模拟主机无法访问-如何实现/实现 [英] Simulating host unreachable - how to achieve/implement it

问题描述

这是我的情况:

A是配置服务器，B是客户端.只要B的设置发生任何变化，它就会将适当的配置文件上传到A.

A is a provisioning server and B is an client. Whenever there is any change in B's setup, it uploads the appropriate config file to A.

我正在作为一名自动化工程师来实现它的自动化.一种情况是说要断开A与网络的连接或停止服务器A.对B进行一些更改，并确保B无法将文件上传到预配置服务器A.

I am working as an automation engineer to automate it. One of the scenario says to disconnect A from network or stop the server A. perform some changes to B and make sure that B failed to upload the files to provisioning server A.

要使其自动化，这是停止服务器A并执行适当操作的简单方法.

To automate it, the simple way to stop the server A and do the appropriate actions.

由于其他方也将A和B用于其他目的，所以我无法将A或B与网络断开连接，也不能将服务器停在A处.

Since A and B are also used for other purposes by other parties so I can not either disconnect A or B from network OR stop the server at A.

因此，我期待任何解决方案，以便可以模拟主机(资源调配服务器)无法访问的场景.因此，当B将更新发送给A时，它将失败，但实际上A照常运行.

So, I am looking forward for any solution so that I can simulate the host (provisioning server) unreachable scenario. So when B will send an update to A it will fail but in actual A is running as usual.

请建议我一些实现它的方法.

Please suggest me some way to achieve it.

我正在使用Perl作为编程语言，但是如果其他语言都可以提供解决方案，那很好.

I am using Perl as a programming language but I am fine if solution is available in other language.

推荐答案

在使用空路由之前，我已经完成了此操作.最好使用ip命令在shell中完成此操作.

I've done this before using a null route. This is something that best done from the shell with the ip command.

# blackhole all packets destined for 192.168.2.1
ip route add blackhole 192.168.2.1
# to delete the same route, replace add with del
ip route del blackhole 192.168.2.1

根据您的用例，不可达路由可能会更好地工作，因为它返回ICMP-unreachable而不是丢弃数据包，尽管它们通常会产生相同的效果.

Depending on your use case, an unreachable route may work better, as it returns ICMP-unreachable instead of discarding the packets, although they tend to have the same effect.

ip route add unreachable 192.168.2.1

为了彻底，如果您真的想模拟主机无法访问的情况(相对于网络无法访问)，则必须在防火墙级别执行此操作.

And for thoroughness, if you really wanted to simulate a host-unreachable situation (vs a network-unreachable), you would have to do that at the firewall level.

# resond with icmp-host-unreachable for *any* outbound packet to 192.168.2.1
iptables -I OUTPUT -d 192.168.2.1 -j REJECT --reject-with=icmp-host-unreachable
# delete the same rule (without looking up the rule #)
iptables -D OUTPUT -d 192.168.2.1 -j REJECT --reject-with=icmp-host-unreachable

这篇关于模拟主机无法访问-如何实现/实现的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！