What I am always missing in these posts: How do they limit network bandwidth? Since these are all multi-tenant services, how do they make sure a container or isolated browser is not taking all the network bandwidth of a host?
You probably can do this through the proc filesystem/cgroups.
If you think about it, you can use cgroups to limit the bandwidth, so you can also use it to measure it.
