Linux Containers: Comparing LXC and Docker
As industry moves beyond the virtual machine (VM) consolidation paradigm, several types of containers have become prominent. Two flavors in particular currently enjoy the lion’s share of deployments on the Linux operating system: Docker and LXC.
While BSD jails focuses on IT operations, Docker focuses on development and test organizations. As a result, Docker has established a significant lead in the race to bring containerization to market, with huge install bases and ecosystem partners as well as advanced tools and facilities custom built for this solution. Why is this? Because Docker came to market very early with a solution that provides:
- A simple way to package and deliver applications and all their dependencies, one that enables seamless application portability and mobility,
- Relative ease of use and low administration requirements; and
- A rich set of tools and utilities.
The Docker Paradigm
Docker has a number of benefits, including:
- Reduces a container to a single process, which is then easily managed with Docker tools.
- Encapsulates application configuration and delivery complexity to dramatically simplify and eliminate the need to repeat these activities manually.
- Provides a strongly supportive user community for many aspects of using containers for significant implementations.
- Provides a highly efficient compute environment for applications that are stateless and microservices-based, as well as many stateful applications such as databases, message bus, etc.
- Uses layers and disables storage persistence, which helps make Docker images very lightweight.
- Is used very successfully by many groups, particularly Dev and Test, as well as microservices-based production environments.
- Supports plug-in architecture for volume, network and authentication to engage with partner ecosystems.
On the flip side, Docker also has some limitations, including:
- Treats containers differently from a standard host, such as sharing the host’s IP address and providing access to the container via a selectable port. This approach can cause management issues when using traditional applications and management tools that require access to Linux utilities such as cron, ssh, daemons and logging.
- Uses layers and disables storage persistence, which results in reduced disk subsystem performance.
- Is not ideal for stateful applications due to limited volume management in case of container failover.
- Can require some training for administrators to understand the changes to their operating procedures.
- Can require changes to the application being run in the container.
Because of the limitations and issues outlined above, the IT industry has searched for another type of containerization technology—one that is more operations and enterprise application-friendly. Although LXC is an older containerization technology, it has re-emerged as a primary option because it:
- Essentially is a lightweight VM with its own hostname, IP address, file systems and full OS init.d, and it provides direct SSH access.
- Performs nearly as well as bare metal, and better than traditional VMs in almost all use cases—particularly when the application can take advantage of parallelism.
- Can efficiently run one or more multiprocess applications.
- Is a Linux-native, highly stable, reliable and efficient container technology that is supported by the OS itself.
An LXC-based container can run almost any Linux-based application without sacrificing performance or operational ease of use. This makes LXC an ideal platform for containerizing performance-sensitive, data-intensive enterprise applications.
The LXC Paradigm
LXC has a number of benefits, including:
- Provides a “normal” OS environment that supports all the features and capabilities that are available in the Linux environment.
- Behaves very much like a traditional VM and, thus, offers a lower barrier to entry for some organizations.
- Does not require changes to the application being deployed.
- Supports layers and enables Copy-On-Write cloning and snapshots, and is also file system-neutral.
- Uses simple, intuitive and standard IP addresses to access the containers and allows full access to the hosts file.
- Supports static IP addressing, routable IPs, multiple network devices.
- Provides full root access.
- Allows you to create your own network interfaces.
LXC also has a few limitations, including:
- Does not have a nearly as prolific or responsive user community as Docker does.
- Inconsistent feature support across different Linux distributions. LXC primarily is being maintained and developed by Canonical on Ubuntu platform.
Both Docker and LXC are being used in both dev/test as well as production and there are strong reasons they will both continue to be used by technology leaders moving forward.
The choice to use one container type versus another is specific to the business use case and the application type. Docker is a great platform for building new webscale microservices applications or optimized dev/rest organizations, while LXC containers provide a lightweight, zero-performance-impact alternative to traditional hypervisor-based virtualization, and is thus better-suited for I/O-intensive data applications.
About the Author
Mark Bayazit is Senior Solutions Architect at Robin Systems. Mark’s background is in networking, code-development, functional- and performance-testing, IT process optimization and management and database administration, as well as large data center implementations, virtual machine and container consolidation, and big data applications such as Hadoop and Cassandra.
He is interested in changing IT paradigms and improving industry efficiency by demonstrating and evangelizing the business value of new technologies to industry leaders.