Limiting Network Bandwidth

I’m trying to limit the network bandwidth consumed by a Docker container, but I’m not getting anywhere. I’ve been all over the various forums and Google, but haven’t had any luck.

I’ve tried a couple of different things:

First, I tried tagging all of the traffic from the container by editing net_cls.classid for the container in question. From there, I would have used TC to identify and throttle the traffic. However, tcpdump was showing that the tag wasn’t being applied to the traffic. According to the Docker git repository, that’s due to a bug.

Next, I figured I’d apply a TC policy directly to the ve interface that Docker creates for each endpoint. However, there’s no easy way to query Docker for the name of the interface that the container is connected to.

So, I’m pretty much stuck here. Is there an easier way to do this?

I’m on Centos 7.2 and Docker engine 1.12



1 Like

Did you ever get (or discover) an answer? I have a similar question: I would like to run unknown/donated containers and give them them access to a large, sensitive data set, to use but not transmit. I feel that the data set can be protected from being transmitted by limiting the network bandwidth of the containers.

Maybe you can try vlan and set bandwidth limitation for vlan on host machine, although it’s not the default network setting for docker.