
The Firecracker virtual machine monitor - yankcrime
https://lwn.net/SubscriberLink/775736/d9d6c371b9dbfc5f/
======
mgerdts
In addition to the firecracker-containerd[0] architecture, there's also
firecracker support in kata containers[1]. While firecracker aims to be as
lean as possible[2], kata aims to be portable[3]. It would be swell if the
bits that run inside the VM and the protocol that goes over the vsock or
vserial proxy were interoperable, but I see that as rather unlikely to happen
soon.

0\. [https://github.com/firecracker-microvm/firecracker-
container...](https://github.com/firecracker-microvm/firecracker-
containerd/blob/master/docs/architecture.md)

1\. [https://github.com/kata-
containers/documentation/wiki/Initia...](https://github.com/kata-
containers/documentation/wiki/Initial-release-of-Kata-Containers-with-
Firecracker-support)

2\. [https://firecracker-microvm.github.io/](https://firecracker-
microvm.github.io/)

3\. [https://github.com/kata-
containers/documentation/blob/master...](https://github.com/kata-
containers/documentation/blob/master/design/kata-design-
requirements.md#multiple-hardware-architectures-support)

------
andrewstuart
The weird thing about Firecracker is that it doesn't run on Amazon EC2 shared
host instances - but theoretically it will run on Digital Ocean shared
instances, Azure shared instances and Google shared instances.

For the most part, Amazon EC2 is excluded from firecracker, unless you pay at
the top end for bare metal EC2 instances.

Odd.

~~~
vishvananda
I believe this is only because ec2 does not allow nested virtualization. In my
experience, nested virtualization is still buggy and can suffer from major
performance issues. So although it is possible to run it in a vm, I'm not sure
I would recommend running production code on it there.

~~~
andrewstuart
Are you saying that Amazon does not support nested virtulization because it is
too broken and is unusable technology. I've never heard that before.

Can you reference anything tangible to say that nested virtualization is too
buggy to use in production?

~~~
tyingq
Redhat seems wary. [https://www.redhat.com/en/blog/inception-how-usable-are-
nest...](https://www.redhat.com/en/blog/inception-how-usable-are-nested-kvm-
guests)

 _" While Red Hat is now doing some level of QA for cascaded KVM, we are not
supporting it - so it is clearly not meant for production use."_

~~~
techntoke
Which means absolutely nothing. Not for production use to them likely means
they don't have a functional product to support it, not that it doesn't work.

~~~
Thaxll
Well given the expertise that RedHat has with KVM, it's a big warning "don't
run nested kvm for now", it's pretty clear, what more do you need?

[https://www.linux-kvm.org/page/Nested_Guests](https://www.linux-
kvm.org/page/Nested_Guests)

"As of Feb 2018 this feature is considered working but experimental, and some
limitations apply."

~~~
techntoke
It is enabled by default in the latest stable kernel:

[https://www.phoronix.com/scan.php?page=news_item&px=KVM-
Linu...](https://www.phoronix.com/scan.php?page=news_item&px=KVM-
Linux-4.20-Features)

------
sitkack
I find it wonderfully ironic (and also just wonderful) that Amazon used some
OSS written in Rust done as an experiment, and then forked it into production
code running on AWS.

This also checks off a piece of software that I wanted to see written.

~~~
gdamjan1
they used crosvm which is used on cromeos devices to support Crostini (linux
vm)

