This presentation is a part of Kubernetes meetup vol3 @ Athens. At the very beggining we explain how we manage until now to come closer to the virtual hardware, removing possible duplication layers, that appear between the hypervisor and the Virtual Machine. An alternative solution removing duplication layers is Unikernels. Having small sized VM including only hypervisor libraries and our application in the same level (kernel), we build a Custom Virtual Machine targeting smaller footprint, reduced latency and better security. Next we explain very fast the OSv unikernel that allow us to compose a linux service built as shared object within the unikernel. Finnally we see a benchmark of a Redis Cluster that is running on OSv unikernels.

1. Unikernels
Kubernetes
Security
OSv
Cloud
Redis
Benchmarks

2. Contents
# A small story
# What is the Unikernel?
# Is it easy or not to deploy our services?
# Redis Cluster Benchmark

3. OS
# Story
responsible for managing and coordinating the tasks
to proceed, as well resources allocation

4. Stack
# Story Users
Applications
Kernel
Hardware

5. OS
# Story

6. Server Model
# Story
Hardware
HYPERVISOR XEN, KVM etc.
Nikos Virtual Machine Virtual Machine Virtual Machine
Nikos now rent portions of the resources
Users
Application
Kernel

7. Hypervisor
# Story
responsible for managing and distributing hardware
resources to virtual machines and they offer
hardware virtualization.
Supervisor of Virtual Machines

8. Server Model
# Story
Hardware
HYPERVISOR is an OS e.g. Linux
Nikos Virtual Machine Virtual Machine Virtual Machine
Nikos now rent portions of the resources
Users
Application
KernelOS
Duplication

9. Containers
# Story
Better utilization less Virtual Machines with single OS
and multiple isolated Service Stacks
Hardware
HYPERVISOR XEN, KVM etc.

10. Containers
# Story
 Stand-Alone, executable package
 Includes only what our service need
 Isolated environment between containers
 e.g. development, staging, production
 Shared kernel e.g. Linux
Source: http://docker.com

11. Containers
# Story
Source: http://docker.com

12. Conclusion
# Story
 removing things that we don’t need e.g. libs
 we make sure we use shared resources
 e.g. containers, one Linux installation with multiple isolated
services.
there is a tendency to
get closer to the hardware and manage it efficient

13. # Unikernel
is an operating system which includes basic
hypervisor libraries + our service libraries
e.g. KVM libraries + Seastar framework.

14. Comparison
# Unikernels
Configuration
Application
Language Runtime
Threads
User Processes
Kernel
Hypervisor
Hardware
Hypervisor
Hardware
Configuration
Application
Unikernel Runtime
Classic OS Unikernel

15. What is?
# Unikernels
 Virtual Machine
 Runs only one process
 fork() will not work
 No Users
 => eliminate context switch
 No Shell (better security)
 Service has instant access to the virtual hardware
 Usually supports one language e.g. OCaml
 Fast Boot time.
 We don’t need to manage the hardware resources
 Small size (depends on design)

16. Unikernels
A specialized application image,
A custom built Virtual Machine.

17. Projects
LING
(Erlang)
2014
MirageOS
(OCaml)
2013
HalVM
(Haskel)
2008
RuntimeJS
(Javascript)
2015
Rumprun
(Ruby, GO, Python)
2015
IncludeOS
(C/C++)
2015
OSv
(anything)
2014
# Unikernels

18. Challenges
# Unikernels
 Orchestration Tools
 Debug Tools
 Libraries
 Languages Runtime

19. Appliances
# Unikernels
IoT / Embedded
W
Usages
Web services
Network Functions Virtualization
(NFV)
High-performance computing
(HPC)

20. # OSv  Written with C++
 POSIX support
 pThreads experimental
 TCP/IP Stack
 Network: Net Channels by Van Jacobson
 Linux Virtual File system
 Runs on XEN, KVM, VΒox, VMWare & ARM 64 bit

21. # OSv

22. Composing an application with OSv
Clone and Compile the
OSv base image
Compile as shared object
Use Capstan for
the composition
Our .qemu
Image

23. Composing an application with OSv
Clone and Compile the
OSv base image
git clone https://github.com/cloudius-systems/osv.git &&
cd osv &&
sh ./scripts/build image=empty

24. Composing an application with OSv
Clone and Compile the
OSv base image
Compile as shared object
gcc –c –fPIC –o foo.o foo.c &&
gcc –c –fPIC –o bar.o bar.c &&
gcc -shared –fPIC –Wl, -soname,libqux.so.1 – o libqux.so.1.5.0 foo.o bar.o -lc

25. Composing an application with OSv
Clone and Compile the
OSv base image
Compile as shared object
Use Capstan for
the composition
capstan build –i fooImage –base=$OSV_IMG_LOCATION
&&
capstan run fooImage –e ./libqux.so

26. Composing an application with OSv
Clone and Compile
the OSv base image
Compile as shared
object
Use Capstan
for the
composition
Our .qemu
Image

27. Composing an application with OSv
Clone and
Compile the OSv
base image
Compile as
shared object
Use
Capstan for
the
composition
Our .qemu
Image
Source: www.mikelangelo-project.eu.

28. Composing an application with OSv
Clone and
Compile the OSv
base image
Compile as
shared object
Use
Capstan
for the
compositio
n
Our .qemu
Image
Source: www.mikelangelo-project.eu.

29. Redis
Redis an in memory “cache” store
# Benchmark

30. Redis
# Benchmark  Build Redis 3.x as a shared object
 Cluster Configuration
 Usage as mem-cache service
 Persist of storage requires fork()
 Benchmarking too
 redis-benchmark
 1, 2, 4 , 6 , 8, 10 concurrent client

31. Machine Specs 3 Machines x
CPU
2 vCPU -> 2.6 GHz Intel Xeon
E5
RAM
7.5Gb
Google Compute Engine

32. 0,5 sec
Boottime
Redis
# Benchmark

33. 33 32.5
33
36.8
36.375
42.2
30
30
27
29
32
38
0
5
10
15
20
25
30
35
40
45
50
1 2 4 6 8 10Time(sec)
Concurrent connected clients
Total benchmark time (sec) / No. Clients
UBUNTU OSV
Total execution time per concurrent clients
=> target 200.000 requests each client.
- 6sec faster
e.g. 4 concurrent clients
Redis
# Benchmark

34. 5994
6023
5992
5321 5419
4701
6571 6611
7185
6565
6300
5556
0
1000
2000
3000
4000
5000
6000
7000
8000
1 2 4 6 8 10
Requests/sec
Concurrent connected clients
AVG Queries per sec. / No. Clients
UBUNTU OSV
AVG requests per concurrent connected clients
=> targeting 200.000 requests each.
+1193 qps
Redis
# Benchmark
e.g. 4 concurrent clients

35. Conclusion
 Tricky parts when we are in a POSIX-able unikernel
 Don’t assign many vCPUs
 NUMA is not well supported
 Notice the synchronous mmap() on a single process environment
 Usage of 0-copy feature when we can apply it
 OSv looks great as FAAS "container"
 Small size
 Small boot time
 Immutable potentially better security
 We need more mature ecosystem for the Unikernels
 Remote debugging
 Monitoring
 Orchestration tools

36. Are you interested?

37.  Learn more about Unikernels
 An Infrastructure with unikernels (Mikelangelo EU)
 OSv – Unikernel (Run Linux Services)
 http://osv.io/
 OSv - Examples:
 https://github.com/cloudius-systems/osv-apps
 Running OSv on Kubernetes (e.g. with Apache Spark)
Dive into

38.  UNIK
 The Unikernel Compilation and Deployment Platform
 Supported Unikernels
 OSv (Almost everything)
 Rumprun (Python Node.js, GOlang)
 IncludeOS (C++)
 MirageOS (OCaml)
 Run your first Java unikernel
 on Virtualbox with UniK
Dive into

39. Dive into
 UNIK
 The Unikernel Compilation and Deployment Platform
 Supported Provides
 Google Cloud
 Amazon Web Services
 Openstack
 Virtualbox
 vSphere
 QEMU
 UKVM
 XEN
 Photon Controller

40. Thank you