模拟主机无法访问-如何实现/实现 [英] Simulating host unreachable - how to achieve/implement it
问题描述
这是我的情况:
A是配置服务器,B是客户端.只要B的设置发生任何变化,它就会将适当的配置文件上传到A.
A is a provisioning server and B is an client. Whenever there is any change in B's setup, it uploads the appropriate config file to A.
我正在作为一名自动化工程师来实现它的自动化.一种情况是说要断开A与网络的连接或停止服务器A.对B进行一些更改,并确保B无法将文件上传到预配置服务器A.
I am working as an automation engineer to automate it. One of the scenario says to disconnect A from network or stop the server A. perform some changes to B and make sure that B failed to upload the files to provisioning server A.
要使其自动化,这是停止服务器A并执行适当操作的简单方法.
To automate it, the simple way to stop the server A and do the appropriate actions.
由于其他方也将A和B用于其他目的,所以我无法将A或B与网络断开连接,也不能将服务器停在A处.
Since A and B are also used for other purposes by other parties so I can not either disconnect A or B from network OR stop the server at A.
因此,我期待任何解决方案,以便可以模拟主机(资源调配服务器)无法访问的场景.因此,当B将更新发送给A时,它将失败,但实际上A照常运行.
So, I am looking forward for any solution so that I can simulate the host (provisioning server) unreachable scenario. So when B will send an update to A it will fail but in actual A is running as usual.
请建议我一些实现它的方法.
Please suggest me some way to achieve it.
我正在使用Perl作为编程语言,但是如果其他语言都可以提供解决方案,那很好.
I am using Perl as a programming language but I am fine if solution is available in other language.
推荐答案
在使用空路由之前,我已经完成了此操作.最好使用ip命令在shell中完成此操作.
I've done this before using a null route. This is something that best done from the shell with the ip command.
# blackhole all packets destined for 192.168.2.1
ip route add blackhole 192.168.2.1
# to delete the same route, replace add with del
ip route del blackhole 192.168.2.1
根据您的用例,不可达路由可能会更好地工作,因为它返回ICMP-unreachable而不是丢弃数据包,尽管它们通常会产生相同的效果.
Depending on your use case, an unreachable route may work better, as it returns ICMP-unreachable instead of discarding the packets, although they tend to have the same effect.
ip route add unreachable 192.168.2.1
为了彻底,如果您真的想模拟主机无法访问的情况(相对于网络无法访问),则必须在防火墙级别执行此操作.
And for thoroughness, if you really wanted to simulate a host-unreachable situation (vs a network-unreachable), you would have to do that at the firewall level.
# resond with icmp-host-unreachable for *any* outbound packet to 192.168.2.1
iptables -I OUTPUT -d 192.168.2.1 -j REJECT --reject-with=icmp-host-unreachable
# delete the same rule (without looking up the rule #)
iptables -D OUTPUT -d 192.168.2.1 -j REJECT --reject-with=icmp-host-unreachable
这篇关于模拟主机无法访问-如何实现/实现的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!