Traffic policing in Running VMs – Openstack

One of the major issued facing by a cloud administrator is to control the traffic in/out in a virtual machine. There is two methods you can control this, first one is to inject a special meta-data into the flavor. Second method is to apply special controls on the virtual interface of a running virtual machine.

Find out the Virtual machine residing host

root@node-31:~# nova show 65cc6b6b-c711-4e96-90bd-a089867c4222 | grep OS-EXT-SRV-ATTR:host | awk {‘print $4’}
node-29.mos8.example.com

Log in to the compute host and find out the virtual machine, its tap interface (Virtual NIC)

virsh dumpxml instance-000000a4 | grep tap

tap6ffab502-4a

Here tap6ffab502-4a is the virtual interface for the Particular Virtual machine. Now lets push some traffic to this interface. Please see the attached screen shot.

outboud-traffic

Screen 1 (Left TOP), I am sending some traffic to 192.168.1.10 (Which is Left Bottom)

Screen 2 (Right TOP) BW management tool to watch the traffic. You can see that Tx (Transmission) is 555MB/s. Now we are going to apply the rule to reduce the traffic to 100.

Screen 4 (Right bottom) Which is the hypervisor, where this particular Virtual machine residing.

Lets trigger the Rule !!!

virsh domiftune instance-000000a4 tap6ffab502-4a –config –live –outbound 12800,0,0

Where instance-000000a4 is the instance ID and tap6ffab502-4a is the Virtual Interface or tap interface.  Now lets see the traffic (Right TOP screen), its went down. You did it !!!

after-apply-rule

Now, if you want to bring the throughput in full swing, run the following command.

virsh domiftune instance-000000a4 tap6ffab502-4a –config –live –outbound  0,0,0

And see the difference.

bring-back-rule

This is normally Cloud Administrators doing for Traffic Shaping once they found a VM is compromised.

 

stacker has written 18 articles

2 thoughts on “Traffic policing in Running VMs – Openstack

Leave a Reply

Your email address will not be published. Required fields are marked *

Humans Only. * Time limit is exhausted. Please reload the CAPTCHA.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>