Facebook has been actively developing and experimenting with cgroup2 based resource isolation for the past few years. In the process, we developed and improved various kernel and userspace mechanisms, and learned often surprising lessons. Facebook is now in the process refining and deploying work-conserving and full-OS level resource isolation for main workload protection and batch workload side-loading. This session shares the building blocks we developed, the lessons we learned, and the results we're starting to see.
