I can't comment on performance, but on a different note it seems to be generally accepted that 'real' container boot time is slow - fly.io mention this too [0]. To add some numbers:
- 40ms for nsjail run an isolated command and exit [1]
- 150[2]-250ms to boot a firecracker microvm
- ~450ms for docker startup [3]
There are probably very good reasons for the difference (e.g. docker has layered filesystems to set up), but the default experience makes a difference.
We've related the timing we've seen on our platform, and the fact that Firecracker works surprisingly well with the performance envelope we need, but I wouldn't go so far as to say Fly has benchmarked Docker vs. Firecracker. We're just relating our experiences. Security isolation is dispositive for us; we'd be using Firecracker even if it slowed us down.
- 40ms for nsjail run an isolated command and exit [1]
- 150[2]-250ms to boot a firecracker microvm
- ~450ms for docker startup [3]
There are probably very good reasons for the difference (e.g. docker has layered filesystems to set up), but the default experience makes a difference.
[0] https://news.ycombinator.com/item?id=24853660
[1] `nsjail --user 9999 --group 9999 -macvlan_iface wlp2s0 --chroot / -Mo --macvlan_vs_ip 192.168.0.44 --macvlan_vs_nm 255.255.255.0 --macvlan_vs_gw 192.168.0.1 -- /bin/true`
[2] https://blog.acolyer.org/2020/03/02/firecracker/
[3] `docker run -d ubuntu:18.04 true`