OpenVZ Containers: The Good, The Bad, and The "Failcnt"
It is 3:00 AM. Your Nagios pager is screaming. Your MySQL slave on that budget VPS in Oslo has crashed again. You log in via SSH, run free -m, and it shows 200MB of free RAM. So why did the OOM (Out of Memory) killer strike? Welcome to the world of OpenVZ resource management.
In the current hosting market of 2009, virtualization is splitting into two distinct camps: hardware virtualization (Xen, KVM) and operating system-level virtualization (OpenVZ, Virtuozzo). While everyone loves the price point of OpenVZ, few sysadmins truly understand the kernel-level trade-offs happening under the hood. At CoolVDS, we believe in transparency. If you don't know the difference between guaranteed and burst resources, you are flying blind.
The Architecture: Shared Kernels and Speed
OpenVZ is not a hypervisor in the traditional sense; it is a containerization technology. It creates multiple isolated secure containers (VEs or VPSs) on a single physical server. They all share the same Linux kernel (typically a patched RHEL/CentOS 5 kernel usually labeled 2.6.18-xxx.stab).
The Pros:
- Near-Native Performance: Because there is no hypervisor translation layer, disk I/O and CPU execution are almost as fast as the bare metal.
- Density: Providers can pack more instances per server. This drives down costs, making it cheaper for you to host a blog or a dev environment.
- Instant Scaling: Changing resources is a simple configuration change on the host node, taking effect immediately without a reboot.
The Cons:
- Kernel Dependency: You cannot load your own kernel modules. Need a specific Iptables module for a complex VPN setup? If the host node doesn't load it, you can't use it.
- "Noisy Neighbors": If another container on the node decides to compile a massive C++ project, your I/O wait times might spike.
The Hidden Trap: UBC (User BeanCounters)
This is where most Linux administrators get burned. On a Xen VPS, RAM is RAM. On OpenVZ, memory is a complex calculation of kernel objects and user pages defined in the /proc/user_beancounters file.
I recall a recent migration for a client moving a high-traffic Magento store from a dedicated server to a VPS. They chose a cheap provider offering "1GB RAM." The site crashed hourly. The logs showed nothing. The system metrics looked fine.
Then we looked at the real metrics:
cat /proc/user_beancountersThe output looked something like this (simplified):
| uid | resource | held | maxheld | barrier | limit | failcnt |
|---|---|---|---|---|---|---|
| 101 | kmemsize | 1245550 | 2455500 | 11055923 | 11377049 | 0 |
| 101 | privvmpages | 65100 | 124000 | 131072 | 139264 | 4521 |
See that failcnt (failure count) of 4521 on privvmpages? That is the smoking gun. The provider had set a strict limit on allocated memory pages. Even though the system looked like it had free RAM, the container hit its barrier limit, and the kernel refused to allocate memory to MySQL, killing the process instantly.
Optimizing MySQL for OpenVZ
If you are stuck on a restrictive OpenVZ container, you must tune your my.cnf to respect these artificial limits. You cannot simply trust the standard InnoDB buffer pool settings.
[mysqld]
# Reduce connection overhead
max_connections = 50
# Careful with the buffer pool on OpenVZ
innodb_buffer_pool_size = 64M
# Disable query cache if writes are frequent to save RAM
query_cache_size = 0
query_cache_type = 0
# Reduce stack size per thread
thread_stack = 128KThis configuration acknowledges the reality of shared resources. It is not about raw power; it is about survival within the 'barrier' and 'limit' set by your host.
Latency, Location, and the Law
For our clients in Norway, the physical location of the host node matters as much as the virtualization technology. Routing traffic from Oslo to a datacenter in Germany or the US adds 20-100ms of latency. For a static site, this is negligible. For a database-heavy application or VoIP service, it is noticeable.
Furthermore, we must consider the Personal Data Act (Personopplysningsloven). If you are handling sensitive customer data, you need to know exactly where those physical spindles are spinning. The Datatilsynet (Norwegian Data Protection Authority) is becoming increasingly strict about data transfers outside the EEA. Hosting on a "cloud" where you don't know the jurisdiction is a risk a pragmatic CTO should not take.
Pro Tip: Always check the `numtcpsock` parameter in beancounters. If you are running a high-concurrency web server like Nginx, you might hit the limit of open TCP sockets before you run out of RAM. Ask your provider to bump this limit if you see the failcnt incrementing.
The CoolVDS Difference
We use OpenVZ for our entry-level tier because it offers incredible value. However, unlike budget hosts, we don't overstuff our nodes. We monitor the Load Average of the physical host religiously. We also deploy high-performance SAS 15k RPM drives and the new generation of Enterprise SSDs (Intel X25-E series) for our high-I/O clusters to mitigate the "noisy neighbor" effect.
When you need absolute isolation—for example, a large Java stack that eats RAM or a VPN node requiring custom kernel modules—we recommend upgrading to our Xen-based plans. But for a LAMP stack running a standard CMS? OpenVZ on CoolVDS is optimized, local, and compliant.
Final Verdict
OpenVZ is a powerful tool if managed correctly. It fails when providers get greedy and customers get complacent about checking their resource limits.
Do not let a rising failcnt kill your uptime. Log into your terminal, check your beancounters, and if the numbers don't look right, it's time for a conversation with a provider who understands Linux at the kernel level.
Need low latency VPS Norway hosting that doesn't hide the limits? Deploy a test instance on CoolVDS today and experience the stability of properly managed virtualization.