Serverless computing typically uses secure containers encapsulated within lightweight microVMs to isolate function invocations across different tenants. However, to achieve high security guarantees, the Single-Container-Per-VM (SCPV) model can lead to significant memory inefficiency, as each microVM includes a separate guest OS, even when the container instances are identical. To solve the problems, a research team led by Chen Quan published their new research on 15 May 2026 in Frontiers of Computer Science co-published by Higher Education Press and Springer Nature.
The team proposed the dynamic Multi-Containers-Per-VM (MCPV) model along with CZone to enhance the memory efficiency of secure container architectures. The MCPV model with CZone has been verified and tested through multiple experiments using diverse benchmarks. Compared to existing approaches, the proposed method significantly reduces both startup latency and memory footprint, while introducing negligible impact on system performance, especially when contrasted with the SCPV model that relies on microVM templating.
The research analyzes existing memory hotplug technologies and concludes that they are not optimized for serverless environments, where containers are frequently created and destroyed. To address this, the authors introduce CZone, which extends Linux memory zones to function as an adaptive, movable zone. Container processes are placed in their own CZone to optimize the later deletion of containers.
First, containers are created within a specific CZone, isolating their memory region and speeding up memory release. A customized fork() with an additional CZone ID parameter is introduced to place the container process within the CZone upon startup. Second, a page flag is used to identify guest pages utilizing host physical memory. Finally, a paravirtualized virtio device, czone-virtio, is employed to reclaim unused guest memory from idle containers.
Experiments on Azure Serverless Trace and various classic benchmarks show that the proposed method accelerates container creation, reduces memory footprint, and has minimal impact on system performance.
Future work can focus on improving network performance in the MCPV model, requiring an appropriate scaling strategy for microVMs' CPU and emulated network devices.
DOI:10.1007/s11704-024-40756-5