I've been using tc/htb for network control previously to control bandwidth available to different services running on their own IPs on a unvirtualized host. Now, I have put them into their own guest VM. I would like to be able to do something similar to ensure the more crucial service gets more bandwidth as well as ensuring ssh always get reserved bandwidth. However, when I try the good old tc/htb commands on the host, it fails to do anything useful. My script that works on the non-virtualized setup was this TCADD="tc class add dev eth0 parent" $TCADD 1:0 classid 1:1 htb rate 1250kbps ceil 1250kbps $TCADD 1:1 classid 1:10 htb rate 25kbps ceil 150kbps prio 0 $TCADD 1:1 classid 1:11 htb rate 100kbps ceil 300kbps prio 1 $TCADD 1:1 classid 1:12 htb rate 300kbps ceil 600kbps prio 1 $TCADD 1:1 classid 1:19 htb rate 75kbps ceil 150kbps prio 2 TFADD="tc filter add dev eth0 protocol ip parent" $TFADD 1:0 prio 0 u32 match ip dport 10022 0xffff flowid 1:10 $TFADD 1:0 prio 1 u32 match ip dst <public ip ipaddress 1> flowid 1:11 $TFADD 1:0 prio 1 u32 match ip dst <public ip address 2> flowid 1:12 I can't put the restrictions within the guest because I don't want the individual VM admins to be able to stop the script from running. On my new host, I have bridged networking with br0, eth0 and guests running off vnet<n>. I've tried applying tc on br0, eth0, vnet<n> but they don't seem to have any effect based on a 20MB FTP test. I've been googling for a while to find an solution but haven't hit on anything apart from using yet another firewall/router sitting between everything and the Internet. Is there any other solution apart from that?