Xing Gao,Zhongshu Gu,Zhengfa Li,Hani Jamjoom,Cong Wang

DOI: https://doi.org/10.1145/3319535.3354227

2019-01-01

Abstract:Linux Control Groups, i.e., cgroups, are the key building blocks to enable operating-system-level containerization. The cgroups mechanism partitions processes into hierarchical groups and applies different controllers to manage system resources, including CPU, memory, block I/O, etc. Newly spawned child processes automatically copy cgroups attributes from their parents to enforce resource control. Unfortunately, inherited cgroups confinement via process creation does not always guarantee consistent and fair resource accounting. In this paper, we devise a set of exploiting strategies to generate out-of-band>workloads via de-associating processes from their original process groups. The system resources consumed by such workloads will not be charged to the appropriate cgroups. To further demonstrate the feasibility, we present five case studies within Docker containers to demonstrate how to break the resource rein of cgroups in realistic scenarios. Even worse, by exploiting those cgroups' insufficiencies in a multi-tenant container environment, an adversarial container is able to greatly amplify the amount of consumed resources, significantly slow-down other containers on the same host, and gain extra unfair advantages on the system resources. We conduct extensive experiments on both a local testbed and an Amazon EC2 cloud dedicated server. The experimental results demonstrate that a container can consume system resources (e.g., CPU) as much as $200\times$ of its limit, and reduce both computing and I/O performance of particular workloads in other co-resident containers by 95%.

Ilias Mavridis,Helen Karatza

DOI: https://doi.org/10.1002/cpe.6365

2021-05-24

Concurrency and Computation: Practice and Experience

Abstract:<p>Containers emerge as the prevalent virtualization technology in cloud computing. Containers are more light-weight and agile compared to traditional virtual machines (VMs), since they provide virtualization at the operating system level. There are specific factors driving the container adoption in cloud, however, the main disadvantage of container-based virtualization technologies is poor isolation. To address isolation and security-related issues, new container runtimes appeared. In this study we present and evaluate the most common security-oriented runtimes, Kata, gVisor and Nabla, running with Docker, Containerd, and CRI-O. We deploy containers for all the aforementioned container solutions, as well as the default Kubernetes runtime runc, on a Kubernetes cluster and additionally on a Docker node. Moreover, in a similar way to containers, we deploy and evaluate unikernels and security-oriented lightweight Linux-based VMs running on Kubernetes cluster. To evaluate container runtimes, we take under consideration Firecracker microVM too. To automate the deployment of high isolated containers and VMs on Kubernetes clusters, we have developed our own tool. Finally, we recognize the increasing interest on Function-as-a-Service and other serverless architectures. In the same direction with these emerging cloud computing services, we have extended the Kubeless serverless framework to support security-oriented container runtimes.</p>

Amelie Chi Zhou,Rongzheng Huang,Zhoubin Ke,Yusen Li,Yi Wang,Rui Mao

DOI: https://doi.org/10.1109/ipdps57955.2024.00017

2024-01-01

Abstract:In Serverless Computing, function cold-start is a major issue that causes delay of the system. Various solutions have been proposed to address function cold-start issue, among which keeping containers alive after function completion is an easy and commonly adopted way in real serverless clouds. However, when reusing warm containers for function warm starts, existing systems only match functions to containers with the same configurations. This greatly limits the warm resource utilization. Our analysis of real-world applications reveals that many serverless applications share the same operating system and language frameworks. Thus, we propose multi-level container reuse that tries to reduce the startup latency of functions using "similar" containers to greatly improve warm resource utilization. Due to the complexity of selecting the best container reuse solutions, we designed a Deep Reinforcement Learning (DRL) based scheduler to efficiently and effectively address the problem. Moreover, we released a new serverless benchmark named FStartBench that contains detailed package information for comparing the effectiveness of different function cold-start methods. Experiments based on FStartBench show that, given a warm resource pool with fixed size, our DRL-based scheduler can achieve up to 53% reduction on the average function startup latency compared to state-of-the-art solutions.

Yulin Sun,Deepak Vij,Fenge Li,Wenjian Guo,Ying Xiong

2023-05-18

Abstract:Serverless computing is a popular cloud computing paradigm, which requires low response latency to handle on-demand user requests. There are two prominent techniques employed for reducing the response latency: keep fully initialized containers alive (Warm Container) or reduce the new container startup (cold start) latency. This paper presents the 3rd container startup mode: Hibernate Container, which starts faster than the cold start container mode and consumes less memory than the Warm Container mode. Hibernate Container is essentially a "deflated" Warm Container. Its application memory is swapped out to disk, the freed memory is reclaimed and file based mmap memory is cleaned-up. The Hibernate Container's deflated memory is inflated in response to user requests. As Hibernate Container's application is fully initialized, its response latency is less than the cold start mode; and as the application memory is deflated, its memory consumption is less than the Warm Container mode. Additionally, when a Hibernate Container is "woken up" to process a request, the Woken-up Container has similar response latency to Warm Container but less memory consumption because not all the deflated memory needs to be inflated. We implemented the Hibernate technique as part of the open source Quark secure container runtime project and our test demonstrated that Hibernate Container consumes about 7\% to 25\% of the Warm Container memory. All of this results in a higher deployment density, lower latency and appreciable improvements in the overall system performance.

Distributed, Parallel, and Cluster Computing

Chenxingyu Zhao,Yulin Sun,Ying Xiong,Arvind Krishnamurthy

2023-10-07

Abstract:Secure container runtimes serve as the foundational layer for creating and running containers, which is the bedrock of emerging computing paradigms like microservices and serverless computing. Although existing secure container runtimes indeed enhance security via running containers over a guest kernel and a Virtual Machine Monitor (VMM or Hypervisor), they incur performance penalties in critical areas such as networking, container startup, and I/O system calls. In our practice of operating microservices and serverless computing, we build a high-performance secure container runtime named Quark. Unlike existing solutions that rely on traditional VM technologies by importing Linux for the guest kernel and QEMU for the VMM, we take a different approach to building Quark from the ground up, paving the way for extreme customization to unlock high performance. Our development centers on co-designing a custom guest kernel and a VMM for secure containers. To this end, we build a lightweight guest OS kernel named QKernel and a specialized VMM named QVisor. The QKernel-QVisor codesign allows us to deliver three key advancements: high-performance RDMA-based container networking, fast container startup mode, and efficient mechanisms for executing I/O syscalls. In our practice with real-world apps like Redis, Quark cuts down P95 latency by 79.3% and increases throughput by 2.43x compared to Kata. Moreover, Quark container startup achieves 96.5% lower latency than the cold-start mode while saving 81.3% memory cost to the keep-warm mode. Quark is open-source with an industry-standard codebase in Rust.

Networking and Internet Architecture

Yunzhuo Liu,Junchen Guo,Bo Jiang,Pengyu Zhang,Xiaoqing Sun,Yang Song,Wei Ren,Zhiyuan Hou,Biao Lyu,Rong Wen,Shunmin Zhu,Xinbing Wang

DOI: https://doi.org/10.1145/3646547.3688436

2024-01-01

Abstract:In this paper, we use empirical measurements to show that container network startup is a key factor that contributes to the slow startup of secure containers in multi-tenant clouds, especially in the scenario of serverless computing, where the issue is pronounced by high-volume concurrent container invocations. We conduct extensive and detailed analysis on existing Container Network Interface (CNI) plugins and show that even the fastest one doubles the startup time from the no-network scenario. We show that the major cause of the blowup in total startup time is that enabling networking significantly increases the contention among different startup stages, particularly for global Linux kernel locks, including the Routing Table NetLink (RTNL) mutex lock and various spin locks. We reveal that contending for these locks hinders startup performance in three ways, including directly increasing stage time, causing poor pipeline overlap and wasting CPU resources. To mitigate such kernel lock contention, we propose a multi-stage concurrency control mechanism based on Bayesian optimization to limit the concurrency of each contended stage. Our results show that this lightweight mechanism can effectively reduce the end-to-end container startup time by 18.8% with negligible extra overhead.

Wei Liu,Jun Yan,Xingshen Wei,Haiqing Wang,Shishun Zhu

DOI: https://doi.org/10.1109/cieec50170.2021.9510589

2021-05-28

Abstract:In recent years, due to the elastic container technical characteristics and active open source community support, container technology has become an important basic technology for the new digital infrastructure of power. Now, the container technology is very popular and widely used in power cloud platform, but the problem of power system security risk caused by container can’t be ignored. Aiming at the problem of container security, this paper proposes a lightweight container security enhancement framework. Based on the methods of lightweight hardware virtualization isolation, cloud trust, and transparent encryption and decryption of container data, we implemented the container framework in the power cloud platform. Experiments show that the mechanism has played a practical role and has little impact on the business in terms of performance.

Zijun Li,Linsong Guo,Quan Chen,Jiagan Cheng,Chuhao Xu,Deze Zeng,Zhuo Song,Tao Ma,Yong Yang,Chao Li,Minyi Guo

2022-01-01

Abstract:In serverless computing, each function invocation is executed in a container (or a Virtual Machine), and container cold startup results in long response latency. We observe that some functions suffer from cold container startup, while the warm containers of other functions are idle. Based on the observation, other than booting a new container for a function from scratch, we propose to alleviate the cold startup by re-purposing a warm but idle container from another function. We implement a container management scheme, named Pagurus, to achieve the purpose. Pagurus comprises an intra-function manager for replacing an idle warm container to be a container that other functions can use without introducing additional security issues, an inter-function scheduler for scheduling containers between functions, and a sharing-aware function balancer at the cluster-level for balancing the workload across different nodes. Experiments using Azure serverless traces show that Pagurus alleviates 84.6% of the cold startup, and the cold startup latency is reduced from hundreds of milliseconds to 16 milliseconds if alleviated.

Daniele Buono,Peter Pietzuch,Carlos Segarra,Tobin Feldman-Fitzthum

DOI: https://doi.org/10.1145/3642977.3652097

2024-04-22

Abstract:Serverless computing allows users to execute pieces of code (so called functions) on-demand in the cloud without having to provision any hardware resources. However, by executing in the cloud and delegating control over hardware resources, the integrity of the execution and the confidentiality of function code and data are at the mercy of the cloud provider and serverless runtime. Confidential computing aims to remove trust from the cloud provider by executing applications inside hardware enclaves. In spite of the increasing adoption of confidential computing, designing a confidential serverless runtime with moderate performance overhead remains an open challenge. In this short article we present our experience porting the Knative serverless runtime to a confidential setting using Confidential Containers (CoCo), a technology that allows the execution of unmodified (encrypted) container images inside confidential VMs (cVMs). Our results show that cVMs are not ready to execute container-based serverless functions. Starting a serverless function in a CoCo from an encrypted container image with attestation takes up to 17 seconds. Starting 16 serverless functions concurrently takes more than three minutes, 20× slower than its non-confidential counterpart. We analyze the main sources of overhead, and outline the research challenges to bridge the gap between confidential and serverless computing.

Computer Science,Engineering

Hang Huang,Jiangshan Lai,Jia Rao,Hui Lu,Wenlong Hou,Hang Su,Quan Xu,Jiang Zhong,Jiahao Zeng,Xu Wang,Zhengyu He,Weidong Han,Jiang Liu,Tao Ma,Song Wu

DOI: https://doi.org/10.1145/3600006.3613158

2023-01-01

Abstract:In cloud-native environments, containers are often deployed within lightweight virtual machines (VMs) to ensure strong security isolation and privacy protection. With the growing demand for customized cloud services, third-party vendors are turning to infrastructure-as-a-service (IaaS) cloud providers to build their own cloud-native platforms, necessitating the need to run a VM or a guest that hosts containers inside another VM instance leased from an IaaS cloud. State-of-the-art nested virtualization in the x86 architecture relies heavily on the host hypervisor to expose hardware virtualization support to the guest hypervisor, not only complicating cloud management but also raising concerns about an increased attack surface at the host hypervisor. This paper presents the design and implementation of PVM, a high-performance guest hypervisor for KVM that is transparent to the host hypervisor and assumes no hardware virtualization support. PVM leverages two key designs: 1) a minimal shared memory region between the guest and guest hypervisor to facilitate state transition between different privilege levels and 2) an efficient shadow page table design to reduce the cost of memory virtualization. PVM has been adopted by Alibaba Cloud for hosting tens of thousands of secure containers on a daily basis. Our experiments demonstrate that PVM significantly outperforms current nested virtualization in KVM for memory virtualization, particularly for concurrent workloads, while maintaining comparable performance in CPU and I/O virtualization.

Yuepeng Li,Deze Zeng,Lin Gu,Mingwei Ou,Quan Chen

DOI: https://doi.org/10.1109/infocom53939.2023.10228916

2023-01-01

Abstract:The cold startup of the container is regarded as a crucial problem to the performance of serverless computing, especially to the resource-capacitated edge clouds. Pre-warming hot containers has been proved as an efficient solution but is at the expense of high memory consumption. Instead of pre-warming a complete container for a function, recent studies advocate Zygote container, which pre-imports some packages and is able to import the other dependent packages at runtime, so as to avoid the cold startup problem. However, as different functions have different package dependencies, how to plan the Zygote generation and pre-warming in a resource-capacitated edge cloud becomes a critical challenge. In this paper, aiming to minimize the overall function startup time and subjective to the resource capacity constraints, we formulate this problem into a Quadratic Integer Programming (QIP) form. We further propose a Randomized Rounding based Zygote Planning (RRZP) algorithm. The performance efficiency of our algorithm is proved via both theoretical analysis and trace-driven simulations. The results show that our algorithm can significantly reduce the startup time by 25.6%.

Xingda Wei,Fangming Lu,Tianxia Wang,Jinyu Gu,Yuhan Yang,Rong Chen,Haibo Chen

DOI: https://doi.org/10.48550/arxiv.2203.10225

2022-01-01

Abstract: Serverless platforms essentially face a tradeoff between container startup time and provisioned concurrency (i.e., cached instances), which is further exaggerated by the frequent need for remote container initialization. This paper presents MITOSIS, an operating system primitive that provides fast remote fork, which exploits a deep codesign of the OS kernel with RDMA. By leveraging the fast remote read capability of RDMA and partial state transfer across serverless containers, MITOSIS bridges the performance gap between local and remote container initialization. MITOSIS is the first to fork over 10,000 new containers from one instance across multiple machines within a second, while allowing the new containers to efficiently transfer the pre-materialized states of the forked one. We have implemented MITOSIS on Linux and integrated it with FN, a popular serverless platform. Under load spikes in real-world serverless workloads, MITOSIS reduces the function tail latency by 89% with orders of magnitude lower memory usage. For serverless workflow that requires state transfer, MITOSIS improves its execution time by 86%.

Shanxing Pan,Hongyu Zhao,Zinuo Cai,Dongmei Li,Ruhui Ma,Haibing Guan

DOI: https://doi.org/10.1109/tsusc.2023.3311197

2024-01-01

IEEE Transactions on Sustainable Computing

Abstract:In recent years, serverless computing has garnered significant attention owing to its high scalability, pay-as-you-go billing model, and efficient resource management provided by cloud service providers. Optimal resource scheduling of serverless computing has become imperative to reduce energy consumption and enable sustainable computing. However, existing serverless platforms encounter two significant challenges: the cold-start problem of containers and the absence of an effective resource allocation strategy for serverless workflows. Existing pre-warm strategies are associated with high computational overhead, while current resource scheduling techniques inadequately account for the intricate structure of serverless workflows. To address these challenges, we present SSC, a pre-warming and automatic resource allocation framework designed explicitly for serverless workflows. We introduce an innovative gradient-based algorithm for pre-warming containers, significantly reducing cold start hit rates. Moreover, leveraging a critical path and priority queue-based algorithm, SSC enables efficient allocation of resources for serverless workflows. In our experimental evaluation, SSC reduces the cold start hit rate by nearly $50\%$ and achieves substantial cost savings of approximately $30\%$ .

Wenzhi Chen,Lei Xu,Guoxi Li,Yang Xiang

DOI: https://doi.org/10.1109/tc.2015.2389791

IF: 3.183

2015-01-01

IEEE Transactions on Computers

Abstract:Mobile virtualization has emerged fairly recently and is considered a valuable way to mitigate security risks on Android devices. However, major challenges in mobile virtualization include runtime, hardware, resource overhead, and compatibility. In this paper, we propose a lightweight Android virtualization solution named Condroid, which is based on container technology. Condroid utilizes resource isolation based on namespaces feature and resource control based on cgroups feature. By leveraging them, Condroid can host multiple independent Android virtual machines on a single kernel to support mutilple Android containers. Furthermore, our implementation presents both a system service sharing mechanism to reduce memory utilization and a filesystem sharing mechanism to reduce storage usage. The evaluation results on Google Nexus 5 demonstrate that Condroid is feasible in terms of runtime, hardware resource overhead, and compatibility. Therefore, we find that Condroid has a higher performance than other virtualization solutions.

Huiba Li,Zhihao Zhang,Yifan Yuan,Rui Du,Kai Ma,Lanzheng Liu,Yiming Zhang,Windsor Hsu

DOI: https://doi.org/10.1145/3620672

2024-01-01

ACM Transactions on Storage

Abstract:Businesses increasingly need agile and elastic computing infrastructure to respond quickly to real world situations. By offering efficient process-based virtualization and a layered image system, containers are designed to enable agile and elastic application deployment. However, creating or updating large container clusters is still slow due to the image downloading and unpacking process. In this paper, we present DADI Image Service, a block-level image service for increased agility and elasticity in deploying applications. DADI replaces the waterfall model of starting containers (downloading image, unpacking image, starting container) with fine-grained on-demand transfer of remote images, realizing instant start of containers. To accelerate the cold start of containers, DADI designs a pull-based prefetching mechanism which allows a host to read necessary image data beforehand at the granularity of image layers. We design a P2P-based decentralized image sharing architecture to balance traffic among all the participating hosts and propose a pull-push collaborative prefetching mechanism to accelerate cold start. DADI efficiently supports various kinds of runtimes including cgroups, QEMU, etc., further realizing “build once, run anywhere”. DADI has been deployed at scale in the production environment of Alibaba, serving one of the world’s largest ecommerce platforms. Performance results show that DADI can cold start 10,000 containers on 1,000 hosts within 4 seconds.

Zhengjun Xu,Haitao Zhang,Xin Geng,Qiong Wu,Huadong Ma

DOI: https://doi.org/10.1109/icpads47876.2019.00011

2019-01-01

Abstract:Serverless computing has emerged as a new compelling paradigm for the deployment of applications and services, which enables developers to focus more on business logic rather than on infrastructure. Serverless computing platform enables the function container scales to zero, which results in a serious problem called cold start. Cold start severely affects the responsiveness of serverless computing platform and limits the use and adoption of serverless computing by a broader range of applications. The traditional strategies reduce the cold start latency at the expense of resources. How to simultaneously minimize the cold start latency and reduce the resources consumption of strategy implementation is a challenging problem. In this paper, we firstly propose an Adaptive Warm-Up Strategy (AWUS) to predict the function invoking time and warm up the functions, thus reducing the cold start latency. We use the function chain model to improve the AWUS. We adopt a fine-grained regression method to predict non-first functions in the function chain more accurately. Secondly, we propose an Adaptive Container Pool Scaling Strategy (ACPSS) to reduce the function launching time. We dynamically adjust the capacity of the container pool to reduce the resources waste. The AWUS and ACPSS work together to reduce the cold start latency and the resources waste. Finally, we implement a serverless computing platform and conduct extensive experiments to evaluate our strategy. The evaluation results demonstrate the effectiveness of our strategies.

Xinxi Lu,Nan Li,Lijuan Yuan,Juan Zhang

DOI: https://doi.org/10.3390/electronics13112168

IF: 2.9

2024-06-02

Electronics

Abstract:Traditional container orchestration platforms often suffer from resource wastage in educational settings, and stateless serverless services face challenges in maintaining container state persistence during the teaching process. To address these issues, we propose a stateful serverless mechanism based on Containerd and Kubernetes, focusing on optimizing the startup process for container groups. We first implement a checkpoint/restore framework for container states, providing fundamental support for managing stateful containers. Building on this foundation, we propose the concept of "container groups" to address the challenges in educational practice scenarios characterized by a large number of similar containers on the same node. We then propose the Rofuse optimization mechanism, which employs delayed loading and block-level deduplication techniques. This enables containers within the same group to reuse locally cached file system data at the block level, thus reducing container restart latency. Experimental results demonstrate that our stateful serverless mechanism can run smoothly in typical educational practice scenarios, and Rofuse reduces the container restart time by approximately 50% compared to existing solutions. This research provides valuable exploration for serverless practices in the education domain, contributing new perspectives and methods to improve resource utilization efficiency and flexibility in teaching environments.

engineering, electrical & electronic,computer science, information systems,physics, applied

Ao Wang,Shuai Chang,Huangshi Tian,Hongqi Wang,Haoran Yang,Huiba Li,Rui Du,Yue Cheng

DOI: https://doi.org/10.48550/arXiv.2105.11229

2021-07-15

Abstract:Serverless computing, or Function-as-a-Service (FaaS), enables a new way of building and scaling applications by allowing users to deploy fine-grained functions while providing fully-managed resource provisioning and auto-scaling. Custom FaaS container support is gaining traction as it enables better control over OSes, versioning, and tooling for modernizing FaaS applications. However, providing rapid container provisioning introduces non-trivial challenges for FaaS providers, since container provisioning is costly, and real-world FaaS workloads exhibit highly dynamic patterns. In this paper, we design FaaSNet, a highly-scalable middleware system for accelerating FaaS container provisioning. FaaSNet is driven by the workload and infrastructure requirements of the FaaS platform at one of the world's largest cloud providers, Alibaba Cloud Function Compute. FaaSNet enables scalable container provisioning via a lightweight, adaptive function tree (FT) structure. FaaSNet uses an I/O efficient, on-demand fetching mechanism to further reduce provisioning costs at scale. We implement and integrate FaaSNet in Alibaba Cloud Function Compute. Evaluation results show that FaaSNet: (1) finishes provisioning 2500 function containers on 1000 virtual machines in 8.3 seconds, (2) scales 13.4x and 16.3x faster than Alibaba Cloud's current FaaS platform and a state-of-the-art P2P container registry (Kraken), respectively, and (3) sustains a bursty workload using 75.2% less time than an optimized baseline.

Distributed, Parallel, and Cluster Computing

Filipe Manco,Costin Lupu,Florian Schmidt,Jose Mendes,Simon Kuenzer,Sumit Sati,Kenichi Yasukata,Costin Raiciu,Felipe Huici

DOI: https://doi.org/10.1145/3132747.3132763

2017-10-14

Abstract:Containers are in great demand because they are lightweight when compared to virtual machines. On the downside, containers offer weaker isolation than VMs, to the point where people run containers in virtual machines to achieve proper isolation. In this paper, we examine whether there is indeed a strict tradeoff between isolation (VMs) and efficiency (containers). We find that VMs can be as nimble as containers, as long as they are small and the toolstack is fast enough. We achieve lightweight VMs by using unikernels for specialized applications and with Tinyx, a tool that enables creating tailor-made, trimmed-down Linux virtual machines. By themselves, lightweight virtual machines are not enough to ensure good performance since the virtualization control plane (the toolstack) becomes the performance bottleneck. We present LightVM, a new virtualization solution based on Xen that is optimized to offer fast boot-times regardless of the number of active VMs. LightVM features a complete redesign of Xen&#x27;s control plane, transforming its centralized operation to a distributed one where interactions with the hypervisor are reduced to a minimum. LightVM can boot a VM in 2.3ms, comparable to fork/exec on Linux (1ms), and two orders of magnitude faster than Docker. LightVM can pack thousands of LightVM guests on modest hardware with memory and CPU usage comparable to that of processes.

Song Wu,Chao Niu,Jia Rao,Hai Jin,Xiaohai Dai

DOI: https://doi.org/10.1109/ipdps.2017.47

2017-01-01

Abstract:With the explosive growth of smartphones and cloud computing, mobile cloud, which leverages cloud resource to boost the performance of mobile applications, becomes attrac- tive. Many efforts have been made to improve the performance and reduce energy consumption of mobile devices by offloading computational codes to the cloud. However, the offloading cost caused by the cloud platform has been ignored for many years. In this paper, we propose Rattrap, a lightweight cloud platform which improves the offloading performance from cloud side. To achieve such goals, we analyze the characteristics of typical of- floading workloads and design our platform solution accordingly. Rattrap develops a new runtime environment, Cloud Android Container, for mobile computation offloading, replacing heavy- weight virtual machines (VMs). Our design exploits the idea of running operating systems with differential kernel features inside containers with driver extensions, which partially breaks the limitation of OS-level virtualization. With proposed resource sharing and code cache mechanism, Rattrap fundamentally improves the offloading performance. Our evaluation shows that Rattrap not only reduces the startup time of runtime environments and shows an average speedup of 16x, but also saves a large amount of system resources such as 75% memory footprint and at least 79% disk capacity. Moreover, Rattrap improves offloading response by as high as 63% over the cloud platform based on VM, and thus saving the battery life.