
LightVM – A new virtualization solution based on Xen - fanf2
http://cnp.neclab.eu/projects/lightvm/lightvm.pdf
======
contingencies
Great job and nice to see Romania featuring in the news!

To those who just spent the last two years retraining your teams and retooling
your infrastructure explicitly for _docker_ (who may show up in this thread
embracing and enhancing with a large marketing budget shortly), do take this
opportunity to learn the architectural and management/maintenance value of
abstraction. ;)

~~~
tinco
You do realize that Docker containers have an abstract interface and can be
run on all OCI runtimes right?

------
bmitch3020
VM's tend to lose the overlay layered filesystem which can dramatically reduce
disk usage. Having the filesystem reset to a clean state for every new
container is a huge feature of containers. And VM's tend to need predefined
dedicated resources for things like memory. A process in a container would
only allocate memory when it needs and can free up for other processes to use.
It's not all about the startup speed.

That said, VM's have their place, and docker has the option to switch out
backends. It's entirely possible to replace runc with some other tool that
starts VM's instead of containers. (That's already happening today with
Windows containers.)

~~~
jpalomaki
>Having the filesystem reset to a clean state for every new container is a
huge feature of containers.

Could you use file system snapshots for this? Maybe also for the layers?

~~~
mastax
If it works for docker[1], it probably works for this.

[1]:
[https://docs.docker.com/engine/userguide/storagedriver/zfs-d...](https://docs.docker.com/engine/userguide/storagedriver/zfs-
driver/#how-the-zfs-storage-driver-works)

------
monocasa
Xen is very much inspired by exokernels (you could even make the argument that
it is an exokernel), so it makes sense that someone would push it more in that
direction.

That being said, if you're going to go that way,it's to bad that there isn't
more inspiration from the past 20 years of OS design. A capability based
security/object management interface would nice. I also really like Akaros's
VM threads model; IMO that'll be the way we end up running what we currently
call unikernels.

~~~
CalChris
_it 's to bad that there isn't more inspiration from the past 20 years of OS
design. A capability based security/object management interface would nice._

Agreed and _seL4_ comes to mind. It's capability based, quite fast and secure.
For that matter, it's also quite small.

------
jeromegn
The project's page:
[http://cnp.neclab.eu/projects/lightvm/](http://cnp.neclab.eu/projects/lightvm/)

------
mapsnapps
If I'm reading this right, that's pretty major. The isolation benefits of a VM
with a bootspeed faster than docker?

~~~
lbotos
I haven't been on the server side in a while, but 1) isn't Xen falling out of
favor and 2) is docker boot speed a big problem?

~~~
weberc2
Boot speed is a big selling point for Docker, but Docker's isolation story is
poorer than a VM. If you can make a VM boot as quickly as Docker while
preserving isolation, then Docker loses a big selling point.

~~~
Philipp__
It’s called Zones (on illumos, prev. on Solaris)

~~~
wise0wl
I'm a huge fan of Illumos and SmartOS and think that Zones + LX Branding are a
far superior technology than the hodgepodge of cgroups + namespaces + userland
container technology. HOWEVER---the amount of driver support in the
OpenSolaris forks, the awful package management system, the ancient IPF system
etcetera make it a non-starter for most environments. I have used SmartOS in
production (along with the Triton ecosystem) and found it to be well thought
out and compelling, albeit woefully immature and buggy.

I think that these reasons, plus the EOL nature of Solaris "upstream", would
easily put off most people in charge of making a long term technology
commitment. I know it did for me.

~~~
Philipp__
Well, you are right, but remember how old SmartOS actually is... I kinda hope
more people get it, and start investing into that amazing open source
technology. I always liked BSDs and Solaris more than Linux (who I find really
messy and chaotic).

------
ConfucianNardin
The Tinyx tool mentioned in the paper doesn't seem to be published anywhere.

It doesn't help that the name was already in use (by a minimal X11 server).

------
citrin_ru
> We achieve lightweight VMs by using unikernels

One problems with unikernels is a lack of debugging/tracing tools (like
Dtrace/eBPF): [https://www.joyent.com/blog/unikernels-are-unfit-for-
product...](https://www.joyent.com/blog/unikernels-are-unfit-for-production)

~~~
nickik
That blog post is pretty crappy.

See discussions here:
[https://news.ycombinator.com/item?id=10953766](https://news.ycombinator.com/item?id=10953766)

~~~
citrin_ru
The blog post has some flawed arguments, but still there is almost no
observability/tracing tools for unikernels.

~~~
nickik
Some do, some don't. But to link to this as the 'super-argument' every-time
somebody mentioned unikernels is pointless and wrong.

Its also simply not relevant for many cases.

------
davidthewatson
How is this different than zerovm?

[http://www.zerovm.org/](http://www.zerovm.org/)

~~~
burgerdev
Maybe that ZeroVM is a NaCl sandbox, while LightVM is a Xen VM?

~~~
xmichael99
ZeroVM, thanks for the link. I wonder if this solves glibc type dependencies
across platforms, it seems unclear.

------
nwrk
Super excited about this. Amazing progress. Kudos to authors.

------
grabcocque
So, unikernels?

~~~
detaro
No, not unikernels. They use unikernels and small linux builds for examples to
show their improvement of Xen itself.

~~~
weberc2
> We achieve lightweight VMs by using unikernels for specialized applications

Unikernels appear to be _part_ of the solution...

~~~
detaro
Yes, but it's more "we made Xen faster so you can use unikernels even better".
Unikernels aren't the new thing here.

------
detaro
In case the ACM link isn't available to everyone, here is a copy hosted by
NEC:
[http://cnp.neclab.eu/projects/lightvm/lightvm.pdf](http://cnp.neclab.eu/projects/lightvm/lightvm.pdf)

~~~
sctb
Thanks, we've updated the link from
[https://dl.acm.org/citation.cfm?id=3132763&CFID=824760366&CF...](https://dl.acm.org/citation.cfm?id=3132763&CFID=824760366&CFTOKEN=64841666).
I'm not sure I've seen the ACM block traffic like that before.

~~~
detaro
I believe the CFID in the URL is a user-specific token, and user-specific URLs
shouldn't be fetched from all over the world, triggering the block.

------
robert_foss
To save you some time, this is VMs + Unikernels.

~~~
equalunique
Unikernels were my first thought. Thank you for the summary.

~~~
detaro
It's not an accurate summary though, see the sibling comment to yours for a
better one.

------
metalliqaz
ACM can't handle the Hacker News flood.

~~~
sitkack
I have had temporary bans on the ACM for opening 8 papers in a new tab. ACM
can't handle the me.

~~~
metalliqaz
Sounds like ACM needs to learn how to Internet.

