[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ Skip to main content
Log in

Performance and isolation analysis of RunC, gVisor and Kata Containers runtimes

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Containers are resource-efficient and most IT industries are adopting container-based infrastructure. However, the security and isolation of the container is rather weak. In this work, we aim to conduct an in-depth quantitative analysis of the performance characteristics of containerization technologies that strengthen container isolation and security, and discuss the applicable scenarios of various containerization technologies. We evaluate multiple cloud resource management dimensions of RunC, gVisor, and Kata Containers runtimes, including performance, system call, startup time, density, and isolation. Experimental results show that RunC and Kata Containers have less performance overhead, while gVisor suffers significant performance degradation in I/O and system call, although its isolation is the best. Our work deepens the understanding of the container performance characteristics and may help cloud computing practitioners in making proper decisions on platform selection, system maintenance and/or design.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (United Kingdom)

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22

Similar content being viewed by others

Data availability

Data available on request from the authors.

References

  1. Bachiega, N.G., Souza, P.S., Bruschi, S.M., De Souza, S.D.R.: Container-based performance evaluation: a survey and challenges. In: 2018 IEEE International Conference on Cloud Engineering (IC2E), pp. 398–403 (2018)

  2. Williams, D., Koller, R., Lucina, M., Prakash, N.: Unikernels as processes. In: Proceedings of the ACM Symposium on Cloud Computing (SoCC ’18), Association for Computing Machinery, New York, NY, USA, pp. 199–211 (2018)

  3. Manco, F., Lupu, C., Schmidt, F., Mendes, J., Kuenzer, S., Sati, S., et al.: My VM is lighter (and safer) than your container. In: Proceedings of the 26th Symposium on Operating Systems Principles (SOSP ’17), pp. 218–233 (2017)

  4. https://gvisor.dev/docs/user_guide/. Accessed 20 Dec 2020

  5. https://github.com/firecracker-microvm/firecracker/. Accessed 20 Dec 2020

  6. https://katacontainers.io/. Accessed 15 Dec 2020

  7. Kumar, R., Thangaraju, B.: Performance analysis between RunC and kata container runtime. In: 2020 IEEE International Conference on Electronics, Computing and Communication Technologies (CONECCT), Bangalore, India, pp. 1–4 (2020)

  8. Caraza-Harter, T., Swift, M.M.: Blending containers and virtual machines: a study of firecracker and gVisor. In: Proceedings of the 16th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE ’20), Association for Computing Machinery, New York, NY, USA, pp. 101–113 (2020)

  9. Debab, R., Hidouci, W.K.: Containers runtimes war: a comparative study. In: Proceedings of the Future Technologies Conference, Springer, pp. 135–161 (2020)

  10. Viktorsson, W., Klein, C., Tordsson, J.: Security-performance trade-offs of kubernetes container runtimes. In: 2020 Symposium on Modelling, Analysis, and Simulation of Computer and Telecommunication Systems, November 17–19, Nice, France pp. 1–4 (2020)

  11. Kozhirbayev, Z., Sinnott, R.O.: A performance comparison of containerbased technologies for the cloud. Future Gener. Comput. Syst. 68, 175–182 (2017)

    Article  Google Scholar 

  12. Zhao, C., Wu, Y., Ren, Z., Shi, W., Ren, Y., Wan, J.: Quantifying the isolation characteristics in container environments. In: IFIP International Conference on Network and Parallel Computing, Springer, pp. 145–149 (2017)

  13. Tesfatsion, S. K., Klein, C., Tordsson, J.: Virtualization techniques compared: performance, resource, and power usage overheads in clouds. In: Proceedings of the 2018 ACM/SPEC International Conference on Performance Engineering, pp. 145–156 (2018)

  14. Mavridis, I., Karatza, H.: Combining containers and virtual machines to enhance isolation and extend functionality on cloud computing. Future Gener. Comput. Syst. 94, 674–696 (2019)

    Article  Google Scholar 

  15. Chae, M., Lee, H., Lee, K.: A performance comparison of linux containers and virtual machines using Docker and KVM. Clust. Comput. 22, 1765–1775 (2019)

    Article  Google Scholar 

  16. Espe, L., Jindal, A., Podolskiy, V., Gerndt, M.: Performance evaluation of container runtimes. In: CLOSER, pp. 273–281 (2020)

  17. Young, E.G., Zhu, P., Caraza-Harter, T., Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H.: The true cost of containing: a gVisor case study. In: 11th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud 19) (2019)

  18. Agache, A., Brooker, M., Iordache, A., Liguori, A., Neugebauer, R., Piwonka, P., Popa, D. M.: Firecracker: Lightweight virtualization for serverless applications. In: 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI 20), pp. 419–434 (2020)

  19. https://docs.docker.com/. Accessed 10 Dec 2020

  20. https://podman.readthedocs.io/en/latest/index.html. Accessed 10 Dec 2020

  21. https://coreos.com/rkt/docs/latest/. Accessed 10 Dec 2020

  22. https://docs.microsoft.com/en-us/windows/wsl/wsl2-index. Accessed 10 Dec 2020

  23. Frazelle, J.: Research for practice: security for the modern age. Commun. ACM 62(1), 43–45 (2018)

    Article  Google Scholar 

  24. http://www.jbkempf.com/blog/post/2018/Introducing-dav1d. Accessed 18 Dec 2020

  25. https://github.com/akopytov/sysbench. Accessed 18 Dec 2020

  26. https://hewlettpackard.github.io/netperf/doc/netperf.html. Accessed 20 Dec 2020

  27. https://github.com/microsoft/ethr. Accessed 20 Dec 2020

  28. https://github.com/kdlucas/byte-unixbench. Accessed 20 Dec 2020

  29. https://www.iozone.org. Accessed 10 Nov 2020

  30. www.flockport.com/. Accessed 5 Nov 2020

  31. https://openbenchmarking.org/test/pts/sqlite. Accessed 12 Nov 2020

  32. Krebs, R., Momm, C., Kounev, S.: Metrics and techniques for quantifying performance isolation in cloud environments. Sci. Comput. Programm. PT.B(2), 116–134 (2014)

    Article  Google Scholar 

  33. Xavier, M.G., De Oliveira, I.C., Rossi, F.D., Dos Passos, R.D., Matteussi, K.J., De Rose, C.A.: A performance isolation analysis of disk-intensive workloads on container-based clouds. In: 2015 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing. IEEE, pp. 253–260 (2015)

  34. https://github.com/cloud-hypervisor/cloud-hypervisor. Accessed 21 Nov 2020

  35. https://github.com/jedisct1/Blogbench. Accessed 7 June 2021

  36. Zhao, N., Tarasov, V., Albahar, H., Anwar, A., Rupprecht, L., Skourtis, D., et al.: Large-scale analysis of docker images and performance implications for container storage systems. IEEE Trans. Parallel Distrib. Syst. 32(4), 918–930 (2021)

    Article  Google Scholar 

  37. Bhatt, G., Bhavsar, M.: Performance consequence of user space file systems due to extensive CPU sharing in virtual environment. Clust. Comput. 23(4), 3119–3137 (2020)

    Article  Google Scholar 

  38. Shih, W.C., Yang, C.T., Ranjan, R., Chiang, C.I.: Implementation and evaluation of a container management platform on Docker: Hadoop deployment as an example. Clust. Comput. 24, 3421–3430 (2021)

    Article  Google Scholar 

  39. Tang, X., Zhang, Z., Wang, M., Wang, Y., Feng, Q., Han, J.: Performance evaluation of light-weighted virtualization for paas in clouds. In: International Conference on Algorithms and Architectures for Parallel Processing, Springer, pp. 415–428 (2014)

  40. Walraven, S., Monheim, T., Truyen, E., Joosen, W.: Towards performance isolation in multi-tenant saas applications. In: Proceedings of the 7th Workshop on Middleware for Next Generation Internet Computing., pp. 1–6 (2012)

Download references

Acknowledgements

This work is partially supported by a grant from the National Natural Science Foundation of China (No.62032017), the National Key R&D Program of China (2018YFB1003605), the Key Industrial Innovation Chain Project in Industrial Domain of Shaanxi Province (Nos. 2021ZDLGY03-09, 2021ZDLGY07-02), and the Youth Innovation Team of Shaanxi Universities.

Author information

Authors and Affiliations

Authors

Contributions

All authors contributed equally to this work.

Corresponding authors

Correspondence to Junzhao Du or Hui Liu.

Ethics declarations

Conflict of interest

The authors declare that they have no conflicts of interest.

Informed consent

Informed consent was obtained from all individual participants involved in the study.

Research involving human participants or animals

This paper does not contain any studies involving human participants or animals performed by any of the authors. Xingyu Wang carried out the experiment and wrote the manuscript.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Supplementary Information

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wang, X., Du, J. & Liu, H. Performance and isolation analysis of RunC, gVisor and Kata Containers runtimes. Cluster Comput 25, 1497–1513 (2022). https://doi.org/10.1007/s10586-021-03517-8

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-021-03517-8

Keywords

Navigation