Skip to content

Latest commit

 

History

History
87 lines (60 loc) · 2.58 KB

network-ops.org

File metadata and controls

87 lines (60 loc) · 2.58 KB

Connect Directly to Container Network

docker run -it --net=container:f0ce09999e30 nicolaka/netshoot:latest /bin/bash

Chaos

docker run --rm --name dsapp --network kt-cdk-v1 -it -v $PWD:/app ubuntu:latest /bin/bash

#inside container
apt update
apt install iproute2 curl
cd app
./dsapp client --server zkevm-node-sequencer-001:6900

# pumba
./.bin/github.com/alexei-led/pumba netem --duration 5m rate --rate 10bit dsapp
./.bin/github.com/alexei-led/pumba netem --duration 1m delay --time 100000 dsapp
./.bin/github.com/alexei-led/pumba pause --duration 1m dsapp

Interruption

docker run --rm --name dsapp --network kt-cdk-v1 -it -v $PWD:/app ubuntu:latest /bin/bash
cd app
./dsapp relay --server zkevm-node-sequencer-001:6900

docker network inspect kt-cdk-v1

client_ip="172.16.0.19"
server_ip="172.16.0.15"

# Drop
sudo iptables -I DOCKER -s $client_ip -d $server_ip -j DROP
sudo iptables -I DOCKER -s $server_ip -d $client_ip -j DROP

# Restore
sudo iptables -D DOCKER -s $client_ip -d $server_ip -j DROP
sudo iptables -D DOCKER -s $server_ip -d $client_ip -j DROP

docker run -it --net=container:zkevm-prover-001--620987a8d7e44c60a3bc8a8742025635 nicolaka/netshoot:latest /bin/bash

sudo /usr/sbin/tcpkill -i br-edd588fc6880 host $client_ip and host $server_ip

Slow Outbound from Sequencer

docker run -it --rm --name seqshoot --net=container:zkevm-node-sequencer-001--ede742f7c75e4d8d860c2a54756df797 nicolaka/netshoot:latest /bin/bash
./.bin/github.com/alexei-led/pumba netem --duration 1m --egress-port 6900 rate --rate 10bit seqshoot

Determine interface

From inside the container we’ll need to get the details of the link:

ip link show eth0
294: eth0@if295: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:ac:10:00:11 brd ff:ff:ff:ff:ff:ff link-netnsid 0

In this case 294 is the ifindex for the interface within the container. eth0@if295 indicates that this interface is iflink.

From the host OS, I can run:

ip link | grep ^295
295: veth39145be@if294: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue master br-edd588fc6880 state UP mode DEFAULT group default

Now I have the interface name br-edd588fc6880 and I can use that for tcpdump, tcpkill and things like that

https://github.com/torvalds/linux/blob/55027e689933ba2e64f3d245fb1ff185b3e7fc81/Documentation/ABI/testing/sysfs-class-net#L188-L207