MACE (Measure the Added Container Expense) is a kernel network stack latency monitor geared towards measuring container networking overheads. By hooking into common trace-events, MACE is able to dynamically report network stack latency on a per-packet basis.
Assuming the proper kernel headers are where they should be, just
# make
So far only tested on release 4.15.0.
# insmod ./mace.ko outer_dev=<ifindex of outer network interface>
The ifindex for any interface can be found with ip l
Mace uses the kernel's device model to communicate per-packet latencies to userspace and to allow control of mace internals from userspace. The following files are created after module initilization:
mace
Reads from this file return outstanding egress and ingress latencies (in nanoseconds) for the current net namespace and remove them from the queue.
mace_on
Writing a non-zero value to this file enables mace for the current network namespace. Writing a zero disables mace. Reading shows status of current network namespace.
Generally, containers will need explicit permission to access the mace interface.
In docker, user --device /dev/mace:/dev/mace and -v /sys/class/mace:/sys/class/mace to allow a container acces to both latencies and knobs.
See the tests directory for the experiment scripts used for evaluation.