Summary
Hello, based on an early version of microsandbox (commit ba02ae334e319faefd8c18dde34bce9822ab3df5), we conducted a POC (Proof of Concept) to validate the use of OverlayBD images as an alternative rootfs backend for microsandbox.
Problem: OCI Image Cold-Start Overhead
When cold-starting a sandbox with a standard OCI image, the entire image must be downloaded and extracted before the sandbox can boot. For multi-layer images, this process is time-consuming and significantly increases startup latency — especially in environments where fast provisioning is critical.
$ time msr python-oci -e 'python -c print("hello world!")'
✓ Fetch image details
✓ Download layers 11 / 11
✓ Extracting layers 11 / 11
hello world!
real 0m20.098s
user 0m7.747s
sys 0m3.187sWhat is OverlayBD?
OverlayBD (Overlay Block Device) is a container image format and storage backend developed under the containerd project. It exposes OCI container images as virtual block devices, enabling:
-
On-demand image loading — Layer data is fetched from the registry at the block level on demand, eliminating the need for a full image pull. This dramatically reduces cold-start time.
-
Writable block device as rootfs — The image is exposed as a virtual block device (/dev/sdX) via TCMU and passed to the microVM through virtio-blk, enabling direct block-level writes without copy-on-write overhead.
-
Better I/O performance — virtio-blk provides significantly better small-file read/write performance compared to virtiofs.
-
NO COPY-ON-WRITE OVERHEAD — OverlayBD tracks diffs at the sector level. Only the affected sectors are written to the upper layer (data.lsmt), with no file-level copy-up. This is critical for:
- Online snapshots — only sector-level diffs need to be persisted, making snapshots fast and lightweight.
- Sandbox forking — a new writable layer on top of the current state is all that's needed; near-zero overhead, no CoW amplification.
OverlayBD (sector-level diff):
┌──────────────────────┐
│ Write to 1 byte of │
│ a 100MB file │
├──────────────────────┤
│ → write 1 sector │
│ (512B / 4KB) │
└──────────────────────┘
Performance Comparison
A simple cold-start benchmark over the public internet shows a ~5x improvement with OverlayBD:
| Image Type |
Cold-Start Time |
| OCI Image |
~20.1s |
| OverlayBD Image |
~3.9s |
OverlayBD Image
$ time msr python-overlaybd -e 'python -c print("hello world!")'
✓ Fetch image details
hello world!
real 0m3.949s
user 0m0.193s
sys 0m0.144sOCI Image
$ time msr python-oci -e 'python -c print("hello world!")'
✓ Fetch image details
✓ Download layers 11 / 11
✓ Extracting layers 11 / 11
hello world!
real 0m20.098s
user 0m7.747s
sys 0m3.187sSandboxfile Example
sandboxes:
python-overlaybd:
image: 'overlaybd/python:c63f71c375c2_overlaybd'
memory: 1024
cpus: 1
block_device:
size: 64
filesystem: ext4
sparse: trueNext Steps
If the team finds this direction worth pursuing, I'm happy to rebase the work onto the current main branch and submit a PR with a clean implementation.
References
Summary
Hello, based on an early version of microsandbox (commit
ba02ae334e319faefd8c18dde34bce9822ab3df5), we conducted a POC (Proof of Concept) to validate the use of OverlayBD images as an alternative rootfs backend for microsandbox.Problem: OCI Image Cold-Start Overhead
When cold-starting a sandbox with a standard OCI image, the entire image must be downloaded and extracted before the sandbox can boot. For multi-layer images, this process is time-consuming and significantly increases startup latency — especially in environments where fast provisioning is critical.
What is OverlayBD?
OverlayBD (Overlay Block Device) is a container image format and storage backend developed under the containerd project. It exposes OCI container images as virtual block devices, enabling:
On-demand image loading — Layer data is fetched from the registry at the block level on demand, eliminating the need for a full image pull. This dramatically reduces cold-start time.
Writable block device as rootfs — The image is exposed as a virtual block device (
/dev/sdX) via TCMU and passed to the microVM through virtio-blk, enabling direct block-level writes without copy-on-write overhead.Better I/O performance — virtio-blk provides significantly better small-file read/write performance compared to virtiofs.
NO COPY-ON-WRITE OVERHEAD — OverlayBD tracks diffs at the sector level. Only the affected sectors are written to the upper layer (
data.lsmt), with no file-level copy-up. This is critical for:Performance Comparison
A simple cold-start benchmark over the public internet shows a ~5x improvement with OverlayBD:
OverlayBD Image
OCI Image
Sandboxfile Example
Next Steps
If the team finds this direction worth pursuing, I'm happy to rebase the work onto the current main branch and submit a PR with a clean implementation.
References