文章目录
- Conclusions
- Test Details
-
- Purpose
- Tools
-
- Unixbench
- Why to use
- Test cases
- Hardware environment
-
- Test machine
- Tuning
- Software environment
-
- General information
- VM information
- Container information
- Test results - raw data
-
- Baremetal
- KVM
- Docker
- Docker-NSC (seccomp disabled)
- Results comparison
-
- KVM compare to Baremetal
- Docker compare to Baremetal
- Docker-NSC compare to Docker
- Docker-NSC compare to Baremetal
- Docker-NSC compare to KVM
- Full Comparison
Conclusions
According to my tests, I can reach the following conclusions:
- KVM has a weaker performance than Baremetal at -6.79% in average.
- Docker has a poor performance than Baremetal at -14.92% in average.
- After disabling seccomp feature, Docker only has a slight performance drawback comparing to Baremetal at -3.07% in average.
- After disabling seccomp feature, Docker has a better performance than KVM in most of cases at +7.49% in average.
About the seccomp feature:
- Docker’s performance will be improved a lot after disabling seccomp feature.
- We can balance security and performance by customizing seccomp profile.
- Working on the seccomp features could become a direction of container performance tuning.
Test Details
Purpose
This test is designed to get an overview of the performance of Containers and VMs. It also sharps differences in what Containers and VMs do well.
Tools
Unixbench
https://github.com/kdlucas/byte-unixbench/
Why to use
As a benchmark suite, UnixBench can provide a basic indicator of the performance of a Unix-like system. It is a system benchmark, not a CPU, RAM or disk benchmark. The results will depend not only on your hardware, but on your operating system, libraries, and even compiler.
Another advantage is that Multi-CPU systems can be handled by Unixbench. If your system has multiple CPUs, the default behaviour is to run the selected tests twice – once with one copy of each test program running at a time, and once with N copies, where N is the number of CPUs. This is designed to allow you to assess:
- the performance of your system when running a single task
- the performance of your system when running multiple tasks
- the gain from your system’s implementation of parallel processing
In my opinion, UnixBench provides performance indicators against the whole system environment from the viewpoint of application. So it is very suitable for measuring the hypervisors and/or container managers.
Test cases
UnixBench consists of a number of individual tests that are targeted at specific areas. Here is a summary of what each test does:
Dhrystone
Developed by Reinhold Weicker in 1984. This benchmark is used to measure and compare the performance of computers. The test focuses on string handling, as there are no floating point operations. It is heavily influenced by hardware and software design, compiler and linker options, code optimization, cache memory, wait states, and integer data types.
Whetstone
This test measures the speed and efficiency of floating-point operations. This test contains several modules that are meant to represent a mix of operations typically performed in scientific applications. A wide variety of C functions including sin, cos, sqrt, exp, and log are used as well as integer and floating-point math operations, array accesses, conditional branches, and procedure calls. This test measure both integer and floating-point arithmetic.
execl Throughput
This test measures the number of execl calls that can be performed per second. execl is part of the exec family of functions that replaces the current process image with a new process image. It and many other similar commands are front ends for the function execve().
File Copy
This measures the rate at which data can be transferred from one file to another, using various buffer sizes. The file read, write and copy