New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
https://en.wikipedia.org/wiki/LXC
https://en.wikipedia.org/wiki/Kernel-based_Virtual_Machine
Too complicated.. can you break it down a little?
Wikipedia's too complicated..?
If anything think of LXC like OVZ. It is container based, can easily be backed up and reinstalled. KVM is just a "full" virtualization.
I did a little post time ago as lot of customer requested this. I hope this can help http://seflow.net/2/index.php/en/blog/mycore-difference-between-kvm-and-lxc-virtualization
Thanks for the link MatteoB. I also found this http://www.virtuatopia.com/index.php/An_Overview_of_Virtualization_Techniques
Is not specific to LXC but is correct.
Honestly for real production service on shared node i will always go into kvm and prefer lxc if i need to do better isolation of my services in my own hardware.
LXC inside KVM is great for extra security. Alpine Linux LXC containers are only 5 meg in size.
Personally, I run a BSD inside a KVM with ports forwarded to make it more secure, but keep both firewalls on. They've both got sshguard running.
Hardware VT vs. non Hardware VT.
CPU emulation (or rather VT on CPU to get a share of one) vs. Kernel sharing.
Filesystem as directory vs. block device.
All kernel access vs. Limited access to kernel settings and tools (eg. fuse)
Real network device vs. L3 routed (can be changed on either, but LXC design is routed generally, not bridged, kvm reverse)
LXC, by bypass of the CPU VT and by no kernel, can provide 5-25% performance advantage depending on task for major trade off in security and for access to "simple to use" templates compared to plain KVM/ESX.
Generally it makes not much sense to use for customers (aside of horrible security), kernel memory sharing (KSM)/VT RAM deduplication and VT-d/VT-x/AMD-V extension along with the now much higher CPU power per core make KVM (and ESX(i)) usually a better choice and the real overhead is in the few % area that not YOU see as client, but the hostnode has on your process.