Analyzing Netflix's Container Scaling Challenges on Modern CPUs

Netflix's engineering team encountered a unique challenge while optimizing container scaling on modern CPUs to ensure consistent streaming performance. Their efforts revealed critical bottlenecks in the CPU architecture itself, impacting the efficiency of containerized workloads. By investigating system-level issues, they uncovered insights into mount lock contention and its effects on container runtimes.

The Role of Containers in Netflix's Streaming Architecture

Containers play a central role in Netflix's ability to deliver streaming services to millions of users. Each request to play a video activates hundreds of containerized processes to handle the workload. This approach ensures scalability, reliability, and efficient resource utilization. However, as the platform migrated to a new container platform, engineers observed performance bottlenecks in specific scenarios.

The platform relies on Amazon Web Services (AWS) to provision new server instances. When demand spikes, new containers are deployed rapidly to meet user needs. These containers are assigned to nodes until the resources of the node are fully utilized. Issues arose when some nodes began to stall or timeout, affecting their ability to serve requests promptly.

Identifying the Bottleneck in CPU Performance

Through detailed analysis, Netflix engineers identified that the performance bottleneck was linked to the mount table on affected nodes. The mount table length increased dramatically during container creation, leading to prolonged delays in processing. In some instances, health checks timed out after 30 seconds, and system processes like systemd were overwhelmed.

Further investigation revealed that most affected nodes were r5.metal instances. These instances experienced delays due to the large number of container image layers being mounted during initialization. This caused system-level contention, with key processes, such as kubelet and containerd, timing out when attempting to manage these operations.

Understanding Mount Lock Contention

The root cause of the delays was traced to mount lock contention during container initialization. Each container's root filesystem required mounting several layers, and the process of acquiring kernel-level locks for these operations introduced significant overhead. This issue was exacerbated by the growing complexity of the container images being deployed.

A flamegraph analysis confirmed that containerd spent most of its time waiting for these kernel-level locks. These delays not only slowed down container initialization but also risked system stability, as nodes could become unresponsive under heavy load.

System-Level Impacts on Kubernetes and Containerd

The delays caused by mount lock contention had ripple effects on the Kubernetes orchestration layer. The kubelet, responsible for managing container lifecycles, frequently timed out when communicating with containerd. These timeouts disrupted the scheduling and deployment of new containers, leading to cascading failures in the infrastructure.

Engineers also observed that systemd, the system and service manager, was overwhelmed by the volume of mount events. This led to a significant portion of system resources being consumed by processing these events, further compounding the problem. Affected nodes risked complete lockups under these conditions.

Lessons Learned and Future Strategies

Netflix's experience highlights the importance of understanding the interaction between software and hardware at scale. Their findings emphasize the need for optimized container image designs with fewer layers to minimize mount-related delays. Additionally, re-evaluating the choice of hardware, such as the r5.metal instances, is crucial for achieving better performance.

Future strategies may include the adoption of lightweight container runtimes or alternative approaches to managing container filesystems. By addressing these challenges, Netflix aims to enhance the efficiency of its streaming platform and provide a seamless experience for users worldwide.