Underlying System Innovation Helps Cloud-Native Development - Apsara 2022

Date: Oct 1, 2022

This article is organized by the special lecture "Innovation of the underlying system to help the development of cloud native" in the special session "Innovation and Practice of Enterprise Cloud Native" at the Apsara Conference

Speaker: Squirrel

Apsara Conference 2022｜Hello everyone, I am Huang Shaoyu, a product manager from Alibaba Cloud Intelligence. In Alibaba Cloud, I am mainly responsible for product design and planning of the cloud native underlying system. I am very happy to share with you here. A lot of cloud native application scenarios and successful cases were introduced in the topic in front of this session. Here I will introduce our thinking and practice from the perspective of the underlying system, hoping to bring you more useful information.

Apsara Conference 2022｜Today's introduction is divided into 3 parts. First, I will introduce our analysis of cloud native business and the design ideas of the underlying system. Next, I will introduce the new Alibaba Cloud Sandbox Container 2.0. Finally, I will introduce our services in Alibaba Cloud and Alibaba Economy. In vivo practice.



Apsara Conference 2022｜Here, we will start from the perspective of user development, operation and maintenance to explain the changes brought by cloud native. The red box is what users need to pay attention to. It can be seen that from the traditional physical machine deployment form to the traditional cloud deployment form, to the container deployment and function deployment form used by cloud native, the content of user management is constantly changing, from managing the entire huge physical machine to managing A single virtual machine only needs to pay attention to its own application and its dependent libraries, and finally only needs to pay attention to its own code. The advancement of cloud native allows users to pay attention to the continuous upward movement of the interface.



The upward movement of the user interface has naturally brought about changes in the way cloud services are used. It can be seen that compared with traditional cloud scenarios, cloud-native scenarios have shorter running time, smaller operating units, and more services are used. The resource purchase has changed from long-term buyout to on-demand elasticity, and the startup time has changed from minutes to minutes. The level has dropped to sub-second level, and the deployment density has also increased by two orders of magnitude. These changes have put forward new requirements for cloud infrastructure: serverless deployment requires no operation and maintenance, short-term operation and on-demand use require fast and elastic capabilities, and the increase in deployment density requires the entire runtime to be lighter; while cloud The security and performance of the service are also necessary considerations for users to choose a platform. To sum up, to meet the needs of cloud-native services, cloud infrastructure needs to be able to quickly and efficiently provide users with a secure operating environment;



The front is some of our thoughts on cloud native business. Next, I will briefly introduce some of our practices in cloud native scenarios; here is the overall technology stack of Alibaba Cloud native. The bottom layer is of course the most familiar cloud infrastructure, which provides the ability to store network computing; the second layer includes container-oriented ACK/ASK, application-oriented SAE, Flink Serverless, and function-oriented Function Compute, etc. Alibaba Cloud's cloud-native platform supports a large number of cloud-native applications described in the top layer. Between the infrastructure and the cloud-native platform is the cloud-native underlying system. We play a role as a link between the previous and the next. Combined with the powerful capabilities of Alibaba Cloud's infrastructure, we use the container engine as a carrier to create a single-machine underlying system that best meets the needs of the cloud-native platform. Inside Alibaba Cloud, we name this system "Kangaroo".



Here I briefly introduce our design for this system. It can be seen that our design of the cloud-native underlying system follows four basic principles: safety and light weight, flexibility and efficiency, full-stack collaboration and open source ecology. Based on the above principles, we have launched a new container engine dragonball, which provides The core competitiveness of secure container fast startup, high concurrency, and low overhead for cloud-native scenarios, and provides a variety of container runtimes to meet the needs of different scenarios. We make full use of the powerful capabilities of Alibaba Cloud I-layer to provide superior IO and network performance; at the same time, we have innovatively designed network and storage solutions for cloud-native scenarios to calmly cope with short-term operation and instantaneous concurrency to the infrastructure. impact. We have also enabled hardware security capabilities and built multiple security assurance systems. Not only that, our host environment will carry out a lot of scheduling and memory optimization combined with business characteristics to provide users with higher end-to-end performance; finally, our related technologies are also leading the kata 2.0 architecture and feeding back the open source ecosystem.

Based on the above system design, we hatched an internal product of Alibaba Cloud last year: Alibaba Cloud Sandbox Container. After its release, this product continued to provide services in Alibaba Cloud and the Alibaba economy. After one year of product iteration, we launched Alibaba Cloud Sandbox Container 2.0 this year.



Compared with the 1.0 version, 2.0 mainly includes the following three parts of the update:

First, the lighter, faster and more stable container engine dragonball 2.0. In this engine, we have introduced a new development language, cut unnecessary modules, and merged some components; through innovative container engine design, We achieved excellent performance, resource overhead and stability;

Second, a more flexible and high-performance storage network solution, we officially put virtiofs into production as container storage; at the same time, in order to cope with high-density multi-user scenarios, we introduced a new cross-VPC network solution; we also introduced eBPF technology as a Acceleration solution to speed up network performance

Finally, we also provide more comprehensive and diverse security capabilities. In addition to the basic lightweight virtualization isolation technology, we also integrate the services of Alibaba Cloud Security Center and provide runtime RunE for cloud-native confidential computing. Comprehensive protection of the user's operating environment;



The effect of upgrading version 2.0 is also remarkable. First of all, our startup performance and concurrency capability have been greatly improved. Our sandbox already has a 50ms cold start capability and a 3ms hot recovery capability. The sandbox has a single-machine concurrency capability. It has also reached more than 200 per second; secondly, our resource consumption has also been greatly reduced. The cpu and memory consumption of the sandbox container has dropped to the same level as the ordinary runc container, which is close to "zero consumption". The deployment of a single machine The density has also reached more than 2,000. Finally, through end-to-end integration and optimization, we have eliminated the performance loss caused by the sandbox isolation technology. The performance of Alibaba's e-commerce business in the sandbox container is basically the same as that of ordinary containers. The performance tuning of specific scenarios has also achieved good results. The performance of nginx is 20% higher than that of ordinary containers on the cloud, and the performance of redis is 30% higher than that of ordinary containers on the cloud.

Finally, I would like to introduce to you our practice in Alibaba Cloud and the Alibaba economy.

As the underlying system, Alibaba Cloud sandbox containers and Alibaba Cloud products build cloud-native competitiveness; Alibaba Cloud container service products have launched secure sandbox containers and Inclavare containers, which integrate our sandbox container capabilities and deliver them to users. Users can Directly use our components; in the elastic container instance ECI mentioned above by TOPIC and in the FC for function scenarios, Alibaba Cloud Sandbox Container 2.0 has been launched as a new underlying architecture; in application-oriented SAE and Flink Serverless In the product, we also continue to provide support as the underlying system;



In the Ali economy, sandbox containers are also playing an increasingly important role; we make the business operation more stable and the deployment more flexible in the online business, offline business and hybrid deployment architecture, and support the business of the Ali economy to move smoothly towards Cloud-native evolution.

Cloud-native scenarios are still developing, and the challenges they bring will continue to change, but our original intention to be the best cloud-native underlying system will not change. Attractive product competitiveness! Well, the above is my sharing, thank you all!