MicroVMM and Firecracker: Core Technologies Behind Serverless Computing

This article summarizes the keynote "microVMM – Serverless Core Technology Revealed" delivered by AWS Chief Developer Advocate Fei Lianghong at ServerlessDays China 2021. It introduces the concept of microVMM, a lightweight virtual machine monitor designed for serverless workloads, and explains why such a technology is essential for modern cloud platforms.

1. The current state of Serverless – Serverless adoption has exploded, with Lambda usage growing 3.5× year‑over‑year. Functions now run for as little as 60 ms on average, and both large and small enterprises rely on serverless as a glue layer for data processing, ML inference, and mobile back‑ends.

2. Why Serverless needs a microVMM – Traditional isolation mechanisms (cgroups, namespaces) and full‑size VMs cannot simultaneously satisfy the three key requirements of a serverless platform: strong security isolation, ultra‑fast startup (cold‑start mitigation), and high resource utilization.

3. Firecracker as an open‑source microVMM – Firecracker runs in user space on top of KVM, providing a minimal device model (only six devices) and a tiny footprint (<5 MiB per VM). It offers a RESTful API for lifecycle management, supports VSOCK for host‑guest communication, and is written in Rust to guarantee memory safety.

Key design goals of Firecracker – Security: minimal attack surface and sandboxed execution. Fast startup: VM launch times as low as 125 ms (pre‑warmed) and 5 ms from sleep. High density: ability to run >150 VMs per second on a single host and achieve >90 % CPU utilization.

Performance and I/O – Benchmarks show Firecracker’s launch latency (~150 ms) beats traditional VMs, and its 4 KB read latency approaches that of QEMU, while larger I/O workloads still have room for improvement.

Implementation details – The project leverages KVM for hardware virtualization, seccomp for syscall filtering, and a minimal set of virtual devices. The codebase is ~80 k lines, far smaller than QEMU’s 1.4 M lines.

Future directions – Ongoing work includes improving I/O performance, expanding compatibility (e.g., Rust‑VMM, Cloud Hypervisor), and enhancing correctness proofs for serverless workloads.

Overall, Firecracker demonstrates how a purpose‑built microVMM can provide the security, speed, and efficiency required by large‑scale serverless platforms.