Delay Traffic

Attack

Inject latency into egress network traffic.

Targets:

Containers

Install now

Delay Traffic

Inject latency into egress network traffic.

Attack

Targets:

Containers

Install now

Delay Traffic

Attack

Inject latency into egress network traffic.

Targets:

Containers

Install now

Delay Traffic

Inject latency into egress network traffic.

Attack

Targets:

Containers

Install now

Go back to list

Wireshark showing the effects of the attack.

Introduction

Inject latency into all matching traffic.

Details

The network delay operates at the ip level and affects single packets. Thus, you may encounter http requests that are delayed by a multiple of the specified delay.

In this example the traffic is delayed by 500ms. If you tap the wire (using tcpdump) and feed it into Wireshark it looks like shown in the image above.

The first incoming packet initiates the tcp connection and is accepted by the second packet, which is delayed exactly be the 500ms.
With the fourth packet we receive a http request in the payload. Which is acknowledged and answered with a http response in packet four to seven, which are also delayed by 500ms and thus the total latency for the http request sums up to 1 second.

Note: If you are going to attack containers using network attacks, all containers in the target's linux network namespace (e.g. all containers belonging to the same Kubernetes Pod or Replica Set) will be affected. In case you want to target the traffic of a single container in the namespace you can for example use the port parameter to limit the blast radius.

Parameters

Parameter	Description	Default
Network Delay	How much should the traffic be delayed?	500ms
Jitter	Random +-30% jitter to network delay	true
Fail on Host Network	Emit failure when the targeted container is using the host network	true
Duration	How long should the traffic be affected?	30s
Hostname	Restrict to which hosts the traffic is reduced
IP Address	Restrict to which IP address the traffic is reduced
Network Interface	Target Network Interface which should be attacked. All if none specified.
Ports	Restrict to which ports the traffic is reduced

Statistics

-Stars

Verify system unavailability status during Redis latency

Verify that an increased latency in a Redis cache is handled by your application properly by having increased processing time but still being able to maintain the throughput.

Containers

Datadog monitors

Kubernetes deployments

Verify system unavailability status during PostgreSQL latency

Your application should continue to function properly and indicate unavailability appropriately in case of increased connection latency to PostgreSQL. Additionally, this experiment can highlight requests that need optimization of timeouts to prevent dropped requests.

Kubernetes deployments

Containers

Datadog monitors

Verify system unavailability status during Kafka latency

Verify that an increased latency in your Kafka message delivery is handled by your application properly by having increased processing time but still being able to maintain the throughput.

Kubernetes deployments

Containers

Datadog monitors

Verify system unavailability status during RabbitMQ latency

Verify that an increased latency in your RabbitMQ message delivery is handled by your application properly by having increased processing time but still being able to maintain the throughput.

Kubernetes deployments

Containers

Datadog monitors

More Container Actions

See all