Cannot find network subsystem in cgroup on Ubuntu 12.04 LTS

I'm trying to use cgroups to limit a process's network bandwidth, as described in this answer. However, I am unable to find the "files" they refer to. I am using Ubuntu 12.04 LTS with cgroup-bin installed. cgroups are automatically mounted under /sys/fs/cgroup, however, I only see the following subsystems:

$ ls -l /sys/fs/cgroup/
total 0
drwxr-xr-x 3 root root 0 Mar  8 09:51 cpu
drwxr-xr-x 3 root root 0 Mar  8 09:51 cpuacct
drwxr-xr-x 3 root root 0 Mar  8 09:51 devices
drwxr-xr-x 3 root root 0 Mar  8 09:51 freezer
drwxr-xr-x 3 root root 0 Mar  8 09:51 memory

Furthermore, I tried to manually mount the "net" subsystem with no success:

# mkdir -p /sys/fs/cgroup/net
# mount -t cgroup -o net net /sys/fs/cgroup/net/
mount: special device net does not exist

Can anybody help?


I know of only 2 cgroups related to network, net_prio (set the priority of network traffic) and net_cls (tags packets to allow identification by Linux tc).

  • net_prio has been introduced in Linux Kernel 3.3, so it is normal that you do not see it in Ubuntu LTS 12.04 unless you installed the LTS hardware enablement stack (which gets you a Linux Kernel 3.5), see at the end.
  • net_cls, I do not know when it was introduced, but there is a module for it with the stock 3.2 Kernel delivered with Ubuntu 12.04 LTS.

net_cls configuration

How to set net_cls has obviously it is not done automatically. First check that you have it supported (only for you to know how I found out!):

$ grep CGROUP /boot/config-`uname -r`
CONFIG_CGROUPS=y
# CONFIG_CGROUP_DEBUG is not set
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_CGROUP_MEM_RES_CTLR=y
CONFIG_CGROUP_MEM_RES_CTLR_SWAP=y
CONFIG_CGROUP_MEM_RES_CTLR_SWAP_ENABLED=y
CONFIG_CGROUP_PERF=y
CONFIG_CGROUP_SCHED=y
CONFIG_BLK_CGROUP=y
# CONFIG_DEBUG_BLK_CGROUP is not set
CONFIG_NET_CLS_CGROUP=m

This tells you that net_cls is a module and not compiled as part of the Kernel (the m).

Now that you know you have the module, let's look for it:

$ find /lib/modules/`uname -r` -iname "*cgroup*"
/lib/modules/3.2.0-38-generic/kernel/net/sched/cls_cgroup.ko

So now you know the module is called cls_cgroup, simply load it:

$ sudo modprobe cls_cgroup

Hop done! Now let's do the mounting. The information you got are rather incorrect for the Kernel delivered with Ubuntu 12.04 LTS. It is not due to Ubuntu but rather that the API for cgroups has probably changed. As the following is compliant with the kernel official documentation:

$ sudo mkdir /sys/fs/cgroup/net_cls
$ sudo mount -t cgroup -o net_cls none /sys/fs/cgroup/net_cls

Now you should be able to tag your packet for tc.

net_prio configuration

For net_prio, the process is rather similar. But you need to install a newer Kernel. Ubuntu 12.04 LTS supports what they call LTS Hardware Enablement Stack which provides you with a new kernel version 3.5. To install it:

$ sudo apt-get install linux-generic-lts-quantal xserver-xorg-lts-quantal

After rebooting you will be using Linux Kernel 3.5. If you use the grep command given above, it will return you a slightly different list. Notably you have now CONFIG_NETPRIO_CGROUP=m which is yet another module. You can again look for the module using the same find command as above and you will find netprio_cgroup, simply load it:

$ sudo modprobe netprio_cgroup

Then like before, you can now mount the cgroup:

$ sudo mkdir /sys/fs/cgroup/net_prio
$ sudo mount -t cgroup -o net_prio none /sys/fs/cgroup/net_prio

Refer to the documentation (see first link) to know how to use the net_prio cgroup or you can also refer to this Red Hat documentation.

Those changes are not persistent

As the title says, at the next reboot the changes will have been lost.

If you want this to be persistent edit the file /etc/rc.local and add the steps above which are creating the directory and mounting the cgroup. And add the modules (either both or one of them, depending which you want to use) to the file /etc/modules, simply add each name on a new line, example:

sudo bash -c "echo cls_cgroup >> /etc/modules"

Warning: when modifying the files under /etc if you are not carefull you could break the boot process. Nothing that a knowledgable person could not repair, but you'd better be carefull and either know what you are going to do or have a friend help you. In addition, backups of your precious data is always a good idea!