posts

Alpaquita Linux features explained

figure
Oct 27, 2022
Dmitry Chuyko

Alpaquita Linux won the performance race beating the strong opposition of popular Linux distributions for Cloud and Server. What makes Alpaquita so fast and adaptive to various performance challenges?

Key enhancements

Alpine served as a foundation for Alpaquita due to its size and performance. But it is based on musl libc, which can be inferior to glibc in some cases, and includes a malloc implementation not suitable for all workloads. Coupled with the lack of commercial support and LTS releases, Alpine is not always suitable for enterprise development despite being incredibly small and very popular.

We removed obsolete components, optimized core configurations, and hardened the security features to boost Alpaquita’s performance and make it an optimal choice for enterprise. Below is the description of the most representative changes we introduced to our Linux. 

Kernel

We balanced kernel options configuration for increased performance, including:

  • NUMA (non-uniform memory access) options enable memory placement with NUMA aware scheduler for faster memory access
  • Task group support (the CONFIG_RT_GROUP_SCHED option) enables the allocation of CPU bandwidth to realtime task groups. The allocated CPU time is dedicated to a realtime group performing a high-priority task, and the remaining CPU time is used for normal priority tasks, which helps to eliminate buffer underruns
  • BFQ (Budget Fair Queueing), a proportional-share low-latency I/O scheduler (the CONFIG_IOSCHED_BFQ and CONFIG_BFQ_GROUP_IOSCHED options) provides high app responsiveness and distributes bandwidth, not just time, among processes. Therefore, it helps to reduce latency in the case of interactive and soft real-time (audio and video players/streamers) applications
  • The CONFIG_NO_HZ_FULL option enables the reduction of scheduling-clock interrupts thus decreasing the OS jitter, which is important for high-performance computing and real-time apps, and improving energy efficiency

In addition, Alpaquita Linux is based on the LTS kernel, 5.10 currently with planned support period up to December 2026. LTS versions are stable and most suitable for enterprise use so that the companies could upgrade the software at their own pace.

Optimized libc

The paragon of our effort is optimized musl libc library, musl perf. It outperforms the default musl libc and keeps up with the performance of glibc in some cases leaving it behind as well.

To achieve this outstanding result, we performed the following optimizations:

  • We integrated additional optimization options, -O2 (increases code performance) and -O3 (provides even better code performance optimization). -O3 is used for internal, malloc, and string subsystems and -O2 for other subsystems. Alpine, on the contrary, utilizes only the -Os option for all subsystems (optimizes for size)
  • Contrary to Alpine, BellSoft’s musl supports indirect functions, which make it possible to select among multiple function implementations at runtime thus choosing the fastest one for a given processor. musl perf also supports various CPU-specific ASM functions (AVX512, EVEX, AVX2, SSE4, etc.) to boost the performance with a particular processor
  • To benefit from new CPU instructions, the OS must be able to discover them. musl perf internally implements CPU features discovering

Thanks to these and other optimizations, musl perf performance has proven to be equal or superior to that of glibc. But if a company is using a glibc-based Linux and unwilling to migrate to another libc, we provide a glibc-based version of Alpaquita. This way, our customers can benefit from all Alpaquita advantages and forget about migration issues.

We also added three malloc implementations to the standard Alpine malloc for better performance with various workloads:

  • rpmalloc is the smallest allocator (64K) with lock free thread caching. It is faster than other mallocs with less overhead in thread caches
  • mimalloc (128K) is a small and consistent allocator with focus on performance. It is suitable for large scale low-latency services
  • jemalloc (616K) is a general purpose allocator emphasizing fragmentation avoidance and scalable concurrency support. It natively supports threads with little memory fragmentation and provides scalability in multi-threaded systems

Userspace

In our article dedicated to Alpine Linux, we explained what makes it so small yet efficient, namely the selection of compact and performant utilities and modules. We adopted similar mindset with Alpaquita and implemented the following userspace options:

  • Busybox is a set of command-line utilities of only 1 MB in size. It contains a set of 400 Unix utilities thus providing a small yet complete environment for system maintenance. In addition, developers can add or remove components as needed. For those who require a more sophisticated set of command-line options, we provide coreutils on-demand
  • apk (Alpine Package Keeper) is a small package manager providing additional size optimization
  • OpenRC is an init system without any unnecessary features, which makes it smaller than other Linux init systems, but efficient 
  • There are no graphics to keep the system size down

In addition, Alpaquita Linux is compatible with Docker. In fact, one of its habitats is BellSoft’s profile on Docker Hub, where you can select from a variety of ready-to-go container images. It also supports QEMU, which is used for emulation and virtualization. 

Security hardening

Excellent security is just as important for enterprise development as performance. We added enterprise-grade security features to Alpaquita Linux that, coupled with low attack surface, guarantee maximum protection, including but not limited to:

  • Kernel lockdown including early in boot to prevent both direct and indirect access to the running kernel image
  • Support for Secure Boot, an UEFI firmware security protocol validating the authenticity of the loaded code and thus ensuring that only immutable and signed software components are loaded during the boot time
  • Kernel module signing with SHA-512 forbids the loading of unsigned modules or modules signed with an invalid key
  • LTS releases and security updates based on the strict schedule help to keep the OS safe at all times
  • Security advisory (underway) will keep the users informed about discovered issues and available patches
  • Commercial 24/7 support with timely fixes and patches

Conclusion

These and other optimizations made Alpaquita Linux fast, secure, and incredibly flexible helping it to overcome hurdles that make other Linux distros jib. Try it out and see it for yourself!

Download Alpaquita Linux

Further reading

Want to compare Alpaquita’s performance to that of other Linux distributions? Discover our comparative study

Choosing an optimal Linux distribution for cloud or server? Read the overview of the most popular distros

Curious to know how to strengthen the security of your distro? Find out more about Linux security enhancement

posts
Alpaquita vs Alpine: a head-to-head comparison
figure
Nov 10, 2022
Dmitry Chuyko
shorts
Critical vulnerabilities in OpenSSL 3.0
Nov 11, 2022
Sergey Chernyshev

Find out about the newest CVEs discovered in OpenSSL 3.0 and how to eliminate the risk of exploits

Subcribe to our newsletter

figure

Read the industry news, receive solutions to your problems, and find the ways to save money.