[lxc-devel] limit the netwok traffic of container from the host

Gao feng gaofeng at cn.fujitsu.com
Wed Jul 3 00:50:10 UTC 2013 

On 07/01/2013 04:04 PM, lsmushroom wrote:
> Sorry for the late response. For your question , you could not limit the network traffic in that way. Because TC will only limit the traffic send out from the target device .  And for the device of
> veth type , the device on the host end will “send out” the traffic to the container , and  it will “receive”  the traffic come from the container . Thus , you have to go into the  container to run
> your command , and that is not what we want.  So I’ve added a new option “peer” to support running the command on the host. And for your command , it may run like this (on the host) :
> 
> sudo tc qdisc add dev peerxxx root tbf rate 0.5mbit burst 5kb latency 70ms peakrate 1mbit minburst 1540

you can set tc ingress qdisc rules on the veth device of host. it's the same effects with setting tc egress qdisc rules on veth device
of container.

> 
>          Which will take effective on the peer end of the xxx. In this way , we may control the network traffic of the container from the host end .
> 
> At 2013-06-15 05:27:01,"Serge Hallyn" <serge.hallyn at ubuntu.com <mailto:serge.hallyn at ubuntu.com>> wrote:
>>Quoting lsmushroom (lsmushroom at 126.com <mailto:lsmushroom at 126.com>):
>>> Hi All,
>>>       Recently , we have been trying to find out a suitable way to
>>>       limit  network traffic generated from the process running in the
>>>       container. The network  type we used for our container is veth.
>>>       And we have tried TC combined with cgroup net_cls subsystem ,
>>>       which has successfully fulfill our goal . However ,  it requires
>>>       to add the configurations inside the container. As we will
>>>       provide the container as a service, and it is obviously
>>>       unacceptable to allow the end user modify the bandwidth
>>>       allocation . 
>>
>>If I just set the veth pair name to xxx and issue:
>>
>>sudo tc qdisc add dev xxx root tbf rate 0.5mbit burst 5kb latency 70ms peakrate 1mbit minburst 1540
>>
>>on the host, the container's network is rated limited.
>>
>>Do you want something different?
> 
> 
> 
> 
> 
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
> 
> Build for Windows Store.
> 
> http://p.sf.net/sfu/windows-dev2dev
> 
> 
> 
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
>

More information about the lxc-devel mailing list