 Hello, so I think I'm gonna get started, you know That's my first time I come here for artisomy. So I think Played out me to introduce myself. My name is Tie Jun Chen. I'm from a VMware R&D China ATC team at the WS Technology Center. Yeah, our team are working on some project and some explorations it involved that LOT Internet or SIN and Photon links OS or enhancement and the serverless and edge computing something like that. Yeah, unicorn also was my exploration Before I joined VMware, I worked at several companies Might you might hit hit some name like when the river system right there I was a respond for when the river links kernel and BSP development and When the river the hyper rather and our pair virtualized guest OS and also work at Intel OTC I was enabling some hardware feature to open-side token managers So today I'm going to talk about my exploration My proposal about a unique colonel is special something related to a Primarity and LT So each time I have to make this declaration and as I mentioned just my personal explorations So it's really not doing my own commitment from VMware so far So I'm just Few of us I think the first part I'd like to introduce some background about unique colonel and LT And then go to my exploration and now I name it union links and I will finish my prediction with one brief summary Okay, I think we first need to understand this architectural revolution. I mean from VM to unique colonel What's happening? Just take a look at this picture. So when we know a virtual machine, it's a hybrid So a couple years ago a container like Docker was brought out. It's relevant But it's not a skill. One reason I think all containers share that one common host OS So if something's wrong with this host OS, they could have big impact on all the containers You might remember last year. We have that dirty copy on right, right? so instead some people are trying to trim down that host OS and Just deploy one or few containers inside this VM But you should notice that division they still are given between kernel space and your space. It still causes to mark So what's next unique colonel you cannot we compile application into one Game operating system just keep those necessary components to make sure this application can run It's like a library and we also compile them into either one whole image So how to define it so unique colonel I specialized Some old dress space a major construct by using the library operating system Specialized and a single dress space and that's leave OS and I like to categorize them into a to a group the first one is that Like general purpose unit colonel is like a library But just derived from one general operating system. It is supported like politics complying program another group is that language specific unit colonel like Right OS it's written with the one specific language. It's still like a library, but the specific to one programming language so So far there are a lot of existing unit colonel at least some names here So you can find some of them always we include OS and drop rate drop rate is from Microsoft And you need to you need to actually the tool it can help compile application into some existing unit colonel I know you also can find some interesting Solution like docker docker You know not see a required that's a unicorn system. It will raise the to project Have Kate and a VP Kate it can help a container can run with Mac OS or Windows OS Even this year at the dog conference, you know, that's a links kid. You still includes these two project and my OS I Need to take OS a week one in this unit colonel as a guest or as component to provide very good that Cloud infrastructure to support HPC high-performance computing and an FV when the unit colonel is small and That's a high very good on our performance. So some people use the SV or something like that to construct a very flexible life solution Just like a research reason So Let's think based on the definition you can and then you know what you need kind of can bring out. I think a single dress space that mean it's easy to zero copy and it's Is it to a config hair page and deploy that and a single only mode? So now we don't need that as a Cisco instead. We just use a function call and When most time and we just running one process, but the multiprocessor side So we don't need that to have a tab contact switch like if we're talking about x86 We don't need to reload the CS3 and So compared to a VM and even compared to internal Unicolonel can print some benefits. So first one is that you employ the security You can steal the VM, but it's live it and it's just keep those necessary the components that each component has that less code So the tech surface of Unicolonel are very small and same time when you can get that small on memory side and the footprint and You can put that very quickly. You also come up to them because it's specialized So we did some investigation on some discussion We believe Unicolonel really yet that comparable performance. You can find some data from the public claim and As I mentioned, they are allowed to make this Unicolonel, but it's very hard to see Unicolonel in the production environment So I think they are facing some challenger like like compelling user case we need more user case and Compatibility what I mean, you know Unicolonel is running one mode and one single drive space So those existing application can run with Unicolonel directly and again You also cannot run some existing tools or utility to a debug or more detail and So the Unicolonel and they also like some standard to Unicolonel So after that, I'm thinking what about Unicolonel? I think Unicolonel could be a good candidate to Unicolonel because Unicolonel is wide use so it can bring out some valuable user case and it has a West tail different to that library and It also has some more true tools and utility. So I think we can bring Unicolonel community links as a Unicolonel to make Unicolonel succeed and I also think you know In my standing links, there is a lack in the process of development every year you can find some interesting optimization or some acceleration I think this technology still can benefit Unicolonel and we also have some community It's a very important factor to make Unicolonel succeed as So Based on the challenge talk about the challenge. So the first question that you the case So I'm trying to figure out some potential but a valuable case like I will in terms of intensive application Unicolonel aims to improve the network performance We have an effort some research to use the Unicolonel and we all have some service I'm not sure I ever heard here that you service So this is a simple simple speaking service is that the cloud computing code explosion mode That means you just need to focus on writing code and operating your code to the cloud But without managing and preventing your results your server server less So this is a very soulless So that means just you just need to write code, right? All the time you Besides your right code you also have to configure which we are and the memory size and the memory CPU You have to configure that right? So if we use service mode, that means you're just in the right code. I believe the code to the public cloud provider But you don't need to care about which results you should configure so instead the cloud provider will help you on run your code on demand and I like to resolve that automatically and and do something automatic out of the scaling Did I make it? Okay So he's a very promise model most of the public cloud provider like Amazon and Google and Israel also have this own that soulless model implementation, you know Vmware also have Vmware service on this on vSphere infrastructure implementation But you know basically they just use the container to carry out the function We will also talk about a unicorn or can compete with the container So I think we can use a unicorn or to carry out something and another thing I want to mention here There's a service that That difference between service and the function service So most times people call service as a function service But it is really like a difference between zone service means that you don't need to care that results allocation Function service means that the scheduling unit should be function So think about this sometimes some function should work together they can work efficiently and Because probably they share some results and Sometimes you may need one function trigger another function to out to finish one come on complicated task and you also need to consider QS, so I think of that Vm should be a good company and complemented to the unit service implementation and Blockchain or blockchain also Like hyper led hyper led user that to container to carry out the sort of a chain code Now we still can use a unicorn to carry out the chain code and emotionally This is why another reason I want to a current links to a unicolonial No, they the those egg is it unicolonial doesn't support the CPU But we have a needs links that can support the GPU and we have that HMM that's been heterogeneous memory monument So I think this can help unicolonial links to support that motion lane, but today I like to focus on LT So first lesson take a look at the picture This is the one on I think the typical algae architecture So on from a left side to the right side the sin and that's the right side of the cloud Edge and fogger in the middle. So now that's something we are talking about the sensor and the extruder. So In the case of which is that mean that we need to connect these devices to the cloud to the internet But the variety is not every device can connect the internet directly Some some device can connect to the internet like CCTV or camera in the public They are sort of epic capable. So it's easy to connect them to the internet But there's a huge massive amount of devices. We cannot do that They just have some a lot of shorter range of connectivity protocol like zig B and the Bluetooth or some canvas on ice for 85 something that's so we need that some device help them connect them to the internet this device is running on the edge side, so Mostly and there's some different situate scenario like We need the out to get away and we need some embedded PC or some data center or even we have some Long-range that's a connectivity protocol like Laura and the MVLT. We still need the MB that I mean I'll just station base station so They are feeling some problem like no no for example on the LTV station. That means that you have to Fix some problem like a multi-tenancy one device are connected one LTV station, but in the moment it will connect another base station that mean the base station will connect different device from different random So how to are you able to support that? Unicorn or you know colonel to support LTE. So I'd like to Divide LTE from to a deal to a group the first one out of cloud I'll talk about the microservice and the server and the service We can use Unicorn to represent the container and for the LTE edge and fog You know when we talk about LTE and these LTE devices are resource constrained So Unicorn are very small and small and both are very quickly and it's very secure So I think it's very suitable for the LTE devices But but that means you know We need that what relation what relation to support that Unicorn all this one of a challenge They should be considered and another thing is Most exist Unicorn doesn't act to on support some feature So by setting it to LTE like a policy and that the multiple different architecture and the real-time requirement So I have some on this conclusion. I think Unicorn can very play for the LTE Because as I talked about We you know, I'm working on some LTE projects. We did some investigation There's a trend that's sorry. We are at the edge side. So we need a new relation Why because what relation can help us address some problem like a security issue and the multiple Tennessee and fragmentation and edge computing and Again that LTE is an equivalent to that in by the system the Unicorn all And according to one public study Two cells of out get away are deployed with the links. So Unicorn links has that already has this good ecosystem and Another reason was a unicorn links that can run on by metal. I think there's no doubt So as so to me, I see this was exploring If we can unicorn links and we can deploy that in the case of LTE So our solution and our goal is to want to explore what's the best platform for running Unicorn case and We need to integrate or support some existing Unicorn all and the more important and I like to convert links to Unicorn I limit the union links and some explorations and today I just focus on that how to convert the links to Unicorn So, you know, coming links to Unicorn is very difficult because links is a general operating system It's designed to support multiple process and I had two different modes and that's all components are type of tightly coupled and We also need to consider if we can prove that performance Let's give some sense just focus on Okay How could we possibly achieve this so From the links of perspective That means the unicorn links is running with the one mode now. We are talking about x8 64 that means the Unicorn links union links is running with that Supermode as you know, you know, how to we can how to do this So we need to modify some micro like UCS and DDS and that's RPL entry to make sure us level I can run with that Colonel mode and we also need a IST interrupt step table What I mean, so You know, normally it's We have two different mode the Colonel mode and user mode. So CPU can automatically switch that stack between Colonel stack and to your stack to Colonel stack to a your stack, but now we just have one mode So think about this scenario You step is running with the user stack, but sometimes we need to expand the user stack So it will trigger that picture fault But at this sort of moment your stack is not valid CPU want to see that the rest of the information like eyes if lag and ISP something so But stack that's your stack is not valid. So it will trigger another fault double fault so But again, and this time the stack is still not valid. So CTO have to shut down So how to address this problem? so we have that I so X80 64 has this feature interrupt stack table so that means this table can switch to a specific stack automatically and So far there can be up to seven entries in that per CPU and the IST Code is index into that the TSS tasks data segment and that's each that IST entry can point to different Stacks so this can help address this problem and the VSO We are running one the wrong running with the one mode. So we don't need the phone system call so we should modify VDSO make sure just jump to that function and The module stack in some cases some few cases maybe your application like Are compelled with that hard code or that system call? so we needed to That's the switch that your stack to cannot step That's the few case And I know single dress space We can run one process so we cannot provide a fork as it is easy to understand so We need to up to them like we want to get a smaller size and the footprint typically we can use the Configure to disable those unnecessary components and some of our work. We also need to do like We should remove someone nice some system call Just keep those the natural natural is it called according to different application of requirement and Zero copy. I mean now we just is running with the one mode. We do need to check between kind of space and your space We don't need to move something from kind of space to your space. It's not necessary. She should be gone and schedule You know nominees has a besides that to idle and stop we have CFS and RT and deadline But in some cases we just running one process make sure I want to decouple this schedule to make sure we can Configure that to schedule according to different to that requirement and Live to get a big stack so Link has a very good network stack But it's complicated because links I want to dress a different network scenario, but I know we needed that live it to see if you have a stack like Live it IP something like that. I think Already there's some existing project. They are working on this similar thing Normally it's had a different variant like we had that Just go T and the SC links and we also have a prim anti links So I think we still can use that now we unicorn links kind of have that prim anti Unicorn links is based on a prim anti links and You can support some case so we like airbag in the car and the break and and But it had a different scenario so that Biomental as I mentioned as easy to run unicorn links, but what about what's a lot of environment? It's very different So what's our relation that means that that layer between on hardware and operating system so that means that two levels of that Scheduling scheduling structure, I mean Happen whether we all schedule that physical CPU To that schedule with the CPU to that a facial CPU This is the first level that schedule the second level that's we talk about the traditional scalar This is inside that VM so Based on this that two levels of scheduling so we are facing some challenges So how to guarantee we still can't get that on credit time behavior so two levels schedule structure and that's More importantly have a whether has no knowledge of what's running in those inside the VM and memory management No, that means dynamic memory management cannot we all introduce some on pretty both be here So we need to consider this and another Problem is that lock holder prevention problem hmm How to explain that so that means for example, we have one guest OS We have a tool thread thread a and thread B's thread a is holding or one Slug is running one CPU on CPU a and another thread is Is running on another V CPU but being which is for another That lock but at this moment have whether probably we are on schedule out of the V CPU a So that means that thread B now they are running on V CPU or B. It actually is a visiting CPU time So how could we can address these challenges? I think for the guest OS we can use that parameter links, but What we should do we need to add some hot call like though when you hold the lock you should issue a hoplap hoplap hoplap call to that Happy weather that happens to know you are running that at you workload or you are holding that Clock so Have weather would not schedule these or V CPU from these are fitness appeal and memory allocation so to avoid that Something that could be Bring out from that memory on Education dynamic memory education and we have to preserve some memory source to make sure we can Call that have called directly that to add some results from these results of pool to support at work alone Direct interrupt what that means so and most of CPU if they are support if they support that what relation technology We still have this feature of directly interrupt to the that V CPU Okay Another part is other compatibility, so That's different scenario if you have a source code We just need to pre-compile some library right there We replace that system call with that function call you just need to recompile application with this news This is sort of a new library but if we just have binary It is a compound with some on compile flag like a shed and peak I think we can load that I will pre-compile that library to resolve that system call to a function call but if not Here, I think it should be a very few kids. I don't care about these few kids So multiple process this is another question. So My principle is that if your application can be designed to support There can be some design to run to be running as a multiple thread you need to Re-design your application if you cannot do that because that they can get that best benefits from the union current and the links if not, I think One is straight forward. So one folk just trigger one Union links instance, but that means the IPC become that inter-VM communication So we need to confide out that faster, but secure VM communication Fortunately in the case of x86 we have the VM function. This probably instruction can help us Another way is a PCID process contact identifier This like the it can take TRB. So that means if we want to switch Between different process, but you don't need that Invalid is a TRB. It's a very live it But this feature just has limited bits So I use this to on support the multiple multiple process just for that debug tool and monitor tool And then that people still can use those existing to our utility to develop that unicarnal Another way you need to use the links is that MMU are less But unfortunately this doesn't support x86 I'm thinking about this before but It doesn't support x6 And another side effect is it still has not a fork. It just supports that before I hope I take some time to figure out if we can take something from these music links This goal, I'm trying to what what what I'm trying to do is I hope because music links can support that multiple tasks in the ones of single-dress space A debug tool I think is I like talk about that PCID. I think it is have Supposed those existing to an unicarnal That utility Once I want to like to mention here that the key dump in the key dump is a very good tool to debug if you're kind of panic or chronic but in the But that means that we have to load that we have to resolve that What memory space and to load that sort of a capture kernel This is not good in the production in a month in the production environment. So What am I trying to do is we just need to resolve that a virtual space But we don't allocate the physical address space and we don't map them But one day if we want to debug something with that key dump We can enable bottom driver bottom driver can I like to some physical memory from half weather and then map them to this virtual address and then load that capital kernel and you can enable that key dump monitor Like that osv. I just integrated one mini more that actually be threat, but instead of we can here we can connect the load existing Debug it wanting to like a top or something like that And the syslog I think it's easy to understand We have for where we have that v sphere log inside is supported as syslog format So we just needed to connect that remote syslog to this our log inside To make sure we can to log a unit kernel And we also some enhancement about fastboot and that virtualization enhancement fastboot the software like we can use We can integrate one small bootloader inside this VM to skip that BIOS We also can use that dp to Replace acpi partially and now for the virtualization So we know which device and which bus we will allocate to this VM So we just do that one one bus probe and the device probe What relation there are some of these are listed here Mostly they can help us to reduce that our VM agonized this overhead to probe to improve our performance Um Besides the unicorn our links we need some tools and to how it help us configure to build these Union links how to build application to our unicorn links Okay This party is about a measurement. It's very actually very similar to docker So like this we have a unicorn our manager. This is the clock It's a controller our measurement it can Control all unicorn application and also expose its functionality to that unicorn connect by the rest api And they also can load that Unicorn application manager to that local and also To that cloud registry if we when you want to run your unicorn application If we cannot find that in the local just pull that from the cloud to conceive that in the local registry Another dimension is the vdf s vdf s is a virtual distributed file system Basically it's based on the what l what l o that my p and i o and What l device and i p on the file system and This can help what this can help to do is that Help unikernel do something like this class So this we can boot links or boot unikernel links very quickly Oh, so I think this is what i'll talk about so Without We'll talk about unikernel is very small and fast and quick-boot. So it's a very Good candidate to the cloud and to the iot And but those eggs in unikernel Fits some challenges. So have yet to gain large popularity And we have now they are facing some challenges So I'm trying to come out of this solution union links to Make sure we can boost the unikernel And the product links is very suitable iot No matter we are talking about iot cloud and we talk about iot error and iot phone So so far I have found that the poc I can compile that Hello world to that's union links. I can boot that with the qm or with our exi So it's still at the early stage But I'm not going to mention here. So In my iot project I already deployed that unikernel one egg this unikernel osv it Working as that I mean i'm going to broke i'm going to do the iot protocol to help connect communicate between that Different machine The sub revs. So this some something I'm going to talk about So any question? Sorry one question Okay I didn't get yet Why you think there's a lot of work a lot of interesting technical work to be done there to get to this Linux based unikernel thing But I didn't get actually why you think or what is the point but will make this approach more successful than osv for example Oh V for sorry osv or sv. Yeah. Okay. Why do you think it would be more successful than osv? um I'm not sure if we remember I mentioned some valuable user case like that fv and serverless and that blockchain and Like that emotionally, right? I think osv cannot do this As a point is this this approach has been more or less abandoned It was a bet that they could achieve better performance with the osv approach I think that so but it didn't went off But unicorn is also can support some potential user cases and I mentioned another reason I think unikernel Unilinks can support multiple process to some extent, right? This is one important reason people don't like to use that osv because you have The first reason you just can run one process sometimes you also cannot use some Existing to debug for example, you cannot sh, right? You cannot sh, actually you cannot use some key down for or some probe and f3 or sv doesn't support this feature But ninks can do this So this is my first So your assumption is that you don't need to port the applications over To run on this unikernel elix based unikernel approach applications won't be touched for this. Yeah I know that a lot of works I should do Because I just I mentioned it's hard to decouple that components. So so far that The last image is still bigger. Thank you. Just as you had a slide on the real-time features, right? Can you just tell us a bit more which use cases you have in mind what? Timing constraints granularity you see in this in the scenarios you have in mind here So you're the case, right about real-time features of this Real-time approach. Yeah, real-time features. Sorry for my uh Here so the slide where there was a slide we didn't even scan that line in there. I think It was a slide we'd also scan that line in in the slide But yeah, the idea is to about timing behavior. What would you expect? What would be like the ideal the target? At hero latency for this architecture I was Because I based on some discussion. I'm in the record investigation um The first So we should do because in in the lt. We need virtualization Why we need virtualization because virtualization can help address that security issue multi-talency So this is a that this makes sense to you So, I mean do you agree? Uh, do you agree we need the virtualization in the lt? Yeah, sure. So so now uh, but I would need that Real-time requirement because uh, most people are talking about edge computing Edge computing means that uh, we need to do something. Um, like real-time data analytics Like we have a self drive car So you don't need uh You you cannot depend on this you push your massive data to the cloud and then cloud make some analytics and Put the action to you To the car and that car to take the next step Sometimes latency, right? Sometimes the connection may be broken So you cannot depend on this situation. So we need the real-time data analytics at each side So in this case, we need the real-time links at something In some research we are doing we are investigating into access network packet processing And in the timing the timing that we can do with linux or to using linux and particularly scheduling for isolating packet processing tasks Among each other, uh, as well as guaranteeing providing Timing guarantees to this packet processing different packet processing engines on the same platform Uh, it is in an fb context in a network function visualization context Yeah Okay