-
Notifications
You must be signed in to change notification settings - Fork 198
Description
I have decentralised application that uses UDP multicast to communicate with other peers in its network. I've been looking at pumba
for chaos testing this application by introducing packet-loss.
This works quite well using the netem
feature of pumba
except that only applies to egress traffic and introduces synchronised behaviour in my tests as all nodes in the network will see the same packets being dropped (as packets are dropped on the container that sends these packets).
I was looking at other some other options to drop incoming packets and found a way that I'm now using in a script but believe this may be helpful for pumba
.
This method uses iptables
and requires iptables
to be installed on the containers under test, similar that pumba
requires iproute2
to be installed for using the tc
command. The containers under test should also have the NET_ADMIN
capability added.
Ingress packet dropping can now be activated by adding a iptables
rule to the containers that need it.
An example of iptables
rules randomly dropping 20% of incoming UDP packets to a specific port:
iptables -I INPUT -p udp --dport 5001 -i eth0 -m statistic --mode random --probability 0.2 -j DROP
An example of iptables
rules randomly dropping 5% of incoming UDP packets to a specific multicast address:
iptables -I INPUT -p udp -d 239.1.2.3 -i eth0 -m statistic --mode random --probability 0.05 -j DROP
Would this something that would be of interest to include in pumba
or to consider a PR for?