Containers and Virtual Machines (I)
But mainly containers
Referenced Papers
- Stephen Soltesz, Herbert Pötzl, Marc E. Fiuczynski, Andy Bavier, and Larry Peterson. "Container-based operating system virtualization: a scalable, high-performance alternative to hypervisors." SIGOPS Oper. Syst. Rev. 41, 3 (March 2007), 275-287.
First to compare two approaches (container-based & VM) to virtualization
- M. G. Xavier, M. V. Neves, F. D. Rossi, T. C. Ferreto, T. Lange and C. A. F. De Rose, "Performance Evaluation of Container-Based Virtualization for High Performance Computing Environments," 2013 21st Euromicro International Conference on Parallel, Distributed, and Network-Based Processing, Belfast, 2013, pp. 233-240.
First to discuss high performance computing in containers
- W. Felter, A. Ferreira, R. Rajamony and J. Rubio, "An updated performance comparison of virtual machines and Linux containers," 2015 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS), Philadelphia, PA, 2015, pp. 171-172.
Up-to-date comparison between VM and containers after Docker's release
- A. M. Joy, "Performance comparison between Linux containers and virtual machines," 2015 International Conference on Advances in Computer Engineering and Applications, Ghaziabad, 2015, pp. 342-346.
A new benchmark "Kubernetes" is used to test scalibility
Outline
- Motivation
- Usages of Docker
- Travis CI & Containers
- Isolation only?
- Technical Highlight
- Linux-VServer
- Linux kernel & LXC
- Performance
- Ideas
-
modprobe in IaaS
-
Motivation
Usages of Docker
Travis CI & Containers
Isolation only?
- Isolation
- Encapsulation
- Migration
- Interposition
Technical Highlight
Linux-VServer
- Isolate CPU
- Isolate Memory
- Isolate I/O
Token bucket filter
rlimit system calls
Hierarchical token bucket
$ sudo chroot container0/Linux kernel & LXC
- Namespaces
- Cgroups
(version 2.4.19)
(version 2.6.24)
Linux kernel & LXC
$ sudo unshare --fork --pid --mount-proc bash
$ htop$ sudo apt install cgroup-tools
$ sudo cgcreate -a <user> -g pids:mygroup
$ sudo cgexec -g pids:mygroup bash
# mkdir -p /sys/fs/cgroup/pids/parent/child
# echo 2 > /sys/fs/cgroup/pids/parent/pids.max
# echo $$ > /sys/fs/cgroup/pids/parent/cgroup.procs
# cat /sys/fs/cgroup/pids/parent/pids.current
# echo "Here's some processes for you." | cat
$ sudo cgdelete -g pids:mygroupPerformance
Idea
User Space
Kernel Space
Request
Handler
Server
Socket
Client
Socket
Server
Socket
Request
Response
Request
Response
modprobe in IaaS
modprobe in IaaS
Kernel
Kernel
Kernel*
VM hypervisor (IaaS)
PUT
PUT
POST
POST
GET
GET
RESTful API from A
RESTful API from B