Firecracker, a virtual machine monitor from Amazon

Amazon announced the release of Firecracker 1.0, which is a virtual machine monitor (VMM, Virtual Machine Monitor), designed to run virtual machines with minimal overhead. Firecracker is a fork of the CrosVM project used by Google to run Linux and Android apps on ChromeOS.

Amazon Web Services is developing Firecracker to improve the performance and efficiency of the AWS Lambda and AWS Fargate platforms.

About Firecracker

For those who are unaware of Firecracker, you should know that this offers lightweight virtual machines called microVMs. The complete isolation of microVM uses hardware virtualization technologies based on the KVM hypervisor, while maintaining the performance and flexibility of conventional containers.

The system is available for x86_64 and ARM64 architectures and has been tested on Intel Skylake, Intel Cascade Lake, AMD Zen2 and ARM64 Neoverse N1 CPU families, plus tools are provided to integrate Firecracker into the runtime of container isolation systems such as Kata Containers, Weaveworks Ignite and containerd (provided by the firecracker-containerd runtime).

The software environment that runs inside the virtual machines has been truncated and contains only a minimal set of components. To save memory, reduce startup time, and improve security in environments, a simplified Linux kernel is released (in which kernels 4.14 and 5.10 are supported), from which everything unnecessary is excluded, including reduced functionality and support for deleted devices.

When running with a truncated kernel, the additional memory consumption compared to a container is less than 5MB. The latency from the start of the microVM to the start of application execution is set to between 6 and 60 ms (average 12ms), allowing new virtual machines to be spawned at up to 180 environments per second on a host with 36 cores.

To manage virtual environments of user space, runs the background process Virtual Machine Manager, which provides a RESTful API which implements functions such as configuring, starting and stopping the microVM, selecting CPU templates (C3 or T2), determining the number of virtual processors ( vCPUs) and memory size, adding network interfaces and disk partitions, setting limits on the bandwidth and intensity of operations, providing additional memory and CPU power in case of resource shortages.

Firecracker is used by/integrated with: appfleet, containerd via firecracker-containerd,, Kata Containers, Koyeb, Northflank, OpenNebula, Qovery, UniK, and Weave FireKube.

As well as being used as a deeper layer of insulation for containers, Firecracker is also suitable for providing FaaS systems (Function as a Service), which offer a serverless computing model, in which development is carried out at the preparation level of a set of small individual functions, each of which provides the processing of a certain event and it is designed for independent operation without reference to the environment (stateless, the result does not depend on the previous state and the contents of the file system).

Functions run only when needed, and immediately after the event is processed, they complete their work. The FaaS platform itself hosts the provisioned functions, orchestrates the management, and provides the scalability of the environments required to run the provisioned functions.

How to compile firecracker on Linux?

To Lthose who are interested in being able to try firecracker on their system, they can compile it on their own.

For this just open a terminal and The first thing they must do is obtain the source code to be able to compile, this can do by typing:

git clone

Once this is done we can enter the firecracker folder with:
cd firecracker

And we proceed to compile with:

tools/devtool build
toolchain="$(uname -m)-unknown-linux-musl"

Finally if you are interested in knowing more about it About Firecracker, you can check the details at the following link.

The content of the article adheres to our principles of editorial ethics. To report an error click here!.

Be the first to comment

Leave a Comment

Your email address will not be published.



  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.