It doesn't work with Docker, K8s right now, but everyone's going nuts anyway for AWS's Firecracker microVMs

If it's good enough for Lambda and Fargate, it's probably good enough for you

re:Invent Pay-or-else compute biz AWS lit the fuse for Firecracker, the virtualization technology it uses to power its serverless Lambda offering and its Fargate managed container contrivance.

Firecracker, now available as open source on GitHub, relies on the Linux Kernel-based Virtual Machine (KVM) to create a new flavor of lightweight VMs. These microVMs strive to combine the security and isolation of virtual machines with the speed and resource thrift of containers.

"You can launch lightweight micro-virtual machines (microVMs) in non-virtualized environments in a fraction of a second, taking advantage of the security and workload isolation provided by traditional VMs and the resource efficiency that comes along with containers," said Jeff Barr, chief evangelist for AWS, in a blog post.

The software represents an attempt to create a virtualization technology better suited to event-driven, transient workloads – serverless applications that sit around doing nothing then suddenly spin up resources before going idle again.

According to AWS, Firecracker can launch user space or application code in less than 125ms and microVMs at a rate of 150 per second per host. It churns out fairly compact microVMs too, with each requiring less than 5MiB of memory overhead, so thousands can co-exist on a single server. The compute-only guest CPU performance reaches more than 95 per cent of bare-metal, per the spec.

Other virtualization projects such as Kata Containers and gVisor, have pursued similar goals.

Firecracker strives to be more minimalistic: It emulates only four devices – virtio-net, virtio-block, serial console, and a single button keyboard controller to stop the microVM – and its kernel loading process has been optimized. It also includes a RESTful control API, handles resource rate limiting, and supports a microVM metadata service for passing config data between the host and guest.

Amazon's homegrown 2.3GHz 64-bit Graviton processor was very nearly an AMD Arm CPU


Firecracker was derived from Chromium OS's Virtual Machine Monitor (crosvm), an open source virtual machine monitor (VMM) written in Rust.

The project may be the highest profile production deployment of Rust, a programming language backed by Mozilla that has become more popular lately.

"In the fall of 2017, we decided to write Firecracker in Rust, a modern programming language that guarantees thread and memory safety and prevents buffer overflows and many other types of memory safety errors that can lead to security vulnerabilities," explained Arun Gupta, principal open source technologist, and Linda Lian, senior product marketing manager, in a blog post.

Firecracker is designed to be processor agnostic, though at present it runs only on Intel hardware, under Linux kernel version 4.14 or later; AMD and Arm support is coming in 2019 according to AWS.

It doesn't presently work with Docker or container orchestrator Kubernetes, but AWS has built prototype code that lets containerd, a container runtime, manage containers as Firecracker microVMs. With further work, Docker and Kubernetes compatibility may emerge.

By releasing Firecracker under an open source Apache 2.0 licensing, AWS hopes other developers and organizations will advance the virtualization tech even further. ®

Send us news

AWS must pay $525M to cloud storage patent holder, says jury

Computing giant will appeal ruling, which found infringement was not 'willful'

US-EAST-1 region is not the cloudy crock it's made out to be, claims AWS EC2 boss

It's the region where stuff gets stressed at scale first, says Dave Brown, as he plots variants of Amazon's Outposts

Irish power crunch could be prompting AWS to ration compute resources

Users report being pointed to other EU regions if they need more grunt

Snowmobile, Amazon's truck-powered migration service, reaches the end of the road

Demand for bulk storage on wheels turned out to be wan

Google Cloud chief is really psyched about this AI thing

We're on a highway to ML

UK govt office admits ability to negotiate billions in cloud spending curbed by vendor lock-in

After slew of AWS deals signed under MoUs, CDDO says current approach might weaken its position

Cloud vendor lock-in is shocking, but there's a get out of jail card

We've done it once, we can do it again

AWS severs connection with several hundred staff

'Necessary,' 'focusing our efforts,' 'deliver maximum impact' ... sounds just like all the other tech layoffs lately

VMS Software prunes OpenVMS hobbyist program

Vintage OS editions go the way of the dodo as VSI cranks up exclusivity

GenAI will be bigger than the cloud or the internet, Amazon CEO hopes

And Andy Jassy will happily take your money along the way

YouTube now sabotages ad-blocking apps that stream its vids

EFF lambastes latest 'lazy and deliberately malicious move'

Backblaze cloud storage buzzes with added Event Notifications

If you want open system to automate workflows over platform of your choosing, join the queue