mangle icon indicating copy to clipboard operation
mangle copied to clipboard
verified publisher icon vmware

Filters for Network fault

Open omar91089 opened this issue 4 years ago • 7 comments

Is there a way to execute Network fault with IP or Port filters? The fault is executed on the host's interface. If the deployed containers on the host use the same network interface, it would impact the traffic for all the containers. IP or port filters will help to restrict the impact to a specific container on the host

omar91089 avatar Jan 17 '22 11:01 omar91089

Hi @omar91089 ,

If you want to inject network fault to a specific container then you can directly use the network interface of respective container during fault injection. For eg on a host C1 and C2 containers are running and if you want to inject the fault on C1 container, then first step is to find out the network interface of C1 which will be created by docker0 (Virtual bridge interface created by Docker). When you run ifconfig command on linux host it will list a couple of interfaces which includes eth0(or/and eth1 or something else), docker 0 and a couple of other interfaces which will be created by docker0 for respective containers. Once you find the interface name of the container, use it while injecting the fault via mangle.

Thanks, -Avinash

ashrimalivmware avatar Jan 18 '22 05:01 ashrimalivmware

@ashrimalivmware Thank you for the response. I think this would work out when the bridge networking option is used. I'm trying to inject faults on an IPvlan (https://docs.docker.com/network/ipvlan/) network. I get only eth0 on the host and using that would impact every container on the network. I think filtering would be one solution to isolate the container in this setup. I'm not sure if there is any other way. Please let me know if this makes sense

omar91089 avatar Jan 18 '22 10:01 omar91089

@omar91089 Currently Mangle doesn't support such isolation. Thanks, -Avinash

ashrimalivmware avatar Jan 19 '22 05:01 ashrimalivmware

@ashrimalivmware Got it. Are you planning to consider it in future releases?

omar91089 avatar Jan 19 '22 07:01 omar91089

Thanks for the suggestion Omar, will try to consider the feature for next mangle release.

ashrimalivmware avatar Jan 19 '22 08:01 ashrimalivmware

@ashrimalivmware I've implemented the filters for destination IP and port using the approach described here. I would like to discuss about it with you in more detail. I also want to discuss about the PR #103 one of my work colleagues @vmaligireddy has opened on the project. Would it be possible to connect over a call? cc: @aswathy-ramabhadran

omar91089 avatar Apr 11 '22 12:04 omar91089

Sure, we can connect, let's connect over my email: [email protected] to discuss further about timings.

ashrimalivmware avatar Apr 11 '22 12:04 ashrimalivmware