Functional Networking for Millions of Docker Desktops (Experience Report)

8 min read Original article ↗

Abstract

Abstract

Docker is a developer tool used by millions of developers to build, share and run software stacks. The Docker Desktop clients for Mac and Windows have long used a novel combination of virtualisation and OCaml unikernels to seamlessly run Linux containers on these non-Linux hosts. We reflect on a decade of shipping this functional OCaml code into production across hundreds of millions of developer desktops, and discuss the lessons learnt from our experiences in integrating OCaml deeply into the container architecture that now drives much of the global cloud. We conclude by observing just how good a fit for systems programming that the unikernel approach has been, particularly when combined with the OCaml module and type system.

Summary

To view this AI-generated plain language summary, you must have Premium access.

Formats available

You can view the full content in the following formats:

References

[1]

Martín Abadi. 2016. TensorFlow: learning functions at scale. In Proceedings of the 21st ACM SIGPLAN International Conference on Functional Programming (ICFP 2016). Association for Computing Machinery, New York, NY, USA. 1. isbn:9781450342193 https://doi.org/10.1145/2951913.2976746

[2]

David Baelde, Romain Beauxis, and Samuel Mimram. 2011. Liquidsoap: A high-level programming language for multimedia streaming. In International Conference on Current Trends in Theory and Practice of Computer Science. 99–110. https://doi.org/10.1007/978-3-642-18381-2_8

[3]

Alexandro Baldassin, João Barreto, Daniel Castro, and Paolo Romano. 2021. Persistent memory: A survey of programming support and implementations. ACM Computing Surveys (CSUR), 54, 7 (2021), 1–37. https://doi.org/10.1145/3465402

[4]

Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. 2003. Xen and the art of virtualization. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles (SOSP ’03). Association for Computing Machinery, New York, NY, USA. 164–177. isbn:1581137575 https://doi.org/10.1145/945445.945462

[5]

Vincent Batts. 2016. Open Containers Initiative Image Specification. https://github.com/opencontainers/image-spec

[6]

Muli Ben-Yehuda, Michael D Day, Zvi Dubitzky, Michael Factor, Nadav Har’El, Abel Gordon, Anthony Liguori, Orit Wasserman, and Ben-Ami Yassour. 2010. The turtles project: Design and implementation of nested virtualization. In 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI 10). USENIX Association.

[7]

Edoardo Biagioni, Robert Harper, and Peter Lee. 2001. A Network Protocol Stack in Standard ML. Higher Order Symbol. Comput., 14, 4 (2001), Dec., 309–356. issn:1388-3690 https://doi.org/10.1023/A:1014403914699

[8]

Carl Boettiger. 2015. An introduction to Docker for reproducible research. ACM SIGOPS Operating Systems Review, 49, 1 (2015), 71–79. https://doi.org/10.1145/2723872.2723882

[9]

Brendan Burns, Joe Beda, Kelsey Hightower, and Lachlan Evenson. 2022. Kubernetes: up and running. OReilly Media.

[10]

Ludovic Courtès and Ricardo Wurmus. 2015. Reproducible and User-Controlled Software Environments in HPC with Guix. Springer International Publishing, 579–591. isbn:9783319273082 issn:1611-3349 https://doi.org/10.1007/978-3-319-27308-2_47

[11]

DataDog. 2015. Surprising Facts about Real Docker Adoption. https://www.datadoghq.com/docker-adoption/

[12]

Docker. 2024. Docker Stack Overflow Survey: Thank You. https://www.docker.com/blog/docker-stack-overflow-survey-thank-you-2024

[13]

Stephen Dolan, Leo White, and Anil Madhavapeddy. 2014. Multicore OCaml. In the 4th ACM OCaml Users and Developers Workshop.

[14]

Eelco Dolstra and Andres Löh. 2008. NixOS: A purely functional Linux distribution. In Proceedings of the 13th ACM SIGPLAN international conference on Functional programming. 367–378. https://doi.org/10.1145/1411204.1411255

[15]

Jacques Garrigue and Alain Frisch. 2010. First-class modules and composable signatures in Objective Caml 3.12. In ACM SIGPLAN Workshop on ML.

[16]

Aïna Linn Georges, Benjamin Peters, Laila Elbeheiry, Leo White, Stephen Dolan, Richard A. Eisenberg, Chris Casinghino, François Pottier, and Derek Dreyer. 2025. Data Race Freedom à la Mode. Proc. ACM Program. Lang., 9, POPL (2025), Article 23, Jan., 31 pages. https://doi.org/10.1145/3704859

[17]

Bob Glickstein and K. Hodgson. 1998. GNU Stow—Managing the Installation of Software Packages. https://www.gnu.org/software/stow/

[18]

Michael A. Harrison, Walter L. Ruzzo, and Jeffrey D. Ullman. 1976. Protection in operating systems. Commun. ACM, 19, 8 (1976), Aug., 461–471. issn:0001-0782 https://doi.org/10.1145/360303.360333

[19]

Brian Hayes. 2008. Cloud computing. Commun. ACM, 51, 7 (2008), July, 9–11. issn:0001-0782 https://doi.org/10.1145/1364782.1364786

[20]

Solomon Hykes. 2013. The future of Linux containers. https://www.youtube.com/watch?v=wW9CAH9nSLs

[21]

Docker Inc and the MirageOS team. 2025. OCaml QCow. https://github.com/mirage/ocaml-qcow/tree/main/lib

[22]

Nobutaka Kawaguchi, Charles Hart, and Hiroki Uchiyama. 2024. Understanding the Effectiveness of SBOM Generation Tools for Manually Installed Packages in Docker Containers. Journal of Internet Services and Information Security, 14, 3 (2024), 191–212.

[23]

Thomas Leonard, Patrick Ferris, Christiano Haesbaert, Lucas Pluvinage, Vesa Karvonen, Sudha Parimala, K Sivaramakrishnan, Vincent Balat, and Anil Madhavapeddy. 2023. Eio 1.0-effects-based IO for OCaml 5. In OCaml Workshop. 36.

[24]

Xavier Leroy, Damien Doligez, Alain Frisch, Jacques Garrigue, Didier Rémy, KC Sivaramakrishnan, and Jérôme Vouillon. 2023. The OCaml system release 5.1: Documentation and user’s manual. Ph. D. Dissertation. Inria.

[25]

Anton Lorenzen, Leo White, Stephen Dolan, Richard A. Eisenberg, and Sam Lindley. 2024. Oxidizing OCaml with Modal Memory Management. Proc. ACM Program. Lang., 8, ICFP (2024), Article 253, Aug., 30 pages. https://doi.org/10.1145/3674642

[26]

Anil Madhavapeddy. 2016. Improving Docker with Unikernels: Introducing HyperKit, VPNKit and DataKit. https://www.docker.com/blog/docker-unikernels-open-source/

[27]

Anil Madhavapeddy, Alex Ho, Tim Deegan, Dave Scott, and Ripduman Sohan. 2007. Melange: creating a "functional" internet. ACM SIGOPS Operating Systems Review, 41, 3 (2007), jun, 101–114. https://doi.org/10.1145/1272998.1273009

[28]

Anil Madhavapeddy, Thomas Leonard, Magnus Skjegstad, Thomas Gazagnaire, David Sheets, Dave Scott, Richard Mortier, Amir Chaudhry, Balraj Singh, Jon Ludlam, Jon Crowcroft, and Ian Leslie. 2015. Jitsu: Just-In-Time Summoning of Unikernels. In 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI 15). USENIX Association, Oakland, CA. 559–573. isbn:978-1-931971-218 https://www.usenix.org/conference/nsdi15/technical-sessions/presentation/madhavapeddy

[29]

Anil Madhavapeddy and Yaron Minsky. 2022. Real World OCaml: Functional Programming for the Masses. Cambridge University Press. https://doi.org/10.1017/9781009129220

[30]

Anil Madhavapeddy, Richard Mortier, Charalampos Rotsos, Dave Scott, Balraj Singh, Thomas Gazagnaire, Steven Smith, Steven Hand, and Jon Crowcroft. 2013. Unikernels: library operating systems for the cloud. In Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems. ACM, Houston Texas USA. 461–472. https://doi.org/10.1145/2451116.2451167

[31]

Anil Madhavapeddy and Dave Scott. 2013. Unikernels: Rise of the Virtual Library Operating System. ACM Queue, 11, 11 (2013), nov, 30–44. https://doi.org/10.1145/2557963.2566628

[32]

Luc Maranget. 2008. Compiling pattern matching to good decision trees. In Proceedings of the 2008 ACM SIGPLAN workshop on ML. 35–46.

[33]

Sebastiano Miano, Matteo Bertrone, Fulvio Risso, Massimo Tumolo, and Mauricio Vásquez Bernal. 2018. Creating complex network services with ebpf: Experience and lessons learned. In 2018 IEEE 19th International Conference on High Performance Switching and Routing (HPSR). 1–8.

[34]

Andrey Mokhov, Neil Mitchell, and Simon Peyton Jones. 2018. Build systems à la carte. Proc. ACM Program. Lang., 2, ICFP (2018), Article 79, July, 29 pages. https://doi.org/10.1145/3236774

[35]

Sam Newman. 2021. Building microservices. OReilly Media.

[36]

Stack Overflow. 2024. Stack Overflow Developer Survey 2024. https://survey.stackoverflow.co/2024/technology

[37]

Jay Palat. 2012. Introducing vagrant. Linux Journal, 2012, 220 (2012), 2.

[38]

Rob Pike, Dave Presotto, Ken Thompson, and Howard Trickey. 1990. Plan 9 from bell labs. In Proceedings of the summer 1990 UKUUG Conference. 1–9.

[39]

Kelly Price, Tom May, and Chris Moustakis. 1996. Slirp, the PPP/SLIP-on-terminal emulator. https://slirp.sourceforge.net

[40]

The Linuxkit Project. 2025. LinuxKit, a toolkit for building custom minimal, immutable Linux distributions. https://github.com/linuxkit/linuxkit

[41]

The XenServer Project. 2025. XenAPI. https://github.com/xapi-project/

[42]

Gabriel Radanne, Thomas Gazagnaire, Anil Madhavapeddy, Jeremy Yallop, Richard Mortier, Hannes Mehnert, Mindy Preston, and Dave Scott. 2019. Programming Unikernels in the Large via Functor Driven Development. https://doi.org/10.48550/arXiv.1905.02529

[43]

Andy Ray, Benjamin Devlin, Fu Yong Quah, and Rahul Yesantharao. 2023. Hardcaml: An OCaml hardware domain-specific language for efficient and robust design. arXiv preprint arXiv:2312.15035, https://doi.org/10.48550/arXiv.2312.15035

[44]

Rusty Russell. 2008. virtio: towards a de-facto standard for virtual I/O devices. ACM SIGOPS Operating Systems Review, 42, 5 (2008), 95–103.

[45]

Kazuki Sakamoto, Tomohiko Furumoto, Kazuki Sakamoto, and Tomohiko Furumoto. 2012. Grand central dispatch. Pro Multithreading and Memory Management for iOS and OS X, 139–145.

[46]

Dave Scott, Richard Sharp, Thomas Gazagnaire, and Anil Madhavapeddy. 2010. Using functional programming within an industrial product group: perspectives and perceptions. In Proceedings of the 15th ACM SIGPLAN international conference on Functional programming. ACM, Baltimore Maryland USA. 87–92. https://doi.org/10.1145/1863543.1863557

[47]

Dave Scott, Richard Sharp, and Anil Madhavapeddy. 2012. Programming the Xen cloud using OCaml. In the 1st ACM OCaml Users and Developers Workshop. ACM.

[48]

Omar Sefraoui, Mohammed Aissaoui, and Mohsine Eleuldj. 2012. OpenStack: toward an open-source solution for cloud computing. International Journal of Computer Applications, 55, 3 (2012).

[49]

KC Sivaramakrishnan, Stephen Dolan, Leo White, Sadiq Jaffer, Tom Kelly, Anmol Sahoo, Sudha Parimala, Atul Dhiman, and Anil Madhavapeddy. 2020. Retrofitting parallelism onto OCaml. Proceedings of the ACM on Programming Languages, 4, ICFP (2020), aug, 1–30. https://doi.org/10.1145/3408995

[50]

KC Sivaramakrishnan, Stephen Dolan, Leo White, Tom Kelly, Sadiq Jaffer, and Anil Madhavapeddy. 2021. Retrofitting effect handlers onto OCaml. In Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation. ACM, Virtual Canada. 206–221. https://doi.org/10.1145/3453483.3454039

[51]

Benedikt Spies and Markus Mock. 2021. An evaluation of webassembly in non-web environments. In 2021 XLVII Latin American Computing Conference (CLEI). 1–10.

[52]

James Turnbull. 2014. The Docker Book: Containerization is the new virtualization. James Turnbull. https://dockerbook.com/

[53]

Alexander Viro. 2001. Per-process namespaces for Linux. https://lore.kernel.org/all/[email protected]/

[54]

Samuel Vivien, Didier Rémy, Thomas Réfis, and Gabriel Scherer. 2024. On the design and implementation of Modular Explicits. Sept., https://cambium.inria.fr/~remy/ocamod/implicits.html Presented at the OCaml 2024 workshop, available electronically

[55]

Jérôme Vouillon. 2008. Lwt: a cooperative thread library. In Proceedings of the 2008 ACM SIGPLAN workshop on ML. 3–12.

[56]

Daniel Walsh. 2023. Podman in Action: Secure, rootless containers for Kubernetes, microservices, and more. Simon and Schuster.

[57]

Jon Watson. 2008. Virtualbox: bits and bytes masquerading as machines. Linux Journal, 2008, 166 (2008), 1.

[58]

Leo White, Frédéric Bour, and Jeremy Yallop. 2015. Modular implicits. arXiv preprint arXiv:1512.01895.

[59]

Jeremy Yallop, David Sheets, and Anil Madhavapeddy. 2018. A modular foreign function interface. Science of Computer Programming, 164 (2018), oct, 82–97. https://doi.org/10.1016/j.scico.2017.04.002

[60]

Ethan G. Young, Pengfei Zhu, Tyler Caraza-Harter, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau. 2019. The True Cost of Containing: A gVisor Case Study. In 11th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud 19). USENIX Association, Renton, WA. https://www.usenix.org/conference/hotcloud19/presentation/young