[eVeechu7]

>Finally, there’s the whole business of resource isolation. While cgroups are pretty neat as an isolation mechanism, they’re not hardware-level guarantees against noisy neighbors. Because cgroups were a later addition to the kernel, it’s not always possible to ensure they’re taken into account when making system-wide resource management decisions.

I don't think virtualization really offers hardware-level guarantees against noisy neighbours either.

[amarshall]

VMs provide stronger guarantees for maximum CPU, network, and disk usage, as well as memory size consumption. This because the abstraction boundaries are fairly clear (e.g. threads and virtual devices).

[habeebtc]

It offers the opportunity to throttle noisy neighbors in hopes the party isn't too big.

[dilyevsky]

Cgroups can do the same via cfs