← Lessons

quiz vs the machine

Gold1460

Concurrency

The Cgroup CPU Limits

How Linux caps and shares CPU among groups of processes for containers.

5 min read · core · beat Gold to climb

Fencing in CPU usage

A cgroup is a Linux feature that groups processes and limits the resources they share. For CPU it offers two different controls that are easy to confuse: shares and quota.

Shares are relative

CPU shares set a weight. When the system is busy, two groups with shares of one thousand and two thousand split contested CPU roughly one to two. Crucially, shares do not cap usage. A group can use a whole idle machine if nobody else competes.

Quota is a hard cap

CPU quota sets an absolute ceiling using a period and a quota. For example a quota of fifty milliseconds per one hundred millisecond period limits the group to half a core on average, no matter how idle the machine is.

The throttling surprise

When a group exhausts its quota inside a period, every thread in it is throttled, paused until the next period begins. A bursty multi threaded app can hit its quota early and then stall for the rest of the period, causing latency spikes that look mysterious until you see the throttling counters.

Key idea

Cgroup CPU shares set relative weights without capping, while quota sets a hard ceiling per period, and exhausting that quota throttles the whole group until the next period, a common cause of container latency spikes.

Check yourself

Answer to earn rating on the learn ladder.

1. What do CPU shares control?

2. What happens when a cgroup exhausts its CPU quota in a period?

3. Why can quota throttling cause mysterious latency spikes?