I am trying to restrict bandwidth inside my containers. I have tried using the following commands , But I think it is not getting effective.
cd /sys/fs/cgroup/net_cls/
echo 0x1001 > A/net_cls.classid # 10:1
echo 0x1002 > B/net_cls.classid # 10:2
tc qdisc add dev eth0 root \
handle 10: htb
tc class add dev eth0 parent 10: \
classid 10:1 htb rate 40mbit
tc class add dev eth0 parent 10: \
classid 10:2 htb rate 30mbit
tc filter add dev eth0 parent 10: \
protocol ip prio 10 \
handle 1: cgroup
Here A and B are containers created with this command.
lxc-execute -n A -f configfile /bin/bash
lxc-execute -n B -f configfile /bin/bash
Whereas configfile contains only this entry:
lxc.utsname = test_lxc
AFter starting the container , I have started vsftpd inside container A and try to access the files using the ftp client from another machine. Then I killed vsftpd in container A and started vsftpd in container B and try to access the files using ftp client from another machine.
I cannot observe any difference in performance, for that matter it is nowhere nearer to 40mbit/30mbit.
Please correct me whether anything wrong here.
The problem here is not well documented but I've experienced it before. On 64 bit systems, the value you echo is not represented as a 16bit integer but a 32bit integer.
Try replacing:
With
This should fix your problem.
Note: Its not actually necessary to provide the leading zeroes at the start but for clarity I added them.
Many of the non-hypervisor containers (lxc, jails) tend to have dodgy/incomplete metering (disk iops, net) that impacts other containers. If limiting external transit is the main concern, stick a transparent firewall (i.e., ArmorLogic, Barracuda, etc.) in front of these first.
In any case, definitely load test to see if it makes a difference.
(ProTip: Heroku runs LXC.
heroku run bash)