Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Use tc to throttle Docker container's outgoing network bandwidth

Tags:

docker

bandwidth-throttling

trafficshaping

I'm trying to do the bandwidth throttling to the Docker containers. To limit the downlink bandwidth, I can first find the veth interface of the container and use tc: tc qdisc add dev vethpair1 root tbf rate 1mbit latency 50ms burst 10000. If I want to limit the uplink bandwidth, I need to specify --cap-add=NET_ADMIN when I spin up the container and use the same tc command on eth0 inside the container. Is there any non-intrusive way to do it, so that I can administrate any container without giving it privilege?

like image 916
Wei-Tsung Avatar asked Apr 26 '16 17:04

Wei-Tsung

People also ask

How do I limit the Docker container bandwidth?

You could use the iptables limits module. For example, you could add a rule to the PREROUTING table using the options "-m limit --limit 10/s" to limit a particular port to receive only 10 connections per second. Save this answer.

Does Docker block outbound traffic?

It's possible to block outbound traffic from Docker containers using IPTables. In this configuration, traffic will be allowed from the internet to docker instances, but the instances themselves will only be able to communicate with each other (provided they are using the docker0 interface).

Which Docker command is used to enable communication between containers?

You must connect containers with the --link option in your docker run command. The Docker bridge supports port mappings and docker run --link allowing communications between containers on the docker0 network.

1 Answers

You could tell Docker to use LXC under the hoods : use the -e lxcoption. 

Create your containers with a custom LXC directive to put them into a **traffic class** :

`docker run --lxc-conf="lxc.cgroup.net_cls.classid = 0x00100001" your/image /bin/stuff`

Check the official documentation about how to apply bandwidth limits to this class.

Note : the --storage-driver=devicemapperand -e lxcoptions are for the Docker daemon, not for the Docker client you're using when running docker run ........

ALso you can do this through this:

mkdir /var/run/netns
ln -sf /proc/`docker inspect -f '{{ .State.Pid }}' YOUR_CONTAINER`/ns/net /var/run/netns/SOME_NAME
ip netns exec SOME_NAME iptables -L -nv
like image 164
Valeriy Solovyov Avatar answered Sep 29 '22 11:09

Valeriy Solovyov
Sign in to Comment

Related questions

alpine docker: installing pandas / numpy
Docker logs command doesn't show any logs
Docker traefik PathPrefix with StripPrefix Middleware always throws HTTP_502
Keycloak fails to import exported realm running in docker
Google Drive API - Automated Queries Message
Airflow running python files fails due to python: can't open file
Docker The source path has too many colons
How to configure Celery Worker and Beat for Email Reporting in Apache Superset running on Docker?
How to see Python print statements from running Fargate ECS task?
Sending list of filenames in current directory as a single string to a Docker container's STDIN
celery pdb running inside docker container with changing listening port
HTTP rewriter for docker
In docker,how to close the port expose by dockerfile?
How to compile C code that is using kernel function in docker and use pci device in container?
Why I can't see my files inside a docker container?
"docker-compose" does not appear to allow or build from local images
Proper workflow for web development with Docker
Golang Mac OSX build for Docker machine
docker --tls vs --tlsverify

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!