[lxc-users] Limit network bandwidth to LXC containers

Fajar A. Nugraha list at fajar.net
Thu Mar 15 02:12:53 UTC 2018


On Thu, Mar 15, 2018 at 3:06 AM, Angel Lopez <angel at futur3.com> wrote:
> Hi,
>
> I need to limit the network bandwidth available to each LXC container using
> cgroup's net_cls.classid feature. Each LXC container would have its own
> classid value in such a way that all packets from containers would be tagged
> with the classid and afterwards classified in the correct host configured
> traffic class where the bandwidht limit applies.
>
> To achieve this, I followed these steps:
>
> 1. Configure traffic control:
>
> # tc qdisc del dev eno54 root

Asking the obvious, have you used tc (directly, not via wrapper) in
another setup (e.g. VMs, physical server) where it successfully works
as expected?



> Expected behaviour: iperf running on container lxctest1 being limited to 10
> Mbps and iperf running on lxctest2 container being limited to 50 Mbps.
> What I get: both iperf running unconstrained at maximum speed.


What I've tested and works, is use fireqos
(https://github.com/firehol/firehol/wiki/FireQOS-Tutorial). One of the
things that might make it different compared to using tc directly is
the presence of ifb interfaces.

Be careful with 'upload' and 'download', it might be reversed in your setup.

In my case I use IPs to limit BW. In your case it might be easier to
use persistent veth names on host side instead (or, as the wiki
mentioned, iptables' classify and mark targets).

-- 
Fajar


More information about the lxc-users mailing list