nanovisor-revolutionizing-faas-cold-start-performance-with-secure-lightweight-container-runtime-nanovisordaepchuan-hui-si-hao-wa-jai-chan-faas-xia-tianyu-zhou-ant-group.pdf

1、0NanoVisor:Revolutionizing FaaS Cold Start Performance with Secure,Lightweight Container RuntimeTianyu Zhou 1ContentsNanoVisor Intro&Role in FaaSCold Start OptimizationEvaluationSummary23NanoVisor Intro&Role in FaaS4What is What is NanoVisorNanoVisor Lightweight&Secure Container Runtime Based on gVi

2、sor1 Extremely fast in container startup Production ready 1 https:/gvisor.dev/5Role of Role of NanoVisorNanoVisor in in FaaSFaaSUser requestUser requestwill be handled by functionsfunctions.A functionfunctionis running inside a NanoVisorNanoVisor sandboxsandbox.6Cold Start Optimization7Cold Start Co

3、ld Start critical issue in critical issue in FaaSFaaSOn-demand container creation(cold start)does not meet the latencylatencyrequirement in FaaS.TOO SLOW!8Cold Start Cold Start critical issue in critical issue in FaaSFaaSCached container(warm start)meet the latencylatencyrequirement in FaaS,but wast

4、es much resource.TOO EXPENSIVE!9Make cold start extremely fastMake cold start extremely fast10Make cold start extremely fastMake cold start extremely fastNanoVisor makes the cold start ready for production.CHEAP&FAST!11How we did it?How we did it?Single Sandbox Process Fast inter-component communica

5、tion Sandbox fork12Single Sandbox ProcessSingle Sandbox Processgofer is weakweakat:-Process complexity-Setup-Runtime performanceEspecially in FaaS!13Single Sandbox ProcessSingle Sandbox Processerofs is BetterBetterat:-Single sandbox process-Less FD(image&tmpfs file)-Performance(no rpc)14Fast interFa

6、st inter-component communicationcomponent communicationCommand executions during runsc sandbox creation1.containerd creates a shim process2.shim executes runsc create to create a sandbox3.runsc create executes runsc boot to boot a sandbox4.runsc boot executes self to drop FDs/capabilities5.shim exec