OpenVZ Containers: The Efficiency Trap?
If you have spent any time prowling the hosting offers on WebHostingTalk or local Norwegian forums lately, you have seen the race to the bottom. "512MB RAM VPS for $4!" sounds fantastic until you actually try to compile a kernel module or run a heavy InnoDB buffer pool. The secret sauce behind these cheap prices is almost always OpenVZ.
As a sysadmin who has spent too many nights debugging "random" MySQL crashes on budget VPS nodes, I have a complicated relationship with container-based virtualization. It is not inherently bad tech—Parallels has done amazing work with the kernel—but it is a sharp tool that cuts both ways. Today, we are going to look under the hood of OpenVZ, look at the infamous user_beancounters, and discuss when you should use containers and when you need to run toward hardware virtualization like KVM (which we standardize on for high-performance tiers at CoolVDS).
The Architecture: Shared Kernels vs. True Isolation
Unlike Xen or KVM (Kernel-based Virtual Machine), OpenVZ does not emulate hardware. It does not give you your own PCI bus or your own kernel. It is OS-level virtualization. You are essentially running inside a fancy chroot environment on the host's Linux kernel (usually RHEL6/CentOS 6 based these days).
The Pro: Efficiency. Because there is no hypervisor overhead emulating hardware, the I/O performance is near-native. You can pack hundreds of containers on a single physical server.
The Con: The "Noisy Neighbor" effect. If one user on the node decides to fork-bomb their process list or hammer the disk I/O, the scheduler struggles to isolate that load completely. Furthermore, you cannot modify the kernel. Need a specific iptables module for your VPN? If the host node hasn't loaded it, you are out of luck.
The Nightmare of 'Burst' RAM
OpenVZ introduces a concept called "Burst RAM." Providers sell you "512MB Guaranteed, 1024MB Burst." This is marketing speak for "You have 512MB, and if the server is empty, you might get more, but don't count on it."
In a standard Linux environment, when you run out of RAM, the system swaps. In OpenVZ, if you hit your barrier, the kernel simply kills your process. No warning. No graceful degradation. Just SIGKILL.
The Tell-Tale Command: /proc/user_beancounters
If your Apache server is dying randomly, run this command immediately. It is unique to OpenVZ environments:
[root@vps ~]# cat /proc/user_beancounters
Version: 2.5
uid resource held maxheld barrier limit failcnt
101: kmemsize 2843234 5934323 14336000 14790656 0
lockedpages 0 0 256 256 0
privvmpages 43214 69324 65536 69632 142
physpages 12443 19332 0 2147483647 0
numproc 42 95 240 240 0
tcprcvbuf 12344 643232 4432432 5432322 0
See that failcnt column? If it is anything other than zero, you are hitting a limit enforced by the host. In the example above, privvmpages has 142 failures. That means 142 times, an application asked for memory and was told "No" by the hypervisor, likely crashing MySQL or PHP.
Pro Tip: Many providers oversell RAM by setting theprivvmpageslimit (allocated memory) much higher than the physical RAM available on the host. This leads to "memory exhaustion" even when your VPS tools say you have free RAM. Always check thephyspagesto see what you are actually using in physical terms.
Configuration Reality: Tuning MySQL on OpenVZ
Because you cannot swap effectively, your MySQL configuration needs to be conservative. On a dedicated server or KVM slice, you might set the InnoDB buffer pool to 70% of RAM. On OpenVZ, that is suicide.
Here is a safer my.cnf snippet for a 512MB OpenVZ VPS running a small Magento or WordPress site:
[mysqld]
# Do not use default settings on a small VPS!
# Key buffer for MyISAM (if you still use it)
key_buffer_size = 16M
# InnoDB is memory hungry. Keep this low to prevent OOM kills.
innodb_buffer_pool_size = 64M
innodb_additional_mem_pool_size = 2M
# Reduce per-connection memory footprint
read_buffer_size = 256K
read_rnd_buffer_size = 512K
sort_buffer_size = 512K
# Crucial for connection limits
max_connections = 40
Network Latency and Geography
For our clients here in Norway, raw throughput isn't the only metric. Latency to NIX (Norwegian Internet Exchange) in Oslo is critical. OpenVZ actually performs slightly better here than KVM in raw packet processing because the packets don't have to traverse a heavy emulation layer.
However, jitter is higher. If a neighbor on your node gets hit by a DDoS attack, the shared network stack on the host kernel can get saturated. At CoolVDS, we mitigate this by using dedicated network uplinks for our host nodes, but the architectural risk remains.
Compliance Note (Personopplysningsloven)
For those handling sensitive data under the Personal Data Act (Personopplysningsloven), be aware that OpenVZ's shared kernel theoretically exposes a larger attack surface. A root exploit on the host kernel exposes all containers. For banking or medical data, we always recommend full hardware virtualization (KVM) or dedicated servers to satisfy the Datatilsynet's stringent requirements for separation of duties.
The Verdict: When to use what?
| Feature | OpenVZ | KVM (CoolVDS Pro) |
|---|---|---|
| Cost | Very Low | Moderate |
| Performance (CPU) | Native (Burst available) | Near-Native (Dedicated) |
| Isolation | Low (Shared Kernel) | High (Separate Kernel) |
| Customization | Limited (No kernel modules) | Full (Install anything) |
| Disk I/O | Fast, but shared contention | Protected / Dedicated |
Why We Choose Hybrid at CoolVDS
We are not against OpenVZ. It is excellent for development sandboxes, VPN tunnels (if TUN/TAP is enabled), and simple DNS servers. That is why we offer it as our entry-level tier.
But for production workloads—your e-commerce store, your client's database, or anything that generates revenue—we steer you toward our KVM platform backed by high-performance SSD storage. We believe in "Truth in Hosting." If you buy 1GB of RAM, you should get 1GB of physical RAM, not a promise that might evaporate when the node gets busy.
Don't let a failcnt in a text file determine your uptime. If you are ready for consistent I/O and guaranteed resources, it is time to upgrade.
Need low latency in Oslo without the noisy neighbors? Deploy a CoolVDS KVM instance today and feel the difference of dedicated resources.