Netzwerkfehler simulieren
Inoffizielle Beta-Übersetzung
Diese Seite wurde von PageTurner AI übersetzt (Beta). Nicht offiziell vom Projekt unterstützt. Fehler gefunden? Problem melden →
Dieses Dokument erläutert, wie Sie mit Chaosd Netzwerkfehler simulieren können. Die Simulationen werden durch Modifikation von Netzwerkrouting und Datenflusskontrolle mittels iptables, ipsets, tc usw. durchgeführt.
Hinweis
Stellen Sie sicher, dass das NET_SCH_NETEM-Modul im Linux-Kernel installiert ist. Bei CentOS können Sie das Modul über das Paket kernel-modules-extra installieren. Die meisten anderen Linux-Distributionen haben es standardmäßig bereits installiert.
Experimente zu Netzwerkfehlern im Befehlszeilenmodus erstellen
Dieser Abschnitt erklärt die Erstellung von Netzwerkfehler-Experimenten im Befehlszeilenmodus.
Vor Experimenterstellung können Sie folgenden Befehl ausführen, um die von Chaosd unterstützten Netzwerkfehlertypen zu prüfen:
chaosd attack network --help
Die Ausgabe sieht wie folgt aus:
Network attack related commands
Usage:
chaosd attack network [command]
Available Commands:
bandwidth limit network bandwidth
corrupt corrupt network packet
delay delay network
dns attack DNS server or map specified host to specified IP
duplicate duplicate network packet
loss loss network packet
partition partition
port attack network port
Flags:
-h, --help help for network
Global Flags:
--log-level string the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'
Use "chaosd attack network [command] --help" for more information about a command.
Aktuell lassen sich mit Chaosd vier Experimentszenarien simulieren: Netzwerkbeschädigung, Netzwerklatenz, Netzwerkduplizierung und Netzwerkverlust.
Netzwerkbeschädigung im Befehlszeilenmodus simulieren
Mit folgendem Befehl zeigen Sie die Konfiguration für simulierte Netzwerkbeschädigung mit Chaosd an:
Befehl für Netzwerkbeschädigung
Der Befehl lautet wie folgt:
chaosd attack network corrupt --help
Die Ausgabe sieht wie folgt aus:
corrupt network packet
Usage:
chaosd attack network corrupt [flags]
Flags:
-c, --correlation string correlation is percentage (10 is 10%) (default "0")
-d, --device string the network interface to impact
-e, --egress-port string only impact egress traffic to these destination ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
-h, --help help for corrupt
-H, --hostname string only impact traffic to these hostnames
-i, --ip string only impact egress traffic to these IP addresses
--percent string percentage of packets to corrupt (10 is 10%) (default "1")
-p, --protocol string only impact traffic using this IP protocol, supported: tcp, udp, icmp, all
-s, --source-port string only impact egress traffic from these source ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
Global Flags:
--log-level string the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'
Konfigurationsparameter für Netzwerkbeschädigung
Die zugehörigen Konfigurationsparameter werden wie folgt beschrieben:
| Configuration item | Abbreviation | Description | Value |
|---|---|---|---|
| correlation | c | The correlation between the percentage of current corrupt occurrence and the previous occurrence. | int. It is a percentage ranging from 0 to 100 (10 is 10%) ("0" by default ). |
| device | d | Name of the impacted network interface card. | string, such as "eth0", required. |
| egress-port | e | The egress traffic that only impacts specific destination ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
| hostname | H | The host name impacted by traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "chaos-mesh.org". |
| ip | i | The IP address impacted by egress traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "123.123.123.123". |
| protocol | p | The IP protocol impacted by traffic. | string. Supported protocols: tcp, udp, icmp, all (all network protocols). |
| source-port | s | The egress traffic which only impact specific source ports. It can only be configured when the protocol is TCP or UDP. | string. Use a , to delimit the specific port or to indicate the range of the ports, such as "80,8001:8010". |
| percent | Ratio of network packet corruption. | string. It is a percentage which range is 0 to 100 (10 is 10%) (default "1"). |
Beispiel zur Netzwerkbeschädigung im Befehlsmodus
Führen Sie folgenden Befehl zur Simulation von Netzwerkbeschädigung aus:
chaosd attack network corrupt -d eth0 -i 172.16.4.4 --percent 50
Bei erfolgreicher Ausführung lautet die Ausgabe:
Attack network successfully, uid: 4eab1e62-8d60-45cb-ac85-3c17b8ac4825
Netzwerklatenz im Befehlszeilenmodus simulieren
Mit folgendem Befehl zeigen Sie die Konfiguration für simulierte Netzwerklatenz mit Chaosd an:
Befehl für Netzwerklatenz
Der Befehl lautet wie folgt:
chaosd attack network delay --help
Die Ausgabe sieht wie folgt aus:
delay network
Usage:
chaosd attack network delay [flags]
Flags:
-c, --correlation string correlation is percentage (10 is 10%) (default "0")
-d, --device string the network interface to impact
-e, --egress-port string only impact egress traffic to these destination ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
-h, --help help for delay
-H, --hostname string only impact traffic to these hostnames
-i, --ip string only impact egress traffic to these IP addresses
-j, --jitter string jitter time, time units: ns, us (or µs), ms, s, m, h.
-l, --latency string delay egress time, time units: ns, us (or µs), ms, s, m, h.
-p, --protocol string only impact traffic using this IP protocol, supported: tcp, udp, icmp, all
-s, --source-port string only impact egress traffic from these source ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
Global Flags:
--log-level string the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'
Konfigurationsparameter für Netzwerklatenz
Die zugehörigen Konfigurationsparameter werden wie folgt beschrieben:
| Configuration item | Abbreviation | Description | Value |
|---|---|---|---|
| correlation | c | The correlation between the current latency and the previous one. | string. It is a percentage ranging from 0 to 100 (10 is 10%) ("0" by default). |
| device | d | Name of the impacted network interface card. | string, such as "eth0", required. |
| egress-port | e | The egress traffic which only impact specific destination ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
| hostname | H | The host name impacted by traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "chaos-mesh.org". |
| ip | i | The IP address impacted by egress traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "123.123.123.123". |
| jitter | j | Range of the length of network delay time. | string. The time units can be: ns, us (µs), ms, s, m, h, such as "1ms". |
| latency | l | Length of network delay time. | string. The time units can be: ns, us (μs), ms, s, m, h, such as "1ms". |
| protocol | p | The IP protocol impacted by traffic. | string. It supports the following protocol types: "tcp", "udp", "icmp", "all" (all network protocols). |
| source-port | s | The egress traffic that only impacts specified source ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
Beispiel zur Netzwerklatenz im Befehlszeilenmodus
Führen Sie folgenden Befehl zur Simulation von Netzwerklatenz aus:
chaosd attack network delay -d eth0 -i 172.16.4.4 -l 10ms
Bei erfolgreicher Ausführung lautet die Ausgabe:
Attack network successfully, uid: 4b23a0b5-e193-4b27-90a7-3e04235f32ab
Netzwerkduplizierung im Befehlszeilenmodus simulieren
Mit folgendem Befehl zeigen Sie die Konfiguration für simulierte Netzwerkduplizierung mit Chaosd an:
Befehl für Netzwerkduplizierung
Der Befehl lautet wie folgt:
chaosd attack network duplicate --help
Die Ausgabe sieht wie folgt aus:
duplicate network packet
Usage:
chaosd attack network duplicate [flags]
Flags:
-c, --correlation string correlation is percentage (10 is 10%) (default "0")
-d, --device string the network interface to impact
-e, --egress-port string only impact egress traffic to these destination ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
-h, --help help for duplicate
-H, --hostname string only impact traffic to these hostnames
-i, --ip string only impact egress traffic to these IP addresses
--percent string percentage of packets to duplicate (10 is 10%) (default "1")
-p, --protocol string only impact traffic using this IP protocol, supported: tcp, udp, icmp, all
-s, --source-port string only impact egress traffic from these source ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
Global Flags:
--log-level string the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'
Konfigurationsparameter für Netzwerkduplizierung
Die zugehörigen Konfigurationsparameter werden wie folgt beschrieben:
| Configuration item | Abbreviation | Description | Value |
|---|---|---|---|
| correlation | c | The correlation between the percentage of current duplication occurrence and the previous one. | string. It is a percentage which range is 0 to 100 (10 is 10%) (default "0"). |
| device | d | Name of the impacted network interface card. | string, such as "eth0", required. |
| egress-port | e | The egress traffic that only impacts specified destination ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
| hostname | H | The host name impacted by traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "chaos-mesh.org". |
| ip | i | The IP address impacted by egress traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "123.123.123.123". |
| percent | N/A | Ratio of network packet duplicate. | string. It is a percentage which range is 0 to 100 (10 is 10%) (default "1"). |
| protocol | p | The IP protocol impacted by traffic. | string. It supports the following protocol types: "tcp", "udp", "icmp", "all" (all network protocols). |
| source-port | s | The egress traffic which only impact specific source ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
Beispiel zur Netzwerkduplizierung im Befehlszeilenmodus
Führen Sie folgenden Befehl zur Simulation von Netzwerkduplizierung aus:
chaosd attack network duplicate -d eth0 -i 172.16.4.4 --percent 50
Bei erfolgreicher Ausführung lautet die Ausgabe:
Attack network successfully, uid: 7bcb74ee-9101-4ae4-82f0-e44c8a7f113c
Netzwerkverlust im Befehlszeilenmodus simulieren
Mit folgendem Befehl zeigen Sie die Konfiguration für simulierten Netzwerkverlust mit Chaosd an:
Befehl für Netzwerkverlust
Der Befehl lautet wie folgt:
chaosd attack network loss --help
Die Ausgabe sieht wie folgt aus:
loss network packet
Usage:
chaosd attack network loss [flags]
Flags:
-c, --correlation string correlation is percentage (10 is 10%) (default "0")
-d, --device string the network interface to impact
-e, --egress-port string only impact egress traffic to these destination ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
-h, --help help for loss
-H, --hostname string only impact traffic to these hostnames
-i, --ip string only impact egress traffic to these IP addresses
--percent string percentage of packets to drop (10 is 10%) (default "1")
-p, --protocol string only impact traffic using this IP protocol, supported: tcp, udp, icmp, all
-s, --source-port string only impact egress traffic from these source ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
Global Flags:
--log-level string the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'
Konfigurationsparameter für Netzwerkverlust
Die zugehörigen Konfigurationsparameter werden wie folgt beschrieben:
| Configuration item | Abbreviation | Description | Value |
|---|---|---|---|
| correlation | c | The correlation between the percentage of the current network loss and the previous one. | string. It is a percentage which range is 0 to 100 (10 is 10%) (default "0"). |
| device | d | Name of the impacted network interface card. | string, such as "eth0", required. |
| egress-port | e | The egress traffic that only impacts specified destination ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
| hostname | H | The host name impacted by traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "chaos-mesh.org". |
| ip | i | The IP address impacted by egress traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "123.123.123.123". |
| percent | N/A | Ratio of network packet loss. | string. It is a percentage which range is 0 to 100 (10 is 10%) (default "1"). |
| protocol | p | Only impact traffic using this IP protocol. | string. It supports the following protocol types: "tcp", "udp", "icmp", "all" (all network protocols). |
| source-port | s | The egress traffic which only impact specific source ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
Beispiel zum Netzwerkverlust im Befehlszeilenmodus
Führen Sie folgenden Befehl zur Simulation von Netzwerkverlust aus:
chaosd attack network loss -d eth0 -i 172.16.4.4 --percent 50
Bei erfolgreicher Ausführung lautet die Ausgabe:
Attack network successfully, uid: 1e818adf-3942-4de4-949b-c8499f120265
Netzwerkpartitionierung im Befehlszeilenmodus simulieren
Mit folgendem Befehl zeigen Sie die Konfiguration für simulierte Netzwerkpartitionierung mit Chaosd an:
Der Befehl für Netzwerkpartitionierung
Der Befehl lautet wie folgt:
chaosd attack network partition --help
Die Ausgabe sieht wie folgt aus:
partition
Usage:
chaosd attack network partition [flags]
Flags:
--accept-tcp-flags string only the packet which match the tcp flag can be accepted, others will be dropped. only set when the protocol is tcp.
-d, --device string the network interface to impact
--direction string specifies the partition direction, values can be 'to', 'from' or 'both'. 'from' means packets coming from the 'IPAddress' or 'Hostname' and going to your server, 'to' means packets originating from your server and going to the 'IPAddress' or 'Hostname'. (default "both")
-h, --help help for partition
-H, --hostname string only impact traffic to these hostnames
-i, --ip string only impact egress traffic to these IP addresses
-p, --protocol string only impact traffic using this IP protocol, supported: tcp, udp, icmp, all
Global Flags:
--log-level string the log level of chaosd. The value can be 'debug', 'info', 'warn' and 'error'
--uid string the experiment ID
Konfigurationsparameter für Netzwerkpartitionierung
Die zugehörigen Konfigurationsparameter werden wie folgt beschrieben:
| Configuration item | Abbreviation | Description | Value |
|---|---|---|---|
| accept-tcp-flags | N/A | Only the packet which matches the tcp flag can be accepted, others will be dropped. Only set when the protocol is tcp. | string, such as "SYN,ACK SYN,ACK" |
| device | d | the network interface to impact | string, such as "eth0", required |
| direction | d | Specifies the partition direction, values can be 'to', 'from' or 'both'. 'from' means packets coming from the 'ip' or 'hostname' and going to your server, 'to' means packets originating from your server and going to the 'ip' or 'hostname'. | string, values can be "to", "from" or "both" (default "both") |
| hostname | H | Only impact traffic to these hostnames. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "chaos-mesh.org". |
| ip | i | Only impact egress traffic to these IP addresses. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "192.168.123.123". |
| protocol | p | Only impact traffic using this IP protocol | string. It supports the following protocol types: "tcp", "udp", "icmp", "all" (all network protocols). |
Beispiel zur Simulation von Netzwerkpartitionierung mit dem Befehlszeilenmodus
Führen Sie den folgenden Befehl aus, um Netzwerkpartitionierung zu simulieren:
chaosd attack network partition -i 172.16.4.4 -d eth0 --direction from
DNS-Fehler mit dem Befehlszeilenmodus simulieren
Sie können den folgenden Befehl ausführen, um die Konfiguration für simulierte DNS-Fehler mit Chaosd einzusehen.
Der Befehl für DNS-Fehler
Der Befehl lautet wie folgt:
chaosd attack network dns --help
Die Ausgabe sieht wie folgt aus:
attack DNS server or map specified host to specified IP
Usage:
chaosd attack network dns [flags]
Flags:
-d, --dns-domain-name string map this host to specified IP
-i, --dns-ip string map specified host to this IP address
--dns-server string update the DNS server in /etc/resolv.conf with this value (default "123.123.123.123")
-h, --help help for dns
Global Flags:
--log-level string the log level of chaosd. The value can be 'debug', 'info', 'warn' and 'error'
--uid string the experiment ID
Konfigurationsparameter für DNS-Fehler
Die zugehörigen Konfigurationsparameter werden wie folgt beschrieben:
| Configuration item | Abbreviation | Description | Value |
|---|---|---|---|
| dns-domain-name | d | Map this host to specified IP(dns-ip) | string, such as "chaos-mesh.org". |
| dns-ip | i | Map specified host(dns-domain-name) to this IP address | string, such as "123.123.123.123" |
| dns-server | N/A | Update the DNS server in /etc/resolv.conf with this value | string, default is "123.123.123.123" |
Beispiel zur Simulation von DNS-Fehlern mit dem Befehlszeilenmodus
Führen Sie den folgenden Befehl aus, um einen DNS-Fehler durch Zuordnung eines bestimmten Hosts zu einer spezifischen IP zu simulieren:
chaosd attack network dns --dns-ip 123.123.123.123 --dns-domain-name chaos-mesh.org
Führen Sie den folgenden Befehl aus, um einen DNS-Fehler durch Verwendung eines falschen DNS-Servers zu simulieren:
chaosd attack network dns --dns-server 123.123.123.123
Netzwerkbandbreite mit dem Befehlszeilenmodus simulieren
Sie können den folgenden Befehl ausführen, um die Konfiguration für simulierte Netzwerkbandbreite mit Chaosd einzusehen.
Der Befehl für Netzwerkbandbreite
Der Befehl lautet wie folgt:
chaosd attack network bandwidth --help
Die Ausgabe sieht wie folgt aus:
limit network bandwidth
Usage:
chaosd attack network bandwidth [flags]
Flags:
-b, --buffer uint32 the maximum amount of bytes that tokens can be available for instantaneously
-d, --device string the network interface to impact
-h, --help help for bandwidth
-H, --hostname string only impact traffic to these hostnames
-i, --ip string only impact egress traffic to these IP addresses
-l, --limit uint32 the number of bytes that can be queued waiting for tokens to become available
-m, --minburst uint32 specifies the size of the peakrate bucket
--peakrate uint the maximum depletion rate of the bucket
-r, --rate string the speed knob, allows bps, kbps, mbps, gbps, tbps unit. bps means bytes per second
Global Flags:
--log-level string the log level of chaosd. The value can be 'debug', 'info', 'warn' and 'error'
--uid string the experiment ID
Konfigurationsparameter für Netzwerkbandbreite
Die zugehörigen Konfigurationsparameter werden wie folgt beschrieben:
| Configuration item | Abbreviation | Description | Value |
|---|---|---|---|
| buffer | b | The maximum amount of bytes that tokens can be available for instantaneously | int, such as 10000, required |
| device | d | The network interface to impact | string, such as "eth0", required |
| hostname | H | Only impact traffic to these hostnames. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "chaos-mesh.org". |
| ip | i | Only impact egress traffic to these IP addresses. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "123.123.123.123". |
| limit | l | The number of bytes that can be queued waiting for tokens to become available | int, such as 10000, required |
| minburst | m | Specifies the size of the peakrate bucket | int, such as 10000 |
| peakrate | N/A | The maximum depletion rate of the bucket | int, such as 10000 |
| rate | r | The speed knob, allows bps, kbps, mbps, gbps, tbps unit. The bps unit means bytes per second. | string, such as "1mbps", required |
Beispiel zur Simulation von Netzwerkbandbreite mit dem Befehlszeilenmodus
Führen Sie den folgenden Befehl aus, um Netzwerkbandbreite zu simulieren:
chaosd attack network bandwidth --buffer 10000 --device eth0 --limit 10000 --rate 10mbps
Portbelegung mit dem Befehlszeilenmodus simulieren
Sie können den folgenden Befehl ausführen, um die Konfiguration für simulierte Portbelegung einzusehen.
Der Befehl für Portbelegung
Der Befehl lautet wie folgt:
chaosd attack network port --help
Die Ausgabe sieht wie folgt aus:
attack network port
Usage:
chaosd attack network port [flags]
Flags:
-h, --help help for port
-p, --port string this specified port is to occupied
Global Flags:
--log-level string the log level of chaosd. The value can be 'debug', 'info', 'warn' and 'error'
--uid string the experiment ID
Konfigurationsparameter für Portbelegung
Die zugehörigen Konfigurationsparameter werden wie folgt beschrieben:
| Configuration item | Abbreviation | Description | Value |
|---|---|---|---|
| port | p | The specified port to be occupied | int, such as 8080, required |
Beispiel zur Simulation von Portbelegung mit dem Befehlszeilenmodus
Führen Sie den folgenden Befehl aus, um Netzwerkbandbreite zu simulieren:
chaosd attack network port --port 8080
Netzwerkfehlerexperimente mit dem Dienstmodus erstellen
Gehen Sie wie folgt vor, um Experimente im Dienstmodus zu erstellen:
-
Starten Sie Chaosd im Dienstmodus:
chaosd server --port 31767 -
Senden Sie eine
POST-HTTP-Anfrage an den Pfad/api/attack/processdes Chaosd-Dienstes:curl -X POST 172.16.112.130:31767/api/attack/process -H "Content-Type:application/json" -d '{fault-configuration}'Konfigurieren Sie
fault-configurationentsprechend den Fehlertypen. Die entsprechenden Parameter entnehmen Sie den Parametern und Beispielen der einzelnen Fehlertypen in den folgenden Abschnitten.
Hinweis
Notieren Sie sich beim Starten eines Experiments die UID des Experiments. Um das Experiment zu beenden, senden Sie eine DELETE-HTTP-Anfrage an den Pfad /api/attack/{uid} des Chaosd-Dienstes.
Netzwerkkorruption mit dem Dienstmodus simulieren
Parameter zum Simulieren von Netzwerkkorruption
| Parameter | Description | Value |
|---|---|---|
| action | Action of the experiment. | set to "corrupt" |
| correlation | The correlation between the current latency and the previous one. | string. It is a percentage ranging from 0 to 100 (10 is 10%) ("0" by default). |
| device | Name of the impacted network interface card. | string, such as "eth0", required. |
| egress-port | The egress traffic which only impact specific destination ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
| hostname | The host name impacted by traffic. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "chaos-mesh.org". |
| ip-address | The IP address impacted by egress traffic. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "123.123.123.123". |
| ip-protocol | The IP protocol impacted by traffic. | string. Supported protocols: tcp, udp, icmp, all (all network protocols). |
| source-port | The egress traffic which only impact specific source ports. It can only be configured when the protocol is TCP or UDP. | string. Use a , to delimit the specific port or to indicate the range of the ports, such as "80,8001:8010". |
| percent | Ratio of network packet corruption. | string. It is a percentage which range is 0 to 100 (10 is 10%) (default "1"). |
Beispiel zur Simulation von Netzwerkkorruption mit dem Dienstmodus
curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"corrupt","device":"eth0","ip-address":"172.16.4.4","percent":"50"}'
Netzwerklatenz mit dem Dienstmodus simulieren
Parameter zum Simulieren von Netzwerklatenz
| Parameter | Description | Value |
|---|---|---|
| action | Action of the experiment. | set to "delay" |
| correlation | The correlation between the current latency and the previous one. | string. It is a percentage ranging from 0 to 100 (10 is 10%) ("0" by default). |
| device | Name of the impacted network interface card. | string, such as "eth0", required. |
| egress-port | The egress traffic which only impact specific destination ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
| hostname | The host name impacted by traffic. hostname and ip-address cannot be empty at the same time. When hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "chaos-mesh.org". |
| ip-address | The IP address impacted by egress traffic. hostname and ip-address cannot be empty at the same time. When hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "123.123.123.123". |
| jitter | Range of the length of network delay time. | string. The time units can be: ns, us (µs), ms, s, m, h, such as "1ms". |
| latency | Length of network delay time. | string. The time units can be: ns, us (μs), ms, s, m, h, such as "1ms". |
| ip-protocol | The IP protocol impacted by traffic. | string. It supports the following protocol types: "tcp", "udp", "icmp", "all" (all network protocols). |
| source-port | The egress traffic that only impacts specified source ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
Beispiel zur Simulation von Netzwerklatenz mit dem Dienstmodus
curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"delay","device":"eth0","ip-address":"172.16.4.4","latency":"10ms"}'
Netzwerkduplizierung mit dem Dienstmodus simulieren
Parameter für die Simulation von Netzwerkduplizierung
| Parameter | Description | Value |
|---|---|---|
| action | Action of the experiment. | set to "duplicate" |
| correlation | The correlation between the percentage of current duplication occurrence and the previous one. | string. It is a percentage which range is 0 to 100 (10 is 10%) (default "0"). |
| device | Name of the impacted network interface card. | string, such as "eth0", required. |
| egress-port | The egress traffic that only impacts specified destination ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
| hostname | The host name impacted by traffic. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "chaos-mesh.org". |
| ip-address | The IP address impacted by egress traffic. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "123.123.123.123". |
| percent | Ratio of network packet duplicate. | string. It is a percentage which range is 0 to 100 (10 is 10%) (default "1"). |
| ip-protocol | The IP protocol impacted by traffic. | string. It supports the following protocol types: "tcp", "udp", "icmp", "all" (all network protocols). |
| source-port | The egress traffic which only impact specific source ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
Beispiel zur Simulation von Netzwerkduplizierung im Service-Modus
curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"duplicate","ip-address":"172.16.4.4","device":"eth0","percent":"50"}'
Netzwerkverlust im Service-Modus simulieren
Parameter für die Simulation von Netzwerkverlust
| Parameter | Description | Value |
|---|---|---|
| action | Action of the experiment. | set to "loss" |
| correlation | The correlation between the percentage of the current network loss and the previous one. | string, it is a percentage which range is 0 to 100 (10 is 10%) (default "0"). |
| device | Name of the impacted network interface card. | string, such as "eth0", required. |
| egress-port | The egress traffic that only impacts specified destination ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
| hostname | The host name impacted by traffic. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "chaos-mesh.org". |
| ip-address | The IP address impacted by egress traffic. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "123.123.123.123". |
| percent | Ratio of network packet loss. | string. It is a percentage which range is 0 to 100 (10 is 10%) (default "1"). |
| ip-protocol | Only impact traffic using this IP protocol. | string, it supports the following protocol types: "tcp", "udp", "icmp", "all" (all network protocols). |
| source-port | The egress traffic which only impact specific source ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
Beispiel zur Simulation von Netzwerkverlust im Service-Modus
curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"loss","ip-address":"172.16.4.4","device":"eth0","percent":"50"}'
Netzwerkpartitionierung im Service-Modus simulieren
Parameter für die Simulation von Netzwerkpartitionierung
| Parameter | Description | Value |
|---|---|---|
| action | Action of the experiment. | set to "partition" |
| accept-tcp-flags | Only the packet which match the tcp flag can be accepted, others will be dropped. Only set when the protocol is tcp. | string, such as "SYN,ACK SYN,ACK" |
| device | The network interface to impact | string, such as "eth0", required |
| direction | Specifies the partition direction, values can be 'to', 'from' or 'both'. 'from' means packets coming from the 'ip-address' or 'hostname' and going to your server, 'to' means packets originating from your server and going to the 'ip-address' or 'hostname'. | string, values can be "to", "from" or "both" (default "both") |
| hostname | Only impact traffic to these hostnames. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "chaos-mesh.org". |
| ip-address | Only impact egress traffic to these IP addresses. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "192.168.123.123". |
| ip-protocol | Only impact traffic using this IP protocol | string. It supports the following protocol types: tcp, udp, icmp, all (all network protocols). |
Beispiel zur Simulation von Netzwerkpartitionierung im Service-Modus
curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"partition","ip-address":"172.16.4.4","device":"eth0","direction":"from"}'
DNS-Fehler im Service-Modus simulieren
Parameter für die Simulation von DNS-Fehlern
| Parameter | Description | Value |
|---|---|---|
| action | Action of the experiment. | set to "dns" |
| dns-domain-name | Map this host to specified IP(dns-ip) | string, such as "chaos-mesh.org". |
| dns-ip | Map specified host(dns-domain-name) to this IP address | string, such as "123.123.123.123" |
| dns-server | Update the DNS server in /etc/resolv.conf with this value | string, such as "123.123.123.123" (default "123.123.123.123") |
Beispiel zur Simulation von DNS-Fehlern im Service-Modus
curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"dns","dns-domain-name":"chaos-mesh.org","dns-ip":"123.123.123.123"}'
Netzwerkbandbreite im Service-Modus simulieren
Parameter für die Simulation von Netzwerkbandbreite
| Parameter | Description | Value |
|---|---|---|
| action | Action of the experiment. | set to "bandwidth" |
| buffer | The maximum amount of bytes that tokens can be available for instantaneously | int, such as 10000, required |
| device | The network interface to impact | string, such as "eth0", required |
| hostname | Only impact traffic to these hostnames. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "chaos-mesh.org". |
| ip-address | Only impact egress traffic to these IP addresses. hostname and ip-address cannot be empty at the same time. When hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "123.123.123.123". |
| limit | The number of bytes that can be queued waiting for tokens to become available | int, such as 10000, required |
| minburst | Specifies the size of the peakrate bucket | int, such as 10000 |
| peakrate | The maximum depletion rate of the bucket | int, such as 10000 |
| rate | The speed knob, allows bps, kbps, mbps, gbps, tbps unit. The bps unit means bytes per second. | string, such as "1mbps", required |
Beispiel zur Simulation von Netzwerkbandbreite im Service-Modus
curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"bandwidth","buffer":10000,"limit":10000,"rate":"10mbps","device":"eth0"}'
Portbelegung im Service-Modus simulieren
Parameter für die Simulation von Portbelegung
| Parameter | Description | Value |
|---|---|---|
| action | Action of the experiment. | set to "occupied" |
| port | The specified port to be occupied. | int, such as 8080, required |
Beispiel zur Simulation von Portbelegung im Service-Modus
curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"occupied","port":8080}'