Docker networking and CPU allocation

Couple of questions :

  1. Can I allocate a certain CPU percent of the host to a certain process running within a container ? I am trying to find out if a certain process can have a guaranteed CPU allocation.

  2. Do you do NAT on containers ? When a container talks to outside world, the container source IP is NATted by the bonded bridge interface. Is this correct ? How can I disable the NAT bridging so that the container can be directly addressable ?

A1. You can allocate the total CPU weight for a container, but docker doesn’t give any hooks for the weight of processes within a container. Please see the Run reference on CPU and Memory.

A2. Yes, the containers can be NAT’d. You can also share the host interface directly. Please see the Run Reference on networking.

Thanks Andy.
If I understand correctly, the IP of the host is encapsulated with the container host IP when the container talks to outside. Can I disable this encapsulation and not let the world know the IP of the host machine ?

To hide the IP address of the host, you need some NAT-ing to happen outside the host (ie, like your ISP does to hide the IP address of your DSL/Cable modem)

mmmm, though perhaps thats not what you mean.

by default, containers do not get access to, nor get to use the host’s real network - they communicate on a private docker0 bridge, and Docker maps specified container ports to the host’s network using IP forwarding (transprently to the container)

The “by default” behavior that the communication is over the private docker0 bridge is a NAT function.

What we need is a direct IP addressing to container without being NATed by bridge IP whether it’s default docker0 bridge interface or a user created bridge interface.


So really, you are interested in the options that are written about in :slight_smile:

Listen to this podcast . It will help