Use tc to throttle outgoing Docker network bandwidth

Question

Use tc to throttle outgoing Docker network bandwidth

I am trying to configure bandwidth throttling on Docker containers. To limit downlink bandwidth, I can first find the container veth interface and use tc : tc qdisc add dev vethpair1 root tbf rate 1mbit latency 50ms burst 10000. If I want to limit the uplink bandwidth, I need to indicate --cap-add=NET_ADMINwhen I expand the container and use the same tc command on the eth0inside of the container. Is there any non-intrusive way to do this so that I can manage any container without giving it privileges?

+3

docker bandwidth-throttling trafficshaping

Wei-tsung Apr 26 '16 at 17:16

source share

1 answer

Valeriy Solovyov · Answer 1 · 2016-04-27T18:48:25+0000

You can say that Docker uses LXC under the hoods: use the option -e lxc.

Create your containers with a custom LXC directive to put them into a **traffic class** :

`docker run --lxc-conf="lxc.cgroup.net_cls.classid = 0x00100001" your/image /bin/stuff`

Check out the white paper on how to apply bandwidth limits for this class.

Note. Parameters --storage-driver=devicemapperand -e lxcare for the Docker daemon, not for the Docker client that you use at startup docker run ........

You can also do this via:

mkdir /var/run/netns
ln -sf /proc/`docker inspect -f '{{ .State.Pid }}' YOUR_CONTAINER`/ns/net /var/run/netns/SOME_NAME
ip netns exec SOME_NAME iptables -L -nv

Use tc to throttle outgoing Docker network bandwidth

More articles: