NanoVisor: Modernizing Container Runtime with an Architecture Refactor..- Jianfeng Tan & Tianyu Zhou
Вставка
- Опубліковано 3 жов 2023
- NanoVisor: Modernizing Container Runtime with an Architecture Refactor Over gVisor for Superior Performance - Jianfeng Tan & Tianyu Zhou, Ant Group
NanoVisor is a cutting-edge container runtime that effectively addresses the performance challenges seen with gVisor. We introduce an optimized userspace network stack that accelerates the hot paths found in microservices. Additionally, we incorporate a lightweight hypervisor that enables Sentry (guest kernel) to directly call host kernel syscalls. By utilizing a read-only file system and file-based tmpfs, we eliminate gofer processes without compromising security. Our approach delivers 1) 0.5 to 1x better performance than runc for Redis, Nginx, and RPC benchmarks; 2) and comparable performance on fs benchmarks. We also present how we use it as a ms-level FaaS engine. In sum, NanoVisor represents a groundbreaking solution to containerization, surpassing existing container runtimes while enhancing security (with a much smaller seccomp list).
