June 25, 2017

Are containers faster than virtual machines? The answer may seem to be yes. But if you look closely, you realize that, although Docker does offer some important advantages in the realm of resource consumption, Dockerized apps do not necessarily have better performance.

The idea that Docker is faster than traditional virtualization is widespread. Consider the following statements:

These statements are not strictly false. In some instances, Dockerized apps may indeed run faster than apps running inside virtual machines.

But that is not necessarily the case. A 2014 study by IBM that compared Docker to KVM found:

Although containers themselves have almost no overhead, Docker is not without performance gotchas. Docker volumes have noticeably better performance than files stored in AUFS. Docker’s NAT also introduces overhead for workloads with high packet rates. These features represent a tradeoff between ease of management and performance and should be considered on a case-by-case basis.

Plus, when you consider that hypervisors such as KVM and Xen deliver performance that is only about 2 percent worse than bare metal, you realize that improving performance is not really an important consideration in the first place when deciding between containers and virtual machines. Virtual machines are already running essentially as fast as bare-metal servers.

Docker’s Performance Advantage

It’s not really true, then, to say that Docker is faster than virtual machines. But what you can say about Dockerized apps is that they use resources from the host system in a more efficient manner.

With Docker, you don’t have to assign system memory or disk space to a container before you start it. You can set limits on how many resources a container can use if desired, but that does not mean that the maximum resources you allow to a container are tied up by that container whenever it is running. Rather, containers organically consume the resources they need, without requiring the host to dedicate more resources to a container than are actually necessary at any given time.

This means containers make more efficient use of system resources than virtual machines. The latter generally require memory and storage space to be assigned to them before they start. Even if the apps running inside a virtual machine are not actually using all of the resources assigned to it, the virtual machine still monopolizes those resources. That’s not efficient.

Containers also offer the advantage of not having to duplicate the processes already running on the host system. With a container, you can run only the processes you need for whichever application you want to host inside the container. In contrast, virtual machines have to run a complete guest operating system, including many of the same processes that are already running on the server host.

In these respects, containers allow for more efficient distribution of the limited resources available on a host server. In an indirect way, this can translate into better performance for containerized apps, especially as the load on the server increases capacity and optimizing resource distribution becomes important. However, it does not mean that containerized apps will run any faster or slower than those hosted by virtual machines. As long as the application in question has access to the system resources it needs, performance will be about the same whether you are using a virtual machine, Docker or bare metal.

Conclusion

The moral is this: Instead of saying that Docker is faster, we should say that Docker is more efficient. While efficiency and speed often go hand in hand, the former does not necessarily imply the latter. If you’re deciding whether to migrate your workloads from virtual machines to Docker, this is a crucial distinction to understand.

Christopher Tozzi

Christopher Tozzi has covered technology and business news for nearly a decade, specializing in open source, containers, big data, networking and security. He is currently Senior Editor and DevOps Analyst with Fixate.io and Sweetcode.io.