org/clive/
  5. AuctionWhisk: Using an Auction-Inspired Approach for Function Placement in Serverless Fog Platforms. Software: Practice and Experience 52, 2 (Dec. 2021), 1143–1169. https://doi.org/10.1002/spe.3058
  6. Using Application Knowledge to Reduce Cold Starts in FaaS Services. In Proceedings of the 35th ACM Symposium on Applied Computing (Brno, Czech Republic) (SAC ’20). ACM, New York, NY, USA, 134–143. https://doi.org/10.1145/3341105.3373909
  7. A Research Perspective on Fog Computing. In Proceedings of the 2nd Workshop on IoT Systems Provisioning & Management for Context-Aware Smart Cities (Malaga, Spain) (ISYCC 2017). Springer, Cham, Switzerland, 198–210. https://doi.org/10.1007/978-3-319-91764-1_16
  8. On-demand Container Loading in AWS Lambda. In Proceedings of the 2023 USENIX Annual Technical Conference (Boston, MA, USA) (USENIX ATC ’23). USENIX Association, Berkeley, CA, USA, 315–328.
  9. Bryan Cantrill. 2016. Unikernels are unfit for production. Triton Data Center. Retrieved February 12, 2024 from https://www.tritondatacenter.com/blog/unikernels-are-unfit-for-production
  10. The rise of serverless computing. Commun. ACM 62, 12 (Nov. 2019), 44–54. https://doi.org/10.1145/3368454
  11. Adam Dunkels. 2001. Design and Implementation of the lwIP TCP/IP Stack. Technical Report. Swedish Institute of Computer Science.
  12. Pushing Serverless to the Edge with WebAssembly Runtimes. In Proceedings of the 22nd IEEE International Symposium on Cluster, Cloud and Internet Computing (Taormina, Italy) (CCGrid 2022). IEEE, New York, NY, USA, 140–149. https://doi.org/10.1109/CCGrid54584.2022.00023
  13. Sledge: a Serverless-first, Light-weight Wasm Runtime for the Edge. In Proceedings of the 21st International Middleware Conference (Delft, Netherlands) (Middleware ’20). Association for Computing Machinery, New York, NY, USA, 265–279. https://doi.org/10.1145/3423211.3425680
  14. ContainerLeaks: Emerging Security Threats of Information Leakages in Container Clouds. In Proceedings of the 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (Denver, CO, USA) (DSN ’17). IEEE, New York, NY, USA, 237–248. https://doi.org/10.1109/DSN.2017.49
  15. Dániel Géhberger and Dávid Kovács. 2022. Cooling Down FaaS: Towards Getting Rid of Warm Starts. (June 2022). arXiv:2206.00599
  16. A Functional and Performance Benchmark of Lightweight Virtualization Platforms for Edge Computing. In Proceedings of the 2022 IEEE International Conference on Edge Computing and Communications (Barcelona, Spain) (EDGE 2022). IEEE, New York, NY, USA, 60–68. https://doi.org/10.1109/EDGE55608.2022.00020
  17. Adam Hall and Umakishore Ramachandran. 2019. An execution model for serverless functions at the edge. In Proceedings of the International Conference on Internet of Things Design and Implementation (Montreal, Quebec, Canada) (IoTDI ’19). Association for Computing Machinery, New York, NY, USA, 225–236. https://doi.org/10.1145/3302505.3310084
  18. runtimejs - Lightweight JavaScript library operating system for the cloud. Retrieved February 12, 2024 from http://runtimejs.org/
  19. Zhipeng Jia and Emmett Witchel. 2021. Nightcore: efficient and scalable serverless computing for latency-sensitive, interactive microservices. In Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (Virtual, USA) (ASPLOS ’21). Association for Computing Machinery, New York, NY, USA, 152–166. https://doi.org/10.1145/3445814.3446701
  20. Cloud Programming Simplified: A Berkeley View on Serverless Computing. Technical Report. EECS Department, University of California, Berkeley.
  21. kvm: the Linux virtual machine monitor. In Proceedings of the Linux Symposium (Ottawa, ON, Canada). 225–230.
  22. OSv – Optimizing the Operating System for Virtual Machines. In Proceedings of the 2014 USENIX Annual Technical Conference (Philadelphia, PA, USA) (USENIX ATC ’14). USENIX Association, Berkeley, CA, USA, 61–72.
  23. Ricardo Koller and Dan Williams. 2017. Will Serverless End the Dominance of Linux in the Cloud?. In Proceedings of the 16th Workshop on Hot Topics in Operating Systems (Whistler, BC, Canada) (HotOS ’17). Association for Computing Machinery, New York, NY, USA, 169–173. https://doi.org/10.1145/3102980.3103008
  24. Unikernels Everywhere: The Case for Elastic CDNs. In Proceedings of the 13th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (Xi’an, China) (VEE ’17). Association for Computing Machinery, New York, NY, USA, 15–29. https://doi.org/10.1145/3050748.3050757
  25. Unikernels Everywhere: The Case for Elastic CDNs. SIGPLAN Not. 52, 7 (April 2017), 15–29. https://doi.org/10.1145/3140607.3050757
  26. Unleashing the power of unikernels with unikraft. In Proceedings of the 12th ACM International Conference on Systems and Storage (Haifa, Israel) (SYSTOR ’19). Association for Computing Machinery, New York, NY, USA, 195. https://doi.org/10.1145/3319647.3325856
  27. RustyHermit: A Scalable, Rust-Based Virtual Execution Environment. In Proceedings of the ISC High Performance 2020 (Frankfurt, Germany) (ISC ’20). Springer, Cham, Switzerland, 331–342. https://doi.org/10.1007/978-3-030-59851-8_22
  28. Unikraft and the coming of age of unikernels. login; The Usenix Magazine (July 2021).
  29. Everything Old is New Again: Binary Security of WebAssembly. In Proceedings of the 29th USENIX Security Symposium (USENIX Security ’20). USENIX Association, Berkeley, CA, USA, 217–234.
  30. Conghao Liu and Kyle C. Hale. 2019. Towards a Practical Ecosystem of Specialized OS Kernels. In Proceedings of the 9th International Workshop on Runtime and Operating Systems for Supercomputers (Phoenix, AZ, USA) (ROSS ’19). Association for Computing Machinery, New York, NY, USA, 3–9. https://doi.org/10.1145/3322789.3328742
  31. solo5: A sandboxed execution environment for unikernels. Retrieved February 12, 2024 from https://github.com/Solo5/solo5
  32. Unikernels: library operating systems for the cloud. SIGARCH Comput. Archit. News 41, 1 (March 2013), 461–472. https://doi.org/10.1145/2490301.2451167
  33. Unikernels: library operating systems for the cloud. In Proceedings of the Eighteenth International Conference on Architectural Support for Programming Languages and Operating Systems (Houston, Texas, USA) (ASPLOS ’13). Association for Computing Machinery, New York, NY, USA, 461–472. https://doi.org/10.1145/2451116.2451167
  34. Anil Madhavapeddy and David J. Scott. 2014. Unikernels: the rise of the virtual library operating system. Commun. ACM 57, 1 (Jan. 2014), 61–69. https://doi.org/10.1145/2541883.2541895
  35. Eyal Manor. 2018. Bringing the best of serverless to you. Google Cloud Platform. Retrieved February 12, 2024 from https://cloudplatform.googleblog.com/2018/07/bringing-the-best-of-serverless-to-you.html
  36. Docker ecosystem – Vulnerability Analysis. Computer Communications 122 (June 2018), 30–43. https://doi.org/10.1016/j.comcom.2018.03.011
  37. Demonstrating the Practicality of Unikernels to Build a Serverless Platform at the Edge. In Proceedings of the 2020 IEEE International Conference on Cloud Computing Technology and Science (Bangkok, Thailand) (CloudCom 2020). IEEE, New York, NY, USA, 25–32. https://doi.org/10.1109/CloudCom49646.2020.00001
  38. NanoVMs Inc. 2023. Nanos.org. Retrieved February 12, 2024 from https://nanos.org/
  39. Swivel: Hardening WebAssembly against Spectre. In Proceedings of the 30th USENIX Security Symposium (USENIX Security ’21). 1433–1450.
  40. A binary-compatible unikernel. In Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (Providence, RI, USA) (VEE 2019). Association for Computing Machinery, New York, NY, USA, 59–73. https://doi.org/10.1145/3313808.3313817
  41. An evaluation of open source serverless computing frameworks support at the edge. In Proceedings of the 2019 IEEE World Congress on Services (Milan, Italy) (SERVICES ’19). IEEE, New York, NY, USA, 206–211. https://doi.org/10.1109/SERVICES.2019.00057
  42. Tobias Pfandzelter and David Bermbach. 2020. tinyFaaS: A Lightweight FaaS Platform for Edge Environments. In Proceedings of the Second IEEE International Conference on Fog Computing (Sydney, NSW, Australia) (ICFC 2020). IEEE, New York, NY, USA, 17–24. https://doi.org/10.1109/ICFC49376.2020.00011
  43. Streaming vs. Functions: A Cost Perspective on Cloud Event Processing. In Proceedings of the 10th IEEE International Conference on Cloud Engineering (Asilomar, CA, USA) (IC2E 2022). IEEE, New York, NY, USA, 67–78. https://doi.org/10.1109/IC2E55432.2022.00015
  44. Ayush Ranjan and Fabricio Voznika. 2023. Improved gVisor file system performance for GKE, Cloud Run, App Engine and Cloud Functions. Google Cloud. Retrieved February 12, 2024 from https://cloud.google.com/blog/products/containers-kubernetes/gvisor-file-system-improvements-for-gke-and-serverless
  45. Towards a serverless platform for edge AI. In Proceedings of the 2nd USENIX Workshop on Hot Topics in Edge Computing (Renton, WA, USA) (HotEdge ’19). USENIX Association, Berkeley, CA, USA.
  46. Rusty Russell. 2008. virtio: towards a de-facto standard for virtual I/O devices. SIGOPS Oper. Syst. Rev. 42, 5 (July 2008), 95–103. https://doi.org/10.1145/1400097.1400108
  47. ProFaaStinate: Delaying Serverless Function Calls to Optimize Platform Performance. In Proceedings of the 9th International Workshop on Serverless Computing (Bologna, Italy) (WoSC ’23). ACM, New York, NY, USA, 1–6. https://doi.org/10.1145/3631295.3631393
  48. Fusionize: Improving Serverless Application Performance through Feedback-Driven Function Fusion. In Proceedings of the 10th IEEE International Conference on Cloud Engineering (Asilomar, CA, USA) (IC2E 2022). IEEE, New York, NY, USA, 85–95. https://doi.org/10.1109/IC2E55432.2022.00017
  49. Container Security: Issues, Challenges, and the Road Ahead. IEEE Access 7 (2019), 52976–52996. https://doi.org/10.1109/ACCESS.2019.2911732
  50. The Apache Software Foundation. 2024. Apache OpenWhisk. Retrieved February 12, 2024 from https://openwhisk.apache.org/
  51. The FreeBSD Project. 2023. Chapter 12. Linux Binary Compatibility - The FreeBSD Handbook. Retrieved February 12, 2024 from https://docs.freebsd.org/en/books/handbook/linuxemu/
  52. The gVisor Authors. 2024a. gVisor – Production guide? https://gvisor.dev/docs/user_guide/production/
  53. The gVisor Authors. 2024b. What is gVisor? https://gvisor.dev/docs/
  54. Benchmarking, analysis, and optimization of serverless function snapshots. In Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (Virtual, USA) (ASPLOS ’21). Association for Computing Machinery, New York, NY, USA, 559–572. https://doi.org/10.1145/3445814.3446714
  55. Dan Williams and Ricardo Koller. 2016. Unikernel Monitors: Extending Minimalism Outside of the Box. In Proceedings of the 8th USENIX Workshop on Hot Topics in Cloud Computing (Denver, CO, USA) (HotCloud ’16). USENIX Association, Berkeley, CA, USA.
  56. Unikernels as Processes. In Proceedings of the ACM Symposium on Cloud Computing (Carlsbad, CA, USA) (SoCC ’18). Association for Computing Machinery, New York, NY, USA, 199–211. https://doi.org/10.1145/3267809.3267845
  57. Mitigating Storage Side Channels Using Statistical Privacy Mechanisms. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (Denver, Colorado, USA) (CCS ’15). Association for Computing Machinery, New York, NY, USA, 1582–1594. https://doi.org/10.1145/2810103.2813645
  58. The True Cost of Containing: A gVisor Case Study. In Proceedings of the 11th USENIX Workshop on Hot Topics in Cloud Computing (Renton, WA, USA) (HotCloud ’19). USENIX Association, Berkeley, CA, USA.
Citations (1)
View on Semantic Scholar

Summary

  • The paper demonstrates that unikernels achieve significantly reduced cold start times (around 110ms) compared to Linux microVMs and gVisor.
  • The paper reveals that while unikernels use up to 8.5 times fewer CPU instructions to start functions, they exhibit higher idle CPU consumption.
  • The paper shows OSv offers superior network I/O performance, though file system operations and memory management highlight areas for optimization.

Evaluating the Suitability of Unikernels for Serverless Edge Computing

The academic paper titled "Are Unikernels Ready for Serverless on the Edge?" presents a detailed investigation into the performance and security implications of using unikernel architectures as execution environments for Function-as-a-Service (FaaS) workloads in edge computing. The authors, Felix Moebius, Tobias Pfandzelter, and David Bermbach, conduct an in-depth comparison of two unikernel platforms, Nanos and OSv, against traditional isolation mechanisms such as Docker containers, gVisor, and Linux microVMs exemplified by Firecracker.

Summary of Findings

The primary aim of the paper is to evaluate whether unikernels can serve as a robust, efficient alternative to existing execution environments for FaaS, particularly in resource-constrained edge deployments. The research focuses on several key performance metrics: cold start overhead, idle resource usage, CPU and memory performance, as well as network and file system I/O.

  1. Cold Start Performance: Unikernels exhibit significantly reduced cold start times compared to Linux microVMs. For a Go-based no-op function, Nanos and OSv achieve cold start times of around 110ms, considerably quicker than their Linux microVM and gVisor counterparts.
  2. Resource Efficiency: The unikernels have lower resource footprints during both instantiation and idle periods. Nanos, in particular, requires up to 8.5 times fewer CPU instructions to start a function compared to Linux microVMs. However, unikernels exhibit higher instruction counts during idle periods, raising concerns about CPU efficiency.
  3. Memory Usage: Docker containers demonstrate the lowest memory footprint due to efficient sharing of resources with the host system. Unikernels like Nanos and OSv fall between the containerized environments and Linux microVMs, with potential for optimization in memory management.
  4. Latency and Throughput: The network I/O performance of OSv is noteworthy, handling concurrent requests more efficiently than other environments. However, unikernels lag in file I/O operations, highlighting a comparative disadvantage in disk read times.

Implications for Future Developments

The findings imply that unikernels hold potential as a viable FaaS sandboxing solution on the edge, combining the lightweight performance of containers with the isolation of virtual machines. However, several challenges remain, such as improving the stability and debugging ability of unikernels and optimizing unikernel network and file system stacks for enhanced performance.

Speculation on Future Developments

Future research should explore avenues to reduce unikernel overheads through improved unikernel and hypervisor designs, possibly by further simplifying hyper call interfaces. The potential integration of language-specific enhancements into unikernels may further refine performance for specific use cases. Moreover, evaluating the impact of combining unikernel execution with traditional FaaS optimizations such as pre-booting or snapshotting could yield insights into minimizing cold start overhead without sacrificing security or functionality.

Conclusion

While unikernels are not yet ready to wholly supplant existing execution paradigms in edge FaaS settings, they present a compelling option that merits further research and development. The paper effectively places unikernels in the conversation for future isolated execution environments, offering a promising blend of performance and isolation potential worthy of further exploration. With continued refinement and community support, unikernels may bridge the gap between performance and security requirements in edge computing environments.

File Document Download Save Streamline Icon: https://streamlinehq.com PDF File Document Download Save Streamline Icon: https://streamlinehq.com Markdown
Youtube Logo Streamline Icon: https://streamlinehq.com

YouTube

HackerNews

  1. Are Unikernels Ready for Serverless on the Edge? (1 point, 0 comments)