The Truth About OpenVZ Containers: Efficiency Myth or Overselling Nightmare?
It is 2010, and the hosting market is flooded with "unlimited" offers. You have seen the ads: a Virtual Private Server (VPS) for the price of a latte. Most of these budget hosts are running OpenVZ. If you are running a static HTML site, that is fine. But if you are trying to scale a Magento store or a high-traffic Drupal installation, you might be sitting on a ticking time bomb.
As a sysadmin who has spent too many nights debugging kernel panics and fighting for CPU cycles, I am here to tell you the ugly truth about container-based virtualization. It is not all bad—efficiency is great—but in the wrong hands, it is a recipe for disaster.
The Architecture: Shared Kernels and the "Noisy Neighbor"
Unlike Xen or the rising KVM (Kernel-based Virtual Machine) technology, OpenVZ does not emulate hardware. It uses a shared kernel architecture. Every container (VE) on the host node runs on the exact same Linux kernel version—usually a heavily patched RHEL 5 or CentOS 5 kernel (2.6.18 series).
The Pro: It is incredibly lightweight. There is almost no overhead. You can pack hundreds of containers on a single physical server.
The Con: If one user manages to crash the kernel, everyone goes down. Furthermore, resource isolation is not as strict as hardware virtualization. If your neighbor decides to compile GCC or run a fork bomb, your latency spikes. In Norway, where we pride ourselves on stability and quality, relying on a congested node is unacceptable.
The Enemy: /proc/user_beancounters
In a Xen environment, if you run out of RAM, you swap. In OpenVZ, if you hit your limit, the kernel simply kills your process. This is controlled by the User BeanCounters (UBC).
If your Apache server is returning random 500 errors, do not just check the error logs. Check the bean counters. I cannot count how many times I have logged into a client's sluggish VPS only to see this:
# The command of truth
cat /proc/user_beancountersYou will see output looking like this:
uid resource held maxheld barrier limit failcnt
101 kmemsize 2445086 2654000 11055923 11377049 0
lockedpages 0 0 256 256 0
privvmpages 12050 45000 65536 69632 4502
physpages 5045 12000 0 2147483647 0See that failcnt (failure count) column? That 4502 under privvmpages? That means 4,502 times an application asked for memory and the kernel said "No," causing a crash or failure. This usually happens even if `free -m` shows available memory, because OpenVZ limits are often set artificially lower than the visible RAM to facilitate overselling.
Pro Tip: If you are stuck on OpenVZ, optimize your MySQL configuration to strictly limit memory usage. Do not let InnoDB guess your buffer pool size.
Configuring MySQL 5.1 for OpenVZ
To prevent MySQL from being killed by the OOM (Out of Memory) killer in a constrained container, you must be explicit in /etc/my.cnf:
[mysqld]
# Reduce key_buffer for MyISAM if using InnoDB
key_buffer_size = 16M
# Strict InnoDB limits to avoid hitting UBC barriers
innodb_buffer_pool_size = 64M
innodb_additional_mem_pool_size = 2M
# Reduce per-thread buffers
sort_buffer_size = 512K
read_buffer_size = 256K
read_rnd_buffer_size = 512K
# Limit connections to prevent memory exhaustion
max_connections = 50Latency and Sovereignty: The Norwegian Context
For businesses operating here in Norway, latency to the NIX (Norwegian Internet Exchange) in Oslo is paramount. A cheap OpenVZ container hosted in Germany or the US might save you 50 kroner, but the 40ms+ latency adds up, especially for database calls if your app server is local.
Furthermore, we must consider the Personopplysningsloven (Personal Data Act). While the cloud is global, the Datatilsynet (Data Inspectorate) is very clear about the responsibilities of handling personal data. Using a budget provider that over-provisions and stores data in uncertain jurisdictions is a liability. You need to know exactly where your bits live.
When to Use OpenVZ vs. Xen/KVM
| Feature | OpenVZ | Xen / KVM |
|---|---|---|
| Isolation | Shared Kernel (Weak) | Hardware Emulation (Strong) |
| Performance | Near Native (unless oversold) | Small Overhead (~2-5%) |
| Kernel Modules | Impossible (No Fuse/IPTables mod) | Full Control |
| Reliability | Dependent on Neighbors | Independent |
The CoolVDS Approach: Performance First
At CoolVDS, we have debated this internally. We know developers love the instant provisioning of containers. However, we refuse to play the "overselling" game.
We leverage KVM virtualization for our primary production tiers. Why? Because when you run a `yum update` or a heavy cron job, you should get 100% of the CPU cycles you paid for, not whatever is left over from the neighbor's Minecraft server. We couple this with high-performance RAID-10 SAS 15k RPM storage (and testing early SSDs for database tiers) to ensure I/O wait times don't kill your application.
Our infrastructure is physically located in Oslo, ensuring millisecond latency for your Nordic customer base and full compliance with Norwegian data laws.
Final Verdict
Use OpenVZ for:
- Development environments
- DNS servers
- VPN endpoints (if TUN/TAP is enabled)
Use KVM/Xen (CoolVDS) for:
- E-commerce (Magento, OsCommerce)
- Database Servers (MySQL, PostgreSQL)
- Java Applications (Tomcat/JBoss)
- Anything that requires stable performance
Stop guessing why your server is slow. Move to a platform that respects your resources. Deploy a true KVM instance on CoolVDS today and feel the difference.