Docker Network Traffic

[neruve]

Does anyone know of a way to monitor docker network traffic? My router tells me my unraid IP is using internet bandwidth, i'd like to know where the bandwidth is going. So something like container name to traffic, or even container ip to traffic.

 

Does something like this even exist?

[shadowd1000]

Any solution?

[primeval_god]

Try Netdata

[shadowd1000]

15 hours ago, primeval_god said:

Try Netdata

Yeah, I installed it yesterday and yet even though I can see docker containers, I'm still not able to see their network activity. For some reason only cpu, ram and hdd usage is available but not network. 

I installed netdata from appstore which is using host network instead of bridge. 

Also, I can see some vnet adapters in network section. 

[primeval_god]

3 hours ago, shadowd1000 said:

Yeah, I installed it yesterday and yet even though I can see docker containers, I'm still not able to see their network activity. For some reason only cpu, ram and hdd usage is available but not network. 

I installed netdata from appstore which is using host network instead of bridge. 

Also, I can see some vnet adapters in network section. 

Try adding the following to the extra parameters field of your netdata container.

--pid=host --cap-add SYS_SYS_ADMIN

 

[Squid]

2 hours ago, primeval_god said:

Try adding the following to the extra parameters field of your netdata container.

--pid=host --cap-add SYS_SYS_ADMIN

 

Adding that (and fixing SYS_SYS_ADMIN to be SYS_ADMIN) resulted in me losing Netdata having any stats on the containers at all

 

6 hours ago, shadowd1000 said:

Also, I can see some vnet adapters in network section. 

Yeah, that's what you want except you then have to correlate the veth0xxxxxxxx adapters to what container they are.

 

cAdvisor is another alternative to NetData, but not quite as good IMO

[BRiT]

On 6/27/2022 at 10:24 AM, shadowd1000 said:

Any solution?

 

Try using Docker IPVLAN mode for each docker container so they have their own local IP address, which should enable the router to track the traffic separately.

[primeval_god]

1 hour ago, Squid said:

Adding that (and fixing SYS_SYS_ADMIN to be SYS_ADMIN) resulted in me losing Netdata having any stats on the containers at all

Interesting I have both as well as SYS_PTRACE, though i am not 100% sure if extra parameters is where i had them as i switched netdata to compose a while ago. Also not sure if it makes a difference but i dont have my netdata container connected to the Host network. Its on a custom bridge with a port mapping for 19999. 

[shadowd1000]

2 hours ago, primeval_god said:

Interesting I have both as well as SYS_PTRACE, though i am not 100% sure if extra parameters is where i had them as i switched netdata to compose a while ago. Also not sure if it makes a difference but i dont have my netdata container connected to the Host network. Its on a custom bridge with a port mapping for 19999. 

yeah, added

--pid=host --cap-add SYS_ADMIN --security-opt apparmor=unconfined --log-opt max-size=200m --log-opt max-file=1

still same problem.

not sure, switching to bridge network and forwarding port might help either, because I tried that too, still no use.

[primeval_god]

Another possible piece of the puzzle i am running netdata/netdata:v1.28.0

[shadowd1000]

 

On 6/29/2022 at 5:48 AM, primeval_god said:

Another possible piece of the puzzle i am running netdata/netdata:v1.28.0

 

Ok Now, Somehow I got it to work. First I did all what you suggested. Then I also switched the privileged toggle in container settings and somehow it works. Are there any risks

involved in running the container in privileged mode, if so, what can be done to mitigate these.