OrbStack Performance Troubleshooting - Fix the Shit That Breaks

The VirtioFS Reality Check

OrbStack's new filesystem hits 75-95% of native macOS performance, which sounds amazing until you realize that's still 5-25% slower than running natively. For most development work, this is fine. For database-heavy applications or builds with thousands of files, it's the difference between "fast enough" and "I want to throw my laptop."

What actually gets faster:

• pnpm install: 88% native speed (vs 40% on Docker Desktop)
• Large file operations: 87% native (vs 60% on Docker Desktop)
• Database operations: 76% native with proper fsyncing

What's still slow:

• Lots of tiny file operations (webpack, Go builds with many packages)
• File watching for hot reload (better but not perfect)
• Any workflow that creates thousands of temporary files

The key insight: OrbStack optimizes the VM boundary crossing, but can't make macOS filesystem calls faster than they are. If your workflow is filesystem-heavy, named volumes are still your friend.

Memory Limits and The 8GB Problem

OrbStack defaults to using up to 8GB of system memory, which is reasonable until you're running multiple large containers on a 16GB machine. Unlike Docker Desktop's fixed allocation, OrbStack's memory is dynamic - it grows and shrinks based on actual usage.

Real-world memory consumption:

• Idle OrbStack: ~100MB
• Single Rails app container: ~1-2GB total
• Multiple microservices: 4-6GB is common (killed my 16GB MacBook Pro once with 6 containers running Redis, Postgres, and Elasticsearch - lesson learned)
• Large databases (Postgres, MongoDB): easily 3-4GB each

When memory becomes a problem:

## Check actual usage, not Docker stats
docker system df
orb info

## See what's eating memory inside containers
docker exec -it [container] free -h
docker exec -it [container] ps aux --sort=-%mem

If you're hitting limits, don't just bump the OrbStack memory allocation. Profile your containers first - most memory issues are application-level, not virtualization overhead.

File Descriptor Limits and Container Sprawl

The file descriptor leak that hit OrbStack 1.6.0-1.6.1 is fixed, but it exposed a real problem: modern containerized applications open way more files than you expect.

What eats file descriptors:

• Each bind mount: 10-50 descriptors per mounted directory
• Database connections: 1-3 descriptors each
• Log files: 1 descriptor per log stream
• Network connections: 2 descriptors per active connection

Monitor your descriptor usage:

## Check system-wide limits  
ulimit -n

## See OrbStack's current usage
lsof -p $(pgrep OrbStack) | wc -l

## Find descriptor leaks in containers
docker exec -it [container] ls -la /proc/self/fd | wc -l

Practical limits:

• macOS default: 256 per process (too low)
• Reasonable limit: 4096-8192
• When you need more: You probably have a different problem

CPU Usage Patterns That Matter

OrbStack's ARM64 optimization means native containers barely register CPU usage, but x86 emulation through Rosetta adds overhead. The performance hit varies wildly by workload.

CPU overhead by container type:

• Native ARM64: 0-2% overhead vs native
• x86 through Rosetta: 15-30% overhead
• Mixed architectures: Overhead stacks badly

Real bottlenecks:

1. Build processes: ARM64 Docker builds are 2-3x faster than x86 - learned this the hard way migrating a Rails app that went from 8-minute builds to 3 minutes just switching architectures
2. Database operations: Postgres ARM64 vs x86 shows 40% performance difference - our test suite went from 12 minutes to 7 minutes after switching to native arm64 postgres:15
3. Node.js applications: V8 JIT optimization works better on native architecture - same app, 30% faster cold start times

Check what you're actually running:

## See architecture for all containers
docker ps --format \"table {{.Names}}	{{.Image}}\" | while read name image; do
  if [ \"$name\" != \"NAMES\" ]; then
    arch=$(docker inspect $name | jq -r '.[0].Config.Architecture // \"unknown\"')
    echo \"$name: $arch\"
  fi
done

Network Performance and VPN Hell

OrbStack's network stack follows macOS routing exactly, which is great for consistency but terrible when your corporate VPN does stupid things. Unlike Docker Desktop's isolated network, OrbStack containers inherit all your macOS network quirks.

Common network performance killers:

• DNS resolution: Some VPNs add 100-500ms per lookup
• Proxy auto-discovery: Corporate networks that auto-configure proxies
• Split tunneling: When container traffic goes through VPN but shouldn't

Debug network performance:

## Test from container
docker exec -it [container] time curl -I https://httpbin.org/ip

## Check DNS timing  
docker exec -it [container] time nslookup google.com

## See actual routing
docker exec -it [container] ip route

VPN-specific fixes:

• Restart OrbStack after connecting to VPN (annoying but works)
• Configure split tunneling to exclude container subnets
• Use explicit DNS servers: docker run --dns=8.8.8.8

The reality: if your VPN breaks Docker Desktop, it'll probably break OrbStack too. The difference is OrbStack fails in more predictable ways - you get actual network unreachable errors instead of Docker Desktop's mysterious 5-minute timeouts that make you question your sanity.

The Single VM Architecture Tax

OrbStack's biggest strength - the single shared VM - becomes its biggest weakness when you're running serious workloads. Unlike Docker Desktop where each container gets isolated resources, OrbStack containers compete for the same kernel resources, memory, and I/O bandwidth.

This breaks in predictable ways:

Database containers become resource bullies. A Postgres container doing heavy queries can starve your web containers of I/O bandwidth. You won't see this in Docker Desktop because each container has isolated disk queues.

Memory pressure cascades. When one container hits OOM, the Linux kernel's OOM killer can terminate other containers to free memory. Docker Desktop isolates this better with per-container memory accounting.

Network contention hits harder. High-throughput containers (Redis, message queues) can saturate the single VM's network interface, affecting all other containers.

Real impact: I've seen a single runaway container (infinite loop creating files) bring down an entire local development environment of 8 containers. Docker Desktop would have isolated the damage.

Performance Monitoring That Actually Helps

Standard docker stats lies to you about resource usage in OrbStack. It reports container-level stats, but doesn't show VM-level contention that affects performance.

Use these instead:

## Real memory pressure
orb exec --machine=default -- free -h
orb exec --machine=default -- cat /proc/pressure/memory

## I/O contention 
orb exec --machine=default -- iostat 1 5
orb exec --machine=default -- iotop -ao

## Network saturation
orb exec --machine=default -- iftop
orb exec --machine=default -- ss -tuln

Warning signs of VM-level problems:

• Container CPU usage looks normal, but everything feels slow
• Random timeouts between containers that should be fast
• File operations that used to work suddenly taking forever
• Memory usage stats don't add up

The VirtioFS Performance Cliff

OrbStack's filesystem performance is amazing until it isn't. The VirtioFS optimization works great for typical development workflows but hits hard limits with specific patterns.

What breaks VirtioFS performance:

1. Thousands of small file operations: Node.js builds with complex dependency trees
2. Parallel file access: Multiple containers writing to the same bind mount
3. Large file streaming: Database dumps, log files, media processing
4. File watching at scale: Hot reload tools monitoring entire project directories

Performance cliff example: A Rails application with 500 gems loads fine (2-3 seconds). Add a few more gems that cross some internal threshold, and load time jumps to 15-20 seconds. It's not linear degradation - it's a cliff.

Workarounds that actually work:

• Named volumes for package caches: docker run -v npm-cache:/root/.npm
• Copy files instead of bind mounting: Add files to image, don't mount project root
• Separate build containers: Build in one container, run in another with just artifacts
• Selective mounting: Mount specific directories, not entire projects

Corporate Network Integration Hell

OrbStack's "advantage" of following macOS networking exactly becomes a nightmare in enterprise environments. Docker Desktop's isolated network stack handles corporate bullshit better.

Corporate network patterns that break OrbStack:

Proxy auto-configuration (PAC files): OrbStack containers inherit these and make thousands of PAC file requests. I've seen this add 200ms to every HTTP request from containers.

Certificate pinning: Corporate HTTPS inspection breaks when containers inherit macOS certificate store. Containers expect standard CA certs, get corporate-signed ones.

Split DNS: Internal domains resolve from macOS but not from containers, or vice versa. Creates bizarre patterns where some APIs work, others don't.

SAML/SSO redirects: Authentication flows that work from macOS browsers fail from containers because they don't have the same session cookies.

Real solution: Most companies standardize on Docker Desktop for a reason. It's not just feature compatibility - it's network isolation that actually works in enterprise environments.

The Apple Silicon Performance Trap

Apple Silicon performance gains are real but uneven. The numbers OrbStack advertises (2-5x faster) apply to specific workloads on specific chips. Your mileage will definitely vary.

Where ARM64 optimization actually helps:

• Native compilation: Building Go, Rust, C++ is genuinely 2-3x faster
• JavaScript V8: Node.js performance improvement is noticeable (20-30%)
• Database operations: Postgres, MySQL see significant gains on Apple Silicon

Where it doesn't matter:

• I/O bound workloads: File operations are limited by VirtioFS, not CPU
• Network services: API servers spend most time waiting for network
• Legacy applications: Old codebases don't benefit from ARM64 optimizations

The trap: You get used to blazing fast builds on M1/M2, then hit production (x86 Linux) and everything feels broken. Development/production performance parity gets worse, not better.

When OrbStack Becomes The Bottleneck

There's a point where OrbStack's single-VM architecture stops being an advantage and starts limiting your local development environment. This happens sooner than you'd expect.

Resource scaling limits:

• 8-12 containers: Still works great, resource sharing is efficient
• 15-20 containers: Noticeable slowdowns, containers competing for resources
• 25+ containers: Single VM becomes the bottleneck, Docker Desktop would scale better

Workload patterns that break scaling:

• Microservices with databases: Each service + DB pair consumes significant resources
• Full-stack applications: Frontend build processes + backend services + databases + caches
• Development environments that mirror production: Large applications with many dependencies

Signs you've outgrown OrbStack:

• Startup time for your full environment exceeds 2-3 minutes
• Random container restarts or OOM kills
• Network timeouts between containers that should be on localhost
• File operations that worked with fewer containers now timing out

At this scale, Docker Desktop's resource isolation starts looking attractive, even with the performance penalties.