What do system containers give in reality? Where should they be applied?
System containers, also known as operating system containers, are closely related virtual machines. The most important difference from conventional virtual machines is that instead of the hypervisor, they use the namespace (namespaces) and the means of limiting the resources of the operating system kernel (usually Linux) for virtualization and isolation by resources.
Since the advent of container virtualization technology, users' attention has attracted better performance and density of virtual environments in comparison with traditional hypervisors. And today, when the container infrastructure has already proven its ability to accommodate even critical loads, it makes sense to talk about which applications can get the most significant benefits from working in containers.
You can often see in marketing flyers that containers can be "as fast as physical servers." On the one hand, this is close to reality, since the virtualization and isolation of containers requires a minimum of physical server resources to work with - at least compared to virtual machines.
')
However, this one-sided statement - considering only one factor from the set. For example, in certain situations, containers and virtual machines can show better performance than the physical servers on which they are running. We have seen situations where multiple copies of the same application, running just on a physical server, show lower performance than when loading multiple containers or virtual machines, but with one and only one application inside.
Similar results are associated with many factors — such as de-duplication technologies of the same areas of memory in containers or virtual machines; better disk cache efficiency and NUMA locality (the so-called non-uniform memory architecture) —when virtualization can tie a container to a single NUMA node and get more performance as a result.
In addition, modern hypervisors create a relatively small load on the processor, in particular, due to hardware support implemented at the processor level, the number of additional procedures performed by hypervisors to service VMs is small. Therefore, if you run an application on a separate computer and on a virtual machine with a properly configured hypervisor, the differences are more likely to be insignificant in all categories - CPU, memory, data storage and network performance.
However, we are not talking about a real life situation at all (since starting one virtual machine on a computer is more of a scenario for a desktop computer than for a server), and thus comparing virtual, container and physical workloads is incorrect. But the considered example shows that the performance of virtual machines, as well as containers, can be very close to the performance of "pure iron" - it all depends on the conditions. But this certainly does not mean that containers and virtual machines are equally good for any task. And here are some examples that show this.
Here is a performance test chart, in which several groups of virtual servers are created, in which a set of applications are launched, each with its own unique load (the so-called Consolidation Stack Unit (CSU)). Each server in the group gives its results, such as the number of transactions per second. Then we summarize this data to get a general result for each virtualization technology, comparing situations when these applications run on the same hardware, but using different virtualization tools. In this case, we compare the capabilities of virtual machines and system containers, and an increase in the number of CSUs allows us to compare the performance of these technologies at different load levels.
As you can see, until peak performance, containers and virtual machines show very close results, the difference in performance is limited to units of percent. However, when it comes to full CPU, the differences become obvious. If the CPU does not have free cycles, it cannot allocate time to service the hypervisor without affecting the application, and therefore the performance of the virtual machine ecosystem stops growing earlier than the container ecosystem. Next, the following happens: virtual machines are the first to exhaust system memory. The fact is that VMs are a “black box” for the hypervisor, while in the case of containers, the contents are transparent and the operating system can use otherwise unused memory, as well as remove duplicates (copies of files loaded into memory many times). Therefore, containers, unlike virtual machines, do not show a performance decrease with a further increase in the number of CSUs (certainly, up to a certain limit).
Here is another test, the differences are even more obvious. The so-called “DVD-store” scenario is reminiscent of the nature of vConsolidate load, but the work goes with the e-store application.
Here we see even more noticeable differences, which are explained by the feature of a particular application. Of course, far from all cases the difference between containers and virtual machines will be so striking. You can add a few more factors to better container performance than virtual machines:
First, the containers provide the fastest possible launch of the system - literally in a split second. And it is very important for microservices that are constantly being launched, destroyed and re-created. This factor also has a positive effect on any granular loads, within which you can run loads to solve small problems.
Secondly, the Virtuozzo OS system containers have a unique “pfcache” function. Simply put, the system provides the union of identical files from different containers at the time they are loaded into memory. As a result, there is a simultaneous decrease in total memory consumption and an increase in I / O performance due to better caching - since the cache has to keep fewer copies of files, the system can hold more unique files - speeding up access to them.
But not all containers are the same. In particular, according to test data, the system containers of Virtuozzo 7 demonstrate the maximum density compared to any other Linux virtualization solution — a few percent higher than the previous version (Virtuozzo 6) and about twice as high as KVM-based virtual machines. For us, this is extremely important - platform performance is one of the main reasons why our customers choose Virtuozzo instead of other platforms. A few percent can turn into serious sums when it comes to sites in thousands of servers - so our goal is always to show better performance than analogs on all applications and systems including Windows.
There are several scenarios where the use of system containers, and in particular, our new containers, Virtuozzo 7 can show the maximum benefits:
Scenario 1. Containers are extremely useful when servers are running at maximum load, especially if not only the utilization of processor resources, but also RAM is approaching 100%. In fact, this is a very typical case when running data analysis or batch processing systems. And if you do not leave backup performance for peak loads, the containers will help to “squeeze” the maximum out of the available equipment.
Scenario 2. You run multiple copies of the same or similar applications. In this case, pfcache can significantly improve the work of the entire ecosystem, freeing up memory and optimizing the input / output processes.
Scenario 3. When you start multithreaded web severs, as well as creating multiple virtual processors (significantly exceeding the number of physical ones) for different virtual machines, a constant context change occurs. Processing small user requests and switching the processor to processing tasks of different VMs is demanding of resources and performance degradation in the case of traditional VMs.
Scenario 4. The presence of small tasks in large numbers, working simultaneously, and competing for resources. In this case, each virtual machine will create its own additional load on the memory (for loading the kernel and hypervisor structures). And the more there will be separate processes, the more benefit from the use of containers OS.
Not in all cases containers offer fundamental advantages, but in their spectrum of tasks they really seriously exceed the capabilities of hypervisors with virtual machines. They are useful for microservices, multi-component web applications, data analysis tasks and other applications with high granularity and load.
Moreover, we continue to improve the performance of Virtuozzo Containers, and version 7 has improved both the density of containers and the performance of the same equipment. Updating the Linux kernel for Virtuozzo solutions allowed to initially integrate tools such as CRIU for live container migration or Kpatch to update the kernel without stopping the services. So, to the advantages of system containers, as a technology as a whole, new, unique features are added today that make them an even more interesting solution for real business problems.
Since the advent of container virtualization technology, users' attention has attracted better performance and density of virtual environments in comparison with traditional hypervisors. And today, when the container infrastructure has already proven its ability to accommodate even critical loads, it makes sense to talk about which applications can get the most significant benefits from working in containers.
Containers, virtual machines, servers - who is faster?
You can often see in marketing flyers that containers can be "as fast as physical servers." On the one hand, this is close to reality, since the virtualization and isolation of containers requires a minimum of physical server resources to work with - at least compared to virtual machines.
')
However, this one-sided statement - considering only one factor from the set. For example, in certain situations, containers and virtual machines can show better performance than the physical servers on which they are running. We have seen situations where multiple copies of the same application, running just on a physical server, show lower performance than when loading multiple containers or virtual machines, but with one and only one application inside.
Similar results are associated with many factors — such as de-duplication technologies of the same areas of memory in containers or virtual machines; better disk cache efficiency and NUMA locality (the so-called non-uniform memory architecture) —when virtualization can tie a container to a single NUMA node and get more performance as a result.
In addition, modern hypervisors create a relatively small load on the processor, in particular, due to hardware support implemented at the processor level, the number of additional procedures performed by hypervisors to service VMs is small. Therefore, if you run an application on a separate computer and on a virtual machine with a properly configured hypervisor, the differences are more likely to be insignificant in all categories - CPU, memory, data storage and network performance.
However, we are not talking about a real life situation at all (since starting one virtual machine on a computer is more of a scenario for a desktop computer than for a server), and thus comparing virtual, container and physical workloads is incorrect. But the considered example shows that the performance of virtual machines, as well as containers, can be very close to the performance of "pure iron" - it all depends on the conditions. But this certainly does not mean that containers and virtual machines are equally good for any task. And here are some examples that show this.
Real conditions
Here is a performance test chart, in which several groups of virtual servers are created, in which a set of applications are launched, each with its own unique load (the so-called Consolidation Stack Unit (CSU)). Each server in the group gives its results, such as the number of transactions per second. Then we summarize this data to get a general result for each virtualization technology, comparing situations when these applications run on the same hardware, but using different virtualization tools. In this case, we compare the capabilities of virtual machines and system containers, and an increase in the number of CSUs allows us to compare the performance of these technologies at different load levels.
As you can see, until peak performance, containers and virtual machines show very close results, the difference in performance is limited to units of percent. However, when it comes to full CPU, the differences become obvious. If the CPU does not have free cycles, it cannot allocate time to service the hypervisor without affecting the application, and therefore the performance of the virtual machine ecosystem stops growing earlier than the container ecosystem. Next, the following happens: virtual machines are the first to exhaust system memory. The fact is that VMs are a “black box” for the hypervisor, while in the case of containers, the contents are transparent and the operating system can use otherwise unused memory, as well as remove duplicates (copies of files loaded into memory many times). Therefore, containers, unlike virtual machines, do not show a performance decrease with a further increase in the number of CSUs (certainly, up to a certain limit).
Here is another test, the differences are even more obvious. The so-called “DVD-store” scenario is reminiscent of the nature of vConsolidate load, but the work goes with the e-store application.
Here we see even more noticeable differences, which are explained by the feature of a particular application. Of course, far from all cases the difference between containers and virtual machines will be so striking. You can add a few more factors to better container performance than virtual machines:
First, the containers provide the fastest possible launch of the system - literally in a split second. And it is very important for microservices that are constantly being launched, destroyed and re-created. This factor also has a positive effect on any granular loads, within which you can run loads to solve small problems.
Secondly, the Virtuozzo OS system containers have a unique “pfcache” function. Simply put, the system provides the union of identical files from different containers at the time they are loaded into memory. As a result, there is a simultaneous decrease in total memory consumption and an increase in I / O performance due to better caching - since the cache has to keep fewer copies of files, the system can hold more unique files - speeding up access to them.
But not all containers are the same. In particular, according to test data, the system containers of Virtuozzo 7 demonstrate the maximum density compared to any other Linux virtualization solution — a few percent higher than the previous version (Virtuozzo 6) and about twice as high as KVM-based virtual machines. For us, this is extremely important - platform performance is one of the main reasons why our customers choose Virtuozzo instead of other platforms. A few percent can turn into serious sums when it comes to sites in thousands of servers - so our goal is always to show better performance than analogs on all applications and systems including Windows.
Real life scenarios
There are several scenarios where the use of system containers, and in particular, our new containers, Virtuozzo 7 can show the maximum benefits:
Scenario 1. Containers are extremely useful when servers are running at maximum load, especially if not only the utilization of processor resources, but also RAM is approaching 100%. In fact, this is a very typical case when running data analysis or batch processing systems. And if you do not leave backup performance for peak loads, the containers will help to “squeeze” the maximum out of the available equipment.
Scenario 2. You run multiple copies of the same or similar applications. In this case, pfcache can significantly improve the work of the entire ecosystem, freeing up memory and optimizing the input / output processes.
Scenario 3. When you start multithreaded web severs, as well as creating multiple virtual processors (significantly exceeding the number of physical ones) for different virtual machines, a constant context change occurs. Processing small user requests and switching the processor to processing tasks of different VMs is demanding of resources and performance degradation in the case of traditional VMs.
Scenario 4. The presence of small tasks in large numbers, working simultaneously, and competing for resources. In this case, each virtual machine will create its own additional load on the memory (for loading the kernel and hypervisor structures). And the more there will be separate processes, the more benefit from the use of containers OS.
Course of effectiveness
Not in all cases containers offer fundamental advantages, but in their spectrum of tasks they really seriously exceed the capabilities of hypervisors with virtual machines. They are useful for microservices, multi-component web applications, data analysis tasks and other applications with high granularity and load.
Moreover, we continue to improve the performance of Virtuozzo Containers, and version 7 has improved both the density of containers and the performance of the same equipment. Updating the Linux kernel for Virtuozzo solutions allowed to initially integrate tools such as CRIU for live container migration or Kpatch to update the kernel without stopping the services. So, to the advantages of system containers, as a technology as a whole, new, unique features are added today that make them an even more interesting solution for real business problems.
Source: https://habr.com/ru/post/309730/
All Articles