Traffic policing in Running VMs – Openstack

One of the major issued facing by a cloud administrator is to control the traffic in/out in a virtual machine. There is two methods you can control this, first one is to inject a special meta-data into the flavor. Second method is to apply special controls on the virtual interface of a running virtual machine.

Find out the Virtual machine residing host

root@node-31:~# nova show 65cc6b6b-c711-4e96-90bd-a089867c4222 | grep OS-EXT-SRV-ATTR:host | awk {‘print $4’}

Log in to the compute host and find out the virtual machine, its tap interface (Virtual NIC)

virsh dumpxml instance-000000a4 | grep tap


Here tap6ffab502-4a is the virtual interface for the Particular Virtual machine. Now lets push some traffic to this interface. Please see the attached screen shot.


Screen 1 (Left TOP), I am sending some traffic to (Which is Left Bottom)

Screen 2 (Right TOP) BW management tool to watch the traffic. You can see that Tx (Transmission) is 555MB/s. Now we are going to apply the rule to reduce the traffic to 100.

Screen 4 (Right bottom) Which is the hypervisor, where this particular Virtual machine residing.

Lets trigger the Rule !!!

virsh domiftune instance-000000a4 tap6ffab502-4a –config –live –outbound 12800,0,0

Where instance-000000a4 is the instance ID and tap6ffab502-4a is the Virtual Interface or tap interface.  Now lets see the traffic (Right TOP screen), its went down. You did it !!!


Now, if you want to bring the throughput in full swing, run the following command.

virsh domiftune instance-000000a4 tap6ffab502-4a –config –live –outbound  0,0,0

And see the difference.


This is normally Cloud Administrators doing for Traffic Shaping once they found a VM is compromised.


stacker has written 20 articles

2 thoughts on “Traffic policing in Running VMs – Openstack

Leave a Reply

Your email address will not be published. Required fields are marked *

Humans Only. * Time limit is exhausted. Please reload the CAPTCHA.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>