[lxc-users] net_cls.classid in unprivileged container no effect

Nguyễn Thành Long longnt at viegrid.com
Fri Jul 4 13:04:49 UTC 2014 

Hi all,

I have 2 problems when use unprivileged container.

Problem 1:

I configured my container with:
lxc.cgroup.blkio.weight = 500
lxc.cgroup.net_cls.classid = 0x00010002 # 1:2

and ran tc commands:
$sudo tc qdisc add dev lxcbr0 root handle 1: htb
$sudo tc class add dev lxcbr0 parent 1: classid 1:1 htb rate 10mbit
$sudo tc class add dev lxcbr0 parent 1: classid 1:2 htb rate 1mbit
$sudo tc filter add dev lxcbr0 protocol ip parent 1: prio 1 handle 1: cgroup

then I started container and tested block i/o, network bandwidth by

   - copy a large file: dd if=/dev/zero of=/tmp/output bs=20k count=100k;
   rm -f /tmp/output
   - upload/download a large file. after that, I changed my config:

lxc-cgroup -n container blkio.weight 1000.
lxc-cgroup -n container net_cls.classid 0x00010002

and tested again, but i didn't see a difference.
I also trying the same commands on eth0 instead of lxcbr0, but there was
no effect.

I changed 'lxcbr0' by veth pair name(appear when start container after use
ifconfig cmd, I can't set veth pair name, lxc.network.veth.pair no effect),
and use:
$sudo tc qdisc add dev vethxxxxx root handle 1: htb default 2
$sudo tc class add dev vethxxxxx parent 1: classid 1:1 htb rate 10mbit
$sudo tc class add dev vethxxxxx parent 1: classid 1:2 htb rate 1mbit
$sudo tc filter add dev vethxxxxx protocol ip parent 1: prio 1 handle 1:
cgroup
and test again, It's work. So I think it's a problem with net_cls, or
lxc.cgroup.net_cls.classid no effect.
I feel confused.

I found many tutorials, but they maybe used for privileged container.

Problem 2:

I configured network in container:

*lxc.network.type = veth*

*lxc.network.veth.pair = veth-c1*

*lxc.network.name <http://lxc.network.name> = eth0*

*lxc.network.flags = up*

*lxc.network.link = lxcbr0*

*lxc.network.hwaddr = 00:16:3e:67:4f:a5*

but veth inteface  don't rename at host ( veth-$random instead veth-c1)

So lxc.network.veth.pair is not effect, or am I missing something ?

Host Ubuntu 14.04 LTS, container Ubuntu 12.04 LTS

Can someone help me ? Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140704/537346b1/attachment.html>

More information about the lxc-users mailing list