Simulate Network Faults

This document introduces how to use Chaosd to simulate network faults. The simulations can be completed by modifying network routing and traffic flow control using iptables, ipsets, tc, etc.

Simulate Network Faults - 图1note

Make sure the NET_SCH_NETEM module is installed in the Linux kernel. If you are using CentOS, you can install the module through the kernel-modules-extra package. Most other Linux distributions have installed it already by default.

Create network fault experiments using command-line mode

This section introduces how to create network fault experiments using command-line mode.

Before creating an experiment, you can run the following command to check the types of network faults supported by Chaosd:

  1. chaosd attack network --help

The output is as follows:

  1. Network attack related commands
  2. Usage:
  3. chaosd attack network [command]
  4. Available Commands:
  5. bandwidth limit network bandwidth
  6. corrupt corrupt network packet
  7. delay delay network
  8. dns attack DNS server or map specified host to specified IP
  9. duplicate duplicate network packet
  10. loss loss network packet
  11. partition partition
  12. port attack network port
  13. Flags:
  14. -h, --help help for network
  15. Global Flags:
  16. --log-level string the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'
  17. Use "chaosd attack network [command] --help" for more information about a command.

Currently, you can simulate four experimental scenarios using Chaosd: network corruption, network latency, network duplication, and network loss.

Simulate network corruption using the command-line mode

You can run the command below to see the configuration of simulated network corruption using Chaosd.

The command for network corruption

The command is as follows:

  1. chaosd attack network corrupt --help

The output is as follows:

  1. corrupt network packet
  2. Usage:
  3. chaosd attack network corrupt [flags]
  4. Flags:
  5. -c, --correlation string correlation is percentage (10 is 10%) (default "0")
  6. -d, --device string the network interface to impact
  7. -e, --egress-port string only impact egress traffic to these destination ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
  8. -h, --help help for corrupt
  9. -H, --hostname string only impact traffic to these hostnames
  10. -i, --ip string only impact egress traffic to these IP addresses
  11. --percent string percentage of packets to corrupt (10 is 10%) (default "1")
  12. -p, --protocol string only impact traffic using this IP protocol, supported: tcp, udp, icmp, all
  13. -s, --source-port string only impact egress traffic from these source ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
  14. Global Flags:
  15. --log-level string the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'

The related configuration items are described as follows:

Configuration itemAbbreviationDescriptionValue
correlationcThe correlation between the percentage of current corrupt occurrence and the previous occurrence.int. It is a percentage ranging from 0 to 100 (10 is 10%) (“0” by default ).
devicedName of the impacted network interface card.string, such as “eth0”, required.
egress-porteThe egress traffic that only impacts specific destination ports. It can only be configured when the protocol is TCP or UDP.string. You need to use a , to separate the specific port or to indicate the range of the port, such as “80,8001:8010”.
hostnameHThe host name impacted by traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip.string, such as “chaos-mesh.org”.
ipiThe IP address impacted by egress traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip.string, such as “123.123.123.123”.
protocolpThe IP protocol impacted by traffic.string. Supported protocols: tcp, udp, icmp, all (all network protocols).
source-portsThe egress traffic which only impact specific source ports. It can only be configured when the protocol is TCP or UDP.string. Use a , to delimit the specific port or to indicate the range of the ports, such as “80,8001:8010”.

Example for simulating network corruption using the command mode

Run the following command to simulate network corruption:

  1. chaosd attack network corrupt -d eth0 -i 172.16.4.4 --percent 50

If the command runs successfully, the output is as follows:

  1. Attack network successfully, uid: 4eab1e62-8d60-45cb-ac85-3c17b8ac4825

Simulate network latency using the command-line mode

You can run the command below to see the configuration of simulated network latency using Chaosd.

The command for network latency

The command is as follows:

  1. chaosd attack network delay --help

The output is as follows:

  1. delay network
  2. Usage:
  3. chaosd attack network delay [flags]
  4. Flags:
  5. -c, --correlation string correlation is percentage (10 is 10%) (default "0")
  6. -d, --device string the network interface to impact
  7. -e, --egress-port string only impact egress traffic to these destination ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
  8. -h, --help help for delay
  9. -H, --hostname string only impact traffic to these hostnames
  10. -i, --ip string only impact egress traffic to these IP addresses
  11. -j, --jitter string jitter time, time units: ns, us (or µs), ms, s, m, h.
  12. -l, --latency string delay egress time, time units: ns, us (or µs), ms, s, m, h.
  13. -p, --protocol string only impact traffic using this IP protocol, supported: tcp, udp, icmp, all
  14. -s, --source-port string only impact egress traffic from these source ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
  15. Global Flags:
  16. --log-level string the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'

The related configuration items are described as follows:

Configuration itemAbbreviationDescriptionValue
correlationcThe correlation between the current latency and the previous one.string. It is a percentage ranging from 0 to 100 (10 is 10%) (“0” by default).
devicedName of the impacted network interface card.string, such as “eth0”, required.
egress-porteThe egress traffic which only impact specific destination ports. It can only be configured when the protocol is TCP or UDP.string. You need to use a , to separate the specific port or to indicate the range of the port, such as “80,8001:8010”.
hostnameHThe host name impacted by traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip.string, such as “chaos-mesh.org”.
ipiThe IP address impacted by egress traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip.string, such as “123.123.123.123”.
jitterjRange of the length of network delay time.string. The time units can be: ns, us (µs), ms, s, m, h, such as “1ms”.
latencylLength of network delay time.string. The time units can be: ns, us (μs), ms, s, m, h, such as “1ms”.
protocolpThe IP protocol impacted by traffic.string. It supports the following protocol types: “tcp”, “udp”, “icmp”, “all” (all network protocols).
source-portsThe egress traffic that only impacts specified source ports. It can only be configured when the protocol is TCP or UDP.string. You need to use a , to separate the specific port or to indicate the range of the port, such as “80,8001:8010”.

Example for simulating network latency using the command-line mode

Run the following command to simulate network latency:

  1. chaosd attack network delay -d eth0 -i 172.16.4.4 -l 10ms

If the command runs successfully, the output is as follows:

  1. Attack network successfully, uid: 4b23a0b5-e193-4b27-90a7-3e04235f32ab

Simulate network duplication using the command-line mode

You can run the command below to see the configuration of simulated network duplication using Chaosd.

The command for network duplication

The command is as follows:

  1. chaosd attack network duplicate --help

The output is as follows:

  1. duplicate network packet
  2. Usage:
  3. chaosd attack network duplicate [flags]
  4. Flags:
  5. -c, --correlation string correlation is percentage (10 is 10%) (default "0")
  6. -d, --device string the network interface to impact
  7. -e, --egress-port string only impact egress traffic to these destination ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
  8. -h, --help help for duplicate
  9. -H, --hostname string only impact traffic to these hostnames
  10. -i, --ip string only impact egress traffic to these IP addresses
  11. --percent string percentage of packets to duplicate (10 is 10%) (default "1")
  12. -p, --protocol string only impact traffic using this IP protocol, supported: tcp, udp, icmp, all
  13. -s, --source-port string only impact egress traffic from these source ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
  14. Global Flags:
  15. --log-level string the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'

The related configuration items are described as follows:

Configuration itemAbbreviationDescriptionValue
correlationcThe correlation between the percentage of current duplication occurrence and the previous one.string. It is a percentage which range is 0 to 100 (10 is 10%) (default “0”).
devicedName of the impacted network interface card.string, such as “eth0”, required.
egress-porteThe egress traffic that only impacts specified destination ports. It can only be configured when the protocol is TCP or UDP.string. You need to use a , to separate the specific port or to indicate the range of the port, such as “80,8001:8010”.
hostnameHThe host name impacted by traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip.string, such as “chaos-mesh.org”.
ipiThe IP address impacted by egress traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip.string, such as “123.123.123.123”.
percentN/ARatio of network packet duplicate.string. It is a percentage which range is 0 to 100 (10 is 10%) (default “1”).
protocolpThe IP protocol impacted by traffic.string. It supports the following protocol types: “tcp”, “udp”, “icmp”, “all” (all network protocols).
source-portsThe egress traffic which only impact specific source ports. It can only be configured when the protocol is TCP or UDP.string. You need to use a , to separate the specific port or to indicate the range of the port, such as “80,8001:8010”.

Example for simulating network duplication using the command-line mode

Run the following command to simulate network duplication:

  1. chaosd attack network duplicate -d eth0 -i 172.16.4.4 --percent 50

If the command runs successfully, the output is as follows:

  1. Attack network successfully, uid: 7bcb74ee-9101-4ae4-82f0-e44c8a7f113c

Simulate network loss using the command-line mode

You can run the command below to see the configuration of simulated network loss using Chaosd:

The command for network loss

The command is as follows:

  1. chaosd attack network loss --help

The output is as follows:

  1. loss network packet
  2. Usage:
  3. chaosd attack network loss [flags]
  4. Flags:
  5. -c, --correlation string correlation is percentage (10 is 10%) (default "0")
  6. -d, --device string the network interface to impact
  7. -e, --egress-port string only impact egress traffic to these destination ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
  8. -h, --help help for loss
  9. -H, --hostname string only impact traffic to these hostnames
  10. -i, --ip string only impact egress traffic to these IP addresses
  11. --percent string percentage of packets to drop (10 is 10%) (default "1")
  12. -p, --protocol string only impact traffic using this IP protocol, supported: tcp, udp, icmp, all
  13. -s, --source-port string only impact egress traffic from these source ports, use a ',' to separate or to indicate the range, such as 80, 8001:8010. It can only be used in conjunction with -p tcp or -p udp
  14. Global Flags:
  15. --log-level string the log level of chaosd, the value can be 'debug', 'info', 'warn' and 'error'

The related configuration items are described as follows:

Configuration itemAbbreviationDescriptionValue
correlationcThe correlation between the percentage of the current network loss and the previous one.string. It is a percentage which range is 0 to 100 (10 is 10%) (default “0”).
devicedName of the impacted network interface card.string, such as “eth0”, required.
egress-porteThe egress traffic that only impacts specified destination ports. It can only be configured when the protocol is TCP or UDP.string. You need to use a , to separate the specific port or to indicate the range of the port, such as “80,8001:8010”.
hostnameHThe host name impacted by traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip.string, such as “chaos-mesh.org”.
ipiThe IP address impacted by egress traffic. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip.string, such as “123.123.123.123”.
percentN/ARatio of network packet loss.string. It is a percentage which range is 0 to 100 (10 is 10%) (default “1”).
protocolpOnly impact traffic using this IP protocol.string. It supports the following protocol types: “tcp”, “udp”, “icmp”, “all” (all network protocols).
source-portsThe egress traffic which only impact specific source ports. It can only be configured when the protocol is TCP or UDP.string. You need to use a , to separate the specific port or to indicate the range of the port, such as “80,8001:8010”.

Example for simulating network loss using the command-line mode

Run the following command to simulate network loss:

  1. chaosd attack network loss -d eth0 -i 172.16.4.4 --percent 50

If the command runs successfully, the output is as follows:

  1. Attack network successfully, uid: 1e818adf-3942-4de4-949b-c8499f120265

Simulate network partition using the command-line mode

You can run the command below to see the configuration of simulated network partition using Chaosd.

The command for network partition

The command is as follows:

  1. chaosd attack network partition --help

The output is as follows:

  1. partition
  2. Usage:
  3. chaosd attack network partition [flags]
  4. Flags:
  5. --accept-tcp-flags string only the packet which match the tcp flag can be accepted, others will be dropped. only set when the protocol is tcp.
  6. -d, --device string the network interface to impact
  7. --direction string specifies the partition direction, values can be 'to', 'from' or 'both'. 'from' means packets coming from the 'IPAddress' or 'Hostname' and going to your server, 'to' means packets originating from your server and going to the 'IPAddress' or 'Hostname'. (default "both")
  8. -h, --help help for partition
  9. -H, --hostname string only impact traffic to these hostnames
  10. -i, --ip string only impact egress traffic to these IP addresses
  11. -p, --protocol string only impact traffic using this IP protocol, supported: tcp, udp, icmp, all
  12. Global Flags:
  13. --log-level string the log level of chaosd. The value can be 'debug', 'info', 'warn' and 'error'
  14. --uid string the experiment ID

The related configuration items are described as follows:

Configuration itemAbbreviationDescriptionValue
accept-tcp-flagsN/AOnly the packet which matches the tcp flag can be accepted, others will be dropped. Only set when the protocol is tcp.string, such as “SYN,ACK SYN,ACK”
devicedthe network interface to impactstring, such as “eth0”, required
directiondSpecifies the partition direction, values can be ‘to’, ‘from’ or ‘both’. ‘from’ means packets coming from the ‘ip’ or ‘hostname’ and going to your server, ‘to’ means packets originating from your server and going to the ‘ip’ or ‘hostname’.string, values can be “to”, “from” or “both” (default “both”)
hostnameHOnly impact traffic to these hostnames. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip.string, such as “chaos-mesh.org”.
ipiOnly impact egress traffic to these IP addresses. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip.string, such as “192.168.123.123”.
protocolpOnly impact traffic using this IP protocolstring. It supports the following protocol types: “tcp”, “udp”, “icmp”, “all” (all network protocols).

Example for simulating network partition using the command-line mode

Run the following command to simulate network partition:

  1. chaosd attack network partition -i 172.16.4.4 -d eth0 --direction from

Simulate DNS fault using the command-line mode

You can run the command below to see the configuration of simulated DNS fault using Chaosd.

The command for DNS fault

The command is as follows:

  1. chaosd attack network dns --help

The output is as follows:

  1. attack DNS server or map specified host to specified IP
  2. Usage:
  3. chaosd attack network dns [flags]
  4. Flags:
  5. -d, --dns-domain-name string map this host to specified IP
  6. -i, --dns-ip string map specified host to this IP address
  7. --dns-server string update the DNS server in /etc/resolv.conf with this value (default "123.123.123.123")
  8. -h, --help help for dns
  9. Global Flags:
  10. --log-level string the log level of chaosd. The value can be 'debug', 'info', 'warn' and 'error'
  11. --uid string the experiment ID

The related configuration items are described as follows:

Configuration itemAbbreviationDescriptionValue
dns-domain-namedMap this host to specified IP(dns-ip)string, such as “chaos-mesh.org”.
dns-ipiMap specified host(dns-domain-name) to this IP addressstring, such as “123.123.123.123”
dns-serverN/AUpdate the DNS server in /etc/resolv.conf with this valuestring, default is “123.123.123.123”

Example for simulating DNS fault using the command-line mode

Run the following command to simulate DNS fault by mapping specified host to specified IP:

  1. chaosd attack network dns --dns-ip 123.123.123.123 --dns-domain-name chaos-mesh.org

Run the following command to simulate DNS fault by using wrong DNS server:

  1. chaosd attack network dns --dns-server 123.123.123.123

Simulate network bandwidth using the command-line mode

You can run the command below to see the configuration of simulated network bandwidth using Chaosd.

The command for network bandwidth

The command is as follows:

  1. chaosd attack network bandwidth --help

The output is as follows:

  1. limit network bandwidth
  2. Usage:
  3. chaosd attack network bandwidth [flags]
  4. Flags:
  5. -b, --buffer uint32 the maximum amount of bytes that tokens can be available for instantaneously
  6. -d, --device string the network interface to impact
  7. -h, --help help for bandwidth
  8. -H, --hostname string only impact traffic to these hostnames
  9. -i, --ip string only impact egress traffic to these IP addresses
  10. -l, --limit uint32 the number of bytes that can be queued waiting for tokens to become available
  11. -m, --minburst uint32 specifies the size of the peakrate bucket
  12. --peakrate uint the maximum depletion rate of the bucket
  13. -r, --rate string the speed knob, allows bps, kbps, mbps, gbps, tbps unit. bps means bytes per second
  14. Global Flags:
  15. --log-level string the log level of chaosd. The value can be 'debug', 'info', 'warn' and 'error'
  16. --uid string the experiment ID

The related configuration items are described as follows:

Configuration itemAbbreviationDescriptionValue
bufferbThe maximum amount of bytes that tokens can be available for instantaneouslyint, such as 10000, required
devicedThe network interface to impactstring, such as “eth0”, required
hostnameHOnly impact traffic to these hostnames. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip.string, such as “chaos-mesh.org”.
ipiOnly impact egress traffic to these IP addresses. hostname and ip cannot be empty at the same time. When hostname and ip are set at the same time, the configuration item affects both the specified hostname and ip.string, such as “123.123.123.123”.
limitlThe number of bytes that can be queued waiting for tokens to become availableint, such as 10000, required
minburstmSpecifies the size of the peakrate bucketint, such as 10000
peakrateN/AThe maximum depletion rate of the bucketint, such as 10000
raterThe speed knob, allows bps, kbps, mbps, gbps, tbps unit. The bps unit means bytes per second.string, such as “1mbps”, required

Example for simulating network bandwidth using the command-line mode

Run the following command to simulate network bandwidth:

  1. chaosd attack network bandwidth --buffer 10000 --device eth0 --limit 10000 --rate 10mbps

Simulate port occupation using the command-line mode

You can run the command below to see the configuration of simulated port occupation.

The command for port occupation

The command is as follows:

  1. chaosd attack network port --help

The output is as follows:

  1. attack network port
  2. Usage:
  3. chaosd attack network port [flags]
  4. Flags:
  5. -h, --help help for port
  6. -p, --port string this specified port is to occupied
  7. Global Flags:
  8. --log-level string the log level of chaosd. The value can be 'debug', 'info', 'warn' and 'error'
  9. --uid string the experiment ID

The related configuration items are described as follows:

Configuration itemAbbreviationDescriptionValue
portpThe specified port to be occupiedint, such as 8080, required

Example for simulating port occupation using the command-line mode

Run the following command to simulate network bandwidth:

  1. chaosd attack network port --port 8080

Create network fault experiments using service mode

To create experiments using the service mode, follow the instructions below:

  1. Run Chaosd in the service mode:

    1. chaosd server --port 31767
  2. Send a POST HTTP request to the /api/attack/process path of the Chaosd service.

    1. curl -X POST 172.16.112.130:31767/api/attack/process -H "Content-Type:application/json" -d '{fault-configuration}'

    In the above command, you need to configure fault-configuration according to the fault types. For the corresponding parameters, refer to the parameters and examples of each fault type in the following sections.

Simulate Network Faults - 图2note

When running an experiment, remember to record the UID of the experiment. When you want to end the experiment corresponding to the UID, you need to send a DELETE HTTP request to the /api/attack/{uid} path of the Chaosd service.

Simulate network corruption using the service mode

Parameters for simulating network corruption

ParameterDescriptionValue
actionAction of the experiment.set to “corrupt”
correlationThe correlation between the current latency and the previous one.string. It is a percentage ranging from 0 to 100 (10 is 10%) (“0” by default).
deviceName of the impacted network interface card.string, such as “eth0”, required.
egress-portThe egress traffic which only impact specific destination ports. It can only be configured when the protocol is TCP or UDP.string. You need to use a , to separate the specific port or to indicate the range of the port, such as “80,8001:8010”.
hostnameThe host name impacted by traffic. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address.string, such as “chaos-mesh.org”.
ip-addressThe IP address impacted by egress traffic. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address.string, such as “123.123.123.123”.
ip-protocolThe IP protocol impacted by traffic.string. Supported protocols: tcp, udp, icmp, all (all network protocols).
source-portThe egress traffic which only impact specific source ports. It can only be configured when the protocol is TCP or UDP.string. Use a , to delimit the specific port or to indicate the range of the ports, such as “80,8001:8010”.

Example for simulating network corruption using the service mode

  1. curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"corrupt","device":"eth0","ip-address":"172.16.4.4","percent":"50"}'

Simulate network corruption using the service mode

Parameters for simulating network corruption

ParameterDescriptionValue
actionAction of the experiment.set to “delay”
correlationThe correlation between the current latency and the previous one.string. It is a percentage ranging from 0 to 100 (10 is 10%) (“0” by default).
deviceName of the impacted network interface card.string, such as “eth0”, required.
egress-portThe egress traffic which only impact specific destination ports. It can only be configured when the protocol is TCP or UDP.string. You need to use a , to separate the specific port or to indicate the range of the port, such as “80,8001:8010”.
hostnameThe host name impacted by traffic. hostname and ip-address cannot be empty at the same time. When hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address.string, such as “chaos-mesh.org”.
ip-addressThe IP address impacted by egress traffic. hostname and ip-address cannot be empty at the same time. When hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address.string, such as “123.123.123.123”.
jitterRange of the length of network delay time.string. The time units can be: ns, us (µs), ms, s, m, h, such as “1ms”.
latencyLength of network delay time.string. The time units can be: ns, us (μs), ms, s, m, h, such as “1ms”.
ip-protocolThe IP protocol impacted by traffic.string. It supports the following protocol types: “tcp”, “udp”, “icmp”, “all” (all network protocols).
source-portThe egress traffic that only impacts specified source ports. It can only be configured when the protocol is TCP or UDP.string. You need to use a , to separate the specific port or to indicate the range of the port, such as “80,8001:8010”.

Example for simulating network corruption using the service mode

  1. curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"delay","device":"eth0","ip-address":"172.16.4.4","latency":"10ms"}'

Simulate network duplication using the service mode

Parameters for simulating network duplication

ParameterDescriptionValue
actionAction of the experiment.set to “duplicate”
correlationThe correlation between the percentage of current duplication occurrence and the previous one.string. It is a percentage which range is 0 to 100 (10 is 10%) (default “0”).
deviceName of the impacted network interface card.string, such as “eth0”, required.
egress-portThe egress traffic that only impacts specified destination ports. It can only be configured when the protocol is TCP or UDP.string. You need to use a , to separate the specific port or to indicate the range of the port, such as “80,8001:8010”.
hostnameThe host name impacted by traffic. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address.string, such as “chaos-mesh.org”.
ip-addressThe IP address impacted by egress traffic. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address.string, such as “123.123.123.123”.
percentRatio of network packet duplicate.string. It is a percentage which range is 0 to 100 (10 is 10%) (default “1”).
ip-protocolThe IP protocol impacted by traffic.string. It supports the following protocol types: “tcp”, “udp”, “icmp”, “all” (all network protocols).
source-portThe egress traffic which only impact specific source ports. It can only be configured when the protocol is TCP or UDP.string. You need to use a , to separate the specific port or to indicate the range of the port, such as “80,8001:8010”.

Example for simulating network duplication using the service mode

  1. curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"duplicate","ip-address":"172.16.4.4","device":"eth0","percent":"50"}'

Simulate network loss using the service mode

Parameters for simulating network loss

ParameterDescriptionValue
actionAction of the experiment.set to “loss”
correlationThe correlation between the percentage of the current network loss and the previous one.string, it is a percentage which range is 0 to 100 (10 is 10%) (default “0”).
deviceName of the impacted network interface card.string, such as “eth0”, required.
egress-portThe egress traffic that only impacts specified destination ports. It can only be configured when the protocol is TCP or UDP.string. You need to use a , to separate the specific port or to indicate the range of the port, such as “80,8001:8010”.
hostnameThe host name impacted by traffic. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address.string, such as “chaos-mesh.org”.
ip-addressThe IP address impacted by egress traffic. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address.string, such as “123.123.123.123”.
percentRatio of network packet loss.string. It is a percentage which range is 0 to 100 (10 is 10%) (default “1”).
ip-protocolOnly impact traffic using this IP protocol.string, it supports the following protocol types: “tcp”, “udp”, “icmp”, “all” (all network protocols).
source-portThe egress traffic which only impact specific source ports. It can only be configured when the protocol is TCP or UDP.string. You need to use a , to separate the specific port or to indicate the range of the port, such as “80,8001:8010”.

Example for simulating network loss using the service mode

  1. curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"loss","ip-address":"172.16.4.4","device":"eth0","percent":"50"}'

Simulate network partition using the service mode

Parameters for simulating network partition

ParameterDescriptionValue
actionAction of the experiment.set to “partition”
accept-tcp-flagsOnly the packet which match the tcp flag can be accepted, others will be dropped. Only set when the protocol is tcp.string, such as “SYN,ACK SYN,ACK”
deviceThe network interface to impactstring, such as “eth0”, required
directionSpecifies the partition direction, values can be ‘to’, ‘from’ or ‘both’. ‘from’ means packets coming from the ‘ip-address’ or ‘hostname’ and going to your server, ‘to’ means packets originating from your server and going to the ‘ip-address’ or ‘hostname’.string, values can be “to”, “from” or “both” (default “both”)
hostnameOnly impact traffic to these hostnames. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address.string, such as “chaos-mesh.org”.
ip-addressOnly impact egress traffic to these IP addresses. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address.string, such as “192.168.123.123”.
ip-protocolOnly impact traffic using this IP protocolstring. It supports the following protocol types: tcp, udp, icmp, all (all network protocols).

Example for simulating network partition using the service mode

  1. curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"partition","ip-address":"172.16.4.4","device":"eth0","direction":"from"}'

Simulate DNS fault using the service mode

Parameters for simulating DNS fault

ParameterDescriptionValue
actionAction of the experiment.set to “dns”
dns-domain-nameMap this host to specified IP(dns-ip)string, such as “chaos-mesh.org”.
dns-ipMap specified host(dns-domain-name) to this IP addressstring, such as “123.123.123.123”
dns-serverUpdate the DNS server in /etc/resolv.conf with this valuestring, such as “123.123.123.123” (default “123.123.123.123”)

Example for simulating DNS fault using the service mode

  1. curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"dns","dns-domain-name":"chaos-mesh.org","dns-ip":"123.123.123.123"}'

Simulate network bandwidth using the service mode

Parameters for simulating network bandwidth

ParameterDescriptionValue
actionAction of the experiment.set to “bandwidth”
bufferThe maximum amount of bytes that tokens can be available for instantaneouslyint, such as 10000, required
deviceThe network interface to impactstring, such as “eth0”, required
hostnameOnly impact traffic to these hostnames. hostname and ip-address cannot be empty at the same time. when hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address.string, such as “chaos-mesh.org”.
ip-addressOnly impact egress traffic to these IP addresses. hostname and ip-address cannot be empty at the same time. When hostname and ip-address are set at the same time, the configuration item affects both the specified hostname and ip-address.string, such as “123.123.123.123”.
limitThe number of bytes that can be queued waiting for tokens to become availableint, such as 10000, required
minburstSpecifies the size of the peakrate bucketint, such as 10000
peakrateThe maximum depletion rate of the bucketint, such as 10000
rateThe speed knob, allows bps, kbps, mbps, gbps, tbps unit. The bps unit means bytes per second.string, such as “1mbps”, required

Example for simulating network bandwidth using the service mode

  1. curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"bandwidth","buffer":10000,"limit":10000,"rate":"10mbps","device":"eth0"}'

Simulate port occupation using the service mode

Parameters for simulating port occupation

ParameterDescriptionValue
actionAction of the experiment.set to “occupied”
portThe specified port to be occupied.int, such as 8080, required

Example for simulating port occupation using the service mode

  1. curl -X POST 172.16.112.130:31767/api/attack/network -H "Content-Type:application/json" -d '{"action":"occupied","port":8080}'