CDX-301d · Module 2

CPU & Memory Limits

3 min read

CPU allocation in Firecracker microVMs is enforced at the hypervisor level using vCPU pinning and CFS (Completely Fair Scheduler) bandwidth limiting. Each microVM receives a fixed number of vCPUs (typically 2-4) and a CPU quota that prevents any single VM from monopolizing host cores. The quota is expressed as a percentage: a 2-vCPU VM with a 200% quota gets the equivalent of 2 full cores. A 4-vCPU VM with a 400% quota can burst to 4 full cores but cannot exceed that ceiling regardless of host availability.

Memory limits are enforced through the Firecracker memory balloon and KVM memory regions. The guest sees a fixed amount of RAM — say 8 GB — and cannot allocate beyond it. Unlike containers where cgroups allow soft limits and swap, Firecracker VMs have hard physical limits. This means memory-intensive operations like large TypeScript compilations, ML model loading, or dataset processing must fit entirely within the allocation. Planning for this is essential: if your tsc compilation peaks at 4 GB, you need at least a 6 GB VM to leave room for the OS, dependencies, and the agent runtime itself.

# Resource tiers (illustrative)

Standard:   2 vCPU,  4 GB RAM,  10 GB disk
Enhanced:   4 vCPU,  8 GB RAM,  20 GB disk
Compute:    8 vCPU, 16 GB RAM,  40 GB disk
GPU:        4 vCPU, 16 GB RAM,  40 GB disk + 1 GPU

# CPU scheduling
- vCPUs are mapped to host cores via KVM
- CFS bandwidth limiting caps CPU usage per VM
- No CPU burst beyond allocated quota
- CPU steal time visible in guest /proc/stat

# Memory hard limits
- No swap → OOM kill on exceed
- Balloon device for dynamic reclaim
- Peak usage logged for post-task analysis
- Right-size by monitoring actual vs allocated
  1. Profile locally first Run your build/test commands locally while monitoring CPU and memory with `top` or `htop`. Note peak values — your cloud VM must exceed these peaks.
  2. Check steal time In task logs, look for CPU steal time indicators. High steal means you need a larger VM tier or fewer concurrent tasks on the same host.
  3. Right-size iteratively Start with the standard tier. If tasks OOM or timeout, move up one tier. Over-provisioning wastes budget; under-provisioning wastes tasks.