How veLinux Boosts Cloud‑Native Performance and Security on x86 & ARM

Overview

veLinux is an open‑source Linux distribution launched by Volcano Engine (ByteDance) that integrates years of system‑level experience to provide a stable, high‑performance, secure and easy‑to‑use OS for cloud workloads on both x86 and ARM platforms.

Design Philosophy

The OS is compatible with x86 and ARM, adapts to domestic user habits, and offers upward‑facing stable APIs as well as downward hardware abstraction optimized for cloud‑native, big‑data and machine‑learning scenarios.

Available Editions

General Edition – default cloud‑optimized version.

Fast‑Start Edition – kernel and cloud‑init optimizations reduce VM boot time from >10 s to ~5 s.

Security‑Certified Edition – complies with GB/T22239‑2019 level‑3 protection, adding identity, access control, audit and intrusion‑prevention features.

CentOS‑Compatible Edition – binary‑compatible with CentOS for seamless migration.

Kernel Optimizations

HugeTLB Vmemmap Optimization (HVO) saves up to 1.56 % of HugeTLB memory.

Dying‑memory cgroup reduction cuts memory usage by up to 80 % in extreme cases.

Pressure Stall Information (PSI) tuning lowers CPU usage by 10 % and adds a PSI‑CPU‑FULL metric.

VDUSE provides a high‑performance user‑space I/O virtualization framework for containers and VMs.

System Features

Stability

Deployed on over one million internal machines, supporting TikTok, Toutiao, Feishu and other ByteDance services with a crash rate below 0.01 %.

Performance

Optimized OpenJDK, zlib, and core libraries deliver 30‑50 % faster compression, 5‑25 % Redis speedup, 10‑60 % MySQL improvement, and overall workload gains of 20 %+.

Security

Regular CVE patching via a dedicated security portal.

Intrusion detection powered by the in‑house Elkeid project.

Level‑3 information‑security certification.

Kernel live‑patching to fix bugs without reboot.

Usability

Enhanced kdump, customized atop monitoring, and flexible OS‑image customization tools simplify debugging and deployment.

Fast Boot

Kernel, driver and service start‑up tuning, together with cloud‑init ordering, cut VM boot time by roughly 50 %, achieving sub‑5‑second starts.

Cloud‑Native Edition (in testing)

A lightweight image containing only Kubernetes‑required packages, read‑only root filesystem, and image‑level upgrade/rollback to ensure immutable infrastructure.

Future Roadmap

Further cloud‑native features, support for domestic and RISC‑V processors, and continued open‑source contributions are planned.