Presentation: Unikraft - Unleashing the Power of Unikernels

Track: Operating Systems: LinuxKit, Unikernels, & Beyond

Location: Windsor, 5th flr.

Duration: 11:50am - 12:40pm

Day of week: Wednesday

Level: Advanced

Share this on:

What You’ll Learn

  • Hear about the Unikraft project and automated systems for building unikernels.

  • Learn how you can build an unique unikernel with an application on top of it

  • See the performance gains and possibilities that unikernels can bring


Recently, several papers and projects dedicated to specialized OSes and unikernels have shown the immense potential for performance gains that these have. By leveraging specialization and the use of minimalistic OSes, unikernels are able to yield impressive numbers, including fast instantiation times (tens of milliseconds or less), tiny memory footprints (a few MBs or even KBs), and high consolidation (e.g., being able to run many instances on a single device); a reduced attack surface and easier certification add to their potential.

Their fundamental drawback is that they require that applications be manually ported to the underlying minimalistic OS; this means both expert work and often considerable amount of time. In essence, we need to pick between either efficiency with unikernels, or no porting effort but decreased performance and decreased efficiency with standard OS/VM images.

In this talk we will introduce Unikraft, an open source, incubator project under the auspices of the Xen Project and the Linux Foundation aimed at automating the process of building customized images tailored to specific applications and thus significantly reducing development time. Unikraft decomposes operating systems into elementary pieces called libraries (e.g., schedulers, memory allocators, drivers, filesystems, network stacks, etc.) that users can then pick and choose from, using a menu, to quickly build images tailored to the needs of specific applications. During the talk we will describe Unikraft in greater detail, as well as give a brief demo of how to (very quickly) use it in order to build a few different unikernels.


Tell me a bit about the work that you're doing today?


We've been working on systems and virtualization for a while and especially virtual machines on the Xen platform. We were very happy with that platform because it gave great isolation. But over time VMs got a reputation about being heavyweight, which was emphasized by the rise of containers, and VMs began to lose ground except for mission critical systems or places where isolation was critical. You now had a trade-off between virtual machines which are heavy weight but provide great isolation and lightweight virtualization with containers but at the cost of security issues.

In recent work published at SOSP, we looked for a way to cut down on all the overheads in a virtualization platform, and we were able to show that you can actually have lightweight VMs that are able to perform on par and sometimes even outperform containers without sacrificing isolation.

The piece that was missing is that we had to hand-construct a lot of the virtual machines to be very very lean. Those virtual machines were unikernels, which are essentially a tiny VM tailored to a specific application and running on top of a minimalistic operating system. The only problem is that those minimalistic operating systems are not Linux so if you want to take something like Apache you need to port it to that operating system which is time consuming; worse, you have to repeat the process for every application. So they're very good, very efficient, but it requires significant porting work.

To address this, we're building this project called Unikraft where we're developing a semi or fully automated tool for building these unikernels, reducing the development costs from months to hopefully a few days or even less, and sparing application developers from having to really get down and dirty with the details in order to build a unikernel. If that happens to work out then you could have the full isolation you get from virtualization systems with the sort of the great lightweight virtualization properties that containers provide, such as low memory consumption and short boot times.


What do you plan to discuss in the talk itself?


The talk itself is about the actual Unikraft system: how it achieves what it achieves, how it's put together. We will include a very short demo showing how to go through the process of building a unikernel and running it and then probably at the end I'll show what the team is currently doing. Unikraft is an incubation project under the auspices of the Xen Project and the Linux Foundation. We're open to comments, contributions, criticisms, and it's open sourced so if anybody wants to contribute they're more than welcome to.


As you can craft an abstraction layer that allows you to do mapping down to the system level how does Unikraft actually fit into the kind of solve that problem of the system calls that an app may be making?


One of the things that Unikraft does is demodularizing an operating system. Typically we start with a minimalistic operating system, we break it down into pieces such as schedulers and memory allocators, and then you get to pick and choose different schedulers and memory allocators to suit your application’s needs. Now in order to support applications and to minimize the porting effort we need to support things that applications expect, for instance libc or a network stack. What we're really busy doing in these early stages is adding such functionality so that Unikraft can support a reasonable set of applications. In essence, with Unikraft for each application and for each time you build your unikernel you're essentially developing a custom operating system for your application.


So after somebody comes to your talk what will they be able to leave with?


We're trying to make minimalistic operating systems and unikernels more visible, and to make them more mainstream by making them easier to develop and maintain. We also want to show the larger community about what sort of performance gains they provide and what their potential is.


Do you have any performance measures in taking an app and porting it into a kernel?


There are plenty of performance measurements in our recent SOSP paper. For instance, we saw that we can take a 3000 euro server and concurrently boot as many as 8000 of these unikernels. We were also able to boot a “hello world” unikernel in 2.3 milliseconds, close to how long it takes a process to boot.


What is the trend in software development that you feel a software engineer should be focused on today?


What I see as a major trend is that many things are going to become more and more driven by machine learning algorithms. For us that means two things: acceleration of machine learning systems using systems knowledge but also applying machine learning algorithms to solve open systems problems.

For instance one really difficult open systems problem is if you have a heterogeneous computer system and you want to have a bunch of applications running on the system. What's the optimal scheduler algorithm to get those running? In the systems world we have schedulers that do a lot of heuristics and try to do the best they can, ignoring a lot of potential input in the process because it's really hard to deal with hundreds of potential metrics. Neural network algorithms, on the other hand, thrive on lots of metrics. So perhaps machine learning is actually a new way to approach open systems problems. And, going forward if you care about your resume, it is always going to look nice in the future to say I have machine learning experience as well.


What do you recommend someone if they are not in the machine learning and AI space today. What do you recommend for them to get started?


There's lots of really good online courses that you can take, from Coursera for instance. There are good, free online books and there are a lot of really good tutorials online, especially for using neural networks. They sort of mix and match theory followed by actual programming passages that use one of the many machine learning frameworks that are out there such as PyTorch. Thanks to all of this material it's actually not too hard to have a sort of hello world example that you train and that can predict something using a neural network.

Speaker: Felipe Huici

Chief Researcher in the Systems and Machine Learning Group at NEC Laboratories Europe

I’m a chief researcher in the Systems and Machine Learning Group at NEC Laboratories Europe in Heidelberg, Germany. My main research and work interests lie in the areas of high-performance software systems, and in particular specialization, virtualization, and the application of machine learning techniques to tackle open problems in the systems area. Previously, I received an undergraduate degree with honours from the University of Virginia, a Masters in Data Communications, Networks and Distributed Systems from University College London (top of the class), and a Ph.D. also from UCL. I have published on several top-tier conferences and journals such as SOSP, SIGCOMM, NSDI, CoNEXT, and SIGCOMM CCR and regularly act as TPC member of conferences and journals such as IMC , INFOCOM, CoNEXT and SIGCOMM CCR.

Find Felipe Huici at

Last Year's Tracks

Monday, 5 March

Tuesday, 6 March

Wednesday, 7 March