Skip to content

Commit f264903

Browse files
Merge pull request #280986 from rsgel/main
Add Network Isolation fault to library
2 parents 17a081a + 3e7641c commit f264903

File tree

1 file changed

+42
-0
lines changed

1 file changed

+42
-0
lines changed

articles/chaos-studio/chaos-studio-fault-library.md

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ Agent-based faults are injected into **Azure Virtual Machines** or **Virtual Mac
2727
| Windows<sup>1</sup>, Linux<sup>2</sup> | [Network Disconnect](#network-disconnect) | Network disruption |
2828
| Windows<sup>1</sup>, Linux<sup>2</sup> | [Network Latency](#network-latency) | Network performance degradation |
2929
| Windows<sup>1</sup>, Linux<sup>2</sup> | [Network Packet Loss](#network-packet-loss) | Network reliability issues |
30+
| Windows<sup>1</sup>, Linux<sup>2</sup> | [Network Isolation](#network-isolation) | Network disruption |
3031
| Windows | [DNS Failure](#dns-failure) | DNS resolution issues |
3132
| Windows | [Network Disconnect (Via Firewall)](#network-disconnect-via-firewall) | Network disruption |
3233
| Windows, Linux | [Physical Memory Pressure](#physical-memory-pressure) | Memory capacity loss, resource pressure |
@@ -400,6 +401,47 @@ The parameters **destinationFilters** and **inboundDestinationFilters** use the
400401
* When running on Linux, this fault can only affect **outbound** traffic, not inbound traffic. The fault can affect **both inbound and outbound** traffic on Windows environments (via the `inboundDestinationFilters` and `destinationFilters` parameters).
401402
* This fault currently only affects new connections. Existing active connections are unaffected. You can restart the service or process to force connections to break.
402403

404+
### Network Isolation
405+
406+
| Property | Value |
407+
|-|-|
408+
| Capability name | NetworkIsolation-1.0 |
409+
| Target type | Microsoft-Agent |
410+
| Supported OS types | Windows, Linux (outbound traffic only) |
411+
| Description | Fully isolate the virtual machine from network connections by dropping all IP-based inbound (on Windows) and outbound (on Windows and Linux) packets for the specified duration. At the end of the duration, network connections will be re-enabled. Because the agent depends on network traffic, this action cannot be cancelled and will run to the specified duration. |
412+
| Prerequisites | **Windows:** The agent must run as administrator, which happens by default if installed as a VM extension. |
413+
| | **Linux:** The `tc` (Traffic Control) package is used for network faults. If it isn't already installed, the agent automatically attempts to install it from the default package manager. |
414+
| Urn | urn:csci:microsoft:agent:networkIsolation/1.0 |
415+
| Fault type | Continuous. |
416+
| Parameters (key, value) | |
417+
| virtualMachineScaleSetInstances | An array of instance IDs when you apply this fault to a virtual machine scale set. Required for virtual machine scale sets in uniform orchestration mode, optional otherwise. [Learn more about instance IDs](../virtual-machine-scale-sets/virtual-machine-scale-sets-instance-ids.md#scale-set-instance-id-for-uniform-orchestration-mode). |
418+
419+
#### Sample JSON
420+
421+
```json
422+
{
423+
"name": "branchOne",
424+
"actions": [
425+
{
426+
"type": "continuous",
427+
"name": "urn:csci:microsoft:agent:networkIsolation/1.0",
428+
"parameters": [],
429+
"duration": "PT10M",
430+
"selectorid": "myResources"
431+
}
432+
]
433+
}
434+
```
435+
436+
#### Limitations
437+
438+
* Because the agent depends on network traffic, **this action cannot be cancelled** and will run to the specified duration. Use with caution.
439+
* The agent-based network faults currently only support IPv4 addresses.
440+
* When running on Windows, the network packet loss fault currently only works with TCP or UDP packets.
441+
* When running on Linux, this fault only affects **outbound** traffic, not inbound traffic. The fault affects **both inbound and outbound** traffic on Windows environments.
442+
* This fault currently only affects new connections. Existing active connections are unaffected. You can restart the service or process to force connections to break.
443+
444+
403445
### DNS Failure
404446

405447
| Property | Value |

0 commit comments

Comments
 (0)