Lighter (and Safer) VMs than Containers



Containers are in great demand because they are lightweight when compared to virtual machines. On the downside, containers offer weaker isolation than VMs, to the point where people run containers in virtual machines to achieve proper isolation. With LightVM we examine whether there is indeed a strict tradeoff between isolation (VMs) and efficiency (containers). We find that VMs can be as nimble as containers, as long as they are small and the toolstack is fast enough.

We achieve lightweight VMs by using unikernels for specialized applications and with Tinyx, a tool that enables creating tailor-made, trimmed-down Linux virtual machines. By themselves, lightweight virtual machines are not enough to ensure good performance since the virtualization control plane (the toolstack) becomes the performance bottleneck. We present Lightvm, a new virtualization solution based on Xen that is optimized to offer fast boot-times regardless of the number of active VMs. Lightvm features a complete redesign of Xen’s control plane, transforming its centralized operation to a distributed one where interactions with the hypervisor are reduced to a minimum.

LightVM can boot a VM in 2.3ms which comparable to fork/exec on Linux (1ms), and two orders of magnitude faster than Docker. On a somewhat slower server with 64 cores, LightVM can pack thousands of VMs with memory and CPU usage comparable to that of processes:

LightVM density graph

And what’s best: it’s open source! Please click on the tabs on this page for more information.