[lxc-users] net_cls.classid in unprivileged container no effect

Divya Vyas dvyas at mvista.com
Fri Jul 25 07:11:29 UTC 2014 

Hi,

sudo tc class add dev vethxxxxx parent 1: classid 1:1 htb rate 10mbit
 Here you should give classid 10:2 as u are giving lxc-cgroup -n container
net_cls.classid 0x00010002 .

Does tc command work in unprivileged mode also ?




On Mon, Jul 7, 2014 at 11:57 AM, Nguyễn Thành Long <longnt at viegrid.com>
wrote:

> Hi all,
>
> I have 2 problems when use unprivileged container.
>
> Problem 1:
>
> I configured my container with:
> lxc.cgroup.blkio.weight = 500
> lxc.cgroup.net_cls.classid = 0x00010002 # 1:2
>
> and ran tc commands:
> $sudo tc qdisc add dev lxcbr0 root handle 1: htb
> $sudo tc class add dev lxcbr0 parent 1: classid 1:1 htb rate 10mbit
> $sudo tc class add dev lxcbr0 parent 1: classid 1:2 htb rate 1mbit
> $sudo tc filter add dev lxcbr0 protocol ip parent 1: prio 1 handle 1:
> cgroup
>
> then I started container and tested block i/o, network bandwidth by
>
>    - copy a large file: dd if=/dev/zero of=/tmp/output bs=20k count=100k;
>    rm -f /tmp/output
>    - upload/download a large file. after that, I changed my config:
>
> lxc-cgroup -n container blkio.weight 1000.
> lxc-cgroup -n container net_cls.classid 0x00010002
>
> and tested again, but i didn't see a difference.
> I also trying the same commands on eth0 instead of lxcbr0, but there was
> no effect.
>
> I changed 'lxcbr0' by veth pair name(appear when start container after use
> ifconfig cmd, I can't set veth pair name, lxc.network.veth.pair no effect),
> and use:
> $sudo tc qdisc add dev vethxxxxx root handle 1: htb default 2
> $sudo tc class add dev vethxxxxx parent 1: classid 1:1 htb rate 10mbit
> $sudo tc class add dev vethxxxxx parent 1: classid 1:2 htb rate 1mbit
> $sudo tc filter add dev vethxxxxx protocol ip parent 1: prio 1 handle 1:
> cgroup
> and test again, It's work. So I think it's a problem with net_cls, or
> lxc.cgroup.net_cls.classid no effect.
> I feel confused.
>
> I found many tutorials, but they maybe used for privileged container.
>
> Problem 2:
>
> I configured network in container:
>
> *lxc.network.type = veth*
>
> *lxc.network.veth.pair = veth-c1*
>
> *lxc.network.name <http://lxc.network.name> = eth0*
>
> *lxc.network.flags = up*
>
> *lxc.network.link = lxcbr0*
>
> *lxc.network.hwaddr = 00:16:3e:67:4f:a5*
>
> but veth inteface  don't rename at host ( veth-$random instead veth-c1)
>
> So lxc.network.veth.pair is not effect, or am I missing something ?
>
> Host Ubuntu 14.04 LTS, container Ubuntu 12.04 LTS
> Can someone help me ? Thanks in advance.
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140725/70351685/attachment.html>

More information about the lxc-users mailing list