Merge pull request #280986 from rsgel/main

prmerger-automator[bot] · web-flow · commit f264903a0a4c · 2024-07-17T18:11:13.000Z
Add Network Isolation fault to library
diff --git a/articles/chaos-studio/chaos-studio-fault-library.md b/articles/chaos-studio/chaos-studio-fault-library.md
@@ -27,6 +27,7 @@ Agent-based faults are injected into **Azure Virtual Machines** or **Virtual Mac
 | Windows<sup>1</sup>, Linux<sup>2</sup>      | [Network Disconnect](#network-disconnect)                                   | Network disruption                                          |
 | Windows<sup>1</sup>, Linux<sup>2</sup>      | [Network Latency](#network-latency)                                         | Network performance degradation                             |
 | Windows<sup>1</sup>, Linux<sup>2</sup>      | [Network Packet Loss](#network-packet-loss)                                 | Network reliability issues                                  |
+| Windows<sup>1</sup>, Linux<sup>2</sup>      | [Network Isolation](#network-isolation)                                     | Network disruption                                          |
 | Windows             | [DNS Failure](#dns-failure)                                                 | DNS resolution issues                                       |
 | Windows             | [Network Disconnect (Via Firewall)](#network-disconnect-via-firewall)       | Network disruption                                          |
 | Windows, Linux      | [Physical Memory Pressure](#physical-memory-pressure)                       | Memory capacity loss, resource pressure                     |
@@ -400,6 +401,47 @@ The parameters **destinationFilters** and **inboundDestinationFilters** use the
 * When running on Linux, this fault can only affect **outbound** traffic, not inbound traffic. The fault can affect **both inbound and outbound** traffic on Windows environments (via the `inboundDestinationFilters` and `destinationFilters` parameters).
 * This fault currently only affects new connections. Existing active connections are unaffected. You can restart the service or process to force connections to break.
 
+### Network Isolation
+
+| Property | Value |
+|-|-|
+| Capability name | NetworkIsolation-1.0 |
+| Target type | Microsoft-Agent |
+| Supported OS types | Windows, Linux (outbound traffic only) |
+| Description | Fully isolate the virtual machine from network connections by dropping all IP-based inbound (on Windows) and outbound (on Windows and Linux) packets for the specified duration. At the end of the duration, network connections will be re-enabled. Because the agent depends on network traffic, this action cannot be cancelled and will run to the specified duration. |
+| Prerequisites | **Windows:** The agent must run as administrator, which happens by default if installed as a VM extension. |
+| | **Linux:** The `tc` (Traffic Control) package is used for network faults. If it isn't already installed, the agent automatically attempts to install it from the default package manager. |
+| Urn | urn:csci:microsoft:agent:networkIsolation/1.0 |
+| Fault type | Continuous. |
+| Parameters (key, value) |  |
+| virtualMachineScaleSetInstances | An array of instance IDs when you apply this fault to a virtual machine scale set. Required for virtual machine scale sets in uniform orchestration mode, optional otherwise. [Learn more about instance IDs](../virtual-machine-scale-sets/virtual-machine-scale-sets-instance-ids.md#scale-set-instance-id-for-uniform-orchestration-mode). |
+
+#### Sample JSON
+
+```json
+{
+  "name": "branchOne",
+  "actions": [
+    {
+      "type": "continuous",
+      "name": "urn:csci:microsoft:agent:networkIsolation/1.0",
+      "parameters": [],
+      "duration": "PT10M",
+      "selectorid": "myResources"
+    }
+  ]
+}
+```
+
+#### Limitations
+
+* Because the agent depends on network traffic, **this action cannot be cancelled** and will run to the specified duration. Use with caution.
+* The agent-based network faults currently only support IPv4 addresses.
+* When running on Windows, the network packet loss fault currently only works with TCP or UDP packets.
+* When running on Linux, this fault only affects **outbound** traffic, not inbound traffic. The fault affects **both inbound and outbound** traffic on Windows environments.
+* This fault currently only affects new connections. Existing active connections are unaffected. You can restart the service or process to force connections to break.
+
+
 ### DNS Failure
 
 | Property | Value |
