Unikernels satisfies the key characteristics of a VNF namely:
Small in size that allows thousands of tenants in a commodity server
Can be launched and destroyed in milliseconds and thus improved availability
Unikernels are mini-VM, allows integration with the existing Cloud orchestration mechanisms, can be moved to different servers, makes use of the hardware provided isolation
Secure as the attach surface is small
Today VNF is a VM and there is a lot of effort to move towards containers as the containers less resource intensive and boots faster. It is anybody’s guess at this point whether Unikernel will have a place in the VNF. Certainly it has benefits and there are a number of ongoing efforts in this space.
What are Unikernels?
A traditional VM includes a kernel and applications. Applications are run in the user space on top of the kernel in the VM. The kernel with its packages allows running multiple applications utilizing kernel services. Imagine a scenario where you want to use a VM as a web server and there is no need to run any other applications. Is there a need to incur the overhead of a standard kernel, which comes with its own baggage of packages, vulnerabilities?
Unikernel is a way to build an Application VM (AVM) that runs only one application. The kernel services are built as a library called libOS and the application is linked with it to become the AVM. This makes the AVM to be small and only includes the needed kernel services and avoids unwanted overhead associated with standard kernels to provide better deterministic behavior.
MirageOS uses the OCaml language, with libraries that provide networking, storage and concurrency support that work under Unix during development, but become operating system drivers when being compiled for production deployment. The framework is fully event-driven, with no support for preemptive threading.
ClickOS Tiny, Agile Virtual machines for Network Processing. These virtual machines are small (6MB), boot quickly (in about 30 milliseconds) and add little delay (45 microseconds) on commodity hardware.
In interesting paper 7-unikernel-projects to take on docker in 2015 provides more information and you can find lot more information in the Internet. All these AVMs are domU VMs on Xen hypervisor.
There are a number of such efforts that started recently to address the VFN requirements in the NFV context including clear container that is trying to use the Hardware Virtualization offered by X86 and use a tiny Linux that can boot faster by Intel’s open source group.
Use cases for Unikernel
The characteristics of the AVM make it suitable for latency sensitive virtual network devices such as load balancers, middle-box type of applications. The small footprint makes it attractive to support massive multi-tenant scale with the hardware-supported isolation as well as massive scale out model to meet the performance demands.
A ClickOS paper claims they have built a 5 MB AVM using the click elements to do FW, CGNAT, Load balancer and a virtual switch that can boot in 30 milliseconds with a latency of 45 microseconds, with a 10Gbps throughput on a commodity PC.
MirageOS group has started an effort called jitsu (Just-In-Time Summoning of the Unikernels) also called dust cloud which is a tool kit to start the unikernel based AVMs on demand. More details on Jitsu is available in the Usenix paper.
AVMs fit well with the Xen model where the hypervisor and the privileged domain Dom0 provide the environment to run the AVM in the under-privileged DomU.