Nanvix: A Multikernel OS Design for High-Density Serverless Deployments

Serverless providers strive for high resource utilization by optimizing deployment density: how many applications can be deployed per host server. However, achieving high deployment density without compromising application performance or isolation remains an open challenge. High density can be achieved by sharing components across applications, yet applications from different tenants must be strongly isolated from each other due to the risk of side-channel attacks. Sharing components across applications from the same tenant, if done naively, can introduce contention on host resources thus negatively affecting application performance. We describe Nanvix, a new multikernel OS that disaggregates ephemeral execution state, unique per application invocation, from long-lived persistent state, shared among invocations from the same tenant. Applications in Nanvix execute inside a lightweight user VM running a micro-kernel that implements threads and memory, and forwards all I/O requests to a system VM. The system VM runs a macro-kernel with a rich set of device drivers and is shared among all invocations from the same tenant. Nanvix' split design achieves strong hypervisor isolation across tenants without sacrificing application performance, and reduces same-tenant contention by multiplexing all I/O requests to the system VM. Thanks to a system-wide co-design, Nanvix achieves order-of-magnitude lower application start up times with moderate I/O overheads. When replaying a production trace, Nanvix needs 20-100x fewer host servers compared to state-of-the-art systems, improving deployment density

翻译：无服务器提供商致力于通过优化部署密度（即每台宿主机可部署的应用数量）来提高资源利用率。然而，在不牺牲应用性能或隔离性的前提下实现高部署密度仍是未解决的挑战。通过跨应用共享组件可实现高密度，但不同租户的应用因侧信道攻击风险必须实现强隔离。同一租户内若简单共享组件，可能导致宿主机资源竞争，从而对应用性能产生负面影响。我们提出Nanvix——一种新型多内核操作系统，将每次应用调用独有的短暂执行状态与同一租户内多次调用共享的长期持久状态进行解耦。Nanvix中的应用运行在轻量级用户虚拟机中，该虚拟机运行实现线程与内存功能的微内核，并将所有I/O请求转发至系统虚拟机。系统虚拟机运行具备丰富设备驱动程序的宏内核，供同一租户的所有调用共享。Nanvix的分裂设计可在不牺牲应用性能的前提下实现跨租户强虚拟化隔离，并通过多路复用所有系统虚拟机中的I/O请求减少同租户竞争。得益于全局协同设计，Nanvix在中等I/O开销下将应用启动时间降低一个数量级。在回放生产环境流量时，Nanvix所需宿主机数量比现有最先进系统减少20-100倍，从而提升了部署密度。