OpenVZ resource limits can be a little tricky, even after reading through the documentation on the OpenVZ website. With this post, I hope to explain the /proc/user_beancounters file as well as provide an illustration of memory guarantees/limits in an example 256mb container.
Before attempting to understand OpenVZ’s memory limits, let’s recap Linux’s memory setup. This background information is important to firmly grasp OpenVZ’s behavior. You can safely skip this section if you already understand Linux’s memory overcommit accounting.
Linux Overcommit Accounting
Memory in Linux refers to the combined RAM + swap values. Memory is allocated from this pool using one of the *alloc() functions. If malloc() is used to allocate memory, the pages are not zeroed out. malloc() is unique in one regard: the kernel can malloc() more memory than what is available in RAM + swap. This behavior of allocating more than the total available memory is called overcommitting memory.
Seems like a recipe for disaster, huh? Imagine… processes are humming along allocating memory and BAM! some process wants to use the n’th + 1 byte of memory and an out of memory (OOM) condition provokes the kernel to start killing processes.
Why does the kernel allow memory to be overcommitted? Because most applications do not actually consume all of the malloc()’d memory. If an app doesn’t use a memory location, it does not really need to subtract from your total available memory.
Consider a typical Apache process. A full 20-30% of an Apache processes malloc()’d memory may not be consumed. With memory overcommit, this slice of memory can be used by other applications. Java applications also allocate much more than they use, as do many scientific applications.
At the system-wide level, these “malloc’d(), but not consumed” slices of memory begin to add up. By overcommitting memory, these slices don’t take up physical memory locations — resulting in more efficient use of memory resources.
OpenVZ and memory overcommit
OpenVZ also has the ability to overcommit memory. When creating an OpenVZ container, we specify the vmguarpages and oomguarpages resource guarantees. vmguarpages represents the maximum guaranteed amount of malloc()’d memory a container may have, while oomguarpages represents the maximum consumed memory. These are called guarantees because (If your server has enough RAM + swap) container processes will never be killed due to OOM if they are within these limits.
What if your container exceeds the vmguarpages or oomguarpages value? This is where a new limit comes in: privvmpages. privvmpages represents the absolute upper limit on container memory. When you run free or `cat /proc/meminfo` in a container, you see this privvmpages value take form as “Total memory”.
The memory gap between privvmpages and the two resource guarantees (vmguarpages and oomguarpages) is not safe to use in an ongoing basis if the sum of all container privvmpages exceeds RAM + swap of the hardware node. This is because if the hardware node runs out of memory, it begins looking for containers using more than their guaranteed memory. The kernel kills a process from the container who’s physpages exceeds oomguarpages the most.
I’ve created a diagram that hopefully illustrates the relationship between these three key memory limits/guarantees. Also included in the diagram is kmemsize, which is used for non-swappable kernel memory–not very important as long as it scales with privvmpages.
Thank you very much for your great explanation! It has helped me very much !
Thanks for the insight through the artice, it helps quite a bit. One thing though still bothers me, and it is missing a bit here, too: What about buffers and cached data? Given that linux always tries to hog all memory it can get for buffers and cache to increase performance, I see a sever problem here, even if this is done through the overcommiting of memory.
Furthermore, what about shared libraries? If they are the same across different virtual instances, shouldn’t their memory consumption be shareable throughout those, too? Is something done along optimizing memory usage in that direction, or isn’t it, meaning that the explained overcommiting of memory is only a drop in the ocean?
Hi Gerfried,
You are right in that Linux will hog all free memory for buffers and cache, and this is exactly what a host OpenVZ server tries to do. Underutilized OpenVZ servers will use more buffers/cache than an oversubscribed server because an underutilized server will have more free memory.
Virtual environments do not have buffers and cache of their own (with the exception of network buffers). Instead, they use the host server’s global buffers and cache. With an underutilized OpenVZ server, this can lead to a single active VE using a disproportionately large amount of the host server’s buffers and cache.
If the virtual environments are set up so that they all point to the same system libraries, they will be sharable throughout and will not consume additional memory for each additional VE. In other words, you’d only see one copy of the system library in memory, not one copy for each VE. For resource accounting, each VE would be charged for only a portion of the in-memory library size.
We’re not sharing system libraries across VEs in our setup, so I’m not sure what kind of memory savings this would result in. I can see how this feature would be useful for hosting providers looking to squeeze as many VEs as possible out of a machine.
[...] info here. Tags: [...]
[...] Understanding OpenVZ resource limits (tags: sysadmin openvz) [...]
[...] this extremely useful post over on maxgarrick.com about how OpenVZ resource limits work. I’m re-posting a very handy diagram that was part of the blog post so that I have a local [...]
[...] maxgarrick.com » Understanding OpenVZ resource limits – June 5th ( tags: doc limit memory openvz rules sysadmin virtualization RAM ) [...]