Why AWS Lambda Uses Firecracker Instead of Containers
Posted by viks98@reddit | programming | View on Reddit | 23 comments
Posted by viks98@reddit | programming | View on Reddit | 23 comments
New_Enthusiasm9053@reddit
Each VM takes ~125ms to boot but snapshot restore takes ~150ms so that's why they use snapshots?
You need to proof read your numbers.
viks98@reddit (OP)
Sorry my mistake, the snapshot restore time is about 10ms.
Thanks for pointing out
dylanzt@reddit
While we're looking at typos, your heading at the end shows as "he result" for me.
BamBam-BamBam@reddit
Relacks, this are Reditt.
Trk-5000@reddit
I heard from a completely unverified source that Lambda doesn’t actually use firecracker, rather it’s a native hyperplane/virtualization layer technology
No idea if that’s actually legit. Would love if someone could corroborate
shiift@reddit
I worked there for years. Lambda uses firecracker. It used to use native EC2, but in ~2019 they switched over to firecracker running on bare metal EC2 instances.
deviled-tux@reddit
I am pretty sure they built firecracker for lambda to work
Trk-5000@reddit
Lambda as a service existed before firecracker though. Maybe Firecracker internally replaced the previous method.
deviled-tux@reddit
And when did I say the opposite?
Here’s an article explaining the motivation behind firecracker: I am aware. Here’s an article that describes the motivation to build firecracker: https://aws.amazon.com/blogs/aws/firecracker-lightweight-virtualization-for-serverless-computing/
Not sure exactly you’re trying to contradict from my original comment really.
abraxasnl@reddit
Calm down. They’re not arguing with you.
yeathatsmebro@reddit
RTFM Firecracker was developed at Amazon Web Services to improve the customer experience of services like AWS Lambda and AWS Fargate
deviled-tux@reddit
Do you just like making up fake points to feel superior or…?
Bacaloupe@reddit
I'm pretty sure you're correct. The documentation kinda hints that it does, but is a little misleading.
The security company I was at years ago found this out, and it's one of the little known secrets.
yawkat@reddit
Maybe they use an internal fork, but why would they maintain firecracker if not for this?
viks98@reddit (OP)
It's highly unlikely that they would use something other than firecracker. There offical docs mention it
https://docs.aws.amazon.com/lambda/latest/dg/lambda-managed-instances.html
Trk-5000@reddit
Managed instance Lambdas may not necessarily be the same as serverless Lambdas, which may also not be the same as non-VPC/ENI Lambdas
viks98@reddit (OP)
Also firecracker is actively maintained by AWS. So I think it's sfe to assume they are using it for lambda
ur_frnd_the_footnote@reddit
They definitely spent a fair chunk of a keynote reinvent presentation talking about it a couple years ago so they at least used to, and I doubt they changed.
revereddesecration@reddit
Sounds like Firecracker is an alternative to LXC?
DragonSlayerC@reddit
LXC is containers, firecracker is VMs, so not really.
viks98@reddit (OP)
Sort of. They solve similar problems but work quite differently.
LXC uses os level containers, so containers share the host kernel. this makes them very lightweight and fast, but have weaker isolation
Firecracker uses KVM based microvms, where each microvm runs its own guest kernel. that provides stronger isolation and security, but has higher overhead than containers
oscooter@reddit
I work with firecracker daily. Pretty cool project. You still need to put some care into all making all of other coordination around spinning up a VM to actually get a usable VM quickly. Things like getting the right rootfs available, any networking setup, anything that needs to happen at init in the guest.
viks98@reddit (OP)
Yeah, I am actively working on that.
My biggest bottlenect rightnow is the deployment pipeline. I have a base rootfs and for every user submitted code, i mount a copy of it and then inject the users code to it.
If you've dealt with a similar setup, I'd love to hear how you approached it