Use tc to throttle Docker container's outgoing network bandwidth

I’m trying to do the bandwidth throttling to the Docker containers.
To limit the downlink bandwidth, I can first find the veth interface of the container and use tc: tc qdisc add dev vethpair1 root tbf rate 1mbit latency 50ms burst 10000. If I want to limit the uplink bandwidth, I need to specify --cap-add=NET_ADMIN when I spin up the container and use the same tc command on eth0 inside the container. Is there any non-intrusive way to do it, so that I can administrate any container without giving it privilege?

  • Use environment variables in docker
  • Docker ping container on other nodes
  • Inject host's SSH keys into Docker Machine with Docker Compose
  • Establish PSSession to Windows docker container from remote machine (not container host)
  • Way to increase Boot2Docker volume size or alternative to install docker images locally
  • How to install docker in docker container?
  • How can I copy the files to be in executing directory using Dockerfile?
  • Slow network performance in Docker container
  • Docker with Java: path RUN javac
  • Docker delete images issue
  • How do I switch between active docker-machines on OSX?
  • Using Chef to configure Docker image?
  • One Solution collect form web for “Use tc to throttle Docker container's outgoing network bandwidth”

    You could tell Docker to use LXC under the hoods : use the -e lxcoption.

    Create your containers with a custom LXC directive to put them into a **traffic class** :
    `docker run --lxc-conf="lxc.cgroup.net_cls.classid = 0x00100001" your/image /bin/stuff` 

    Check the official documentation about how to apply bandwidth limits to this class.

    Note : the --storage-driver=devicemapperand -e lxcoptions are for the Docker daemon, not for the Docker client you’re using when running docker run ........

    ALso you can do this through this:

    mkdir /var/run/netns
    ln -sf /proc/`docker inspect -f '{{ .State.Pid }}' YOUR_CONTAINER`/ns/net /var/run/netns/SOME_NAME
    ip netns exec SOME_NAME iptables -L -nv
    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.