Firecracker MicroVM Platform

Firecracker is an open-source virtualization monitor that enables secure, multi-tenant, minimal-overhead execution of container and serverless workloads using lightweight virtual machines called microVMs. Developed by AWS (Amazon Web Services, headquartered in Seattle, Washington) and first released as open source at re:Invent 2018, Firecracker powers AWS Lambda (serverless computing) and AWS Fargate (container-as-a-service), handling millions of microVMs daily. Key features: microVM architecture: Firecracker creates lightweight virtual machines that combine the security and isolation of traditional VMs with the speed and density of containers. Each microVM runs its own kernel (Linux) and has dedicated resources, providing hardware-level isolation via KVM (Kernel Virtual Machine). Minimal device model: Firecracker implements only the absolute minimum virtual devices needed for serverless and container workloads: virtio-net (network), virtio-block (block storage), virtio-vsock (host-guest communication), serial console, and a keyboard controller. This minimalism reduces attack surface and boot time. Fast boot time: microVMs boot in as little as 125 milliseconds, enabling near-instantaneous scaling of serverless functions. Low memory overhead: each microVM requires only 5 MiB of memory overhead (in addition to the guest memory), enabling thousands of microVMs per host. Rate limiter: built-in rate limiting for network bandwidth, operations per second (IOPS), and disk bandwidth, enabling fair resource sharing. Snapshot support: create and restore microVM snapshots (memory + CPU state + device state) for pause/resume and live migration, enabling copy-on-write memory sharing across microVMs for even faster startup. Security: runs in a jailer (seccomp, chroot, namespaces, cgroups v2), each microVM in its own sandbox. Rust implementation (memory-safe). Resource efficiency: over 4,000 microVMs per host demonstrated. KVM-based, Linux only. Apache-2.0.