Containers Deep Dive – LXC vs Docker

LXC vs Docker Comparison

As the industry moves beyond the Virtual Machine consolidation paradigm, several types of containers have come to prominence. Containers are not a new technology. Solaris platform has offered the concept of Solaris Zones for many years, and many Linux administrators have experimented with BSD jails as a lightweight alternative to virtual machines. The growing interest in Docker and LXC (Linux Container) has brought about a resurgence of containers as a more user-friendly solution.

So how does one go about choosing between the two Linux container technologies? This blog attempts to raise awareness and contrast pros and cons of both technologies. We compare the two using the following criteria:

  • Popularity
  • Architecture
  • Storage Management
  • Client Tools and Onboarding
  • Image Registry
  • Application Support
  • Vendor Support & Ecosystem


If you just woke up from a decade-long slumber and searched Google for the most popular technology trends of 2017, don’t be surprised if you are inundated with websites talking about Docker. In fact, a comparison between Docker and LXC, in terms of Google search trends, will put the whole debate of LXC vs Docker to rest.

LXC vs Docker comparison: popularity, architecture, storage management, client tools & onboarding, image registry, application & vendor support, ecosystem

To be fair to LXC, the first implementation of Docker was layered on top of LXC, and LXC truly made Linux containers accessible to the masses. It’s only folly, just like Solaris Zones and BSD Jails, was that it tried to provide a lightweight VM experience for system administrators. On the other hand, Docker’s focus, from the beginning, was to bringing container benefits to the developer community, primarily on the laptop, and across all distributions of Linux. In order to realize this goal, Docker, starting version 0.9, dropped support for LXC as its default execution environment and replaced it with its own implementation called libcontainer, and eventually, the OCI specification compliant, runc. While other container alternatives such as rkt, OpenVZ, Cloud Foundry Garden exist, their use is rather limited. Docker has established a significant lead in the race to bring containerization to market, with huge install bases and ecosystem partners, as well as advanced tools and facilities custom built for this solution.


At the core, Docker, LXC and other container technologies depend on the key Linux kernel features of cgroups and namespaces. I highly recommend watching this talk by Jérôme Petazzoni to get more details about these kernel features.

At the onset, the Docker architecture looked quite similar to LXC, where in place of liblxc, they had implemented their own library called libcontainer that would provide the execution environment across multiple Linux distributions. Over time though, they have added multiple abstraction layers to better suit the larger open source ecosystem, and to comply with industry standards. Currently, the two key Docker engine components are: containerd and runC.

Docker is more than an image format and a daemon, though. The complete Docker architecture comprises the following components:

  • Docker daemon: runs on a host
  • Client: connects to the daemon, and is the primary user interface
  • Images: read-only template used to create containers
  • Containers: runnable instance of a Docker image
  • Registry: private or public registry of Docker images
  • Services: a scheduling service called Swarm which enables multi-host, multi-container deployment. Swarm was introduced in version 1.12

For more details, refer to the Docker documentation.

Storage Management LXC vs Docker

LXC storage management is rather simple. It supports a variety of storage backends like btrfs, lvm, overlayfs, and zfs. But by default (if no storage backend defined), LXC simply stores the root filesystem under /var/lib/lxc/[container-name]/rootfs. For databases and other data-heavy applications, you can load data on the rootfs directly or mount separate external shared storage volumes for both the data and rootfs. This will allow you to leverage the features of your SAN or NAS storage array. Creating an image out of an LXC container just requires tar’ing up the rootfs directory.

On the other hand, Docker provides a more sophisticated solution for container storage and image management.

We first start with image storage. A Docker image references a list of read-only layers that represent differences in the filesystem. These layers are stacked one over the other, as shown in the image above, and form the basis of the container root filesystem. The Docker storage driver stacks and maintains the different layers. The storage driver also manages sharing of layers across images. This makes building, pulling, pushing, and copying of images fast and saves on storage.

When you spawn a container, each gets its own thin writable container layer, and all changes are stored in this container layer, this means that multiple containers can share access to the same underlying image and yet have their own data state.

Docker, by default, uses copy-on-write (CoW) technology with both images and containers. This CoW strategy optimizes both image disk space usage and the performance of container start times.

When a container is deleted, all data stored is lost. For databases and data-centric apps, which require persistent storage, Docker allows mounting host’s filesystem directly into the container. This ensures that the data is persisted even after the container is deleted, and the data can be shared across multiple containers. Docker also allows mounting data volumes from external storage arrays and storage services like AWS EBS via its Docker Volume Plug-ins.

For more details on Docker storage, refer to their documentation.

Client Tools and Onboarding

As we established earlier, BSD jails and LXC have focused on IT Operators with the goal of providing a lightweight virtualization solution. This means, for a system administrator to transition from hypervisor-based virtualization to LXC is rather painless. Everything, from building container templates, to deploying containers, to configuring the OS, networking, mounting storage, deploying applications, etc. all remain the same. In fact, LXC gives you direct SSH access, this means all the scripts and automation workflows written for VMs and physical servers, apply to LXC containers too. LXC also supports a template notion, which essentially is a shell script that installs required packages and creates required configuration files.

Docker has focused primarily on the developer community. As a result, it has provided custom solutions and tools to build, version, and distribute images, deploy & manage containers, and package applications and all their dependencies into the image. The 3 key Docker client tools are:

  • Dockerfile – A text file that contains all the commands a user could call on the command line to assemble an image.
  • Docker CLI – This is the primary interface for using all Docker features.
  • Docker Compose – A tool for defining and running multi-container Docker applications using a simple YAML file.

It is important to note, that while Docker brings ease of use via a slew of custom tooling, it comes at the cost of a steeper learning curve. If you are a developer, you are used to using VirtualBox, VMware workstation/player, and vagrant, etc. to create quick development environments. On the other hand, the administrators have built their own scripts and automation workflows for managing test and production environments. Both these groups have become accustomed to this arrangement given the industry-accepted norm that Development environment != Production Environment. Docker is challenging this notion and trying to get these two groups to use standard tools and technology across the entire product pipeline. While developers find Docker intuitive and easy to use, especially given how significantly it boosts their productivity, the IT administrators are still warming up to the idea and trying to work in a world where containers and VMs will co-exist. The Docker learning curve for the IT admins remains steep, as their existing scripts need to change. SSH access is not available by default, security considerations are new. Also, with the new microservices architecture, it challenges their set processes associated with the typical 3-Tier traditional applications.

Image Registry

One of the key components of the Docker architecture is the Image registry, that stores and lets you distribute Docker images. Docker provides both a private image registry and a publicly hosted version of this registry called Docker Hub which is accessible to all Docker users. Also, the Docker client is directly integrated with Docker Hub, so when you run `Docker run ubuntu` on your terminal, the daemon essentially pulls the required Docker image from the public registry. If you are just starting out with Docker, it is best to pay a visit to Docker Hub and explore the hundreds of thousands of container images available out there for you to use.

Docker Hub was launched in March of 2013, but according to Docker Inc, as of Oct 2016, there already have been 6 Billion plus pulls from it. Other than Docker Hub, there are many other vendors that provide API-compatible Docker registries, to name a few – Quay, AWS, JFrog, etc.

LXC on the other hand, given its rather simple storage management, both, in terms of container filesystem and images, does not come with any special registries. Most vendors supporting LXC generally provide their custom mechanism for storing LXC images and staging them to different servers. The website does provide a list of base images which are built using community supported LXC image templates. Similar to Docker, LXC provides a download template that can be used to search for images from the above source, and then dynamically create containers. The command looks like `sudo lxc-create -t download -n `.

Application Support

The application space can be roughly categorized as – modern, microservices-based, and traditional enterprise applications.

Microservices architecture has gained popularity amongst new web-scale companies like Netflix, Google, Twitter, etc. Applications with a microservice architecture consist of a set of narrowly focused, independently deployable services, which are expected to fail. The advantage: increased agility and resilience. Agility since individual services can be updated and redeployed in isolation. Given the distributed nature of microservices, they can be deployed across different platforms and infrastructures, and the developers are forced to think about resilience from the ground up instead of as an afterthought.

Microservices architecture and containers, together, make applications that are faster to build and easier to maintain while having overall higher quality. This makes Docker a perfect fit. Docker has designed its container solution around the microservices philosophy and recommends that each container deal with a single concern. So applications now can span 100s or 1000s of containers.

Now microservices architecture is fairly new, and the hence the applications based on it are limited. A large portion of the enterprise data center is dominated by the typical 3-Tier applications – Web, app, and db. These applications are written in java, ruby, python, etc, have a notion of single logical application server and database, and require large CPU and memory allocations since a majority of the components communicate via in-memory function calls. In terms of management, these applications require administrators to bring the application services down, apply patches and upgrades, make configuration changes, and then restart the services. All this assumes that you have complete control over the app and can change state without losing access to the underlying infrastructure.

Give the nature of the existing or traditional enterprise apps, LXC seems like a more natural fit. Sysadmins can easily ‘Lift & Shift’ their existing apps running on bare metal servers or VMs to LXC containers. While Docker is promoting their technology for traditional applications as well, this requires significant involvement and work to get it working. Of course, this experience is only going to get simpler, as most vendors now provide their software as Docker images, and this will help jump-start deployment of new applications.

Bottomline, if you are writing new applications, whether they are microservices-based or 3-tier architecture based, Docker is the best platform to pursue. But if you want to gain all benefits of containers, without significantly changing operational processes, then LXC will be a better fit.

Vendor Support & Ecosystem

Both Docker and LXC are open source projects. Docker is backed by Docker Inc, while LXC & LXD (dubbed container hypervisor) are now backed by Canonical, the company behind Ubuntu OS. While Docker Inc provides an enterprise distribution of Docker solution called Docker DataCenter, there are many other vendors that provide official distributions as well. In contrast, there are very few LXC only vendors. Most support LXC as an additional container technology.

Unlike VMs, the container space is rather young, and the solutions are still quite immature, with many feature gaps. This has created an explosion of companies that provide various solutions around containers and consequently has led to an enormous ecosystem. The image below lists some of the partners that support the Docker ecosystem. LXC does not have such a rich and dedicated ecosystem, but this is primarily because of its native VM-like experience. Most of the tools that work on VMs, should naturally work with LXC containers as well.

LXC vs Docker comparison: popularity, architecture, storage management, client tools & onboarding, image registry, application & vendor support, ecosystem

Finally, in terms of platform support, Docker now has been ported to Windows as well. This means, all major cloud vendors – AWS, Azure, Google, and IBM now provide native Docker support. This is huge for containers and only shows the growing trend.


As with any blog of this nature, comparing two very similar technologies, the answer to which is best is really that, it depends!! Both Docker and LXC have tremendous potential and provide the same set of benefits in terms of performance, consolidation, the speed of deployment, etc. But given Docker’s focus on the developer community, its popularity has skyrocketed and continues to grow. On the other hand, LXC has seen limited adoption but seems to be a viable alternative for existing traditional applications. Also, the VM administrators would find transitioning to LXC easier than to Docker, but will certainly have to support both these container technologies.

Robin Value Add in the LXC vs Docker World

Robin brings to the table an application-centric approach that simplifies the application lifecycle management across various environments for Big Data applications such as Hadoop and Elasticsearch, for distributed databases such as MongoDB and Cassandra, for Oracle databases, and for enterprise applications – Robin supports both Docker and LXC.

Robin is the next-generation cloud platform that runs applications with bare-metal performance, guaranteed QoS, and application-aware infrastructure management. Robin software pools your existing commodity hardware into a scalable, elastic, fluid pool of compute and storage resources that can be dynamically allocated to applications based on business needs or QoS requirements. Robin enables you to:

  • Virtualize databases or Big Data without the hypervisor overhead
  • Consolidate workload with guaranteed QoS
  • Simplify application lifecycle management

Author Adeesh Fulay, Director Products

More posts by Adeesh Fulay, Director Products

Join the discussion 31 Comments

  • […] If you want to learn more about Docker and other container formats, take a look at my blog – Containers Deep Dive – LXC vs Docker […]

  • Nelson Cruz Jersey

    Cutting and gluing felt can be placed on the underside along with a beautiful card holiday scene, and add some yarnaround the edge of the top and hang on your tree. There are other factors to consider, for instance, you need to think about saving costs…

  • Mikey Ambrose Jersey

    After you entered the data a list of electricity providers is going to pop up. Vinpocetine also protects the neural tissues from being damaged. Skullcandy 50/50 Black & Red w/Shuffle Control & MicThese skullcandy earphones sequence are offered in vario…

  • Glen Rice Jersey

    Some years ago, there were old technique cameras where the picture had to be cleaned and you would be having a photo’s hard copy, and when it gets torn or damaged, there was no choice left but to maintain them the way they actually were or throw…

  • Kyle Emanuel Jersey

    Skullcandy Agent Black & Green Headphones This is one of the most desirable skullcandy earphones designed to give the end users a particularly calme experience in enjoying songs.For individuals who have previously received examples of your expertise fr…

  • James Wilson Jersey UK

    Do you have any idea what I use it for?I cover my pool every night in the summerThat’s right! After I’m done swimming for the day, I pull over the in ground pool covers and let the heat stay right where I want it.Many individuals often offe…

  • Lance Lynn Jersey

    They assist us in memorizing a specific time or moment whenever we look at the photos and make us smirk. Show your shoppers how they may be in a position to take a look at your website worryfree. At the present, there are a lot more choices, whether yo…

  • Sam Mills Jersey UK

    The effects of these vitamins to tinnitus patients are discussed below. Whatever type of handmade ornament you decide to make it is a sure bet that along the way you will make a lot of good memories from interacting with family or friends, you may even…

  • Lucas Nogueira Jersey UK

    This product is designed in half mic and half bud that may feel comfortable for the end users. As an added advantage, it prevents water evaporation, which has proved to be fewer chemicals required also. Many of the data correspondence between the cellu…

  • Danny Granger Jersey

    Additionally, adolescents will obtain calme impressions in all skullcandy earphones series. In addition to all of those people amazing themes, skullcandy earphones can also be created to symbolize audio lover dignity. You should also know how to manage…

  • Custom Oakland Raiders Jersey

    How does FlexiSpy function?FlexiSpy only must be launched once on a phone and then it is going tosecretly record each action. Listening to and learning about your recruits will teach you what matters to them. Designer perfumes are the range of many, ba…

  • Gianluca Lapadula Jersey

    If you are interested in learning more about an ISO lead auditor course come to AQS Management Systems. Supplies for making them can be found in a home supply and repair store, or a craft store. Include Vitamin B12 in your diet and notice your increase…

  • Joe Mixon Rookies Jersey

    However, I do have saved some money on gas bills as my heater never runs. Don’t give out meaningless items like ridiculous certificates or the like. You can transform the backgrounds, colors, contrast and brightness. Electric fencing Ormskirk is…

  • New England Patriots LaAdrian Waddle Jersey

    •Picture retouching is a service that needs an artistic mind as it comprises changing the photo’s background, adding any suitable text if needed.Keep in ideas that even though outstanding things are easily obtainable, it will not always happ…

  • Charles Barkley Jersey

    This is great as many folks can find less expensive electrical companies in there are, so theycan begin saving money. This is the reason why you should always ensure that the Hair Replication procedure is carried out by trained operators. Rewards may b…

  • Eric Wood Jersey

    However, it can also last for a long time and hamper one’s daily life.Here are some processes that can give a new look to your photos: •Picture restoration is an eternal approach that is utilized to keep old pictures that are scratched or stained…

  • Carlos Gonzalez Venezuela Jersey

    Designer perfume and deodorant potent and mysterious fragrance comes complete in a sleek bottle. In the following paragraphs we will discuss about how you can use either of these fencing techniques to serve your purposes.Here are some processes that ca…

  • San Jose Sharks Jersey

    Help stave off failure by reading these great hints . You can get a lot of details about this on the internet. Skullcandy 50/50 Black & Red w/Shuffle Control & MicThese skullcandy earphones sequence are offered in various colours. Early intervention wi…

  • Patrik Nemeth Jersey

    You should encourage potential recruits to tell you about themselves and pay attention to their responses. It is not compulsory to use your financial institution statement. This can lead to tiredness, listlessness and other problems that might deplete…

  • Jose Reyes Jersey UK

    Ornaments can be made from craft balls. A blog can help you in more ways than one.Regardless of your status as a network marketer, you need to have a person acting as your mentor as they will be the ideal person to gain information, helpful hints , and…

  • Leonel Vangioni Jersey

    Upon getting your current facts there won’t be any spot for question.Moreover, lack of Vitamin A can also result in ear problems such as tinnitus. The treatment method which needs to be used depends on the severity of tinnitus. Thereare many opti…


    ACAI BERRYis a little berry that packs a powerful punch. Skullcandy 50/50 Black & Red w/Shuffle Control & MicThese skullcandy earphones sequence are offered in various colours. This is the objective why you are always suggested to know how to choose ou…

  • Team Sweden Jersey UK

    The effects of these vitamins to tinnitus patients are discussed below. Therefore, be cautious whilst investing inside a designer perfume to prevent issues as well as disappointment, and purchase from a wellknown location so that you will get a genuine…

  • Jared Spurgeon Jersey

    In magazines and ads, sometimes you feel that how to make your eyes look bigger, yes, it is all done with the help of editing software. This is beneficial, especially if you are a visual type of person.Put severe thought into your website tags because…

  • Cheap Jerseys China Free Shipping

    Dependant upon the product of your kitchen cabinets, you could possibly fresh paint them as well. How can I take rid of a personal computer virus is a marvel that regretably a whole lot of personal computer house owners incorporate in the direction of…

  • Pete Orr Canada Jersey

    There are many websites that help people by discussing this information. Scalp Micropigmentation operator must ensure that the right number of pigment, in the right level, is placed in the scalp for the preferred result. Vinpocetine also protects the n…

  • Cheap Jerseys Free Shipping

    Just being seen with a celebrity can get your website consulting business highly recognized. Clearly a technologies admirer will acquire the 10 honest leather based predicaments. This bubbly pleasurable auto is the least complicated decision for these…

  • Cheap Wholesale Jerseys

    Inside the scope of what includes in the direction of be carried out, the computer software software package alone can even be restrictive. Substantial loopholes in the system can be attributed to the quality and the security of the Internal Controls.…

  • Cheap Jerseys China Wholesale

    Be cautious of which document you choose, as some are much more difficult to remove than the others, in the circumstance you might not want it in the future. Send them a free gift bag to start the conversation. Do not open up a great deal of accounts w…

  • Cheap NFL Jerseys Wholesale

    Painting makes your house look elegant and beautiful. Rest assured: as Baby Boomers continue to move out of the workforce (vacating jobs) and into hospice care, this trend will continue to rise sharply. No matter the waterproof coat device that you’ve…