我的书签
添加书签
移除书签模拟网络故障
本文主要介绍如何使用 Chaosd 模拟网络故障场景。该功能通过使用 iptables、ipsets、tc 等工具修改网络路由、流量控制来模拟网络故障。
请确保 Linux 内核拥有 请确保 Linux 内核拥有 NET_SCH_NETEM 模块。对于 CentOS,可以通过 kernel-modules-extra 包安装该模块,大部分其他发行版已默认安装相应模块。
本节介绍如何在命令行模式创建网络故障实验。
在创建网络故障实验前,可以运行以下命令查看 Chaosd 支持的网络故障类型:
输出结果如下所示:
Usage:chaosd attack network [command]Available Commands:corrupt corrupt network packetdelay delay networkduplicate duplicate network packetloss loss network packetFlags:-h, --help help for networkGlobal Flags:--log-level string the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'Use "chaosd attack network [command] --help" for more information about a command.
目前 Chaosd 支持模拟网络包错误(corrupt)、延迟(delay)、重复(duplicate)、丢失(loss)四种实验场景。
可以运行以下命令,查看模拟网络包错误场景支持的配置:
chaosd attack network corrupt --help
输出结果如下所示:
corrupt network packetUsage:chaosd attack network corrupt [flags]Flags:-c, --correlation string correlation is percentage (10 is 10%) (default "0")-d, --device string the network interface to impact-e, --egress-port string only impact egress traffic to these destination ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp-H, --hostname string only impact traffic to these hostnames-i, --ip string only impact egress traffic to these IP addresses--percent string percentage of packets to corrupt (10 is 10%) (default "1")-p, --protocol string only impact traffic using this IP protocol, supported: tcp, udp, icmp, all-s, --source-port string only impact egress traffic from these source ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udpGlobal Flags:--log-level string the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'
相关配置说明如下所示:
chaosd attack network delay --help
输出结果如下所示:
delay networkUsage:chaosd attack network delay [flags]Flags:-c, --correlation string correlation is percentage (10 is 10%) (default "0")-d, --device string the network interface to impact-e, --egress-port string only impact egress traffic to these destination ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp-h, --help help for delay-H, --hostname string only impact traffic to these hostnames-i, --ip string only impact egress traffic to these IP addresses-j, --jitter string jitter time, time units: ns, us (or µs), ms, s, m, h.-l, --latency string delay egress time, time units: ns, us (or µs), ms, s, m, h.-p, --protocol string only impact traffic using this IP protocol, supported: tcp, udp, icmp, all-s, --source-port string only impact egress traffic from these source ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udpGlobal Flags:--log-level string the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'
相关配置说明如下所示:
可以运行以下命令,查看模拟网络包重复场景支持的配置:
输出结果如下所示:
duplicate network packetUsage:chaosd attack network duplicate [flags]Flags:-c, --correlation string correlation is percentage (10 is 10%) (default "0")-d, --device string the network interface to impact-h, --help help for duplicate-H, --hostname string only impact traffic to these hostnames--percent string percentage of packets to duplicate (10 is 10%) (default "1")-p, --protocol string only impact traffic using this IP protocol, supported: tcp, udp, icmp, all-s, --source-port string only impact egress traffic from these source ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udpGlobal Flags:--log-level string the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'
相关配置说明如下所示:
可以运行以下命令,查看模拟网络包丢失场景支持的配置:
chaosd attack network loss --help
输出结果如下所示:
loss network packetUsage:chaosd attack network loss [flags]Flags:-c, --correlation string correlation is percentage (10 is 10%) (default "0")-d, --device string the network interface to impact-e, --egress-port string only impact egress traffic to these destination ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp-h, --help help for loss-H, --hostname string only impact traffic to these hostnames-i, --ip string only impact egress traffic to these IP addresses--percent string percentage of packets to drop (10 is 10%) (default "1")-p, --protocol string only impact traffic using this IP protocol, supported: tcp, udp, icmp, all-s, --source-port string only impact egress traffic from these source ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udpGlobal Flags:--log-level string the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'
相关配置说明如下所示:
模拟网络包错误:
chaosd attack network corrupt -d eth0 -i 172.16.4.4 --percent 50
Attack network successfully, uid: 4eab1e62-8d60-45cb-ac85-3c17b8ac4825
模拟网络包延迟:
输出结果如下所示:
Attack network successfully, uid: 4b23a0b5-e193-4b27-90a7-3e04235f32ab
模拟网络包重复:
chaosd attack network duplicate -d eth0 -i 172.16.4.4 --percent 50
输出结果如下所示:
Attack network successfully, uid: 7bcb74ee-9101-4ae4-82f0-e44c8a7f113c
模拟网络包丢失:
chaosd attack network loss -d eth0 -i 172.16.4.4 --percent 50
输出结果如下所示:
Attack network successfully, uid: 1e818adf-3942-4de4-949b-c8499f120265
在运行实验时,请注意保存实验的 uid 信息。在不需要网络故障场景时,使用 recover 命令来结束 uid 对应的实验:
输出结果如下所示:
(正在持续更新中)
