Skip to content
A Linux kernel network stack latency monitor.
R C Shell Objective-C Makefile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore Working into packet data for ingress correlation Feb 20, 2019 Create Jul 12, 2019
Makefile Working on pert Mar 14, 2019 Updates to notes Mar 16, 2019 Updates to README Jul 21, 2019


MACE (Measure the Added Container Expense) is a kernel network stack latency monitor geared towards measuring container networking overheads. By hooking into common trace-events, MACE is able to dynamically report network stack latency on a per-packet basis.


Assuming the proper kernel headers are where they should be, just

# make

So far only tested on release 4.15.0.


# insmod ./mace.ko outer_dev=<ifindex of outer network interface>

The ifindex for any interface can be found with ip l

Mace Interface

Mace uses the kernel's device model to communicate per-packet latencies to userspace and to allow control of mace internals from userspace. The following files are created after module initilization:


  • mace

Reads from this file return outstanding egress and ingress latencies (in nanoseconds) for the current net namespace and remove them from the queue.


  • mace_on

Writing a non-zero value to this file enables mace for the current network namespace. Writing a zero disables mace. Reading shows status of current network namespace.


Generally, containers will need explicit permission to access the mace interface. In docker, user --device /dev/mace:/dev/mace and -v /sys/class/mace:/sys/class/mace to allow a container acces to both latencies and knobs.


See the tests directory for the experiment scripts used for evaluation.

You can’t perform that action at this time.