Fault Injection

Blackhole Experiment

The Blackhole experiment blocks inbound and outbound network traffic. It works by dropping IP packets at the transport layer (Layer 4) of the OSI model. You can specify the types of traffic to impact using additional arguments, including port, hostname, and IP address.

Linux

The Blackhole Gremlin uses existing traffic policing features in the Linux Kernel to drop targeted IP packets.

This Gremlin does not interact with iptables, and so it does not interfere with any existing iptables rulesets.

This Gremlin requires the NET_ADMIN capability, which is enabled for Gremlin by default at installation time. See capabilities(7)

Windows

The Blackhole Gremlin uses the Windows Filtering Platform to drop targeted IP packets.

Options

Parameter	Flag	Required	Default	Version	Description
IP Addresses	-i IP address	False		0.0.1	Only impact traffic to these IP addresses. Also accepts CIDR values (i.e. `10.0.0.0/24`).
Device	-d interfaces	False	Device discovery	0.0.1	Impact traffic over these network interfaces. Comma separated lists and multiple arguments supported. You can define multiple interfaces starting with agent version 2.30.0.
Hostnames	-h hostnames	False	`^api.gremlin.com`	0.0.1	Only impact traffic to these hostnames.
Remote Ports	-p port numbers	False	`^53`	0.0.1	Impact outgoing and incoming traffic to and from these remote ports. Also accepts port ranges (e.g. `8080-8085`).
Local Ports	-n port numbers	False		0.0.1	Impact outgoing and incoming traffic to and from these local ports. Also accepts port ranges (e.g. `8080-8085`).
Protocol	-P {TCP, UDP, ICMP}	False	all	1.5.3	Only impact a specific protocol.
Providers	WebUI and API Only	False		0.0.1	External service providers to affect.
Tags	WebUI and API Only	False		0.0.1	Only impact traffic to hosts running Gremlin clients associated with these tags.
Length	-l int	False	`60`	0.0.1	The length of the experiment (seconds).