NOTE: this paper was developed by Ziye Yang, a Staff Software Engineer at Intel and is being presented by colleague Yadong Li, a Principal Engineer in the Ethernet Products Group at Intel. In many usage cases, FaaS applications usually run or deployed in container/Virtual machine environment for isolation purpose. So, one of the challenges is how to quickly construct the execution environment for FaaS, which can be divided into two parts: Running time Execution environments (VM, container, process) and image/file systems(including code, libraries) construction or provisioning for running FaaS. To accelerate the cold start of FaaS, we can clearly see that there can be lots of work to optimize in these two parts. In this talk, we propose a novel approach to construct the FaaS’s image construction environment via IPU (infrastructure processing unit) instead of optimizing it in host. With our approach, there are the following benefits: 1 Performance and resource benefit, i.e., We reduce the image construction resource overhead in the host side; 2 Security benefits, i.e., When the images area constructed by IPU, IPU can present the images through VF/PF devices to the host. And the host can directly hotplug (including hot attach/detach) the devices to VM/containers, then mount the device to a specific mounting mount. And after the execution of the FaaS application, the IPU can immediately hot remove the devices from the host. Then the sensitive information leak can be avoided.
Accelerating FaaS/container Image Construction via IPU
- Let audience know the resource/security challenges on the FaaS/image construction and provisioning overhead in the host.
- IPU which currently provides virtual storage service to the host can be easily extended to serve the FaaS/container image acceleration case.
- We present some high design ideas on how to offload FaaS/container image usage cases, which can add usage scenario for IPU offloading in cloud native storage area
NOTE: this paper was developed by Ziye Yang, a Staff Software Engineer at Intel and is being presented by colleague Yadong Li, a Principal Engineer in the Ethernet Products Group at Intel. In many usage cases, FaaS applications usually run or deployed in container/Virtual machine environment for isolation purpose. So, one of the challenges is how to quickly construct the execution environment for FaaS, which can be divided into two parts: Running time Execution environments (VM, container, process) and image/file systems(including code, libraries) construction or provisioning for running FaaS. To accelerate the cold start of FaaS, we can clearly see that there can be lots of work to optimize in these two parts. In this talk, we propose a novel approach to construct the FaaS’s image construction environment via IPU (infrastructure processing unit) instead of optimizing it in host. With our approach, there are the following benefits: 1 Performance and resource benefit, i.e., We reduce the image construction resource overhead in the host side; 2 Security benefits, i.e., When the images area constructed by IPU, IPU can present the images through VF/PF devices to the host. And the host can directly hotplug (including hot attach/detach) the devices to VM/containers, then mount the device to a specific mounting mount. And after the execution of the FaaS application, the IPU can immediately hot remove the devices from the host. Then the sensitive information leak can be avoided.
- Let audience know the resource/security challenges on the FaaS/image construction and provisioning overhead in the host.
- IPU which currently provides virtual storage service to the host can be easily extended to serve the FaaS/container image acceleration case.
- We present some high design ideas on how to offload FaaS/container image usage cases, which can add usage scenario for IPU offloading in cloud native storage area
---