This document compares virtual machines (VMs) to containers and discusses their differences. It notes that VMs have higher overhead than containers and can support more instances per server. Containers offer near-native performance and scale better. The document also outlines ongoing and future work to further integrate container technologies into the Linux kernel to provide capabilities like checkpoint/restore and live migration of containers across servers.

1. VM vs Container
Xen, KVM, VMware, etc.
● Hardware emulation /
paravirtualization
● Can run different OSs
on the same box
● Dozens of instances
● OS sprawl problem
● Lower performance
● Chroot on steroids
● Single OS per box
● Hundred of instances
● Dynamic resource
management, best
scalability
● Trivial performance
overhead

2. OpenVZ vs. Xen
comparison by HP labs
● “For all the configurations and workloads we
have tested, Xen incurs higher virtualization
overhead than OpenVZ does.”
● “For all the cases tested, the virtualization
overhead observed in OpenVZ is low, and can
be neglected in many scenarios.”
● “The two nodes running Xen become
overloaded when hosting four instances of
RUBiS, whereas those using OpenVZ can host
at least six without being overloaded.”
From http://www.hpl.hp.com/techreports/2007/HPL-2007-59R1.pdf

3. New Stuff
● RHEL6 kernel port
● VSwap: easy management, RSS reclamation
● Containers CPU binding (cpumask)
● PCI device delegation
● NFS mounts migration
● Journaled quota
● ext4 safe writeback

4. Future directions
● Mainstream kernel integration
● Container in a file a.k.a. PLOOP
– Come to see our talk!
● CRIU: checkpoint/restore in userspace
● Caching de-duplicating FS (pfscache)

5. Mainstream kernel integration
● OpenVZ project pioneers container technology
– Developing new container technology since 1999. Features then
ported from OpenVZ to upstream Linux “containers”.
● Already upstream (in Linux containers):
– IPC namespace, utsname() virtualization, PID namespace, user
namespace, cgroups (control groups), Memory controllers (RSS,
page cache), Network namespace...
– Collaborative community effort: IBM, Google, SGI, Parallels, and
many others.
● It's still ongoing
– In progress: NFS virtualization, network buffer accounting,
Checkpoint/restart in userspace
– TODO: Kernel memory accounting, ...

6. CT #1CT #1
Migration at a Glance
Physical Server #1 Physical Server #2
CT Private Data
CT Memory
CT#1
• Container's file system transfer
• Save full container's state to a file
• Container is running on Server #1
Full State Dump Full State Dump
• Restart container on Server #2
CT #1
CT Memory
CT Private Data

7. To sum it up
● Containers scale as well as Linux does
– Benefit from all Linux performance improvements
– Native I/O speed, best possible performance
– The more memory/CPUs the merrier
● Platform-independent
– as long as Linux supports it, we support it
– arm/mips/ppc no problem.
● Plays well with others (Xen, KVM, VMware)
– VM and container technologies are orthogonal
– run containers and VMs side by side