Unikernels provide an efficient and lightweight way to deploy cloud computing services in application-specialized and single-address-space virtual machines (VMs). They can efficiently deploy hundreds of unikernel-base...Unikernels provide an efficient and lightweight way to deploy cloud computing services in application-specialized and single-address-space virtual machines (VMs). They can efficiently deploy hundreds of unikernel-based VMs in a single physical server. In such a cloud computing platform, main memory is the primary bottleneck resource for high-density application deployment. Recently, non-volatile memory (NVM) technologies has become increasingly popular in cloud data centers because they can offer extremely large memory capacity at a low expense. However, there still remain many challenges to utilize NVMs for unikernel-based VMs, such as the difficulty of heterogeneous memory allocation and high performance overhead of address translations.In this paper, we present UCat, a heterogeneous memory management mechanism that support multi-grained memory allocation for unikernels. We propose front-end/back-end cooperative address space mapping to expose the host memory heterogeneity to unikernels. UCat exploits large pages to reduce the cost of two-layer address translation in virtualization environments, and leverages slab allocation to reduce memory waste due to internal memory fragmentation. We implement UCat based on a popular unikernel--OSv and conduct extensive experiments to evaluate its efficiency. Experimental results show that UCat can reduce the memory consumption of unikernels by 50% and TLB miss rate by 41%, and improve the throughput of real-world benchmarks such as memslap and YCSB by up to 18.5% and 14.8%, respectively.展开更多
Unikernel,specializing a minimalistic libOS with an application,is an attractive design for cloud computing.However,the Achilles’heel of unikernel is the lack of multi-process support,which makes it less flexible and...Unikernel,specializing a minimalistic libOS with an application,is an attractive design for cloud computing.However,the Achilles’heel of unikernel is the lack of multi-process support,which makes it less flexible and applicable.Many applications rely on the process abstraction to isolate different components.For example,Apache with the multi-processing module isolates a request handler in a process to guarantee security.Prior art tackles the problem by simulating multi-process with multiple unikernels,which is incompatible with existing cloud providers and also introduces high overhead.This paper proposes Iso-UniK,a new unikernel design enabling multi-task applications with the support of both functionality and isolation.Iso-UniK leverages a recent hardware feature,named Intel Memory Protection Key(Intel MPK),to provide lightweight and efficient isolation for multi-process in unikernel.Our design has three benefits compared with previous approaches.First,Iso-UniK does not need hypervisor support and is thus compatible with existing cloud computing platforms;second,Iso-UniK promises fast system calls with only 45 cycles;last,a process can be isolated with a flexible configuration.We have implemented a prototype based on OSv,a unikernel system supporting unmodified applications.Iso-UniK can achieve fast fork operation with only 66μs for multi-process applications.Our evaluation shows that the isolation and multi-process support in Iso-UniK will not damage the applications’performance.展开更多
Unikernel,specializing a minimalistic libOS with an application,is an attractive design for cloud computing.However,the Achilles’heel of unikernel is the lack of multi-process support,which makes it less flexible and...Unikernel,specializing a minimalistic libOS with an application,is an attractive design for cloud computing.However,the Achilles’heel of unikernel is the lack of multi-process support,which makes it less flexible and applicable.Many applications rely on the process abstraction to isolate different components.For example,Apache with the multi-processing module isolates a request handler in a process to guarantee security.Prior art tackles the problem by simulating multi-process with multiple unikernels,which is incompatible with existing cloud providers and also introduces high overhead.This paper proposes Iso-UniK,a new unikernel design enabling multi-task applications with the support of both functionality and isolation.Iso-UniK leverages a recent hardware feature,named Intel Memory Protection Key(Intel MPK),to provide lightweight and efficient isolation for multi-process in unikernel.Our design has three benefits compared with previous approaches.First,Iso-UniK does not need hypervisor support and is thus compatible with existing cloud computing platforms;second,Iso-UniK promises fast system calls with only 45 cycles;last,a process can be isolated with a flexible configuration.We have implemented a prototype based on OSv,a unikernel system supporting unmodified applications.Iso-UniK can achieve fast fork operation with only 66μs for multi-process applications.Our evaluation shows that the isolation and multi-process support in Iso-UniK will not damage the applications’performance.展开更多
基金supported by the National Natural Science Foundation of China(Grant Nos.62072198,61732010,61825202,and 62032008).
文摘Unikernels provide an efficient and lightweight way to deploy cloud computing services in application-specialized and single-address-space virtual machines (VMs). They can efficiently deploy hundreds of unikernel-based VMs in a single physical server. In such a cloud computing platform, main memory is the primary bottleneck resource for high-density application deployment. Recently, non-volatile memory (NVM) technologies has become increasingly popular in cloud data centers because they can offer extremely large memory capacity at a low expense. However, there still remain many challenges to utilize NVMs for unikernel-based VMs, such as the difficulty of heterogeneous memory allocation and high performance overhead of address translations.In this paper, we present UCat, a heterogeneous memory management mechanism that support multi-grained memory allocation for unikernels. We propose front-end/back-end cooperative address space mapping to expose the host memory heterogeneity to unikernels. UCat exploits large pages to reduce the cost of two-layer address translation in virtualization environments, and leverages slab allocation to reduce memory waste due to internal memory fragmentation. We implement UCat based on a popular unikernel--OSv and conduct extensive experiments to evaluate its efficiency. Experimental results show that UCat can reduce the memory consumption of unikernels by 50% and TLB miss rate by 41%, and improve the throughput of real-world benchmarks such as memslap and YCSB by up to 18.5% and 14.8%, respectively.
基金Sponsored by Program of Shanghai Academic/Technology Research Leader(No.19XD1401700).
文摘Unikernel,specializing a minimalistic libOS with an application,is an attractive design for cloud computing.However,the Achilles’heel of unikernel is the lack of multi-process support,which makes it less flexible and applicable.Many applications rely on the process abstraction to isolate different components.For example,Apache with the multi-processing module isolates a request handler in a process to guarantee security.Prior art tackles the problem by simulating multi-process with multiple unikernels,which is incompatible with existing cloud providers and also introduces high overhead.This paper proposes Iso-UniK,a new unikernel design enabling multi-task applications with the support of both functionality and isolation.Iso-UniK leverages a recent hardware feature,named Intel Memory Protection Key(Intel MPK),to provide lightweight and efficient isolation for multi-process in unikernel.Our design has three benefits compared with previous approaches.First,Iso-UniK does not need hypervisor support and is thus compatible with existing cloud computing platforms;second,Iso-UniK promises fast system calls with only 45 cycles;last,a process can be isolated with a flexible configuration.We have implemented a prototype based on OSv,a unikernel system supporting unmodified applications.Iso-UniK can achieve fast fork operation with only 66μs for multi-process applications.Our evaluation shows that the isolation and multi-process support in Iso-UniK will not damage the applications’performance.
基金Sponsored by Program of Shanghai Academic/Technology Research Leader(No.19XD1401700).
文摘Unikernel,specializing a minimalistic libOS with an application,is an attractive design for cloud computing.However,the Achilles’heel of unikernel is the lack of multi-process support,which makes it less flexible and applicable.Many applications rely on the process abstraction to isolate different components.For example,Apache with the multi-processing module isolates a request handler in a process to guarantee security.Prior art tackles the problem by simulating multi-process with multiple unikernels,which is incompatible with existing cloud providers and also introduces high overhead.This paper proposes Iso-UniK,a new unikernel design enabling multi-task applications with the support of both functionality and isolation.Iso-UniK leverages a recent hardware feature,named Intel Memory Protection Key(Intel MPK),to provide lightweight and efficient isolation for multi-process in unikernel.Our design has three benefits compared with previous approaches.First,Iso-UniK does not need hypervisor support and is thus compatible with existing cloud computing platforms;second,Iso-UniK promises fast system calls with only 45 cycles;last,a process can be isolated with a flexible configuration.We have implemented a prototype based on OSv,a unikernel system supporting unmodified applications.Iso-UniK can achieve fast fork operation with only 66μs for multi-process applications.Our evaluation shows that the isolation and multi-process support in Iso-UniK will not damage the applications’performance.
