Rethinking Portability in a Virtual Machine World
I don’t get out much anymore, technically speaking. That is, I travel all over the world talking about Internet security and about the Domain Name System (DNS), and recruiting more sensor operators for Farsight Security’s Passive DNS project. But usually I’m addressing non-programmer audiences, and usually the credentials that get me invited are “Internet policy wonk”, not “ex-programmer.”
So I was very much plussed when the EuroBSDCon 2015 programme committee invited me to give the opening keynote here in Stockholm this morning. This is the kind of meeting I don’t get to attend any more, because it concerns a kind of work – digital system architecture and programming – that I don’t do much of any more. Because of travel overhead, it makes no sense not to stay for the whole Con, and I have some observations to share at the end of Day 1.
First, my friend Jordan Hubbard is having more fun than I am. His talk was about work he did while running the Core OS team at Apple, and the work he’s now leading at IX Systems. While on the one hand I don’t love every one of his design choices, on the other hand, he still gets to make design choices whereas I have long since delegated such choices to younger and stronger technologists whose work I have to quick-step to keep abreast of.
Second, my best years as a “hard” technologist currently appear to be behind me. My keynote speech this morning mostly covered work I did in the late 1980’s, 1990’s, and early 2000’s. Somewhere along the line I started feeling old and slow, and I stopped building new stuff. So while today’s audience was either somewhat impressed or very polite, I was still a has-been today – at least as far as programming and technical system design are concerned. “Ouch.” I think I need to re-think how I spend some of my off-hours, because I find I miss the old me, maybe more than a little.
Third, and most importantly, the scope of “portability” has shifted, and programmers and technical system designers can benefit from rethinking the matter.
In Jordan Hubbard’s talk about what he’s jokingly calling “NextBSD”, a fork of FreeBSD wherein he and his team are exploring the merge of some technologies he built as open source software while at Apple. As I listened to his description of an event dispatcher, a thread-elastic task scheduler, an object persistence and reclamation library, an asynchronous notification abstraction layer, and a structured system log manager, I recalled that ISC (Internet Systems Consortium) had built all of that for BIND9 back in 1999 or so – portably! – and that Apple could have saved some time by starting from that code base.
Because my mind runs along economics lines these days, I tried to imagine whether BIND9 could be sped up by using the Apple (and now NextBSD) mechanisms on platforms having such features, and if not, whether such incapacity would render these interfaces hopelessly non-portable, only used by the operating system and its utilities, but ignored by software that had to run on a wide and deep plethora of competing and incompatible systems. And that’s when I had my epiphany.
Portability is at the VM (virtual machine) layer now, not the API or ABI layer.
Because anyone installing a new BIND9 server today is going to dedicate a whole VM to it, and that VM can run any operating system it needs. Indeed, this isn’t just a BIND9 matter. Other DNS servers, or just other servers period, are increasingly isolated behind the membrane of a VM. This trend became popular along about the time that DevOps was reinvented, and this trend is also what illuminates the Docker opportunity and perhaps some elements of the software-defined network (SDN) opportunity also.
These fine-grained VM’s don’t even get maintained, so the ease of maintaining them is irrelevant. If a design or configuration change has to be made, it’ll be made upstream in a “recipe file” somewhere, and a whole new replacement VM will be created, which once running, the old VM will simply be destroyed. So, those of us who care which UNIX shell we’re using, won’t carry that care with us into the diagnostic and monitoring activities on a VM – which only happen just before that VM is replaced by a successor.
Notably, some operating systems have not embraced their role as a VM “guest”. Those will generally not run headless (“without a physical console”), and won’t ship with VirtIO drivers, and so, will generally not be chosen by technical system designers when selecting an operating system for a VM-sized service. The market is big enough for everybody, though.
What this means is if I were crazy enough to write another DNS server (at my age?) I could if I wanted make it completely dependent on some set of features or packages that only existed on, or which worked best on, some particular version and flavor of Linux or BSD. Because my target market for such a DNS server would be operating-system agnostic – they’re just going to put me in a VM, after all. The best packaging/distribution format I could choose would be “ISO” or “image”.
When viewed in that light, the features now being tested out in the NextBSD fork of FreeBSD could be extremely relevant to server level programmers. Portability is at the VM level now! This erases some barriers to innovation, and ought to reduce the total cost of both creating and owning/operating such services. This is probably not news to the DevOps crowd, but it hit me like a brick today.
Lately I’ve been thinking that before the Open Source revolution we had too little software, and now after the Open Source revolution we have too much software – 90% of which is of course dreck. But figuring out which 10% you should be designing into your products and services is a problem made much harder when API and ABI portability was in-scope. Somebody should port BIND9 to NextBSD.
Most days I am the cranky middle aged “hey you kids get off my lawn” guy. But today I am upbeat and more hopeful than fearful about the digital era, because good fences make good neighbors, and many of the Internet security problems the world has lived with in recent decades become somewhat more tractable in small-VM service model.
Greetings from Stockholm, which like San Francisco and Washington DC, wears early October well.
Author: Paul Vixie
CyberGreen Statistics Advisory Group Member