Docker is the hot topic at every tech conference, developer forum, and DevOps team meeting today. However, Docker isn’t the only (or the first) container technology. In fact, Docker itself was originally based on another container framework, Linux containers (LXC), which has been around for a decade.
To understand how we arrived at the Docker-centric world we live in today, you have to recognize the similarities, differences, and use cases for both of these popular container technologies.
To start, we need to define the term virtualization as it is key to understanding what containers do. Virtualization creates a replica of a real instance like a server, or an operating system. Virtual machines, for example, create a replica of a hardware server. They perform what’s called a hardware virtualization. Containers, on the other hand, virtualize something that’s one layer above the server—the operating system. In other words, a container makes multiple replicas of an operating system.
What is LXC?
LXC provides full-system virtualization that’s similar to, but more lightweight than a VM. LXC boots faster than a VM and uses less RAM. Because it’s very similar to VMs, all the custom scripts that IT teams have created to manage VMs can be ported over to manage LXC as well.
LXC provides process sandboxing, and is used to run multiple processes. Similar to a VM, LXC is used to run containerized instances of an operating system. It is an operating system container.
What’s LXC used for, and by who?
LXC is primarily used by Ops teams that need a more lightweight, yet similar alternative to VMs. While it finds use in production environments, LXC is not well-suited for development and test environments because it doesn’t bring any benefits to how application code and its dependencies are packaged.
What does Docker inherit from LXC?
Docker shares a lot of foundational components with LXC. For starters, they have the same goal: to create a virtualized isolated process that’s much lighter than virtual machines. Both LXC and Docker use similar kernel features for security and process isolation. This includes core kernel security features like cgroups, namespaces, selinux, apparmor, and seccomp. Docker inherits all these security features from LXC using its runtime—runC. These security features provide process isolation, and restrictions on running processes so that resources are utilized by them fairly.
Since they share the same foundation, the performance of both these container technologies is very similar. However, the similarities end here. When it comes to the feature set, user experience, use cases, and ecosystem, stark differences emerge.
How is Docker different from LXC?
Unlike LXC which is an OS container, Docker is an application container. LXC runs multiple sandboxed processes per container, whereas Docker containers run only a single process per container.
Additionally, Docker handles storage very differently from LXC. LXC stores data statefully by default. Docker, on the other hand, uses the “Copy on write” principle to store stateless data written by applications into containers. This data is deleted when the container is deleted or restarted. That said, Docker has since added the ability to store stateful data using its Volumes feature. Still, the way both technologies handle storage is quite different.
One way Docker trumps LXC is with its registry service. Docker Hub is the registry which stores container images—both public and private. It’s where anyone can download a container image and spin up a new container from it. This makes Docker containers more shareable than LXC. Docker Hub is one of the key reasons Docker skyrocketed to popularity—It enables an ecosystem to grow and flourish around Docker’s core container technology. Pretty much every IT vendor has their software packaged as an official container image and hosted on Docker Hub for any developer to download and use.
Who uses Docker?
While LXC is used primarily by Ops teams as lightweight VMs, Docker has massive adoption among developers and QA. Unlike LXC which is an OS container, Docker is an application container. OS containers were already being used by Ops teams, but Docker came along and brought the benefit of containerization to the masses of developers. Though initially gaining adoption by developers, Docker is today becoming a household name for every IT team. For IT teams too, Docker brings benefits of more predictable deployments as artifacts aren’t modified in transit. This builds reliable applications, and reduces back-and-forths between Dev and Ops teams.
Recent developments with Docker and LXC
The first versions of Docker were based on LXC. However, since version 0.9, Docker uses its own runtime, called libcontainer. With libcontainer Docker was able to improve performance, as it had direct access to security modules like namespaces, cgroups, and more. With that update, LXC became a default driver for Docker.
LXC and Docker are closely related, and indeed, without LXC, we would not have Docker today. They share similar goals, security features, and performance, but they also have stark differences in how they are used, the features they include, and the ecosystem built around them. These differences mean that LXC will have its place in niche operational workloads, while Docker is set to dominate IT conversations for the next few years.
About the Author
Twain Taylor began his career at Google, where, among other things, he was involved in technical support for the AdWords team. His work involved reviewing stack traces, and resolving issues affecting both customers and the Support team, and handling escalations. Later, he built branded social media applications, and automation scripts to help startups better manage their marketing operations. Today, as a technology journalist he helps IT magazines, and startups change the way teams build and ship applications.
We’re hiring! Check out the careers page for open positions in Amsterdam, London and San Francisco.
As usual, if you want to stay in the loop follow us on twitter @wercker or hop on our public slack channel. If it’s your first time using Wercker, be sure to tweet out your #greenbuilds, and we’ll send you some swag!