Hi we had the need to manage guests bandwidth. Therefore I wrote a qemu hook script that achieves this and, if there is any interest in that, would like to contribute it to the project. This script will only work on linux hosts. It effectively limits the bandwidth a guest can _send_. It only somewhat effectively limits the bandwidth a guest can _receive_. While well behaving tcp connections slow down when packets are being delayed/dropped, with udp, we are facing a different situation. During my tests, udp was always way slower (factor 10) than actually configured (using iperf -u). Since only tcp matters to us in this situation, we consider it "good enough". Also: This mechanism does by no means protect you from ddos or the like. So what does the script do? The script uses iptables to mark packets from- and to a virtual machine. Depending on these marks, packets will be filtered into tc classes which limit bandwidth to a configurable amount. The configuration allows for groups of vms which share an amount of bandwidth while each machine has its guaranteed bandwidth in high network usage situations. Documentation is part of the script. If you like, feel free to include it. If you have any comments or questions, talk! :) Regards Dominik