Amazon published Significant release
Virtual Machine Monitor (VMM, Virtual Machine Monitor) FireCracker 1.0.0 , designed to launch virtual machines with minimal overhead costs. Firecracker is a branch from the project Crosvm used by Google to run Linux and Android applications in Chromeos. The development of FireCracker is carried out in the Amazon Web Services division in order to improve the performance and efficiency of the AWS Lambda and AWS Fargate platforms. FireCracker code is written in the language of Rust and extends under the Apache 2.0 license.
Firecracker offers lightweight virtual machines, called Microvm. For full-fledged MICROVM insulation, hardware virtualization technologies based on KVM hypervisor are used, but it provides performance and flexibility at the level of conventional containers. The system is available for architectures x86_64 and ARM64, and is tested on the CPU of the Intel Skylake family, Intel Cascade Lake, AMD Zen2 and Arm64 NeoVerse N1. Firecracker integrates are provided in Runtime container isolation systems, such as Kata Containers, Weaveworks Ignite and ContainerD (provided by Runtime Firecracker-Containerd ).
Inside the virtual machines, the program environment is trimmed and contains only a minimum set of components. To save memory, reducing the time for starting and improving security in the environment, a modified Linux kernel is launched, from which all unnecessary is excluded, including functionality and cutting device support. At the same time, it is possible to start in MICROVM virtual machines and conventional environments based on the standard Linux kernel ( supported kernel 4.14 and 5.10).
When starting with a trimmed core, an additional consumption of memory compared to a container is less than 5 MB. Delayed from the moment of launching Microvm before starting the application is declared ranging from 6 to 60 ms ( On average, 12 ms) that allows to generate new virtual machines with intensity up to 180 Enchances per second on the host with 36 cores CPU.