模拟网络故障
非官方测试版翻译
本页面由 PageTurner AI 翻译(测试版)。未经项目官方认可。 发现错误? 报告问题 →
本文介绍如何使用 Chaosd 模拟网络故障。通过 iptables、ipsets、tc 等工具修改网络路由和流量控制,即可完成故障模拟。
备注
请确保 Linux 内核已安装 NET_SCH_NETEM 模块。若使用 CentOS 系统,可通过 kernel-modules-extra 包安装该模块。其他主流 Linux 发行版通常已默认安装此模块。
使用命令行模式创建网络故障实验
本节介绍如何通过命令行模式创建网络故障实验。
创建实验前,可运行以下命令查看 Chaosd 支持的网络故障类型:
chaosd attack network --help
输出如下:
Network attack related commands
Usage:
chaosd attack network [command]
Available Commands:
bandwidth limit network bandwidth
corrupt corrupt network packet
delay delay network
dns attack DNS server or map specified host to specified IP
duplicate duplicate network packet
loss loss network packet
partition partition
port attack network port
Flags:
-h, --help help for network
Global Flags:
--log-level string the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'
Use "chaosd attack network [command] --help" for more information about a command.
目前可通过 Chaosd 模拟四种实验场景:网络损坏、网络延迟、网络重复和网络丢包。
使用命令行模式模拟网络损坏
可运行以下命令查看 Chaosd 模拟网络损坏的配置选项:
网络损坏命令
命令如下:
chaosd attack network corrupt --help
输出如下:
corrupt network packet
Usage:
chaosd attack network corrupt [flags]
Flags:
-c, --correlation string correlation is percentage (10 is 10%) (default "0")
-d, --device string the network interface to impact
-e, --egress-port string only impact egress traffic to these destination ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
-h, --help help for corrupt
-H, --hostname string only impact traffic to these hostnames
-i, --ip string only impact egress traffic to these IP addresses
--percent string percentage of packets to corrupt (10 is 10%) (default "1")
-p, --protocol string only impact traffic using this IP protocol, supported: tcp, udp, icmp, all
-s, --source-port string only impact egress traffic from these source ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
Global Flags:
--log-level string the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'
网络损坏相关配置项
相关配置项说明如下:
| Configuration item | Abbreviation | Description | Value |
|---|---|---|---|
| correlation | c | The correlation between the percentage of current corrupt occurrence and the previous occurrence. | int. It is a percentage ranging from 0 to 100 (10 is 10%) ("0" by default ). |
| device | d | Name of the impacted network interface card. | string, such as "eth0", required. |
| egress-port | e | The egress traffic that only impacts specific destination ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
| hostname | H | The host name impacted by traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "chaos-mesh.org". |
| ip | i | The IP address impacted by egress traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "123.123.123.123". |
| protocol | p | The IP protocol impacted by traffic. | string. Supported protocols: tcp, udp, icmp, all (all network protocols). |
| source-port | s | The egress traffic which only impact specific source ports. It can only be configured when the protocol is TCP or UDP. | string. Use a , to delimit the specific port or to indicate the range of the ports, such as "80,8001:8010". |
| percent | Ratio of network packet corruption. | string. It is a percentage which range is 0 to 100 (10 is 10%) (default "1"). |
命令行模式模拟网络损坏示例
运行以下命令模拟网络损坏:
chaosd attack network corrupt -d eth0 -i 172.16.4.4 --percent 50
若命令执行成功,输出如下:
Attack network successfully, uid: 4eab1e62-8d60-45cb-ac85-3c17b8ac4825
使用命令行模式模拟网络延迟
可运行以下命令查看 Chaosd 模拟网络延迟的配置选项:
网络延迟命令
命令如下:
chaosd attack network delay --help
输出如下:
delay network
Usage:
chaosd attack network delay [flags]
Flags:
-c, --correlation string correlation is percentage (10 is 10%) (default "0")
-d, --device string the network interface to impact
-e, --egress-port string only impact egress traffic to these destination ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
-h, --help help for delay
-H, --hostname string only impact traffic to these hostnames
-i, --ip string only impact egress traffic to these IP addresses
-j, --jitter string jitter time, time units: ns, us (or µs), ms, s, m, h.
-l, --latency string delay egress time, time units: ns, us (or µs), ms, s, m, h.
-p, --protocol string only impact traffic using this IP protocol, supported: tcp, udp, icmp, all
-s, --source-port string only impact egress traffic from these source ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
Global Flags:
--log-level string the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'
网络延迟相关配置项
相关配置项说明如下:
| Configuration item | Abbreviation | Description | Value |
|---|---|---|---|
| correlation | c | The correlation between the current latency and the previous one. | string. It is a percentage ranging from 0 to 100 (10 is 10%) ("0" by default). |
| device | d | Name of the impacted network interface card. | string, such as "eth0", required. |
| egress-port | e | The egress traffic which only impact specific destination ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
| hostname | H | The host name impacted by traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "chaos-mesh.org". |
| ip | i | The IP address impacted by egress traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "123.123.123.123". |
| jitter | j | Range of the length of network delay time. | string. The time units can be: ns, us (µs), ms, s, m, h, such as "1ms". |
| latency | l | Length of network delay time. | string. The time units can be: ns, us (μs), ms, s, m, h, such as "1ms". |
| protocol | p | The IP protocol impacted by traffic. | string. It supports the following protocol types: "tcp", "udp", "icmp", "all" (all network protocols). |
| source-port | s | The egress traffic that only impacts specified source ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
命令行模式模拟网络延迟示例
运行以下命令模拟网络延迟:
chaosd attack network delay -d eth0 -i 172.16.4.4 -l 10ms
若命令执行成功,输出如下:
Attack network successfully, uid: 4b23a0b5-e193-4b27-90a7-3e04235f32ab
使用命令行模式模拟网络重复
可运行以下命令查看 Chaosd 模拟网络重复的配置选项:
网络重复命令
命令如下:
chaosd attack network duplicate --help
输出如下:
duplicate network packet
Usage:
chaosd attack network duplicate [flags]
Flags:
-c, --correlation string correlation is percentage (10 is 10%) (default "0")
-d, --device string the network interface to impact
-e, --egress-port string only impact egress traffic to these destination ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
-h, --help help for duplicate
-H, --hostname string only impact traffic to these hostnames
-i, --ip string only impact egress traffic to these IP addresses
--percent string percentage of packets to duplicate (10 is 10%) (default "1")
-p, --protocol string only impact traffic using this IP protocol, supported: tcp, udp, icmp, all
-s, --source-port string only impact egress traffic from these source ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
Global Flags:
--log-level string the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'
网络重复相关配置项
相关配置项说明如下:
| Configuration item | Abbreviation | Description | Value |
|---|---|---|---|
| correlation | c | The correlation between the percentage of current duplication occurrence and the previous one. | string. It is a percentage which range is 0 to 100 (10 is 10%) (default "0"). |
| device | d | Name of the impacted network interface card. | string, such as "eth0", required. |
| egress-port | e | The egress traffic that only impacts specified destination ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
| hostname | H | The host name impacted by traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "chaos-mesh.org". |
| ip | i | The IP address impacted by egress traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "123.123.123.123". |
| percent | N/A | Ratio of network packet duplicate. | string. It is a percentage which range is 0 to 100 (10 is 10%) (default "1"). |
| protocol | p | The IP protocol impacted by traffic. | string. It supports the following protocol types: "tcp", "udp", "icmp", "all" (all network protocols). |
| source-port | s | The egress traffic which only impact specific source ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
命令行模式模拟网络重复示例
运行以下命令模拟网络重复:
chaosd attack network duplicate -d eth0 -i 172.16.4.4 --percent 50
若命令执行成功,输出如下:
Attack network successfully, uid: 7bcb74ee-9101-4ae4-82f0-e44c8a7f113c
使用命令行模式模拟网络丢包
可运行以下命令查看 Chaosd 模拟网络丢包的配置选项:
网络丢包命令
命令如下:
chaosd attack network loss --help
输出如下:
loss network packet
Usage:
chaosd attack network loss [flags]
Flags:
-c, --correlation string correlation is percentage (10 is 10%) (default "0")
-d, --device string the network interface to impact
-e, --egress-port string only impact egress traffic to these destination ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
-h, --help help for loss
-H, --hostname string only impact traffic to these hostnames
-i, --ip string only impact egress traffic to these IP addresses
--percent string percentage of packets to drop (10 is 10%) (default "1")
-p, --protocol string only impact traffic using this IP protocol, supported: tcp, udp, icmp, all
-s, --source-port string only impact egress traffic from these source ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
Global Flags:
--log-level string the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'
网络丢包相关配置项
相关配置项说明如下:
| Configuration item | Abbreviation | Description | Value |
|---|---|---|---|
| correlation | c | The correlation between the percentage of the current network loss and the previous one. | string. It is a percentage which range is 0 to 100 (10 is 10%) (default "0"). |
| device | d | Name of the impacted network interface card. | string, such as "eth0", required. |
| egress-port | e | The egress traffic that only impacts specified destination ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
| hostname | H | The host name impacted by traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "chaos-mesh.org". |
| ip | i | The IP address impacted by egress traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "123.123.123.123". |
| percent | N/A | Ratio of network packet loss. | string. It is a percentage which range is 0 to 100 (10 is 10%) (default "1"). |
| protocol | p | Only impact traffic using this IP protocol. | string. It supports the following protocol types: "tcp", "udp", "icmp", "all" (all network protocols). |
| source-port | s | The egress traffic which only impact specific source ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
命令行模式模拟网络丢包示例
运行以下命令模拟网络丢包:
chaosd attack network loss -d eth0 -i 172.16.4.4 --percent 50
若命令执行成功,输出如下:
Attack network successfully, uid: 1e818adf-3942-4de4-949b-c8499f120265
使用命令行模式模拟网络分区
可运行以下命令查看 Chaosd 模拟网络分区的配置选项:
网络分区命令
命令如下:
chaosd attack network partition --help
输出如下:
partition
Usage:
chaosd attack network partition [flags]
Flags:
--accept-tcp-flags string only the packet which match the tcp flag can be accepted, others will be dropped. only set when the protocol is tcp.
-d, --device string the network interface to impact
--direction string specifies the partition direction, values can be 'to', 'from' or 'both'. 'from' means packets coming from the 'IPAddress' or 'Hostname' and going to your server, 'to' means packets originating from your server and going to the 'IPAddress' or 'Hostname'. (default "both")
-h, --help help for partition
-H, --hostname string only impact traffic to these hostnames
-i, --ip string only impact egress traffic to these IP addresses
-p, --protocol string only impact traffic using this IP protocol, supported: tcp, udp, icmp, all
Global Flags:
--log-level string the log level of chaosd. The value can be 'debug', 'info', 'warn' and 'error'
--uid string the experiment ID
网络分区相关配置项
相关配置项说明如下:
| Configuration item | Abbreviation | Description | Value |
|---|---|---|---|
| accept-tcp-flags | N/A | Only the packet which matches the tcp flag can be accepted, others will be dropped. Only set when the protocol is tcp. | string, such as "SYN,ACK SYN,ACK" |
| device | d | the network interface to impact | string, such as "eth0", required |
| direction | d | Specifies the partition direction, values can be 'to', 'from' or 'both'. 'from' means packets coming from the 'ip' or 'hostname' and going to your server, 'to' means packets originating from your server and going to the 'ip' or 'hostname'. | string, values can be "to", "from" or "both" (default "both") |
| hostname | H | Only impact traffic to these hostnames. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "chaos-mesh.org". |
| ip | i | Only impact egress traffic to these IP addresses. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "192.168.123.123". |
| protocol | p | Only impact traffic using this IP protocol | string. It supports the following protocol types: "tcp", "udp", "icmp", "all" (all network protocols). |
命令行模式模拟网络分区示例
运行以下命令模拟网络分区:
chaosd attack network partition -i 172.16.4.4 -d eth0 --direction from
使用命令行模式模拟 DNS 故障
您可以运行以下命令查看使用 Chaosd 模拟 DNS 故障的配置。
DNS 故障命令
命令如下:
chaosd attack network dns --help
输出如下:
attack DNS server or map specified host to specified IP
Usage:
chaosd attack network dns [flags]
Flags:
-d, --dns-domain-name string map this host to specified IP
-i, --dns-ip string map specified host to this IP address
--dns-server string update the DNS server in /etc/resolv.conf with this value (default "123.123.123.123")
-h, --help help for dns
Global Flags:
--log-level string the log level of chaosd. The value can be 'debug', 'info', 'warn' and 'error'
--uid string the experiment ID
DNS 故障相关配置项
相关配置项说明如下:
| Configuration item | Abbreviation | Description | Value |
|---|---|---|---|
| dns-domain-name | d | Map this host to specified IP(dns-ip) | string, such as "chaos-mesh.org". |
| dns-ip | i | Map specified host(dns-domain-name) to this IP address | string, such as "123.123.123.123" |
| dns-server | N/A | Update the DNS server in /etc/resolv.conf with this value | string, default is "123.123.123.123" |
命令行模式模拟 DNS 故障示例
运行以下命令,通过将指定主机映射到指定 IP 来模拟 DNS 故障:
chaosd attack network dns --dns-ip 123.123.123.123 --dns-domain-name chaos-mesh.org
运行以下命令,通过使用错误的 DNS 服务器来模拟 DNS 故障:
chaosd attack network dns --dns-server 123.123.123.123
使用命令行模式模拟网络带宽
您可以运行以下命令查看使用 Chaosd 模拟网络带宽的配置。
网络带宽命令
命令如下:
chaosd attack network bandwidth --help
输出如下:
limit network bandwidth
Usage:
chaosd attack network bandwidth [flags]
Flags:
-b, --buffer uint32 the maximum amount of bytes that tokens can be available for instantaneously
-d, --device string the network interface to impact
-h, --help help for bandwidth
-H, --hostname string only impact traffic to these hostnames
-i, --ip string only impact egress traffic to these IP addresses
-l, --limit uint32 the number of bytes that can be queued waiting for tokens to become available
-m, --minburst uint32 specifies the size of the peakrate bucket
--peakrate uint the maximum depletion rate of the bucket
-r, --rate string the speed knob, allows bps, kbps, mbps, gbps, tbps unit. bps means bytes per second
Global Flags:
--log-level string the log level of chaosd. The value can be 'debug', 'info', 'warn' and 'error'
--uid string the experiment ID
网络带宽相关配置项
相关配置项说明如下:
| Configuration item | Abbreviation | Description | Value |
|---|---|---|---|
| buffer | b | The maximum amount of bytes that tokens can be available for instantaneously | int, such as 10000, required |
| device | d | The network interface to impact | string, such as "eth0", required |
| hostname | H | Only impact traffic to these hostnames. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "chaos-mesh.org". |
| ip | i | Only impact egress traffic to these IP addresses. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip. | string, such as "123.123.123.123". |
| limit | l | The number of bytes that can be queued waiting for tokens to become available | int, such as 10000, required |
| minburst | m | Specifies the size of the peakrate bucket | int, such as 10000 |
| peakrate | N/A | The maximum depletion rate of the bucket | int, such as 10000 |
| rate | r | The speed knob, allows bps, kbps, mbps, gbps, tbps unit. The bps unit means bytes per second. | string, such as "1mbps", required |
命令行模式模拟网络带宽示例
运行以下命令模拟网络带宽:
chaosd attack network bandwidth --buffer 10000 --device eth0 --limit 10000 --rate 10mbps
使用命令行模式模拟端口占用
您可以运行以下命令查看模拟端口占用的配置。
端口占用命令
命令如下:
chaosd attack network port --help
输出如下:
attack network port
Usage:
chaosd attack network port [flags]
Flags:
-h, --help help for port
-p, --port string this specified port is to occupied
Global Flags:
--log-level string the log level of chaosd. The value can be 'debug', 'info', 'warn' and 'error'
--uid string the experiment ID
端口占用相关配置项
相关配置项说明如下:
| Configuration item | Abbreviation | Description | Value |
|---|---|---|---|
| port | p | The specified port to be occupied | int, such as 8080, required |
命令行模式模拟端口占用示例
运行以下命令模拟网络带宽:
chaosd attack network port --port 8080
使用服务模式创建网络故障实验
要通过服务模式创建实验,请按以下步骤操作:
-
在服务模式下运行 Chaosd:
chaosd server --port 31767 -
向 Chaosd 服务的
/api/attack/process路径发送POSTHTTP 请求:curl -X POST 172.16.112.130:31767/api/attack/process -H "Content-Type:application/json" -d '{fault-configuration}'在上述命令中,您需要根据故障类型配置
fault-configuration。具体参数请参考后续各故障类型的参数说明和示例。
备注
运行实验时,请务必记录实验的 UID。当您需要结束对应 UID 的实验时,应向 Chaosd 服务的 /api/attack/{uid} 路径发送 DELETE HTTP 请求。
使用服务模式模拟网络损坏
模拟网络损坏的参数
| Parameter | Description | Value |
|---|---|---|
| action | Action of the experiment. | set to "corrupt" |
| correlation | The correlation between the current latency and the previous one. | string. It is a percentage ranging from 0 to 100 (10 is 10%) ("0" by default). |
| device | Name of the impacted network interface card. | string, such as "eth0", required. |
| egress-port | The egress traffic which only impact specific destination ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
| hostname | The host name impacted by traffic. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "chaos-mesh.org". |
| ip-address | The IP address impacted by egress traffic. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "123.123.123.123". |
| ip-protocol | The IP protocol impacted by traffic. | string. Supported protocols: tcp, udp, icmp, all (all network protocols). |
| source-port | The egress traffic which only impact specific source ports. It can only be configured when the protocol is TCP or UDP. | string. Use a , to delimit the specific port or to indicate the range of the ports, such as "80,8001:8010". |
| percent | Ratio of network packet corruption. | string. It is a percentage which range is 0 to 100 (10 is 10%) (default "1"). |
服务模式模拟网络损坏示例
curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"corrupt","device":"eth0","ip-address":"172.16.4.4","percent":"50"}'
使用服务模式模拟网络延迟
模拟网络延迟的参数
| Parameter | Description | Value |
|---|---|---|
| action | Action of the experiment. | set to "delay" |
| correlation | The correlation between the current latency and the previous one. | string. It is a percentage ranging from 0 to 100 (10 is 10%) ("0" by default). |
| device | Name of the impacted network interface card. | string, such as "eth0", required. |
| egress-port | The egress traffic which only impact specific destination ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
| hostname | The host name impacted by traffic. hostname and ip-address cannot be empty at the same time. When hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "chaos-mesh.org". |
| ip-address | The IP address impacted by egress traffic. hostname and ip-address cannot be empty at the same time. When hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "123.123.123.123". |
| jitter | Range of the length of network delay time. | string. The time units can be: ns, us (µs), ms, s, m, h, such as "1ms". |
| latency | Length of network delay time. | string. The time units can be: ns, us (μs), ms, s, m, h, such as "1ms". |
| ip-protocol | The IP protocol impacted by traffic. | string. It supports the following protocol types: "tcp", "udp", "icmp", "all" (all network protocols). |
| source-port | The egress traffic that only impacts specified source ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
服务模式模拟网络延迟示例
curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"delay","device":"eth0","ip-address":"172.16.4.4","latency":"10ms"}'
使用服务模式模拟网络重复
模拟网络重复的参数
| Parameter | Description | Value |
|---|---|---|
| action | Action of the experiment. | set to "duplicate" |
| correlation | The correlation between the percentage of current duplication occurrence and the previous one. | string. It is a percentage which range is 0 to 100 (10 is 10%) (default "0"). |
| device | Name of the impacted network interface card. | string, such as "eth0", required. |
| egress-port | The egress traffic that only impacts specified destination ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
| hostname | The host name impacted by traffic. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "chaos-mesh.org". |
| ip-address | The IP address impacted by egress traffic. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "123.123.123.123". |
| percent | Ratio of network packet duplicate. | string. It is a percentage which range is 0 to 100 (10 is 10%) (default "1"). |
| ip-protocol | The IP protocol impacted by traffic. | string. It supports the following protocol types: "tcp", "udp", "icmp", "all" (all network protocols). |
| source-port | The egress traffic which only impact specific source ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
使用服务模式模拟网络重复的示例
curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"duplicate","ip-address":"172.16.4.4","device":"eth0","percent":"50"}'
使用服务模式模拟网络丢包
模拟网络丢包的参数
| Parameter | Description | Value |
|---|---|---|
| action | Action of the experiment. | set to "loss" |
| correlation | The correlation between the percentage of the current network loss and the previous one. | string, it is a percentage which range is 0 to 100 (10 is 10%) (default "0"). |
| device | Name of the impacted network interface card. | string, such as "eth0", required. |
| egress-port | The egress traffic that only impacts specified destination ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
| hostname | The host name impacted by traffic. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "chaos-mesh.org". |
| ip-address | The IP address impacted by egress traffic. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "123.123.123.123". |
| percent | Ratio of network packet loss. | string. It is a percentage which range is 0 to 100 (10 is 10%) (default "1"). |
| ip-protocol | Only impact traffic using this IP protocol. | string, it supports the following protocol types: "tcp", "udp", "icmp", "all" (all network protocols). |
| source-port | The egress traffic which only impact specific source ports. It can only be configured when the protocol is TCP or UDP. | string. You need to use a , to separate the specific port or to indicate the range of the port, such as "80,8001:8010". |
使用服务模式模拟网络丢包的示例
curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"loss","ip-address":"172.16.4.4","device":"eth0","percent":"50"}'
使用服务模式模拟网络分区
模拟网络分区的参数
| Parameter | Description | Value |
|---|---|---|
| action | Action of the experiment. | set to "partition" |
| accept-tcp-flags | Only the packet which match the tcp flag can be accepted, others will be dropped. Only set when the protocol is tcp. | string, such as "SYN,ACK SYN,ACK" |
| device | The network interface to impact | string, such as "eth0", required |
| direction | Specifies the partition direction, values can be 'to', 'from' or 'both'. 'from' means packets coming from the 'ip-address' or 'hostname' and going to your server, 'to' means packets originating from your server and going to the 'ip-address' or 'hostname'. | string, values can be "to", "from" or "both" (default "both") |
| hostname | Only impact traffic to these hostnames. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "chaos-mesh.org". |
| ip-address | Only impact egress traffic to these IP addresses. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "192.168.123.123". |
| ip-protocol | Only impact traffic using this IP protocol | string. It supports the following protocol types: tcp, udp, icmp, all (all network protocols). |
使用服务模式模拟网络分区的示例
curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"partition","ip-address":"172.16.4.4","device":"eth0","direction":"from"}'
使用服务模式模拟 DNS 故障
模拟 DNS 故障的参数
| Parameter | Description | Value |
|---|---|---|
| action | Action of the experiment. | set to "dns" |
| dns-domain-name | Map this host to specified IP(dns-ip) | string, such as "chaos-mesh.org". |
| dns-ip | Map specified host(dns-domain-name) to this IP address | string, such as "123.123.123.123" |
| dns-server | Update the DNS server in /etc/resolv.conf with this value | string, such as "123.123.123.123" (default "123.123.123.123") |
使用服务模式模拟 DNS 故障的示例
curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"dns","dns-domain-name":"chaos-mesh.org","dns-ip":"123.123.123.123"}'
使用服务模式模拟网络带宽
模拟网络带宽的参数
| Parameter | Description | Value |
|---|---|---|
| action | Action of the experiment. | set to "bandwidth" |
| buffer | The maximum amount of bytes that tokens can be available for instantaneously | int, such as 10000, required |
| device | The network interface to impact | string, such as "eth0", required |
| hostname | Only impact traffic to these hostnames. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "chaos-mesh.org". |
| ip-address | Only impact egress traffic to these IP addresses. hostname and ip-address cannot be empty at the same time. When hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address. | string, such as "123.123.123.123". |
| limit | The number of bytes that can be queued waiting for tokens to become available | int, such as 10000, required |
| minburst | Specifies the size of the peakrate bucket | int, such as 10000 |
| peakrate | The maximum depletion rate of the bucket | int, such as 10000 |
| rate | The speed knob, allows bps, kbps, mbps, gbps, tbps unit. The bps unit means bytes per second. | string, such as "1mbps", required |
使用服务模式模拟网络带宽的示例
curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"bandwidth","buffer":10000,"limit":10000,"rate":"10mbps","device":"eth0"}'
使用服务模式模拟端口占用
模拟端口占用的参数
| Parameter | Description | Value |
|---|---|---|
| action | Action of the experiment. | set to "occupied" |
| port | The specified port to be occupied. | int, such as 8080, required |
使用服务模式模拟端口占用的示例
curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"occupied","port":8080}'