s Are live in the chat box during the during the presentation today i'm going to be talking about our paper on Firecracker which is lightweight virtualization for superveloce applications I'm gonna cover what is firecracker why we built firecracker Some of the performance figures that t these M5 metal instances that we run on I have a very big and that's that's just due to the economics of cloud. right. These things have 48 cause they had 384 gigabytes of RAM. And are, you know, they fit relatively normal servers, but relatively normal servers these days are just bi Firecracker is an open-source Virtual Machine Monitor (VMM). Its primary purpose is to create and manage secure, multi-tenant container and function-based services, particularly for serverless applications. ( ) Think of it as a specialized tool designed for lightweight virtualization. This means it's built to run many small, isolated workloads (like individual functions in a serverless environment such as AWS Lambda) efficiently and securely on shared hardware. ( , ) Would you like to know more about how Firecracker achieves this lightweight and secure virtualization? Firecracker addresses the challenges of security and isolation in multi-tenant container environments by utilizing virtualization to create a much stronger boundary between workloads than traditional Linux container mechanisms. Instead of relying solely on operating system-level isolation (like namespaces and cgroups used by standard containers), Firecracker wraps each container or function in its own lightweight virtual machine (microVM). ( ) This means each workload runs with its own dedicated kernel, providing a hardware-virtualized barrier. This approach offers several advantages: Stronger Isolation: Virtualization provides a more robust security boundary. If one microVM is compromised, the attacker is contained within that microVM and cannot easily access the host system or other microVMs running on the same hardware. This is a significant improvement over traditional containers where a kernel vulnerability could potentially compromise the entire host and all containers on it. ( ) Reduced Attack Surface: Firecracker is designed with a minimal device model and a streamlined codebase (about 50% less code than its parent, crossVM). This significantly reduces the potential attack surface within the VMM itself. ( ) Compatibility with Container Ecosystems: Firecracker can be integrated into existing container orchestration systems like Kubernetes (via projects like Firekube) and containerD. This allows users to benefit from Firecracker's enhanced security without completely overhauling their container workflows. They can essentially replace the standard container runtime with Firecracker's microVM-based isolation. ( ) By using KVM (Linux's Kernel-based Virtual Machine) as its foundation, Firecracker leverages a mature and well-tested virtualization technology to achieve this strong, yet lightweight, isolation for serverless functions and containers. ( ) What other aspects of Firecracker's design, perhaps related to its performance or specific use cases, would you be interested in exploring? The development and adoption of Firecracker at AWS were significantly influenced by economic factors, particularly related to running services like AWS Lambda at a massive scale. ( ) One key aspect was the need for higher density and lower overhead than what was achievable with existing virtualization solutions like QEMU with KVM. For a service like Lambda, which handles millions of concurrent workloads and trillions of requests per month, even small improvements in resource utilization can lead to substantial cost savings. ( ) Firecracker was designed to be very lightweight, allowing for more microVMs to run on the same hardware. This contrasts with approaches that might involve hard-allocating resources like memory or CPU cores. Firecracker enables more dynamic resource allocation, such as getting memory on demand and scheduling CPU on demand, which is crucial for the efficient operation of serverless platforms. ( ) Essentially, the economic driver was to build a virtualization technology tailored for the specific needs of serverless workloads—one that could provide security and isolation without the resource footprint of traditional VMs, thereby maximizing the efficiency and cost-effectiveness of the underlying infrastructure. Are you interested in learning more about the performance characteristics of Firecracker that contribute to these economic benefits?