Simulate Network Faults

This document introduces how to use Chaosd to simulate network faults. The simulations can be completed by modifying network routing and traffic flow control using iptables, ipsets, tc, etc.

note

Make sure the NET_SCH_NETEM module is installed in the Linux kernel. If you are using CentOS, you can install the module through the kernel-modules-extra package. Most other Linux distributions have installed it already by default.

This section introduces how to create network fault experiments using command-line mode.

Before creating an experiment, you can run the following command to check the types of network faults supported by Chaosd:

The output is as follows:

  3. Usage:
  4.   chaosd attack network [command]
  6. Available Commands:
  7.   corrupt     corrupt network packet
  8.   delay       delay network
  9.   duplicate   duplicate network packet
  10.   loss        loss network packet
  12. Flags:
  13.   -h, --help   help for network
  15. Global Flags:
  16.       --log-level string   the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'
  18. Use "chaosd attack network [command] --help" for more information about a command.

Currently, you can simulate four experimental scenarios using Chaosd: network corruption, network latency, network duplication, and network loss.

You can run the command below to see the configuration of simulated network corruption using Chaosd.

The command for network corruption

The command is as follows:

  1. chaosd attack network corrupt --help

The output is as follows:

  1. corrupt network packet
  2. Usage:
  3.   chaosd attack network corrupt [flags]
  5. Flags:
  6.   -c, --correlation string   correlation is percentage (10 is 10%) (default "0")
  7.   -d, --device string        the network interface to impact
  8.   -e, --egress-port string   only impact egress traffic to these destination ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
  9.   -h, --help                 help for corrupt
  10.   -H, --hostname string      only impact traffic to these hostnames
  11.   -i, --ip string            only impact egress traffic to these IP addresses
  12.       --percent string       percentage of packets to corrupt (10 is 10%) (default "1")
  13.   -p, --protocol string      only impact traffic using this IP protocol, supported: tcp, udp, icmp, all
  16. Global Flags:
  17.       --log-level string   the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'

An example of network corruption

Run the following command to simulate network corruption:

  1. chaosd attack network corrupt -d eth0 -i 172.16.4.4 --percent 50

If the command runs successfully, the output is as follows:

  1. Attack network successfully, uid: 4eab1e62-8d60-45cb-ac85-3c17b8ac4825

You can run the command below to see the configuration of simulated network latency using Chaosd.

The command for network latency

The command is as follows:

The output is as follows:

  1. delay network
  3. Usage:
  4.   chaosd attack network delay [flags]
  6. Flags:
  7.   -c, --correlation string   correlation is percentage (10 is 10%) (default "0")
  8.   -d, --device string        the network interface to impact
  9.   -e, --egress-port string   only impact egress traffic to these destination ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
  10.   -h, --help                 help for delay
  11.   -H, --hostname string      only impact traffic to these hostnames
  12.   -i, --ip string            only impact egress traffic to these IP addresses
  13.   -j, --jitter string        jitter time, time units: ns, us (or µs), ms, s, m, h.
  14.   -l, --latency string       delay egress time, time units: ns, us (or µs), ms, s, m, h.
  15.   -p, --protocol string      only impact traffic using this IP protocol, supported: tcp, udp, icmp, all
  16.   -s, --source-port string   only impact egress traffic from these source ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
  18. Global Flags:
  19.       --log-level string   the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'

The related configuration items are described as follows:

An example of network latency

Run the following command to simulate network latency:

  1. chaosd attack network delay -d eth0 -i 172.16.4.4 -l 10ms

If the command runs successfully, the output is as follows:

  1. Attack network successfully, uid: 4b23a0b5-e193-4b27-90a7-3e04235f32ab

You can run the command below to see the configuration of simulated network duplication using Chaosd:

The command for network duplication

    The output is as follows:

    1. duplicate network packet
    3. Usage:
    4.   chaosd attack network duplicate [flags]
    7.   -c, --correlation string   correlation is percentage (10 is 10%) (default "0")
    8.   -d, --device string        the network interface to impact
    9.   -e, --egress-port string   only impact egress traffic to these destination ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
    10.   -h, --help                 help for duplicate
    11.   -H, --hostname string      only impact traffic to these hostnames
    12.   -i, --ip string            only impact egress traffic to these IP addresses
    13.       --percent string       percentage of packets to duplicate (10 is 10%) (default "1")
    14.   -p, --protocol string      only impact traffic using this IP protocol, supported: tcp, udp, icmp, all
    15.   -s, --source-port string   only impact egress traffic from these source ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
    17. Global Flags:
    18.       --log-level string   the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'

    The related configuration items are described as follows:

    An example of network duplication

    Run the following command to simulate network duplication:

    If the command runs successfully, the output is as follows:

    1. Attack network successfully, uid: 7bcb74ee-9101-4ae4-82f0-e44c8a7f113c

    You can run the command below to see the configuration of simulated network loss using Chaosd:

    The command for network loss

    The command is as follows:

    1. chaosd attack network loss --help

    The output is as follows:

    1. loss network packet
    3. Usage:
    4.   chaosd attack network loss [flags]
    6. Flags:
    7.   -c, --correlation string   correlation is percentage (10 is 10%) (default "0")
    8.   -d, --device string        the network interface to impact
    9.   -e, --egress-port string   only impact egress traffic to these destination ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
    10.   -h, --help                 help for loss
    11.   -H, --hostname string      only impact traffic to these hostnames
    12.   -i, --ip string            only impact egress traffic to these IP addresses
    13.       --percent string       percentage of packets to drop (10 is 10%) (default "1")
    14.   -p, --protocol string      only impact traffic using this IP protocol, supported: tcp, udp, icmp, all
    15.   -s, --source-port string   only impact egress traffic from these source ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
    17. Global Flags:
    18.       --log-level string   the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'

    The related configuration items are described as follows:

    An example of network loss

    Run the following command to simulate network loss:

      Create network fault experiments using service mode

      (To be added)