模拟主机不可达 - 如何实现/实现它 [英] Simulating host unreachable - how to achieve/implement it

问题描述

这是我的场景:

A 是配置服务器，B 是客户端.每当 B 的设置发生任何变化时，它都会将相应的配置文件上传到 A.

A is a provisioning server and B is an client. Whenever there is any change in B's setup, it uploads the appropriate config file to A.

我是一名自动化工程师，致力于实现自动化.一种情况是断开 A 与网络的连接或停止服务器 A.对 B 执行一些更改并确保 B 无法将文件上传到配置服务器 A.

I am working as an automation engineer to automate it. One of the scenario says to disconnect A from network or stop the server A. perform some changes to B and make sure that B failed to upload the files to provisioning server A.

要使其自动化，停止服务器 A 并执行适当操作的简单方法.

To automate it, the simple way to stop the server A and do the appropriate actions.

由于 A 和 B 也被其他方用于其他目的，所以我无法断开 A 或 B 与网络的连接或停止 A 处的服务器.

Since A and B are also used for other purposes by other parties so I can not either disconnect A or B from network OR stop the server at A.

所以，我期待任何解决方案，以便我可以模拟主机(配置服务器)无法访问的场景.因此，当 B 向 A 发送更新时，它将失败，但实际上 A 照常运行.

So, I am looking forward for any solution so that I can simulate the host (provisioning server) unreachable scenario. So when B will send an update to A it will fail but in actual A is running as usual.

请给我一些方法来实现它.

Please suggest me some way to achieve it.

我使用 Perl 作为编程语言，但如果有其他语言的解决方案，我很好.

I am using Perl as a programming language but I am fine if solution is available in other language.

推荐答案

我在使用空路由之前已经这样做了.最好在 shell 中使用 ip 命令完成此操作.

I've done this before using a null route. This is something that best done from the shell with the ip command.

# blackhole all packets destined for 192.168.2.1
ip route add blackhole 192.168.2.1
# to delete the same route, replace add with del
ip route del blackhole 192.168.2.1

根据您的用例，不可达路由可能会更好地工作，因为它返回 ICMP 不可达而不是丢弃数据包，尽管它们往往具有相同的效果.

Depending on your use case, an unreachable route may work better, as it returns ICMP-unreachable instead of discarding the packets, although they tend to have the same effect.

ip route add unreachable 192.168.2.1

为了彻底起见，如果您真的想模拟主机不可达的情况(相对于网络不可达的情况)，则必须在防火墙级别进行.

And for thoroughness, if you really wanted to simulate a host-unreachable situation (vs a network-unreachable), you would have to do that at the firewall level.

# resond with icmp-host-unreachable for *any* outbound packet to 192.168.2.1
iptables -I OUTPUT -d 192.168.2.1 -j REJECT --reject-with=icmp-host-unreachable
# delete the same rule (without looking up the rule #)
iptables -D OUTPUT -d 192.168.2.1 -j REJECT --reject-with=icmp-host-unreachable

这篇关于模拟主机不可达 - 如何实现/实现它的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！