An Updated Performance Comparison of Virtual Machines and Linux Containers Wes Felter, Alexandre Ferreira, Ram Rajamony, Juan Rubio IBM Research Division Austin Research Laboratory JEZ@VVLJ ྠಡձ

࿦จͷ;Μ͍͖ • ίϯςφ(Docker) ͱ KVM ͱ Native Linux ͷੑೳൺֱ • CPUɺϝϞϦɺI/OɺωοτϫʔΫ + Redis/MySQL • ΘΓͱΫϥ΢υࣄۀऀࢹ఺ʢAWSͱ͔ʣ • ࣗ෼͕࢖͏ͳΒVMͷ্ͰDockerಈ͔͢ͷͰɺNative Linux ͱίϯςφͷൺֱ͕ؾʹͳΔ • ࣮ݧͷ݁Ռίϯςφ͸ Naitive Linuxʹ΍΍ྼΔఔ౓http:// • https://www.infoq.com/news/2014/08/vm-containers- performance Ͱ঺հ͞Εͯͨ

Introduction - VM • Ϋϥ΢υΞϓϦέʔγϣϯͷ Isolation ͱ Resource control ͸ VM Ͱ࣮ݱ͖ͯͨ͠ • VMͩͱύϑΥʔϚϯεΦʔόϔου • VMͷύϑΥʔϚϯε͸Ϋϥ΢υʹͱͬͯඇৗʹ ॏཁͳཁૉ

Introduction - ίϯςφ • VMͷ୅ସͱͯ͠ͷίϯςφϕʔεͷԾ૝Խ • ໊લۭؒͳͲͷίϯςφͷجຊΛͳ֓͢೦͸੒ख़͍ͯ͠ Δ • In Proceedings of the 5th workshop on ACM SIGOPS European workshop: Models and paradigms for distributed systems structuring, 1992 ! • Α͏΍͘࠷ۙͷOSͷϝΠϯετϦʔϜ • ͜͜਺೥ͰLinuxΧʔωϧͷ໊લۭؒػೳ͕੒ख़͖ͯ͠ ͨ • "Multiple Instances of the Global Linux Namespaces” Ͱͷٞ࿦ • https://www.kernel.org/doc/ols/2006/ols2006v1-pages-101-112.pdf

Introduction - Docker • Standard runtime • Standard image format • Build system for Linux containers

Background - ͳͥԾ૝Խ͢Δͷ • UNIX ͸఻౷తʹݖݶ؅ཧΛڧ͘͸࣮૷͍ͯ͠ͳ͍ • UNIX ͷϑΝΠϧγεςϜɺϓϩηεɺωοτϫʔΫε λοΫ͸άϩʔόϧʹશͯͷϢʔβ͔ΒΈ͑Δ • UNIX ͸ `configuration isolation` ʹ͚͍ܽͯΔ • ઃఆɺڞ༗ϥΠϒϥϦΛ1όʔδϣϯ͔͠΋ͯͳ͍ • ͦ͜Ͱɹ1 application on 1 VM • ֤ࣄۀऀಉډ؀ڥͰ͸ύϑΥʔϚϯεҟৗͷղܾ͕೉͍͠ Ϧιʔε෼཭Λ࠷దԽͯ͘͠ΕΔԾ૝ԽγεςϜ͕ඞཁ

Background - KVM • Type 1 ϋΠύʔόΠβ • Linuxϓϩηε্ʹमਖ਼ͳ͠ͷήετOSΛ૸ΒͤΔ • ϋʔυ΢ΣΞԾ૝Խࢧԉ (VT-xͳͲ)Λ࢖͏ • VM ͸ϓϩηεͳͷͰLinuxͷϦιʔε؅ཧʢεέδϡʔϦϯ άͱ͔cgroupsʣ͕ద༻͞ΕΔ • Ϧιʔεͷ2ॏ؅ཧ໰୊ • VM ͸ isolation ͷͨΊʹɺήετ-ήετؒɺήετ-ϋΠ ύʔόΠβؒͷΦϒδΣΫτڞ༗Φʔόϔου

Background - Linux containers • ίϯςφܕԾ૝ԽͰ͸ɺisolation Λఏڙ͢ΔͨΊʹطଘ ͷOSΛमਖ਼ • શͯͷϓϩηεʹίϯςφIDΛৼΓɺશͯͷγεςϜίʔϧʹ ৽͍͠ΞΫηείϯτϩʔϧΛՃ͑ΔͳͲ • Linux containers͸Χʔωϧͷ໊લ্ۭؒʹߏங͞ΕΔͱ ͍͏ίϯηϓτ • filesystem, PID, network, user, IPC, hostname, namespaces • ίϯςφͷதͷϓϩηε͸ී௨ͷLinuxγεςϜ্Ͱಈ͍͍ͯ ΔΑ͏ʹΈ͑Δ • ίϯςφ-ίϯςφؒɺίϯςφ-ϗετؒͷڞ༗͕ޮ཰త

Background - Linux containers • cgroups ͰϝϞϦͱCPUফඅΛ੍ݶ͢Δ • Χʔωϧ1͔ͭ͠ͳ͍ͷͰɺϦιʔεͷ2ॏ؅ཧ͕ͳ͍ • ίϯςφ಺ͷϓϩηε͕Ϧιʔε੍ݶʹؾ͚ͮͳ͍ • ੍ݶͯͯ͠΋CPUશ෦ݟ͑ͯ͠·͏ • ΞϓϦέʔγϣϯ͕ࣗ෼Ͱνϡʔϯ͢Δͱ͖ʹ over-allocate ʹͳΔ • http://fabiokung.com/2014/03/13/memory-inside-linux-containers/ ! • Linux containers ؅ཧπʔϧ • LXC, systemd-nspawn, lmctfy, Warden, Docker • Docker ͕ίϯςφͷඪ४؅ཧπʔϧ/ΠϝʔδϑΥʔϚοτ • layered filesystem images (ଞͷ؅ཧπʔϧʹ͸ͳ͍, AUFS) • AUFS ͕ϨΠϠʔϑΝΠϧγεςϜΛఏڙ

Evaluation • KVM, Docker, Native Linux ͷൺֱ • IBM System x3650 M4 server • 2.4-3.0 GHz Intel Sandy Bridge-EP Xeon E5-2665 • 8 cores x 2 socket (+ HyperThreading) • 256 GB RAM. • Ubuntu 13.10 (Saucy) 64-bit with Linux kernel 3.11.0, Docker 1.0, QEMU 1.5.0, and libvirt 1.1.1 • all Docker containers / VMs used an Ubuntu 13.10 base image

$16 .FNPSZ 4FRVFOUJBM .FNPSZ 3BOEPN #MPDL*0 #BOEXJUEI #MPDL*0 *014 /FUXPSL #BOEXJUEI /FUXPSL -BUFODZ %PDLFS ˓ ˓ ˓ ˓ ˓ )PTUWPMVNF ˓ ,7. ☓ ˓ ˚ ˓ ☓ ☓ ☓ /BUJWFͱൺֱͯ͠ɺಉఔ౓ͳΒ˓ɺ͔ͳΓྼΔͳΒ☓ɺ ͪΐͬͱྼΔͳΒ˚ Result - OS raw performance

3FEJT SFRT 3FEJT MBUFODZ .Z42- USBOTBDUJPOTT .Z42- MBUFODZ %PDLFS /"5 ˚ ˚ ˓ ˓ %PDLFS OFUIPTU ˓ ˓ ˓ ˓ %PDLFS "6'4 ˚ ˚ ,7. ˚ ˚ ☓ ☓ /BUJWFͱൺֱͯ͠ɺಉఔ౓ͳΒ˓ɺ͔ͳΓྼΔͳΒ☓ɺ ͪΐͬͱྼΔͳΒ˚ Result - Redis / MySQL

.Z42- USBOTBDUJPOTT %PDLFS /"5 ˓ %PDLFS OFUIPTU ˓ %PDLFS "6'4 ˚ ,7. ☓ • Docker ͷ host volume ଎͍ (AUFS஗͍) • AUFS ͕஗͍ͷ͸I/Oཁٻ͕ෳ਺ͷϨΠϠʔΛ௨ΔͨΊ

.Z42- MBUFODZ %PDLFS /"5 ˓ %PDLFS OFUIPTU ˓ %PDLFS "6'4 ˚ ,7. ☓

Conclusions • Docker ͸ͲͷςετͰ΋ɺKVMͱಉ౳͔ͦΕҎ্ • Docker ͷ Host volume ͸ AUFS ΑΓ͔ͳΓΑ͍ύϑΥʔ Ϛϯε • Docker ͷ NATΦʔόϔου • Ϛωδϝϯτͷ΍Γ΍͢͞ͱύϑΥʔϚϯεͷτϨʔυΦ ϑ • ίϯςφ͸ IaaS ͱ ϕΞϝλϧͷࠩҟΛٵऩͯ͘͠ΕΔVMͷ தͰίϯςφΛಈ͔͢ => ηΩϡϦςΟϨΠϠΛ1ͭ૿΍ͤΔ

Future Work • ࿦จͰ͸୯ҰͷVM·ͨ͸ίϯςφͰαʔό࢖͍੾Δ؀ڥ ͰධՁ • ͔͠͠ɺΫϥ΢υͰ͸ɺαʔόΛখ͞ͳ୯ҐʹΘ͚Δͷ ͕ී௨ • αʔό্Ͱෳ਺ͷϫʔΫϩʔυ૸Βͤͨ࣌ͷύϑΥʔϚ ϯε isolation ΋ධՁ͍ͨ͠ • live resizing, scale-up scale-down, live-migration, restarting

ײ૝ɾٙ໰ͱ͔ • Docker ͕ Native ͱ͋·ΓมΘΒͳ͍ͷ͸༧૝௨Γ • AUFS ஗͍ͱ͔ NAT ஗͍ͱ͔͸·͊Θ͔Δ • AUFS ͡Όͳͯ͘ Device mapper ͷσʔλ΋΄͍͠ • exec-driver ͸ LXC? libcontainer ͷσʔλ΋΄͍͠ • CPUͱϝϞϦੑೳ͕ Native ͱมΘΒͳ͍ͷͰɺϓϩΩγ, WebΞϓϦ, Memcached, Redis ͋ͨΓ͸ Docker Ͱ΋Α͞ ͦ͏ • AUFS ஗͍ͷಛʹAUFSͷͲͷลͳͷ͔ profile ͍ͨ͠