I recently tried using both Docker and LXC and I just had to ditch Docker.<p>If you wanted something as "esoteric" as having normal networking in your container, you had to understand how Docker abstracted LXC in the first place, then find out how to do things the LXC way and then push your changes through, with some extra duct-tape with pipeworks.<p>And if that's the start, before I've even <i>done</i> anything, I can't imagine things getting better. So Docker? No thanks.<p>Then I'll just go ahead and use LXC directly. It involved a bit more research, but nothing you can't do in a few hours. And when you do, you can get to benefit from BTRFS volumes and having snapshot management tied directly to your containers.<p>Maybe I'm missing something, but after fooling around with this for a few days, I can't see why anyone would choose the leaky abstraction that is Docker when you can just go with the real deal.
If you are new to the idea of containers vs traditional virtualization, I have put together a screencast about containers, entitled: "Introduction to Containers on Linux using LXC". Can be seen @ <a href="http://sysadmincasts.com/episodes/24-introduction-to-containers-on-linux-using-lxc" rel="nofollow">http://sysadmincasts.com/episodes/24-introduction-to-contain...</a>
Interesting benchmarks, ruined for me by a huge experimental no-no: when one of the tests (the Docker delete) didn't produce the result the author wanted, he investigated the underlying problem and fixed it. Sure enough, that became the headline 49x speed-up. Where the results fit the narrative, no optimization was done/reported.<p>One thing I'm very interested by is Docker's idea of single-process containers; but whether this can be done with KVM isolation instead of (weaker but cheaper) LXC isolation. One thing I was surprised by from this presentation is that the memory cost of a KVM vs LXC instance was only 185MB vs 45MB. So KVM's stronger isolation might not be as expensive after all...
One thing to keep in mind is lightweight containers work well for deployment (isolation), but they can't replace KVM for general virtualization tasks, as guest kernel has to be the same as the host OS.<p>If you have your hosts running CentOS and want to deploy on Windows, for example, or want to migrate some legacy server to the "cloud" this might not work well for you.
Docker stopped using LXC and now uses libcontainer:<p><a href="http://www.infoq.com/news/2014/03/docker_0_9" rel="nofollow">http://www.infoq.com/news/2014/03/docker_0_9</a>