An Updated Performance Comparison of Virtual Machines and Linux Containers

Transcript

1. An Updated Performance Comparison of Virtual Machines and Linux Containers

   Wes Felter, Alexandre Ferreira, Ram Rajamony, Juan Rubio IBM Research Division Austin Research Laboratory JEZ@VVLJ ྠಡձ

2. ࿦จͷ;Μ͍͖ • ίϯςφ(Docker) ͱ KVM ͱ Native Linux ͷੑೳൺֱ •

   CPUɺϝϞϦɺI/OɺωοτϫʔΫ + Redis/MySQL • ΘΓͱΫϥ΢υࣄۀऀࢹ఺ʢAWSͱ͔ʣ • ࣗ෼͕࢖͏ͳΒVMͷ্ͰDockerಈ͔͢ͷͰɺNative Linux ͱίϯςφͷൺֱ͕ؾʹͳΔ • ࣮ݧͷ݁Ռίϯςφ͸ Naitive Linuxʹ΍΍ྼΔఔ౓http:// • https://www.infoq.com/news/2014/08/vm-containers- performance Ͱ঺հ͞Εͯͨ

3. Introduction - VM • Ϋϥ΢υΞϓϦέʔγϣϯͷ Isolation ͱ Resource control ͸

   VM Ͱ࣮ݱ͖ͯͨ͠ • VMͩͱύϑΥʔϚϯεΦʔόϔου • VMͷύϑΥʔϚϯε͸Ϋϥ΢υʹͱͬͯඇৗʹ ॏཁͳཁૉ

4. Introduction - ίϯςφ • VMͷ୅ସͱͯ͠ͷίϯςφϕʔεͷԾ૝Խ • ໊લۭؒͳͲͷίϯςφͷجຊΛͳ֓͢೦͸੒ख़͍ͯ͠ Δ • In

   Proceedings of the 5th workshop on ACM SIGOPS European workshop: Models and paradigms for distributed systems structuring, 1992 ! • Α͏΍͘࠷ۙͷOSͷϝΠϯετϦʔϜ • ͜͜਺೥ͰLinuxΧʔωϧͷ໊લۭؒػೳ͕੒ख़͖ͯ͠ ͨ • "Multiple Instances of the Global Linux Namespaces” Ͱͷٞ࿦ • https://www.kernel.org/doc/ols/2006/ols2006v1-pages-101-112.pdf

5. Introduction - Docker • Standard runtime • Standard image format

   • Build system for Linux containers

6. Background - ͳͥԾ૝Խ͢Δͷ • UNIX ͸఻౷తʹݖݶ؅ཧΛڧ͘͸࣮૷͍ͯ͠ͳ͍ • UNIX ͷϑΝΠϧγεςϜɺϓϩηεɺωοτϫʔΫε λοΫ͸άϩʔόϧʹશͯͷϢʔβ͔ΒΈ͑Δ

   • UNIX ͸ `configuration isolation` ʹ͚͍ܽͯΔ • ઃఆɺڞ༗ϥΠϒϥϦΛ1όʔδϣϯ͔͠΋ͯͳ͍ • ͦ͜Ͱɹ1 application on 1 VM • ֤ࣄۀऀಉډ؀ڥͰ͸ύϑΥʔϚϯεҟৗͷղܾ͕೉͍͠ Ϧιʔε෼཭Λ࠷దԽͯ͘͠ΕΔԾ૝ԽγεςϜ͕ඞཁ

7. Background - KVM • Type 1 ϋΠύʔόΠβ • Linuxϓϩηε্ʹमਖ਼ͳ͠ͷήετOSΛ૸ΒͤΔ •

   ϋʔυ΢ΣΞԾ૝Խࢧԉ (VT-xͳͲ)Λ࢖͏ • VM ͸ϓϩηεͳͷͰLinuxͷϦιʔε؅ཧʢεέδϡʔϦϯ άͱ͔cgroupsʣ͕ద༻͞ΕΔ • Ϧιʔεͷ2ॏ؅ཧ໰୊ • VM ͸ isolation ͷͨΊʹɺήετ-ήετؒɺήετ-ϋΠ ύʔόΠβؒͷΦϒδΣΫτڞ༗Φʔόϔου

8. Background - Linux containers • ίϯςφܕԾ૝ԽͰ͸ɺisolation Λఏڙ͢ΔͨΊʹطଘ ͷOSΛमਖ਼ • શͯͷϓϩηεʹίϯςφIDΛৼΓɺશͯͷγεςϜίʔϧʹ

   ৽͍͠ΞΫηείϯτϩʔϧΛՃ͑ΔͳͲ • Linux containers͸Χʔωϧͷ໊લ্ۭؒʹߏங͞ΕΔͱ ͍͏ίϯηϓτ • filesystem, PID, network, user, IPC, hostname, namespaces • ίϯςφͷதͷϓϩηε͸ී௨ͷLinuxγεςϜ্Ͱಈ͍͍ͯ ΔΑ͏ʹΈ͑Δ • ίϯςφ-ίϯςφؒɺίϯςφ-ϗετؒͷڞ༗͕ޮ཰త

9. Background - Linux containers • cgroups ͰϝϞϦͱCPUফඅΛ੍ݶ͢Δ • Χʔωϧ1͔ͭ͠ͳ͍ͷͰɺϦιʔεͷ2ॏ؅ཧ͕ͳ͍ •

   ίϯςφ಺ͷϓϩηε͕Ϧιʔε੍ݶʹؾ͚ͮͳ͍ • ੍ݶͯͯ͠΋CPUશ෦ݟ͑ͯ͠·͏ • ΞϓϦέʔγϣϯ͕ࣗ෼Ͱνϡʔϯ͢Δͱ͖ʹ over-allocate ʹͳΔ • http://fabiokung.com/2014/03/13/memory-inside-linux-containers/ ! • Linux containers ؅ཧπʔϧ • LXC, systemd-nspawn, lmctfy, Warden, Docker • Docker ͕ίϯςφͷඪ४؅ཧπʔϧ/ΠϝʔδϑΥʔϚοτ • layered filesystem images (ଞͷ؅ཧπʔϧʹ͸ͳ͍, AUFS) • AUFS ͕ϨΠϠʔϑΝΠϧγεςϜΛఏڙ

10. Evaluation • KVM, Docker, Native Linux ͷൺֱ • IBM System

    x3650 M4 server • 2.4-3.0 GHz Intel Sandy Bridge-EP Xeon E5-2665 • 8 cores x 2 socket (+ HyperThreading) • 256 GB RAM. • Ubuntu 13.10 (Saucy) 64-bit with Linux kernel 3.11.0, Docker 1.0, QEMU 1.5.0, and libvirt 1.1.1 • all Docker containers / VMs used an Ubuntu 13.10 base image

11. $16 .FNPSZ
    4FRVFOUJBM .FNPSZ
    3BOEPN #MPDL
    *0
    #BOEXJUEI #MPDL
    *0
    *014 /FUXPSL
    

    #BOEXJUEI /FUXPSL
    -BUFODZ %PDLFS ˓ ˓ ˓ ˓ ˓
    )PTU
    WPMVNF ˓  ,7. ☓ ˓ ˚ ˓ ☓ ☓ ☓ /BUJWF
    ͱൺֱͯ͠ɺಉఔ౓ͳΒ˓ɺ͔ͳΓྼΔͳΒ☓ɺ ͪΐͬͱྼΔͳΒ˚ Result - OS raw performance

12. 3FEJT
    
    SFRT 3FEJT
    MBUFODZ .Z42-
    USBOTBDUJPOTT .Z42-
    MBUFODZ %PDLFS
    /"5

    ˚ ˚ ˓ ˓ %PDLFS
    OFUIPTU ˓ ˓ ˓ ˓ %PDLFS
    "6'4   ˚ ˚ ,7. ˚ ˚ ☓ ☓ /BUJWF
    ͱൺֱͯ͠ɺಉఔ౓ͳΒ˓ɺ͔ͳΓྼΔͳΒ☓ɺ ͪΐͬͱྼΔͳΒ˚ Result - Redis / MySQL

13. .Z42-
    USBOTBDUJPOTT %PDLFS
    /"5 ˓ %PDLFS
    OFUIPTU ˓ %PDLFS
    "6'4

    ˚ ,7. ☓ • Docker ͷ host volume ଎͍ (AUFS஗͍) • AUFS ͕஗͍ͷ͸I/Oཁٻ͕ෳ਺ͷϨΠϠʔΛ௨ΔͨΊ

14. .Z42-
    MBUFODZ %PDLFS
    /"5 ˓ %PDLFS
    OFUIPTU ˓ %PDLFS
    "6'4

    ˚ ,7. ☓

15. Conclusions • Docker ͸ͲͷςετͰ΋ɺKVMͱಉ౳͔ͦΕҎ্ • Docker ͷ Host volume ͸

    AUFS ΑΓ͔ͳΓΑ͍ύϑΥʔ Ϛϯε • Docker ͷ NATΦʔόϔου • Ϛωδϝϯτͷ΍Γ΍͢͞ͱύϑΥʔϚϯεͷτϨʔυΦ ϑ • ίϯςφ͸ IaaS ͱ ϕΞϝλϧͷࠩҟΛٵऩͯ͘͠ΕΔVMͷ தͰίϯςφΛಈ͔͢ => ηΩϡϦςΟϨΠϠΛ1ͭ૿΍ͤΔ

16. Future Work • ࿦จͰ͸୯ҰͷVM·ͨ͸ίϯςφͰαʔό࢖͍੾Δ؀ڥ ͰධՁ • ͔͠͠ɺΫϥ΢υͰ͸ɺαʔόΛখ͞ͳ୯ҐʹΘ͚Δͷ ͕ී௨ • αʔό্Ͱෳ਺ͷϫʔΫϩʔυ૸Βͤͨ࣌ͷύϑΥʔϚ

    ϯε isolation ΋ධՁ͍ͨ͠ • live resizing, scale-up scale-down, live-migration, restarting

17. ײ૝ɾٙ໰ͱ͔ • Docker ͕ Native ͱ͋·ΓมΘΒͳ͍ͷ͸༧૝௨Γ • AUFS ஗͍ͱ͔ NAT

    ஗͍ͱ͔͸·͊Θ͔Δ • AUFS ͡Όͳͯ͘ Device mapper ͷσʔλ΋΄͍͠ • exec-driver ͸ LXC? libcontainer ͷσʔλ΋΄͍͠ • CPUͱϝϞϦੑೳ͕ Native ͱมΘΒͳ͍ͷͰɺϓϩΩγ, WebΞϓϦ, Memcached, Redis ͋ͨΓ͸ Docker Ͱ΋Α͞ ͦ͏ • AUFS ஗͍ͷಛʹAUFSͷͲͷลͳͷ͔ profile ͍ͨ͠