OSV

Avi Kivity, Don MartiCloudius Systems

@CloudiusSystems

Typical Cloud Stack

Hardware

Hypervisor

OS

JVM

App Server

Your App

OS

JVM

App Server

Your App

OS

JVM

App Server

Your App

Our software stackcongealed into existence.

Too Many Layers, Too Little Value

Property/Component

Hardware abstraction

Isolation

Resource virtualization

Backward compatibility

Security

Memory management

I/O stack

Configuration

VMM OS runtime

Duplicatio

n

Transformed the enterprise from physical2virtual

Virtualization

Virtualization 1.0 Virtualization 2.0

Compute node

virtual server

Virtualization 2.0, Massive Scale

Scalability

Virtualization 2.0

vServer OS 1.0Architecture

● No Hardware● No Users● One app/guest

● Yes Complexity

The new Cloud Stack - OSv

Hardware

Hypervisor

Core

App Server

Your App

Single Process

Kernel space only

Linked to existing JVMs

App sees no change

Core

Your App

The new Cloud Stack - OSv

Memory Huge pages, Heap vs Sys

I/O Zero copy, full aio, batching

Scheduling Lock free, low latency

Tuning Out of the box, auto

CPU Low cost ctx, Direct signals,..

Alpha Release3/2014

Optimized ZFS cacheDirty page writebackJVM page tableHV support:GCE, VMW, VBox

Milestones

Git init osv, 12/2012

Java hello world, 01/2013

support for64 vcpu 02/2013

UDP, 03/2013

ZFS support> 1Gbps netperf, 6/2013

Cassandra outperforms Linux, 8/2013

Native REST APIMemcached gain > 70%1/2014

Cli and web interface9/2013

Tomcat,HAProxy modules10/2013

Net channelsJVM ballooning>47Gbps netperf 2/2014

Image RepositoryJVM Read barrier eliminationDPDK supportMore ...

Memcached benchmark

Requests/s (higher is better)

Integrating the JVM into the kernel

Core

JVM

Application Server

Your AppDynamicHeap Memory

TCP in theJVM + Appcontext Fast inter

thread wakeup

JVM Garbage Collection and the kernel

Application thread (“mutator”)

Garbage collection thread

JVM Object

JVM Object

ref

JVM Garbage Collection

Application thread (“mutator”)

Garbage collection thread

JVM Object

JVM Object

JVM Objectref

change

JVM Garbage Collection

Application thread (“mutator”)

Garbage collection thread

JVM Object

JVM Object

JVM Objectref

scan

change

JVM Garbage Collection

Application thread (“mutator”)

Garbage collection thread

JVM Object

JVM Object

JVM Objectref

scan

write

change

card table

read

JVM Garbage Collection

Application thread (“mutator”)

Garbage collection thread

JVM Object

JVM Object

JVM Objectref

scan

change

page table

read

hardware update

Van Jacobson == TCP/IP

Common kernel network stack

Leads to servo-loop:

Van Jacobson == TCP/IP

Net Channel design:

Dynamic heap, sharing is good

JVM Memory System memory

Lend memory

OS that doesn’t get in the way

4 VMs per sys admin ratio

http://www.computerworld.com.au/article/352635/there_best_practice_server_system_administrator_ratio_/

NO TuningNO StateNO Patching

Virtualization 2.0: Stateless servers

REST API definition use Swagger

REST api for *any* action

Performance and tracing

Porting a JVM application to OSV

1. Done*

* well, unless the application fork()s

Porting a C application to OSV

1. Must be a single-process application2. May not fork() or exec()3. Rebuild as a shared object (.so)4. Other API limitations apply*

* Post to the list, and missing items are usually added quickly.

● JVM-based application○ No effort

● Traditional C/C++ application○ More effort

● Virtio-app○ NFV - highest gain

Different customization levels

● First OS to be written in C++11● Interrupt handler using lambda function:

_msi.easy_register({ { 0, [&] { _rxq.vqueue->disable_interrupts(); }, poll_task}, { 1, [&] { _txq.vqueue->disable_interrupts(); }, nullptr }

});

OSv == Cool

So what about containers?

Capstan demo

● Docker is awesome! Low overhead!○ Small artifacts○ Fast deployment○ Fast startup (container start, not OS boot)

● Docker is awesome! Easy builds!○ Simple configuration file○ Minimal additional work on top of application build

Docker is awesome

Containers under the hood

● Hypervisors are awesome too!○ Live migration (load balance, hardware maint)○ Multiple kernel versions available

● Running VMs everywhere is awesome!○ Public cloud, private cloud, existing hypervisor...

● Security is awesome!○ Container attack surface is full kernel interface.○ Hypervisor attack surface is small.

● Sometimes a hypervisor is already there (private and public clouds)

Hypervisors are awesome

Everything is awesome

What if we could have advantages of Docker without limitations of containers?

● Fast boot, fast provisioning● High performance● Tiny footprint● Virtualized

○ Live migration○ Elasticity○ MMU access

Capstan

● Check out a base image● Build application● Create complete run-anywhere VM

○ No Capstan needed in production● 12-20MB and 3 seconds of overhead

● All driven by one simple config file● Low overhead of containers with

deployment flexibility of a VM image.

Let’s Collaborate

http://osv.io

https://github.com/cloudius-systems/osv

@CloudiusSystems

osv-dev@googlegroups.com

OSv@Cloudius

Backup slides

Virtualization 2.0, Dev/Ops

Virtualization 2.0, agility!

Rolling upgrade within seconds and a fall back option

Cloudius Systems, OS ComparisonFeature/Property

Good for:

Typical workload

kernel vs app

API, compatibility

# Config files

Tuning

Upgrade/state

OSv

Machete: Cloud/VirtualizationSingle app * VMs

Cooperation

JVM, POSIX

0

Auto

Stateless, just boots

JVM support

Lines of code

License

Tailored GC/STW solution Fewer

BSD

Traditional OSSwiss knife: anything

goesMultiple apps/users,

utilities, anything

distrust

Any, but versions/releases..

1000

Manual, requires certifications

Complex, needs snapshots, hope..

Yet another app

Gazillion

GPL / proprietary

Be the best OSpowering virtual machines

in the cloud

Mission statement

Hardware

Hypervisor

OSv

Your App

Hardware

Hypervisor

OSv + Jazz JVM

Your App

Hardware

Hypervisor

OSv + Jazz JVM

Hardware

Hypervisor

OSv

Hardware

Hypervisor

OSv + Jazz JVM

Your App

Application upload

● Going idle is much more expensive on virtual machines

● So are inter-processor interrupts - IPIs● Combine the two:

○ Before going idle, announce it via shared memory○ Delay going idle○ In the meanwhile, poll for wakeup requests from

other processors● Result: wakeups are faster, both for the

processor waking, and for the wakee

Idle-time polling

OSv applicable for

Virtualization

Application server

Virtual appliance

PaaS

Cloud Vendors

Plan

1. Open Source Launch - Done

2. Harden Virtual Appliances - Doing3. Q4 2014 GA by Cloud vendors - Doing

4. OEM (cloud/appliance), Enterprise