• Donate
  • Log In
Home
  • About
    • About
      • About Us
      • Our Board of Directors
      • Board Meeting Minutes
      • Board Elections
      • Updates & Announcements
      • Our Staff
      • Governance & Financials
      • Lifetime Achievement Award
  • Events
    • Events
      • Upcoming
      • Past
      • Conference FAQ
      • Conference Policies
      • Code of Conduct
      • Calls for Papers
      • Author Resources
      • Grant Opportunities
      • Best Papers
      • Test of Time Awards
  • Join & Support
    • Join & Support
      • Become a Member
      • Ways to Give
      • Our Supporters
      • Student Opportunities
      • Sponsorship Opportunities
  • Archive
    • Archive
      • Proceedings
      • Multimedia
      • ;login: Archive
      • Short Topics in System Administration Series
      • Journal of Education in System Administration (JESA)
      • Journal of Election Technology and Systems (JETS)
      • Computing Systems Journal
  • Search
Join the conversation
Back to ;login: Online

Unikraft and the Coming of Age of Unikernels

The Unikraft Project Makes Using Unikernels Easy
July 12, 2021
Research
Authors: 
Hugo Lefeuvre, Gaulthier Gain, Daniel Dinca, Alexander Jung, Simon Kuenzer, Vlad Bădoiu, Răzvan Deaconescu , Laurent Mathy, Costin Raiciu, Pierre Olivier, Felipe Huici
Article shepherded by: 
Rik Farrow

Thanks to their excellent performance, unikernels have always had a great deal of potential for revolutionizing the efficiency of virtualization and cloud deployments.  However, after many years and several projects, unikernels, for the most part, have not seen significant, real-world deployment. In this article we argue that several factors contributed to this in the past, including lack of POSIX compatibility and the resulting lack of support for applications and languages, difficult or not widely adopted tooling ecosystems, lack of basic security features, and sometimes lessthan-stellar performance. After many years of work on the Linux Foundation’s Unikraft project, whose explicit goal is to tackle these issues directly, we believe that the time for unikernels to finally enter the main stage is now.

Unikernels [7] have always had great promise: high performance (sometimes even higher than Linux), lightweightness in the form of incredibly fast boot times (a few milliseconds) and severely reduced memory usage, as well as strong security benefits, to name a few metrics. But why hasn’t all of this potential materialized into wide use and deployment? We argue that in the past, four main reasons have hampered unikernels from becoming more widespread:
  • POSIX Compatibility: Ultimately operating systems (and unikernels of course) are only as good as the applications they can run. Arguably, wide adoption depends solely on how good OSes are at running the applications and languages that people are interested in; for the most part, in the past, unikernels have had no or rather limited POSIX compatibility [10] (much more on this in Section Application Compatibility: System Calls Support).
  • Tooling Ecosystem: Previous unikernel projects had little or no tooling ecosystems to improve usability. Those that did developed their own tools [4], partly because there hasn’t always been a clear de-facto standard as is the case now (e.g., Kubernetes for deployment). Asking potential users to adopt a new tooling ecosystem, or worse, having no such tooling, is always a tough ask and has been an obstacle to adoption.
  • Modularity: In order to maximize lightweightness and performance through specialization, the unikernel should be fully modular. In the past, unikernel projects such as OSv and MirageOS [4, 7] relied on smaller, but still monolithic, kernels.
  • Security: A few years back there were rather overblown claims about unikernels’ strong security [1]. Although unikernels do have some intrinsic features that could potentially make them more secure (e.g., a very small Trusted Computing Base, immutability, no console, etc.), unfortunately most past implementations have lacked basic security mechanisms such as stack protector and ASLR [8].
We argue that after many years of struggle and false starts, unikernels, and in particular the Unikraft [5] Linux Foundation project (www.unikraft.org) are coming of age: its fully modular design allows for extreme specialization (and thus performance and lightweightness), standard security features such as stack protector are in place, and in the past months we have been putting effort towards seamless integration with Kubernetes and Prometheus, arguably the de-facto standards for deployment and monitoring. We give a high level overview of Unikraft in Section Unikraft: a Modern, Fully Modular Unikernel, focusing on its high degree of modularity and the resulting performance/lightweightness benefits.
What about POSIX compatibility? While Linux has over 300 system calls, previous studies [11] have shown through static analysis that only a subset (224) are needed to run a Ubuntu installation. This number is actually an overestimation due to various reasons, including the fact that not all such applications make sense in a unikernel context (e.g., desktop applications) and the imprecision of static analysis. In Section Application Compatibility: System Calls Support we will show a thorough investigation of what’s actually needed to explain why Unikraft’s 160 implemented syscalls (and counting) are more than enough to run a wide spectrum of applications, including Redis, SQLite, nginx, HAProxy, TFLite and Memcached, and languages like Python, Ruby and Go, to name a few.
PDF icon Download PDF
Article Categories: 
Operating Systems
Programming
Linux
Last updated February 8, 2023
Authors: 
Hugo Lefeuvre is a PhD student in Computer Science at the University of Manchester, UK. His research interests include, among others, systems software, security, and networking. Before coming to Manchester, he earned his BS in Computer Science from the Karlsruhe Institute of Technology.
[email protected]
Gaulthier Gain is a PhD student in Computer Science at the University of Liège, Belgium. His research interests revolve around operating systems, memory forensics, binary analysis and linkers/loaders.
[email protected]
Daniel Dinca is a member of the Unikraft.io team currently working on the Unikraft unikernel. He is also a Masters student at University POLITEHNICA of Bucharest. His research interests include operating systems, low level security and virtualization. [email protected]
[email protected]
Alexander Jung is the CPO of Unikraft.io and a PhD student at Lancaster University, in the Networking Research Group. His main research includes NFV scalability, performance and robustness challenges in unikernels. [email protected]
[email protected]
Simon Kuenzer is the CTO of Unikraft.io and a Senior Researcher at NEC Laboratories Europe GmbH. He is a passioned systems researcher with a focus on virtualization, and unikernels. He launched the Unikraft OSS project, where he acts as core maintainer and lead architect today. [email protected]
[email protected]
Vlad Bădoiu is a Masters student at University Politehnica of Bucharest and part of the NETSYS Research Group at UPB. His research interest are operating systems, formal verification and networking
[email protected]
Răzvan Deaconescu is Associate Professor at University POLITEHNICA of Bucharest. He's primarily interested in operating systems and security, with a penchant for teaching and mentoring. If a class or a projects uses "operating systems" as part of its name, it's likely he's part of the team.
[email protected]
Prof. Laurent Mathy graduated in Electrical Engineering from the University of Liège, Belgium, in 1993, and obtained a PhD in Computer Science from Lancaster University, England, in 2000. He is a full professor in the EECS department at the University of Liège, and a visiting senior scientist in the Computer Network Information Center, Chinese Academy of Sciences, Beijing, China.
[email protected]
Costin Raiciu is a professor in the Computer Science Department of University Politehnica of Bucharest. His reseach is on networks, systems and virtualization.
[email protected]
Pierre Olivier is a lecturer (Assistant Professor) in the Department of Computer Science at the University of Manchester, UK. His research interests are in systems software and include virtualization, operating systems and systems security.
[email protected]

Felipe Huici is a chief researcher at NEC Europe Laboratories GmbH, CEO of the Unikraft.io start-up, and is passionate about high performance systems and lightweight virtualization. [email protected]

[email protected]
  • Log in to post comments
USENIX logo
  • Contact USENIX
  • Privacy Policy

© USENIX 2025
EIN 13-3055038

Website designed and built by Giant Rabbit LLC
Powered by Backdrop CMS

We need contributions from individuals like you.

USENIX conferences directly influence the development of computing systems and products used worldwide. Contribute today to support this vital work for the next 50 years.

Secure the Future of USENIX

Donate
Close