[otterley]

The Achilles heel of virtualization is networking. All of the hypervisors out there (VMWare, Xen, KVM) have user-space software switch implementations that dramatically reduce the throughput of TCP session creation. As a consequence you lose a significant amount of hardware potential to serve HTTP connections.

[vicaya]

This is wrong as well. VMware standard and distributed virtual switch is in hypervisor kernel.

[otterley]

How's VMWare's TCP new-session-switching-rate compared to Xen's OVS? Any benchmarks showing a significant improvement?

[wmf]

We just did some benchmarks on this topic: https://news.ycombinator.com/item?id=8146536

[reeze_xia]

How about lightweight virtualization like linux container, docker?

[otterley]

That's not virtualization; it's namespace isolation. There's a small performance impact if you're using NAT, but otherwise the kernel networking stack is used, so there's no performance penalty.

[reeze_xia]

Yes, indeed. I mean the optimization of energy saving seems not suitable for the condition of namespace isolation, since you can't control the other containers requests. if we have to, we need to dispatch request from server perspective but not container.