Thought on Intel’s Clear Linux Container

LWN’s recent post gained enormous interests. I like many of the technologies in this project but still scratch my head on some (missing) details, even after peeking into Intel’s rkt patches in the SRPM.

I understand Intel’s position of bringing fast (reducing KVM overhead) and secure (using isolation) container technologies into rkt and Docker, but I don’t see any words on flexibility. With Docker/rtk, I can run a service/process just like I run a Unix shell command. But with KVM, I have to start a VM, ssh to the VM, and execute the command. There are more moving parts involved.

Intel used two performance metrics: startup time and memory usage. But from my prior (although likely obsolete) experience, the runtime overhead is not negligible. For instance, a process running in KVM will see its virtual memory remapped, and thus causes penalize the runtime performance. This overhead might be less significant with VT-x.  A more comprehensive (though not up-to-date) KVM-vs-Docker performance research conducted by IBM still confirmed my bias.


One thought on “Thought on Intel’s Clear Linux Container

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s