the future of operating systems - hioahaugerud/os/forelesning/per.pdf · mass production of...
TRANSCRIPT
The future of operating systemsPast, present and a weird path forward.
Todays topics
• What is an operating system
• Why do they suck and how can we reduce the suckage
• An introduction to IncludeOS
When did we get operating systems?
Running code of the first computers
• You would write your software and load it onto the computer
• The application was written specifically for that exact computer
• No abstractions. Lots of pain.
There must be a better way!
Computer adoption increases
(beyond 10)
Mass production of computers
• Since there where no abstractions there where was a lot of people writing the same code over and over again
• Libraries for handling hardware started to develop - the library OS was born
• A base system for loading application was created - BIOS
Punchcard, batch-oriented systems.Very efficient, low OS overhead.Horrible UX.
Punch card computers• Batch system that operate like this:
• Load a program from punchcards
• Run it. Output the result
• Run the next set of punchcards
• No OS. More akin to a BIOS.
The rise of multi-used systems
• Computers where expensive
• Non-interactive systems suck hard
• PDP-11 had a starting price of about $50000
• Could we share them?
“Ken, I’m worried about overhead.”
“Shut up, Ritchie. We have to share this thing. It costs a
fortune.”
Mainstream time sharing systems. Kind of virtualisation. Multi-user and multi-process.
The first modern OS was born
• Multics (later UNIX) was multi-user
• You could log in from a terminal and have a “virtual computer” that you could run your code on
• The OS would split the hardware into virtual bits
Here the applications run
Here we talk with hardware and police users
OS Kernel
Userspace
This thing kills performance
Multi-user OS design
What is an operating system
• Abstracts away the hardware. PCI device #2 -> eth0
• Managed users and processes
• Provides certain functionality (IP, memory, filesystem) on top of hardware
Booting an OS
• When a computer boots up it will go through POST and load BIOS
• Then it will start looking for a boot loader
• The boot loader loads the operating system and executes it
Operating systems are static
• The operating system ships from the factory in it’s compiled state
• The operating system doesn’t know what you’re gonna do with it
• It needs to support everything!
Syscalls - the link between the OS and the application
• Applications can invoke the OS to execute a API call
• “pls send this packet”
• “pls read this file”
• On modern machines: SYSCALL
Linux system calls (1/..)0 sys_restart_syscall eax ebx ecx edx esi edi Definition
1 sys_exit 0x01 int error_code - - - - kernel/exit.c:1046
2 sys_fork 0x02 struct pt_regs * - - - - arch/alpha/kernel/entry.S:716
3 sys_read 0x03 unsigned int fd char __user *buf size_t count - - fs/read_write.c:391
4 sys_write 0x04 unsigned int fd const char __user *buf size_t count - - fs/read_write.c:408
5 sys_open 0x05 const char __user *filename int flags int mode - - fs/open.c:900
6 sys_close 0x06 unsigned int fd - - - - fs/open.c:969
7 sys_waitpid 0x07 pid_t pid int __user *stat_addr int options - - kernel/exit.c:1771
8 sys_creat 0x08 const char __user *pathname int mode - - - fs/open.c:933
9 sys_link 0x09 const char __user *oldnameconst char __user *newname - - - fs/namei.c:2520
10 sys_unlink 0x0a const char __user *pathname - - - - fs/namei.c:2352
11 sys_execve 0x0b char __user * char __user *__user * char __user *__user *struct pt_regs * - arch/alpha/kernel/entry.S:925
12 sys_chdir 0x0c const char __user *filename - - - - fs/open.c:361
13 sys_time 0x0d time_t __user *tloc - - - - kernel/posix-timers.c:855
The problem with System Calls
• They are slow
• At minimum 250ns to execute a simple syscall
• As opposed to ~1ns for a function call
• CPU Caches are trashed - :-(
How to avoid system calls?
1. Run everything inside the application
2. Run everything inside the OS kernel
How to run everything inside your applications?
• DPDK allows you to run the networking all inside the application
• UNVMe allows you to run storage inside your application
• (Why are we using an operating system anymore?)
How can we run everything inside the kernel?
1. Rewrite all your applications to run as kernel code
2. Use a Unikernel
What is a Unikernel?
A short history of IncludeOS (1/2)
• Alfred Bratterud and Hårek Haugerud wanted to run 100K vms on a physical machine
• How small can you make the virtual machine?
History of IncludeOS (2/2)
• How hard can it be to answer a ping packet?
• Add support for virtio-net, ARP and ipv4
• TCP - is it really that hard?
• Oops. We built an OS.
includeOSApplication
IP Stack
vmxnet3
virtioMemory mgmt
FirewallLiveUpdate
BootLdr
Traditional vs unikernel application
app code
libhttp
Application
kernel
boot-loader drivers libs
libdb openssl
IP Stack Drivers OS
kernellibc++ stdlib
Demo: Hello World OS 1.0
• Custom OS to print “Hello World”
• Fast and portable
Killer feature: Live update
• In place update mechanism for IncludeOS Applications
• Stateful upgrade of running application
• No downtime - Interrupts ignored for 8ms+
• Allows for state replication, suspend/resume and other features
Current artefact Update State
Memory
Connection to master establishedDownloading update into high memoryStore stateRestore state and resume executionReboot into new kernelDiscard old application if successfulSuccess!
Demo 2: Live update
• Banana shell 1.0
• Pretty useless
• Uses unsecured telnet
• Supports Liveupdate, yay!
Unikernel deployment
• Always immutable
• Heavy weight build systems - cross compiled images
• Configuration management is different
• You can debug (native GDB support in Qemu)
Unikernels are great… I think.
What are they used for?
Network Function Virtualisation
The Piranha Project
• NFVs on IncludeOS
• Small, nimble virtual machines
• Keep change-to-deployment under 10s
• Load balancing, firewall, dhcpd and potentially others
I can reboot in milliseconds!
What does a IncludeOS firewall look like?
• IncludeOS merges configuration and code
• Code is redeployed on every change
• Since we have to rebuild, why not take advantage of this
1
2
3
4
TCP, port = 80, accept
TCP, port = 443, accept
UDP, port = 53, accept
TCP, port = 53, accept
5deny
Traditional Firewall Design
Read rule
Evaluate
Action
Traditional Firewall Design
NaCl simple exampleallowed_ports: [ http, https, ssh ]
nice_hosts: [ 129.240.0.0/16, 158.38.0.0/16]
if (ip.saddr in nice_hosts) {
if (tcp.dport in allowed_ports) { accept }
}
Why is IncludeOS so much faster?
If ($conf(“packet_transform”)) {
If $conf(“pre_filter”) {
invoke_hook(“pre_filter”, $payload);
main_task()
invoke_hook(“post_filter”, $payload);
…
}
Wat wat wat?
pre_filter()
main_task()
Wat wat wat?
CPU based IoT
IncludeOS on IoT devices
• Small images
• Minimal memory- and disk footprint
• Secure
• Real time characteristics
Ultra-low latency
Ultra Low Latency
• The nice thing about not having an OS - you have no OS
• Nothing can get in the way
• No scheduling or preemption means real time characteristics when on bare metal
Future work• Improve bare metal support (APIC, NICs, NVMe?)
• Support more hypervisors (Hyper V, Bareflank)
• UEFI support (late 2018)
• Add support for ARM64 (2019)
• Support IPv6 (September) and NLDP
• Improve POSIX compliance (currently it is minimal)
• Add additional runtimes (Node.js, Python and others)
Q & A
Twitter: @includeos, @perbuwww.inclueos.org
www.includeos.com