New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ability to throttle bandwidth by container #37

Closed
kencochrane opened this Issue Mar 11, 2013 · 6 comments

Comments

Projects
None yet
5 participants
@kencochrane
Copy link
Contributor

kencochrane commented Mar 11, 2013

In some test cases it would be nice to see how code performs when at a limited bandwidth, for example 28k, 56k, etc. Adding this ability to docker would make running these sort of tests easier.

It would also be handy from an administrator perspective as well.

@carlhoerberg

This comment has been minimized.

Copy link

carlhoerberg commented Mar 12, 2013

best done with TC? but then you need a new bridge for each container..

@jpetazzo

This comment has been minimized.

Copy link
Contributor

jpetazzo commented Mar 12, 2013

I'm not 100% sure, but I think that tc could be applied to the veth interfaces.

Another possibility is to use iptables -m limit (in a limited way).

@carlhoerberg

This comment has been minimized.

Copy link

carlhoerberg commented Mar 12, 2013

oh, apparently, with cgroup net_cls you can classify traffic from/to each container and let tc shape that class, no need for multiple bridges..

@victorhooi

This comment has been minimized.

Copy link

victorhooi commented Mar 19, 2014

Sorry to dig this up - but what exactly is the current best way of doing this from Docker?

Do we find the veth interface for the Docker container, and apply tc rules to it?

Or we can use the cgroup system directly to set net_cls on the containers, and then apply rules to that?

Are there any plans for tighter integration of Docker with per-container bandwidth controls?

@jpetazzo

This comment has been minimized.

Copy link
Contributor

jpetazzo commented Mar 24, 2014

@victorhooi : there are many ways to do it. Ideally it might have to be bound to network strategies (i.e. the new feature in libcontainer that lets containers have multiple interfaces and different interface types), since one will not use the same technique to limit traffic on a veth and on a macvlan interface (even though in that case, tc will get us pretty far). I have no experience with net_cls but I wonder what would be possible with it?

@carlhoerberg

This comment has been minimized.

Copy link

carlhoerberg commented Mar 25, 2014

FYI: net_cls only sets a classid/flag on outgoing packets so that they can be identified in tc or iptables, ie. not usable to control incoming bandwidth.

On Tuesday 25 March 2014 at 07:16, Jérôme Petazzoni wrote:

@victorhooi (https://github.com/victorhooi) : there are many ways to do it. Ideally it might have to be bound to network strategies (i.e. the new feature in libcontainer that lets containers have multiple interfaces and different interface types), since one will not use the same technique to limit traffic on a veth and on a macvlan interface (even though in that case, tc will get us pretty far). I have no experience with net_cls but I wonder what would be possible with it?


Reply to this email directly or view it on GitHub (#37 (comment)).

nalind pushed a commit to nalind/docker that referenced this issue Jan 4, 2016

dnephin pushed a commit to dnephin/docker that referenced this issue May 27, 2016

tiborvass pushed a commit to tiborvass/docker that referenced this issue Sep 4, 2018

Merge pull request moby#37 from thaJeztah/18.09_backport_fix_prefix_m…
…atching

[18.09] backport: fix regression when filtering container names using a leading slash
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment