Firecracker is the same VM technology used by Fly.io although they don’t have memory cloning as seen here. A VM can be cloned and the clone started in seconds though this heavily depends on image / rootfs size so it’s likely more in the order of 30 seconds or so (number pulled out of thin air).
Can't you use CoW to make the clone essentially instant? (I thought BTRFS supported it, but I'm not sure)
Edit: Okay, I did a bit of searching and if the image is a file (qcow2, say) I'm pretty sure you could just `cp --reflink=always old.qcow2 new.qcow2` and it would take way less than 30 seconds. (Again, assuming BTRFS; I guess ex. XFS has some sort of reflink support these days but I don't know)
> A VM can be cloned and the clone started in seconds though this heavily depends on image / rootfs size so it’s likely more in the order of 30 seconds or so (number pulled out of thin air).
Super cool technology, but when cloning entire VMs, one needs to be very careful to not accidentally leak crypto material.
The Minecraft example provided would leak the servers private key used to secure sessions [0] and enable practical MitM attacks. If you run server A, give me the copy Server B of it and Alice logs into B, I could log into Server A as Alice. Same thing if we both run copies of the same original VM.
Very cool. Seems like this could also be great for an integration test runner when the test environment requires a lot of setup.
I thought this might use some of the underlying page tracking support for live network migration [0] that nearly every hypervisor has now, but it doesn't seem like they needed it!