Building a Just-in-Time Python FaaS Platform with Unikraft
2022-07-13 , Liffey Hall 1

Function-as-a-Service (FaaS) platforms are one of the key service offerings for any cloud provider. To provide strong isolation, the functions are run inside heavy-weight virtual machines (and within containers inside those for orchestration reasons). Consequently, such instances take too long to boot and so are kept on all the time, even though the functions only receive requests intermittently. The end result is that current FaaS platforms are much less efficient than they could be.

We will introduce a radically novel way to build FaaS platforms based on Python and the Unikraft Linux Foundation open source project (www.unikraft.org). Unikraft is a toolkit for building fully specialized, cloud-ready virtual machines called unikernels targeting a single application . Using Unikraft we can construct extremely specialized, Python-based unikernels that use only a few MBs to run a boot in 10s of milliseconds, allowing us to bring VMs up as a request to a function comes in, and to shut it down (or suspend it) afterwards. The result: a Python-based FaaS platform that is significantly more efficient and cheaper to operate than existing offerings.

In the talk we will provide an introduction to Unikraft, how Python is built on top of it, a full description of the FaaS platform and a short demo.


Unikraft [1] is a unikernel (specialized virtual machine) project. Unikraft is able to target a specific application (e.g., a web server such as NGINX) and transparently build an entire software stack, from the operating system all the way up to systems libraries, that includes only the parts that the application needs and nothing more. Such specialization results in extremely short boot times (a few milliseconds compared to hundreds or thousands for Linux VMs), small image sizes and memory consumption (e.g., a few MBs vs. hundreds of MBs) and a minimal attack surface, to name a few benefits. The short boot times also allow us to bring Unikraft VMs up just-in-time, as a request for a service arrives, and to bring the instance back down (or suspend it) when the request is over, allowing for even greater efficiency.

In addition, Unikraft images are single address space: in cloud environments strong isolation is provided by the hypervisor, so for single application/single tenant VMs it does not make sense to have a kernel/user-space divide. The end result is higher efficiency in performance, with Unikraft yielding noticeably higher throughout than Linux [2].

Regarding application support, we have put great effort towards making Unikraft as POSIX compatible as possible. Unikraft provides a syscall shim-layer and support for the musl libc, allowing us to run unmodified versions of Python.

In terms of orchestration, we have integrated Unikraft with major frameworks such as Kubernetes and Prometheus. This, along with extensive debugging facilities should make Unikraft easy to both use and develop for.

[1] https://unikraft.org/
[2] https://dl.acm.org/doi/10.1145/3447786.3456248 (best paper award)


Expected audience expertise: Domain:

none

Expected audience expertise: Python:

some

Abstract as a tweet:

Building an Extremely Efficient, Just-in-Time, Python FaaS Platform with Unikraft

Dr. Felipe Huici is CEO and Co-Founder at Unikraft UG, a start-up dedicated to lightweight and open source virtualization technologies and significantly lowering cloud infrastructure bills. In addition, Felipe is a chief researcher at NEC Laboratories Europe in Heidelberg, Germany where his main research and interests lie in the areas of high-performance software systems, and in particular specialization, virtualization and security. He has been published in several top-tier conferences and journals such as SOSP, ASPLOS, OSDI, Eurosys, SIGCOMM, NSDI, CoNEXT, and SIGCOMM CCR. Finally, Felipe is one of the founders and maintainers of the Linux Foundation Unikraft open source project.

Alexander Jung is a Co-Founder and Chief Product Officer at the Lightweight Virtualization company Unikraft, focusing on leading unikernels into market and mass deployment. He is also a PhD student at Lancaster University, where he focuses primarily on optimizations of unikernels for network-bound operations; delivering effective continuous integration and deployment of VNF-based services; as well as compile-time methods for inter-VM communication based on library Operating Systems. Previously he has worked as the Chief Information Officer at UK-based startup Adjacent Systems, securing and delivering systems for local law-enforcement and government.