10 Reasons Why We Love Firecracker MicroVMs

February 23, 2021

Yann Léger

Yann Léger
@yann_eu

Alisdair Broshar

Alisdair Broshar
@alisdairbroshar

As we discussed in Firecracker MicroVMs: Lightweight Virtualization for Containers and Serverless Workloads, Firecracker is a lightweight virtual machine monitor (VMM) that uses Linux kernel-based virtual machines (KVM) to provision and manage lightweight virtual machines (VMs), also known as microVMs.

Without further ado, here is a list of the top ten reasons why we love Firecracker:

  1. Multi-tenancy - Firecracker uses Linux KVM to create isolated lightweight virtual machines (VMs), also known as microVMs. These microVMs enable secure, multi-tenant, and isolated workloads to run simultaneously on the same physical machine. The KVM hardware-assisted virtualization provides completely isolated resources (RAM, CPU, network, and storage) to each microVM.
  2. Security - Firecracker provides multiple levels of protection for serverless workloads.
    • First, virtualization of the Linux KVM means different workloads can share the computing resources of the same machine without affecting one another because the isolated microVMs provide an inherent layer of security.
    • Thanks to Firecracker's minimalist design (it is only 4% the size of QEMU, the traditional alternative for VMMs), Firecracker significantly reduces the exposed attack surface of serverless workloads.
    • Finally, in case the virtualization barrier was ever compromised, a Linux user-space security mechanism known as a "jailer" adds an extra layer of security. The jailer uses Linux cgroups to enforce a new security boundary.
  3. Startup time - Firecracker boasts quick startup times for serverless workloads: 125 milliseconds for initiating user-space and app code! It also supports super-high MicroVM creation rates with up to 150 microVMs per second and per host.
  4. Low-overhead - Firecracker is an incredibly lightweight alternative to QEMU, the traditional VMM used by cloud providers that is much more feature-rich. Firecracker was designed to be lightweight and to deliver efficiency without compromising security. Firecracker's memory overhead is less than 5 MiB, this speeds up startup times and makes it possible to run thousands of microVMs concurrently on the same server.
  5. Efficiency - Thanks to the low-overhead of Firecracker, servers can host thousands of microVMs, enabling a much more efficient distribution of computing resources. That is a financial win for both clients and hosts as well as an environmental win considering the energy saved.
  6. Density - With the low overhead, Firecracker offers the level of density only previously enjoyed with container technology. This means thousands of workloads can share the same physical machine efficiently and securely.
  7. Rate limit - This process of Firecracker allows developers to customize and configure the number of computing resources, such as memory and vCPU, they want each workload to use on a regular basis as well as during bursts.
  8. Soft Allocation - Thanks to Firecracker's soft allocation of computing resources, oversubscription of CPU is possible. This increases the flexibility when provisioning workloads with low sustained CPU usage and enables a more efficient use of resources.
  9. Open-source technology - Firecracker is an open-source technology under the Apache 2.0 License, which means anyone can use Firecracker technology as they like. The Apache 2.0 License strives to create long-lasting and reliable software products through collaboration in the open-source software development community. As an open-source technology, there is a collaborative and distributed community surrounding Firecracker that actively works on improving it and integrating it into the cloud computing ecosystem. Also, who does not love an excellent, value-adding, open-source project?
  10. Highly-integrated - Conforming to the Open Container Initiative's standards for container technology interoperability, Firecracker makes it possible for other container industry players to leverage its technology. As a result, Firecracker is highly-integrated with the container ecosystem. Container services like appfleet, containerd, Fly.io, Kata Containers, Koyeb, Open Nebula, UniK, and Weave FireKube all use or incorporate the capabilities and opportunities offered by Firecracker.

Firecracker MicroVMs and Serverless Workloads

Firecracker is transforming how serverless workloads run. MicroVMs combine the isolation and security offered by full virtualization solutions with the speed and density provided by container technology.

The Koyeb Serverless Platform natively launches your serverless Apps in Firecracker MicroVMs to make sure your workloads perform faster and more efficiently. Give it a try!

Learn More

We hope you enjoyed this short overview on why Firecracker matters for your Serverless workloads! Make sure to read our Firecracker MicroVMs: Lightweight Virtualization for Containers and Serverless Workloads blog post if you want to learn more about how Firecracker works.

If you're curious about different deployment strategies, our Cloud Computing and Serverless Architectures: What are FaaS and CaaS? discusses Function as a Service (FaaS) and Container as a Service (CaaS) and explains how you can pair these solutions with serverless architectures.