Securing Your FTP Transmissions on z/OS presented by SDS
December 19, 2017How to Do Capacity Management in the CloudwWith Per Bauer of TeamQuest
January 4, 2018Pouch: Alibaba’s Tried and Tested Container Technology is Now Open Source
By Allen Sun, Jianmei Guo, and Kingsum Chow
To develop a thriving container ecosystem and promote the Open Container Initiative (OCI) standards, Alibaba has released a key piece of infrastructure, Pouch, under the Apache License Version 2.0 (APLv2). It is now available on Github at https://github.com/alibaba/pouch.
Pouch is a lightweight container technology that features high performance, high resource efficiency, and high portability. On the 2017 Singles Day, which has taken place annually on November 11, Alibaba’s shopping platforms achieved a gross merchandise volume of 25.6 billion dollars, and the cloud infrastructure comprising multiple large-scale data centers serves a global user base with a peak of 325,000 transactions and 256,000 payments per second. Pouch is the key technology that processes all online transactions smoothly on millions of containers.
Besides dealing with the enormous volume of online traffic and transactions on the Singles Day, Pouch supports daily services at Alibaba, spanning different business domains (e.g., e-commerce, advertising, and search), different technology stacks (e.g., Web applications, databases, and big data processing), and different programming languages (e.g., Java, C++, and Node.js).
Features
Originated from Alibaba production environments and designed to fit large-scale commercial applications, Pouch incorporates four distinguished features:
- Strong Isolation: Based on Alibaba’s customized Linux kernel, Pouch enables strong isolation that meets the security requirements for commercial use, including (1) more isolation dimensions on network bandwidth and disk usage, (2) enhanced resource visibility, and (3) hypervisor-based container isolation by creating new kernels.
- P2P Image Distribution: Pouch adopts another Alibaba’s open-source P2P-based distribution system, Dragonfly (available at https://github.com/alibaba/dragonfly), to improve the efficiency of container image distribution across tens of thousands of clusters.
- Rich Container: To smoothly enable a wide range of application scenarios at Alibaba, Pouch is designed to be “non-intrusive” to application development, operation, and maintenance.
- Kernel Compatibility: To enable as many applications as possible, Pouch supports OCI-compatible runtimes that work on a set of Linux kernel versions above 2.6.32.
Architecture
To ensure a clear separation of functions, Pouch is organized with components, and its architecture can be viewed from two perspectives: ecosystem architecture and component architecture.
The ecosystem architecture presents how Pouch fits into the container ecosystem. As shown below, Kubernetes and Swarm will be supported in the orchestrating layer. In the runtime layer, Pouch supports OCI-compatible runtimes, such as runC, runV, and runlxc. In addition, Container Network Interface (CNI) and Container Storage Interface (CSI) are included to enable more network and storage plugins.
The component architecture describes the relationship among multiple components insider Pouch. As shown below, at the command line (CLI) level, Pouch CLI and Docker CLI are supported simultaneously. At the container docking runtime level, Pouch internally calls containerd over gRPC via container client. Pouch Daemon is designed from the idea of internal componentization that extracts the corresponding System Manager, Container Manager, Image Manager, Network Manager, and Volume Manager to provide a unified solution to object management.
Recently, Alibaba has established a long-term plan to maintain and improve open-source Pouch, and we welcome any contribution to the project. With the community support, we hope that Pouch can help many more stakeholders outside of Alibaba and facilitate the development of container ecosystem.
About the Authors
Allen Sun, Senior Engineer at Alibaba Group, is currently responsible for the open source construction of the Pouch container project at Alibaba. He has been involved in cloud computing for over 5 years, and is one of the first batch of researchers and practitioners of container technology. Allen played a central role in the evangelism of container technology. He is the author of the book The Source Code Analysis of Docker and a personal advocate of the open source spirit, as well as a Maintainer of the Docker Swarm Project.
Jianmei Guo is currently a Staff Engineer at Alibaba Group, focusing on hardware-software co-optimization for system performance. Before coming to Alibaba, he was an Associate Professor of Computer Science and Engineering at East China University of Science and Technology. He received his Ph.D. in Computer Science and Engineering from Shanghai Jiao Tong University in 2011, and worked as a Postdoctoral Fellow at the University of Waterloo from 2012 to 2015. He can be reached here: https://www.linkedin.com/in/jmguo/
Kingsum Chow is currently the Chief Scientist for Alibaba Systems Software Hardware Co-Optimization. Since receiving PhD in Computer Science and Engineering from the University of Washington in 1996, he has been working on performance, modeling and analysis of software applications. He has been issued more than 20 patents. He has delivered more than 80 technical presentations. He joined Alibaba in 2016. He can be reached here: https://www.linkedin.com/in/kingsumchow/