LXC Networking(Introduction) (Part 1)

Containers are probably one of the hottest topics that most IT professionals hear about nowadays. However, many people seem to lack an understanding of what they truly are and what are the different variants available to them. I decided to tackle a new project that will focus on Linux Containers(LXC) and how they can be used in Networking.

Virtual Machines vs Containers

Virtualization technologies such as VMware ESXi have been in the market for close to 2 decades and they have been largely adopted by most enterprises. This type of technology focuses around a hypervisor, which is responsible for managing the resources of a VM. By being able to deploy multiple Operating Systems(OS) on a single server, companies enjoyed a great amount of saving with relations to the cost of running a standard server/application setup.

Standard Virtualization requires a dedicated kernel for each application which means that they each require the creation of a dedicated guest OS. This represents a disadvantage and results in duplicate binary files and user space elements. They do, however, provide a sand-boxed environment which provides great isolation and security.

Containers on the other hand, are a kernel level virtualization technique. This means that all of the containers share the same kernel. There is also no overhead of having to run a hypervisor. They rely on namespaces which is a technology in Linux that enables the virtualization of many important OS components such as networking and process table. Namespaces gives the illusion to the application that it is running on a dedicated system.

Here is a useful picture to better understand each of these technologies and their differences:

Compared to standard virtualization technology, containers happen to be very lightweight, which allows for greater density. I am personally part of the admins of Northsec which happens to be an information security event and competition. Our infrastructure at Northsec is mainly built around containers and we run close to 12k of these lightweight systems. All of those containers are hosted in a small rack which comprises of a couple of servers and switches!

Virtualized Infrastructure using LXC/LXD

As the topic of this project is about LXC, we will now focus on it and its features. As you might have guessed, LXC stands for Linux Containers and it is an interface which enables a user to interact with the container features of the Linux kernel. You might have also heard about LXD which is related to LXC, but what is the difference? LXD stands for Linux Daemon and it is not a separate product from LXC. It actually works in tandem with LXC to improve the user experience(UX). See it as a tool to simplify the creation and management of your containers. LXC does not come with enough features to be used in a production environment and that is the void that LXD fills in.

The ability to take snapshots of your container and to rollback to it is also available. Many enterprises have seen the tremendous advantage of performing live migration using tools like VMware VMotion. Live migration is the process of moving VMs from one server to another without pulling the cable. Live migrations can easily be done with LXC and one great way to utilize this feature is by using nested containers.

LXC is extremely fast and easy to use. One can spin up a container in a matter of few seconds. The learning curve is also not that bad as long as you take your time to fully understand each of the components. Patience is of the essence!

Comparing LXD and Docker

In the world of DevOps, Docker happens to be one of those technologies that have been adopted by many enterprises due to its flexibility and its wide range of use cases. However, one might wonder: "How does it differ from LXC/LXD?" Let us compare both products.

Docker is also a containerization technology, but it is mainly used for deploying applications. Back in the days, LXC used to be the technology that made Docker function, but now Docker became independent of it and has gone its route. LXC/LXD is used for deploying hosts, but it can be used for applications. Think of it as a Linux VM. LXC is maintained and developed by Canonical, which is the company that is also responsible for maintaining the famous distribution of Linux known as Ubuntu.

For the time being, LXD can only run on a host running Linux. Docker on the hand is more flexible when it comes to the host environment. It can run a Linux system, OS X and Windows, which now has native support for it.

To get a better understanding of the differences of these 2 technology, please refer to the following picture:

Being part of Northsec, I got to learn about this awesome technology from Stéphane Graber himself, who is the project lead of the LXD project at Canonical. If it was not for him and for the rest of the team at Northsec, I would have never been able to write some content about this awesome tool.

References:

https://www.sumologic.com/blog/code/lxc-lxd-explaining-linux-containers

https://stackshare.io/stackups/docker-vs-lxc-vs-lxd https://unix.stackexchange.com/questions/254956/what-is-the-difference-between-docker-lxd-and-lxc

https://www.youtube.com/watch?v=HsqtHT8auxg