I can’t see how bridged or host network would allow to distinguish a single container from all others.
I am aware that CPU, RAM and Storage (io/bw) limitations can be enforced. As far as I know, network io/bw restrictions are not implemented in Docker.

In this scenario macvlan seems like the valid approach to try.