I was speaking to someone without a technical background yesterday, trying to explain where Linux Containers are a better choice than virtual machines, in a way that was faithful to the actual underlying system architecture. While the container metaphor is great, it doesn’t really help explain how containers are superior to virtual machines. My sense was that the fundamental pattern behind LXC shouldn’t require technical understanding to explain, so I tried to come up with a metaphor. Here’s what I ended up with, hopefully it will be useful, or at least entertaining.
Meet Colonel Linus
Colonel Linus is the leader of an expedition to a resource-rich island, inhabited by a volatile native tribe. If you speak to them in their language, they are happy to trade with you and give you what you want. If you say the wrong thing though, they might consider you dinner instead. The Colonel has learned the local language well, and has a good relationship with the Chief of the tribe. He is also able to organise how trade happens on the island, which the Chief has no interest in doing.
As it happens, the island is in a strategic location and many ships pass by, often stopping at the island to buy supplies. The ships sail under different flags, speak different languages, and oftentimes, their respective empires are at war. When a ship wants to approach the island, the Colonel’s crew approach them and guide them towards one of the many natural harbours of the island, making sure the ship’s crew is not aware of any other ships that may have docked at nearby ports. If they do become aware, they may start military operations against each other, which is obviously bad for the Colonel and his expedition.
Each ship knows they need to speak to the Colonel, and that he will get them the resources they need. But the Colonel is pretty bad at diplomacy and tends to slip and let the captains know about the other ships in the other harbours. To avoid that, he has a team of emissaries convincingly pretend they are the Colonel. To be truly convincing, each needs an entourage of scribes and fighters, all pretending to be working for the real Colonel. Each ship’s captain makes their requests to the respective emissary, who in turn tells the Colonel what the ship wants, and the Colonel proceeds to ask the Chief for the resources, which he then hands over to the emissary/fake Colonel, who in turn gives them to the ship. The ship sails away none the wiser about the fact that they didn’t actually speak to the Colonel, or that other ships may have been docked in other ports of the island.
The only problem is that this particular island gets a reputation for being slow to fulfill requests, which means that the captains of the various ships will try to avoid trading there if they can. Also, the island has to feed all these emissaries and their entourages, so has fewer resources to trade. The alternative is that either the island would have to have only one ship docked at any one time, or the colonel would have to become a much better diplomat, so he can do the deceiving himself.
Colonel Linus III, the deceptive
Colonel Linus III, the grandson of the original Colonel, has grown up on the island and learned all the languages. Moreover, he’s seen what the emissaries do, and knows all the right lies to tell the ship captains to keep them in the dark about the existence of other ships, potential enemies, on the island. Under his reign, ships get their trades completed much faster, meaning more ships can dock on the island every year, and the colony is a lot more successful as a result. They also were able to kick out the emissaries and their entourages. Ships now get their requests filled just as fast as anywhere else, and a boom in local trade ensues. What’s more, the Colonel’s trick can now work for other islands as well, ones that weren’t rich enough to maintain emissaries to begin with, or ones where trading speed was of the essence.
What’s all this got to do with containers?
I’m glad you asked! The native tribe and the island represent the hardware of a given device. This could be a server, a personal computer, or any other computer. The Colonel is of course the Linux Kernel. Virtual Machines work like the island under the first and second Colonels (Linux 0.x to 2.5, approximately). In order to present a convincing ruse, they must maintain the entire “fake Colonel” emissary and his entourage. In fact it’s even worse, as the fake Colonels are also bad at lying, so can’t know of the scheme. So they themselves actually speak to someone pretending to be the Chief, who then speaks to the Colonel. (this pretender is the Virtual Machine implementation). This works, but puts a burden on the resources of the island and slows things down.
Linux Containers, gradually introduced around the time of the change to Linux 3.0, are equivalent to the third Colonel learning to be a better diplomat. Now he can directly speak with everyone, and say the right things to make everyone feel special, while at the same time avoiding middlemen and the speed/resource penalty they impose. So the ‘container’ itself is the illusion that the captains see. The isolated harbour and the whole charade the Colonel puts up. In principle this metaphor should also work for Jails in FreeBSD, or Zones in Solaris, or precursors to LXC like OpenVZ, but I am not as familiar with these technologies, so I rather stick with what I know.
Of course, it should be noted that Virtual Machines still have their uses. When you want to host completely different Kernels/Colonels, which can serve entirely different kinds of programs/ships, VMs are the way to go.
Hopefully that made some sense. In general I think the act of coming up with metaphors is key to communicating a startup idea well. So if you have any thoughts on how to improve the metaphor, do let me know. I’m happy to hear your thoughts in the comments or over on twitter.
Any questions? or you’d just like to say hi, come find us on our community chat.
