NanoVisor: Revolutionizing FaaS Cold Start Performance with Secure, Lightweight Cont...- Tianyu Zhou

NanoVisor: Revolutionizing FaaS Cold Start Performance with Secure, Lightweight Container Runtime | NanoVisor：通过安全、轻量级容器运行时改变FaaS冷启动性能 - Tianyu Zhou, Ant Group

Function as a Service(FaaS) is booming, but cold start time, the time it takes to create a new container for a function, remains a significant bottleneck. This not only impacts user experience with noticeable delays, but also incurs unnecessary costs due to wasted resources. NanoVisor, a groundbreaking container runtime built on gVisor, tackles the challenge of slow cold start time in FaaS. It achieves this by a series of optimizations specifically designed for FaaS: lightweight containerd interaction for faster setup, read-only filesystem for enhanced efficiency, and a sandbox fork mechanism that replaces the heavy container creation for significant performance gains. These empower NanoVisor to create secure, sandboxed containers ready for function execution within an astonishing 5ms,

Function as a Service（FaaS）正在蓬勃发展，但冷启动时间，即为函数创建新容器所需的时间，仍然是一个重要的瓶颈。这不仅影响用户体验，导致明显的延迟，还因浪费资源而产生不必要的成本。NanoVisor是一种基于gVisor构建的开创性容器运行时，解决了FaaS中慢冷启动时间的挑战。它通过一系列专为FaaS设计的优化来实现：轻量级的containerd交互以加快设置速度，只读文件系统以提高效率，以及一个替代繁重容器创建的沙箱分叉机制，以获得显著的性能提升。这些优化使NanoVisor能够在惊人的5毫秒内创建安全的、沙箱化的容器，每个实例的内存开销不到1MB，每个节点的QPS为1.5K。它已成功应用于蚂蚁集团的生态系统，包括支付宝云基地和SOFA Function，以及CI/CD加速。