Skip to main content
SpringerLink
Log in

The Convergence of Container and Traditional Virtualization: Strengths and Limitations

  • Original Research
  • Published:
SN Computer Science Aims and scope Submit manuscript

Abstract

Virtual machines (VMs) are used extensively in the cloud. The underlying hypervisors allow hardware resources to be split into multiple virtual units which enables server consolidation, fault containment, and resource management. However, VMs with traditional architecture introduce heavy overhead and reduce application performance. Containers are becoming popular options for running applications, yet such a solution raises security concerns due to weaker isolation than VMs. We are at the point of container and traditional virtualization convergence where lightweight hypervisors are implemented and integrated into the container ecosystem to maximize the benefits of VM isolation and container performance. However, there has been no comprehensive comparison among different convergence architectures. To identify limitations and best-fit use cases, we investigate the characteristics of Docker, Kata, gVisor, Firecracker, and QEMU/KVM by measuring the performance of disk storage, main memory, CPU, network, system call, and startup time. In addition, we evaluate their performance of running the Nginx web server and the MySQL database management system. We use QEMU/KVM as an example of running traditional VMs, Docker as the standard runc container, and the rest as the representatives of lightweight hypervisors. We compare and analyze the benchmark results, discuss the possible implications, explain the trade-off each organization made, and elaborate on the pros and cons of each architecture.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15

Similar content being viewed by others

Notes

  1. https://www.cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33.

  2. https://www.kernel.org/doc/Documentation/filesystems/overlayfs.txt.

  3. https://gvisor.dev/.

  4. https://gvisor.dev/docs/architecture_guide/platforms/.

  5. https://www.kernel.org/doc/html/v4.16/userspace-api/seccomp_filter.html.

  6. https://katacontainers.io/.

  7. https://software.intel.com/content/dam/develop/external/us/en/documents/intel-clear-containers-2-using-clear-containers-with-docker-706454.pdf.

  8. https://github.com/hyperhq.

  9. https://github.com/kata-containers/qemu.

  10. https://chromium.googlesource.com/chromiumos/platform/crosvm/.

  11. https://github.com/esnet/iperf.

  12. https://github.com/axboe/fio/.

  13. https://docs.docker.com/storage/storagedriver/device-mapper-driver.

  14. https://www.mysql.com/.

  15. https://github.com/wg/wrk.

  16. https://nginx.org.

  17. https://opencontainers.org/.

  18. https://github.com/kata-containers/documentation/blob/master/Limitations.md.

References

  1. Adams K, Agesen O. A comparison of software and hardware techniques for x86 virtualization. ACM Sigplan Not. 2006;41(11):2–13.

    Article  Google Scholar 

  2. Agache A, Brooker M, Iordache A, Liguori A, Neugebauer R, Piwonka P, Popa D-M. Firecracker: Lightweight virtualization for serverless applications. In: 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI’20), 2020:419–434.

  3. Baldini I, Castro P, Chang K, Cheng P, Fink S, Ishakian V, Mitchell N, Muthusamy V, Rabbah R, Slominski A. et al. Serverless computing: Current trends and open problems. In: Research Advances in Cloud Computing, pp 1–20. Springer; 2017.

  4. Bellard F. QEMU, a fast and portable dynamic translator. In: USENIX Annual Technical Conference (ATC’05), 2005:41–46.

  5. Caraza-Harter T, Swift MM. Blending containers and virtual machines: a study of firecracker and gvisor. In: Proceedings of the 16th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, 2020:101–113.

  6. Combe T, Martin A, Di Pietro R. To Docker or not to Docker: a security perspective. IEEE Cloud Comput. 2016;3(5):54–62.

    Article  Google Scholar 

  7. Felter W, Ferreira A, Rajamony R, Rubio J. An updated performance comparison of virtual machines and Linux containers. In: 2015 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS), 2015:171–172.

  8. Kivity A, Kamay Y, Laor D, Lublin U, Liguori A. KVM: The Linux virtual machine monitor. In: The Linux symposium. 2007;1:225–30.

  9. Kozhirbayev Z, Sinnott RO. A performance comparison of container-based technologies for the cloud. Future Gener Comput Syst. 2017;68:175–82.

    Article  Google Scholar 

  10. Li G, Takahashi K, Ichikawa K, Iida H, Thiengburanathum P, Phannachitta P. Comparative performance study of lightweight hypervisors used in container environment. In: Proceedings of the 11th International Conference on Cloud Computing and Services Science - CLOSER, pp 215–223. INSTICC, SciTePress; 2021.

  11. Li Z, Kihl M, Lu Q, Andersson JA. Performance overhead comparison between hypervisor and container based virtualization. In: IEEE 31st International Conference on Advanced Information Networking and Applications (AINA), 2017:955–962.

  12. Manco F, Lupu C, Schmidt F, Mendes J, Kuenzer S, Sati S, Yasukata K, Raiciu C, Huici F. My VM is lighter (and safer) than your container. In: 26th Symposium on Operating Systems Principles (SOSP’17), 2017:218–233.

  13. Mao M, Humphrey M. A performance study on the VM startup time in the cloud. In: IEEE Fifth International Conference on Cloud Computing (CLOUD 2012), 2012:423–430.

  14. Matthews JN, Hu W, Hapuarachchi M, Deshane T, Dimatos D, Hamilton G, McCabe M, Owens J. Quantifying the performance isolation properties of virtualization systems. In: 2007 Workshop on Experimental Computer Science, pp. 6–es; 2007.

  15. McDougall R, Anderson J. Virtualization performance: perspectives and challenges ahead. ACM SIGOPS Oper Syst Rev. 2010;44(4):40–56.

    Article  Google Scholar 

  16. Neiger G, Santoni A, Leung F, Rodgers D, Uhlig R. Intel virtualization technology: Hardware support for efficient processor virtualization. Intel Technol J, 2006;10(3).

  17. Pike R, Presotto D, Dorward S, Flandrena B, Thompson K, Trickey H, Winterbottom P. Plan 9 from Bell Labs. Comput Syst. 1995;8(2):221–54.

    Google Scholar 

  18. Popek GJ, Goldberg RP. Formal requirements for virtualizable third generation architectures. Commun ACM. 1974;17(7):412–21.

    Article  MathSciNet  MATH  Google Scholar 

  19. Sites RL, Chernoff A, Kirk MB, Marks MP, Robinson SG. Binary translation. Commun ACM. 1993;36(2):69–81.

    Article  Google Scholar 

  20. Wang X, Du J, Liu H. Performance and isolation analysis of runc, gvisor and kata containers runtimes. Clust Comput. 2022;25(2):1497–513.

    Article  Google Scholar 

Download references

Acknowledgements

This work is partly supported by JSPS KAKENHI under Grant Nos. JP18K11326, JP20K19808, and JP21K11913. We would like to thank Mr. James for many detailed discussions and suggestions, and his tremendous help on the proof reading.

Author information

Authors and Affiliations

  1. Nara Institute of Science and Technology, Nara, Japan

    Guoqing Li, Kohei Ichikawa & Hajimu Iida

  2. Tohoku University, Sendai, Japan

    Keichi Takahashi

  3. Kanazawa University, Kanazawa, Japan

    Chawanat Nakasan

  4. Kasetsart University, Bangkok, Thailand

    Pattara Leelaprute

  5. Chiang Mai University, Chiang Mai, Thailand

    Pree Thiengburanathum & Passakorn Phannachitta

Authors
  1. Guoqing Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Keichi Takahashi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kohei Ichikawa
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hajimu Iida
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Chawanat Nakasan
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Pattara Leelaprute
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Pree Thiengburanathum
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Passakorn Phannachitta
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Guoqing Li.

Ethics declarations

Conflict of Interest

On behalf of all authors, the corresponding author states that there is no conflict of interest and this research is not sponsored by any organizations discussed in this paper.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article is part of the topical collection “Cloud Computing and Services Science” guest edited by Donald Ferguson, Markus Helfert and Claus Pahl.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Li, G., Takahashi, K., Ichikawa, K. et al. The Convergence of Container and Traditional Virtualization: Strengths and Limitations. SN COMPUT. SCI. 4, 387 (2023). https://doi.org/10.1007/s42979-023-01827-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s42979-023-01827-9

Keywords

Search

Navigation