Simon Kuenzer, Sharan Santhanam, Felipe Huici
NEC Laboratories Europe
Highly specialized unikernels, operating system images tailored for a single application, have shown immense performance potential. They achieve impressive network performance (10-40 GBit/s on a single core), instantaneously boot ups (1-50 milliseconds depending on the virtual machine monitor), minimized memory overheads (about 1 MB at runtime), and a minimal trusted compute base (TCB). Application domains range from high-performance computing (HPC), network function virtualization (NFV), serverless, mobile and edge computing, to Internet-of-Things (IoT) and automotive. However, mass-adoption is prevented by their manual-work and time-consuming development process: Each specialized unikernel have to be individually developed and optimized for each target application.
We present Unikraft, a unikernel development framework that consists of a micro-library pool and a configuration and build tool. The pool is a collection of OS primitive implementations and common application libraries, like schedulers, heap management, network stacks, filesystem support, drivers, language environments, POSIX. A developer picks and configures needed components with a menu. Unneeded components can even be kept out and each library is meant to be replaceable. Interoperability is achieved by carefully designed APIs. Additionally, we give an outlook on achieving strong security while keeping up with performance properties and despite having a single address space. Possible options are full-stack ASLR, hardened memory allocation, common stack protection mechanisms, and protection features with the help of hypervisors. Unikraft is in its third year and an open source project. It is licensed under BSD and is supported by the Xen Project and Linux Foundation. The project aims to build a common foundation and ecosystem for specialized unikernel projects where developers can re-use existing micro-libraries but can also contribute their own alternatives to the community.