Feeds

Docker kicks KVM's butt in IBM tests

Big Blue finds containers are speedy, but may not have much room to improve

Secure remote control for conventional and virtual desktops

IBM Research has run done a side-by-side comparison of the KVM hypervisor and containerisation enfant terrible Docker and found the latter “ equals or exceeds KVM performance in every case we tested.”

Big Blue tested the two using the linear-equation solving package Linpack, the STREAM benchmark of memory bandwidth, network bandwidth using nuttcp, latency using netperf, Block I/O speeds with fio and Redis. The SysBench oltp benchmark gave MySQL a workout.

The resulting paper An Updated Performance Comparison of Virtual Machines and Linux Containers (PDF), finds that Docker allows the containerised computers it curates to hum along at impressive speeds.

As the graph below and others in the paper show, Docker kicks KVM's butt in some tasks, and holds its own comfortably in most of the tests conducted.

Docker vs KVM performance running LINPAC

IBM's results for Docker vs. KVM results running Linpack on two sockets with 16 cores.
Each data point is the arithmetic mean obtained from ten runs.
Error bars indicate the standard deviation obtained overall runs.

With Docker only just having reached v 1.0 status, you might think that's goodnight for virtualisation, as if the first commercial version of the technology is already beating and established tool surely there's no future for the latter.

The IBMers involved beg to differ, writing that they have seen continuous improvement in KVM performance over the years, while things “can only get worse for containers because they started with near-zero overhead and VMs have gotten faster over time.”

Nor is Docker perfect, with the authors finding it network address translation makes extra traffic for networks.

The paper concludes with some interesting observations about how the differing performance of the two contenders will impact future cloud infrastructure designs. Here's the best bits from those considerations:

“Conventional wisdom (to the extent such a thing exists in the young cloud ecosystem) says that IaaS is implemented using VMs and PaaS is implemented using containers. We see no technical reason why this must be the case, especially in cases where container-based IaaS can offer better performance or easier deployment.

Containers can also eliminate the distinction between IaaS and 'bare metal' non-virtualized servers since they offer the control and isolation of VMs with the performance of bare metal. Rather than maintaining different images for virtualized and non-virtualized servers, the same Docker image could be efficiently deployed on anything from a fraction of a core to an entire machine.

We also question the practice of deploying containers inside VMs, since this imposes the performance overheads of VMs while giving no benefit compared to deploying containers directly on non-virtualized Linux. If one must use a VM, running it inside a container can create an extra layer of security since an attacker who can exploit QEMU would still be inside the container.”

Scripts used for the study can be found here, if you'd like to run the tests yourself. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
Turnbull should spare us all airline-magazine-grade cloud hype
Box-hugger is not a dirty word, Minister. Box-huggers make the cloud WORK
SanDisk vows: We'll have a 16TB SSD WHOPPER by 2016
Flash WORM has a serious use for archived photos and videos
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.