计算机应用 ›› 2019, Vol. 39 ›› Issue (12): 3628-3632.DOI: 10.11772/j.issn.1001-9081.2019040765

• 网络与通信 • 上一篇    下一篇

基于流量控制的Docker容器网络带宽控制机制

王志伟1, 杨超2   

  1. 湖北大学 计算机与信息工程学院, 武汉 430062
  • 收稿日期:2019-05-06 修回日期:2019-07-12 发布日期:2019-12-17 出版日期:2019-12-10
  • 作者简介:王志伟(1982-),男,北京人,硕士研究生,主要研究方向:信息安全;杨超(1982-),男,湖北武汉人,副教授,博士,CCF会员,主要研究方向:信息安全。
  • 基金资助:
    国家自然科学基金资助项目(61170306);智能信息处理与实时工业系统湖北省重点实验室开放基金资助项目(znxx2018MS05)。

Bandwidth control mechanism for Docker container network based on traffic control

WANG Zhiwei1, YANG Chao2   

  1. School of Computer Science and Information Engineering, Hubei University, Wuhan Hubei 430062, China
  • Received:2019-05-06 Revised:2019-07-12 Online:2019-12-17 Published:2019-12-10
  • Contact: 杨超
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (61170306), the Hubei Province Key Laboratory of Intelligent Information Processing and Real-time Industrial System (znxx2018MS05).

摘要: 针对Docker容器缺乏对网络带宽资源进行限制的能力的问题,提出了一种基于流量控制(TC)的Docker容器网络带宽控制机制。首先,基于CGroups文件系统的实时监测机制,利用Linux内核的虚拟文件系统(VFS)作为媒介,将Docker容器创建时设置的网络控制参数传递给Linux内核流量控制器TC;然后,通过引入IFB模块实现上下行带宽控制,并使用rate、ceil及prio参数进行空闲带宽共享及容器优先级控制;最后,控制TC执行具体的网络限制,以实现容器之间灵活的网络资源控制。实验结果表明,该机制在容器独占带宽场景下可有效地将实际容器带宽限制在2%的波动范围内,而在共享空闲带宽场景下可在平均误差0.5%的范围内精准限制容器带宽,同时该机制能够基于优先级弹性地管理资源。该机制具有提供更为原生的接口且无需额外工具配合的优势,可为基于Docker的云平台的细粒度弹性网络资源控制提供便捷有效的解决思路。

关键词: Docker容器, 资源控制, 网络带宽, CGroups机制, 流量控制

Abstract: As Docker container lacks the ability of limiting network bandwidth resources, a bandwidth control mechanism was proposed for Docker container network based on Traffic Control (TC). Firstly, based on the real-time monitoring mechanism of CGroups file system, Virtual File System (VFS) of Linux kernel was used as a medium to pass the network control parameters set when Docker container was created to the Linux kernel controller TC. Then, the Intermediate Functional Block device (IFB) module was introduced to archive uplink and downlink bandwidth control, and the parameters (rate, ceil and prio) were used to achieve idle bandwidth sharing and container priority control. Finally, the specific network limitations were conducted by controlling the TC, and flexible network resource control between containers was realized. The experimental results show that the proposed mechanism can effectively limit the actual container bandwidth within 2% fluctuation range in the container exclusive bandwidth scenario, and can precisely limit the network bandwidth of the container with average 0.5% error range in the shared idle bandwidth scenario. Meanwhile, the mechanism can flexibly manage resources based on priorities. With the advantage of providing a more native interface for Docker and requiring no additional tools, this mechanism can provide a convenient and effective solution for fine-grained elastic network resource control on Docker-based cloud platform.

Key words: Docker container, resource control, network bandwidth, CGroups mechanism, Traffic Control (TC)

中图分类号: