September 12, 2016 at 10:33What do system containers give in reality? Where should they be used?
System containers, also known as operating system containers, are close analogs of virtual machines. The most important difference from ordinary virtual machines is that instead of the hypervisor, they use namespaces and means to limit the resources of the kernel of the operating system (usually Linux) for virtualization and isolation by resources.
Since the advent of containerized virtualization technology, users have been attracted to it by the best performance and density of virtual environments compared to traditional hypervisors. And today, when the container infrastructure has already proven its worth to accommodate even critical loads, it makes sense to talk about which applications can get the most significant benefits from working in containers.
In marketing leaflets, you can often find statements that containers can be "as fast as physical servers." On the one hand, this is close to reality, since virtualization and isolation of containers require a minimum of physical server resources to work - at least compared to virtual machines.
However, this one-sided statement considers only one factor from the set. For example, in some situations, containers and virtual machines can show better performance than the physical servers on which they are running. We saw situations when multiple copies of the same application running simply on a physical server show less performance than when loading into several containers or virtual machines, but with one and only one application inside.
Similar results are associated with many factors - such as technologies for de-duplication of the same memory in containers or virtual machines; better disk cache efficiency and NUMA locality (the so-called architecture with uneven memory) - when virtualization can bind a container to one NUMA node and get more performance as a result.
In addition, modern hypervisors create a relatively small load on the processor, in particular, due to hardware support implemented at the processor level, the number of additional procedures performed by hypervisors for servicing VMs is small. Therefore, if you run some application on a separate computer and in a virtual machine with a correctly configured hypervisor, the differences will most likely be insignificant in all categories - CPU, memory, data storage and network performance.
However, we are not talking about the real life situation at all (since starting one virtual machine on a computer is more likely a scenario for a desktop computer, and not for a server), and thus it is incorrect to compare the operation of virtual, container and physical loads. But the considered example shows that the performance of virtual machines, as well as containers, can be very close to the performance of "pure iron" - it all depends on the conditions. But this, of course, does not mean that containers and virtual machines are equally good for any task. And here are a few examples that show this.
Here is a performance test graph in which several groups of virtual servers are created in which a set of applications are launched, each with its own unique load (the so-called Consolidation Stack Unit (CSU)). Each server in the group gives its results, such as the number of transactions per second. Then we summarize this data to get a common result for each virtualization technology, comparing situations when these applications run on the same hardware - but using different virtualization tools. In this case, we compare the capabilities of virtual machines and system containers, and an increase in the number of CSUs enables us to compare the operation of these technologies at different load levels.
As you can see, until peak performance, containers and virtual machines show very close results, the difference in performance is limited to units of percent. However, when it comes to full processor utilization, the differences become apparent. If the central processor does not have free cycles, it cannot allocate time for servicing the hypervisor without affecting the application, and therefore the performance of the virtual machine ecosystem ceases to grow earlier than the container ecosystem. Then the following happens: virtual machines are the first to exhaust system memory. The fact is that VMs are a “black box” for the hypervisor, while in the case of containers, the contents are transparent and the operating system can use otherwise unused memory, as well as remove duplicates (copies of files, loaded into memory many times). Therefore, containers, unlike virtual machines, do not show a decrease in performance with a further increase in the number of CSUs (certainly, up to a certain limit).
Here is another test, the differences are even more obvious. The so-called “DVD-store” scenario is reminiscent of the vConsolidate load nature, but the work goes with the e-store application.
Here we see even more noticeable differences, which are explained by the particular application. Of course, not in all cases the difference between containers and virtual machines will be so striking. Factors that provide better container performance compared to virtual machines include a few more:
Firstly, containers provide the fastest possible system startup - literally in a split second. And this is very important for microservices that are constantly launched, destroyed and recreated. Also, this factor has a positive effect on any granular loads, within which you can run loads to solve small problems.
Secondly, the Virtuozzo OS system containers have the unique “pfcache” feature. Simply put, the system provides the union of identical files from different containers at the time of their loading into memory. As a result, there is a simultaneous decrease in overall RAM consumption and an increase in I / O performance due to better caching - since the cache has to keep fewer copies of files, the system can hold more unique files - speeding up access to them.
But not all containers are the same. In particular, according to tests, the Virtuozzo 7 system containers demonstrate the maximum density compared to any other Linux virtualization solution - several percent higher than the previous version (Virtuozzo 6) and about two times higher than KVM-based virtual machines. This is extremely important for us - platform performance is one of the main reasons why our customers choose Virtuozzo instead of other platforms. A few percent can turn into serious amounts when it comes to sites of thousands of servers - therefore, our goal is to always show better performance than analogs on all applications and systems, including Windows.
There are several scenarios where the use of system containers, and in particular, our new containers Virtuozzo 7 can show maximum benefits:
Scenario 1. Containers are extremely useful when the servers are running at maximum load, especially if not only the utilization of processor resources approaches 100%, but and RAM. In fact, this is a very typical case when starting data analysis systems or batch processing of information. And if you do not leave reserve performance for peak loads, containers will help you “squeeze” the maximum out of your existing equipment.
Scenario 2.You run multiple copies of the same or similar applications. In this case, pfcache can significantly improve the performance of the entire ecosystem by freeing up memory and optimizing I / O.
Scenario 3. When starting multi-threaded web-servers, as well as when creating many virtual processors (significantly exceeding the number of physical ones) for different virtual machines, a constant change of context occurs. Processing small user requests and switching the processor to processing tasks of different VMs is demanding for resources and lower performance in the case of traditional VMs.
Scenario 4.The presence of small tasks in large numbers, working simultaneously, and competing for resources. In this case, each virtual machine will create its own additional memory load (for loading the kernel and hypervisor structures). And the more individual processes there are, the greater the benefit of using OS containers.
Not in all cases, containers provide fundamental advantages, but in their range of tasks they really seriously exceed the capabilities of hypervisors with virtual machines. They are useful for microservices, multi-component web applications, data analysis tasks and other applications with high granularity and load.
Moreover, we continue to improve the performance of Virtuozzo Containers, and version 7 has improved both container density and performance on the same equipment. Updating the Linux kernel for Virtuozzo solutions allowed to initially integrate into the solution such tools as CRIU for live container migration or Kpatch for updating the kernel without stopping the services. So to the advantages of system containers, as a technology as a whole, today, new, unique features are added that make them an even more interesting solution for real business problems.
Since the advent of containerized virtualization technology, users have been attracted to it by the best performance and density of virtual environments compared to traditional hypervisors. And today, when the container infrastructure has already proven its worth to accommodate even critical loads, it makes sense to talk about which applications can get the most significant benefits from working in containers.
Containers, virtual machines, servers - who is faster?
In marketing leaflets, you can often find statements that containers can be "as fast as physical servers." On the one hand, this is close to reality, since virtualization and isolation of containers require a minimum of physical server resources to work - at least compared to virtual machines.
However, this one-sided statement considers only one factor from the set. For example, in some situations, containers and virtual machines can show better performance than the physical servers on which they are running. We saw situations when multiple copies of the same application running simply on a physical server show less performance than when loading into several containers or virtual machines, but with one and only one application inside.
Similar results are associated with many factors - such as technologies for de-duplication of the same memory in containers or virtual machines; better disk cache efficiency and NUMA locality (the so-called architecture with uneven memory) - when virtualization can bind a container to one NUMA node and get more performance as a result.
In addition, modern hypervisors create a relatively small load on the processor, in particular, due to hardware support implemented at the processor level, the number of additional procedures performed by hypervisors for servicing VMs is small. Therefore, if you run some application on a separate computer and in a virtual machine with a correctly configured hypervisor, the differences will most likely be insignificant in all categories - CPU, memory, data storage and network performance.
However, we are not talking about the real life situation at all (since starting one virtual machine on a computer is more likely a scenario for a desktop computer, and not for a server), and thus it is incorrect to compare the operation of virtual, container and physical loads. But the considered example shows that the performance of virtual machines, as well as containers, can be very close to the performance of "pure iron" - it all depends on the conditions. But this, of course, does not mean that containers and virtual machines are equally good for any task. And here are a few examples that show this.
Real conditions
Here is a performance test graph in which several groups of virtual servers are created in which a set of applications are launched, each with its own unique load (the so-called Consolidation Stack Unit (CSU)). Each server in the group gives its results, such as the number of transactions per second. Then we summarize this data to get a common result for each virtualization technology, comparing situations when these applications run on the same hardware - but using different virtualization tools. In this case, we compare the capabilities of virtual machines and system containers, and an increase in the number of CSUs enables us to compare the operation of these technologies at different load levels.
As you can see, until peak performance, containers and virtual machines show very close results, the difference in performance is limited to units of percent. However, when it comes to full processor utilization, the differences become apparent. If the central processor does not have free cycles, it cannot allocate time for servicing the hypervisor without affecting the application, and therefore the performance of the virtual machine ecosystem ceases to grow earlier than the container ecosystem. Then the following happens: virtual machines are the first to exhaust system memory. The fact is that VMs are a “black box” for the hypervisor, while in the case of containers, the contents are transparent and the operating system can use otherwise unused memory, as well as remove duplicates (copies of files, loaded into memory many times). Therefore, containers, unlike virtual machines, do not show a decrease in performance with a further increase in the number of CSUs (certainly, up to a certain limit).
Here is another test, the differences are even more obvious. The so-called “DVD-store” scenario is reminiscent of the vConsolidate load nature, but the work goes with the e-store application.
Here we see even more noticeable differences, which are explained by the particular application. Of course, not in all cases the difference between containers and virtual machines will be so striking. Factors that provide better container performance compared to virtual machines include a few more:
Firstly, containers provide the fastest possible system startup - literally in a split second. And this is very important for microservices that are constantly launched, destroyed and recreated. Also, this factor has a positive effect on any granular loads, within which you can run loads to solve small problems.
Secondly, the Virtuozzo OS system containers have the unique “pfcache” feature. Simply put, the system provides the union of identical files from different containers at the time of their loading into memory. As a result, there is a simultaneous decrease in overall RAM consumption and an increase in I / O performance due to better caching - since the cache has to keep fewer copies of files, the system can hold more unique files - speeding up access to them.
But not all containers are the same. In particular, according to tests, the Virtuozzo 7 system containers demonstrate the maximum density compared to any other Linux virtualization solution - several percent higher than the previous version (Virtuozzo 6) and about two times higher than KVM-based virtual machines. This is extremely important for us - platform performance is one of the main reasons why our customers choose Virtuozzo instead of other platforms. A few percent can turn into serious amounts when it comes to sites of thousands of servers - therefore, our goal is to always show better performance than analogs on all applications and systems, including Windows.
Real life scenarios
There are several scenarios where the use of system containers, and in particular, our new containers Virtuozzo 7 can show maximum benefits:
Scenario 1. Containers are extremely useful when the servers are running at maximum load, especially if not only the utilization of processor resources approaches 100%, but and RAM. In fact, this is a very typical case when starting data analysis systems or batch processing of information. And if you do not leave reserve performance for peak loads, containers will help you “squeeze” the maximum out of your existing equipment.
Scenario 2.You run multiple copies of the same or similar applications. In this case, pfcache can significantly improve the performance of the entire ecosystem by freeing up memory and optimizing I / O.
Scenario 3. When starting multi-threaded web-servers, as well as when creating many virtual processors (significantly exceeding the number of physical ones) for different virtual machines, a constant change of context occurs. Processing small user requests and switching the processor to processing tasks of different VMs is demanding for resources and lower performance in the case of traditional VMs.
Scenario 4.The presence of small tasks in large numbers, working simultaneously, and competing for resources. In this case, each virtual machine will create its own additional memory load (for loading the kernel and hypervisor structures). And the more individual processes there are, the greater the benefit of using OS containers.
Focus on efficiency
Not in all cases, containers provide fundamental advantages, but in their range of tasks they really seriously exceed the capabilities of hypervisors with virtual machines. They are useful for microservices, multi-component web applications, data analysis tasks and other applications with high granularity and load.
Moreover, we continue to improve the performance of Virtuozzo Containers, and version 7 has improved both container density and performance on the same equipment. Updating the Linux kernel for Virtuozzo solutions allowed to initially integrate into the solution such tools as CRIU for live container migration or Kpatch for updating the kernel without stopping the services. So to the advantages of system containers, as a technology as a whole, today, new, unique features are added that make them an even more interesting solution for real business problems.