top of page
  • Writer's picturemohan s

How Containers are more lightweight than Virtual Machines

Updated: Aug 31, 2021

Docker containers share the host’s kernel, network stack, and filesystem drivers, and generally don’t run complex services like systemd or CPU'S or sshd; they only run the packaged application. A VM generally has a virtualized network setup and disk and runs a full-blown operating system, on top of the OS the host is already running. What’s hard to do in Docker? A container doesn’t actually have a NIC, doesn’t actually run a DHCP client, and can’t (easily) run low-level network protocol software; Docker “borrows” the host iptables for its own use and if you want very specific network policy per container it can get tricky; host storage is shared across all containers and you can’t readily assign a quota to a container. In a VM there is a (virtual) NIC, and a DHCP client, and a firewall inside the VM, and so on. Docker Sweet Spot I feel like Docker’s sweet spot is as a packaging and distribution mechanism for network services that speak “simple” TCP protocols, like HTTP.

4 views0 comments

Recent Posts

See All

What is Hashicorp vagrant?

Vagrant is used to set up one or more virtual machines by: Importing pre-made images (called "boxes")Setting VM-specific settings (IP address, hostnames, port forwarding, memory, etc.)Running provisio


bottom of page