Tools for understanding, measuring, and applying network policies effectively in kubernetes

Overview

Cyclonus

network policy explainer, prober, and test case generator!

Parse, explain, and probe network policies to understand their implications and help design policies that suit your needs!

Grab the latest release to get started using Cyclonus!

Probe

Run a connectivity probe against a Kubernetes cluster.

$ go run cmd/cyclonus/main.go probe

Kube results for:
  policy y/allow-all-for-label:
  policy y/allow-by-ip:
  policy y/allow-label-to-label:
  policy y/deny-all:
  policy y/deny-all-for-label:
+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+
|  -  | X/A | X/B | X/C | Y/A | Y/B | Y/C | Z/A | Z/B | Z/C |
+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+
| x/a | .   | .   | .   | X   | .   | X   | .   | .   | .   |
| x/b | .   | .   | .   | X   | .   | X   | .   | .   | .   |
| x/c | .   | .   | .   | X   | .   | X   | .   | .   | .   |
| y/a | .   | .   | .   | X   | .   | X   | .   | .   | .   |
| y/b | .   | .   | .   | X   | .   | X   | .   | .   | .   |
| y/c | .   | .   | .   | .   | .   | X   | .   | .   | .   |
| z/a | .   | .   | .   | X   | .   | X   | .   | .   | .   |
| z/b | .   | .   | .   | X   | .   | X   | .   | .   | .   |
| z/c | .   | .   | .   | X   | .   | X   | .   | .   | .   |
+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+

0 wrong, 81 no value, 0 correct, 0 ignored out of 81 total

Policy generator

Generate network policies, install the policies one at a time in kubernetes, and compare actual measured connectivity to expected connectivity using a truth table.

$ go run cmd/cyclonus/main.go generate \
  --mode simple-fragments \
  --netpol-creation-wait-seconds 15

... 
Synthetic vs combined:
+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+
|  -  | X/A | X/B | X/C | Y/A | Y/B | Y/C | Z/A | Z/B | Z/C |
+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+
| x/a | X   | .   | .   | .   | .   | .   | .   | .   | .   |
| x/b | X   | .   | .   | .   | .   | .   | .   | .   | .   |
| x/c | X   | .   | .   | .   | .   | .   | .   | .   | .   |
| y/a | X   | .   | .   | .   | .   | .   | .   | .   | .   |
| y/b | X   | .   | .   | .   | .   | .   | .   | .   | .   |
| y/c | X   | .   | .   | .   | .   | .   | .   | .   | .   |
| z/a | X   | .   | .   | .   | .   | .   | .   | .   | .   |
| z/b | X   | .   | .   | .   | .   | .   | .   | .   | .   |
| z/c | X   | .   | .   | .   | .   | .   | .   | .   | .   |
+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+
... 

Policy analysis

Explain policies

Groups policies by target, divides rules into egress and ingress, and gives a basic explanation of the combined policies. This clarifies the interactions between "denies" and "allows" from multiple policies.

$ go run cmd/cyclonus/main.go analyze \
  --policy-path ./networkpolicies/simple-example/

+---------+---------------+------------------------+---------------------+--------------------------+
|  TYPE   |    TARGET     |      SOURCE RULES      |        PEER         |      PORT/PROTOCOL       |
+---------+---------------+------------------------+---------------------+--------------------------+
| Ingress | namespace: y  | y/allow-label-to-label | no ips              | no ports, no protocols   |
|         | Match labels: | y/deny-all-for-label   |                     |                          |
|         |   pod: a      |                        |                     |                          |
+         +               +                        +---------------------+--------------------------+
|         |               |                        | namespace: y        | all ports, all protocols |
|         |               |                        | pods: Match labels: |                          |
|         |               |                        |   pod: c            |                          |
+         +---------------+------------------------+---------------------+                          +
|         | namespace: y  | y/allow-all-for-label  | all pods, all ips   |                          |
|         | Match labels: |                        |                     |                          |
|         |   pod: b      |                        |                     |                          |
+         +---------------+------------------------+---------------------+--------------------------+
|         | namespace: y  | y/allow-by-ip          | ports for all IPs   | no ports, no protocols   |
|         | Match labels: |                        |                     |                          |
|         |   pod: c      |                        |                     |                          |
+         +               +                        +---------------------+--------------------------+
|         |               |                        | 0.0.0.0/24          | all ports, all protocols |
|         |               |                        | except []           |                          |
|         |               |                        |                     |                          |
+         +               +                        +---------------------+--------------------------+
|         |               |                        | no pods             | no ports, no protocols   |
|         |               |                        |                     |                          |
|         |               |                        |                     |                          |
+         +---------------+------------------------+---------------------+                          +
|         | namespace: y  | y/deny-all             | no pods, no ips     |                          |
|         | all pods      |                        |                     |                          |
+---------+---------------+------------------------+---------------------+--------------------------+

Which policy rules apply to a pod?

This takes the previous command a step further: it combines the rules from all the targets that apply to a pod.

$ go run ./cmd/cyclonus/main.go analyze \
  --explain=false \
  --policy-path ./networkpolicies/simple-example/ \
  --target-pod-path ./examples/targets.json

Combined rules for pod {Namespace:y Labels:map[pod:a]}:
+---------+---------------+-----------------------------+---------------------+--------------------------+
|  TYPE   |    TARGET     |        SOURCE RULES         |        PEER         |      PORT/PROTOCOL       |
+---------+---------------+-----------------------------+---------------------+--------------------------+
| Ingress | namespace: y  | y/allow-label-to-label      | no ips              | no ports, no protocols   |
|         | Match labels: | y/deny-all-for-label        |                     |                          |
|         |   pod: a      | y/deny-all                  |                     |                          |
+         +               +                             +---------------------+--------------------------+
|         |               |                             | namespace: y        | all ports, all protocols |
|         |               |                             | pods: Match labels: |                          |
|         |               |                             |   pod: c            |                          |
+---------+---------------+-----------------------------+---------------------+--------------------------+
|         |               |                             |                     |                          |
+---------+---------------+-----------------------------+---------------------+--------------------------+
| Egress  | namespace: y  | y/deny-all-egress           | all pods, all ips   | all ports, all protocols |
|         | Match labels: | y/allow-all-egress-by-label |                     |                          |
|         |   pod: a      |                             |                     |                          |
+---------+---------------+-----------------------------+---------------------+--------------------------+

Will policies allow or block traffic?

Given arbitrary traffic examples (from a source to a destination, including labels, over a port and protocol), this command parses network policies and determines if the traffic is allowed or not.

go run ./cmd/cyclonus/main.go analyze \
  --explain=false \
  --policy-path ./networkpolicies/simple-example/ \
  --traffic-path ./examples/traffic.json

Traffic:
+--------------------------+-------------+---------------+-----------+-----------+------------+
|      PORT/PROTOCOL       | SOURCE/DEST |    POD IP     | NAMESPACE | NS LABELS | POD LABELS |
+--------------------------+-------------+---------------+-----------+-----------+------------+
| 80 (serve-80-tcp) on TCP | source      | 192.168.1.99  | y         | ns: y     | app: c     |
+                          +-------------+---------------+           +           +------------+
|                          | destination | 192.168.1.100 |           |           | pod: b     |
+--------------------------+-------------+---------------+-----------+-----------+------------+

Is traffic allowed?
+-------------+--------+---------------+
|    TYPE     | ACTION |    TARGET     |
+-------------+--------+---------------+
| Ingress     | Allow  | namespace: y  |
|             |        | Match labels: |
|             |        |   pod: b      |
+             +--------+---------------+
|             | Deny   | namespace: y  |
|             |        | all pods      |
+-------------+--------+---------------+
|             |        |               |
+-------------+--------+---------------+
| Egress      | Deny   | namespace: y  |
|             |        | all pods      |
+-------------+--------+---------------+
| IS ALLOWED? | FALSE  |                
+-------------+--------+---------------+

Simulated probe

Runs a simulated connectivity probe against a set of network policies, without using a kubernetes cluster.

$ go run ./cmd/cyclonus/main.go analyze \
  --explain=false \
  --policy-path ./networkpolicies/simple-example/ \
  --probe-path ./examples/probe.json

Combined:
+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+
|     | X/A | X/B | X/C | Y/A | Y/B | Y/C | Z/A | Z/B | Z/C |
+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+
| x/a | .   | .   | .   | X   | .   | X   | .   | .   | .   |
| x/b | .   | .   | .   | X   | .   | X   | .   | .   | .   |
| x/c | .   | .   | .   | X   | .   | X   | .   | .   | .   |
| y/a | .   | .   | .   | X   | .   | X   | .   | .   | .   |
| y/b | .   | .   | .   | X   | .   | X   | .   | .   | .   |
| y/c | X   | X   | X   | X   | X   | X   | X   | X   | X   |
| z/a | .   | .   | .   | X   | .   | X   | .   | .   | .   |
| z/b | .   | .   | .   | X   | .   | X   | .   | .   | .   |
| z/c | .   | .   | .   | X   | .   | X   | .   | .   | .   |
+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+

Linter

Checks network policies for common problems.

go run ./cmd/cyclonus/main.go analyze \
  --explain=false \
  --lint=true \
  --policy-path ./networkpolicies/simple-example

+-----------------+------------------------------+-------------------+-----------------------------+
| SOURCE/RESOLVED |             TYPE             |      TARGET       |       SOURCE POLICIES       |
+-----------------+------------------------------+-------------------+-----------------------------+
| Resolved        | CheckTargetAllEgressAllowed  | namespace: y      | y/allow-all-egress-by-label |
|                 |                              |                   |                             |
|                 |                              | pod selector:     |                             |
|                 |                              | matchExpressions: |                             |
|                 |                              | - key: pod        |                             |
|                 |                              |   operator: In    |                             |
|                 |                              |   values:         |                             |
|                 |                              |   - a             |                             |
|                 |                              |   - b             |                             |
|                 |                              |                   |                             |
+-----------------+------------------------------+-------------------+-----------------------------+
| Resolved        | CheckDNSBlockedOnTCP         | namespace: y      | y/deny-all-egress           |
|                 |                              |                   |                             |
|                 |                              | pod selector:     |                             |
|                 |                              | {}                |                             |
|                 |                              |                   |                             |
+-----------------+------------------------------+-------------------+-----------------------------+
| Resolved        | CheckDNSBlockedOnUDP         | namespace: y      | y/deny-all-egress           |
|                 |                              |                   |                             |
|                 |                              | pod selector:     |                             |
|                 |                              | {}                |                             |
|                 |                              |                   |                             |
+-----------------+------------------------------+-------------------+-----------------------------+

Developer guide

Setup

  • Get set up with golang 1.15

  • clone this repo

     git clone [email protected]:mattfenwick/cyclonus.git
     cd cyclonus
    
  • set up a KinD cluster with a CNI that supports network policies

     pushd kind/calico
     ./setup.sh
     popd
    
  • run cyclonus

     go run cmd/cyclonus/main.go generate --mode=example
    

How to Release Binaries

See goreleaser's requirements here.

Get a GitHub Personal Access Token and add the repo scope. Set GITHUB_TOKEN to this value:

export GITHUB_TOKEN=...

See here for more information on github tokens.

Choose a tag/release name, create and push a tag:

TAG=v0.0.1

git tag $TAG
git push origin $TAG

Cut a release:

goreleaser release --rm-dist

Make a test release:

goreleaser release --snapshot --rm-dist
Comments
  • collect cyclonus data across a variety of clusters and CNIs

    collect cyclonus data across a variety of clusters and CNIs

    Procedure:

    • spin up cluster with a CNI
    • run cyclonus job
      • check out https://github.com/mattfenwick/cyclonus/tree/master/jobs -- notice the different arguments for each CNI, this is because of their differences in support for some features
    • capture:
      • cyclonus invocation
      • cyclonus job logs
      • all cluster info (version, ip version, etc.)
      • all CNI info (config, version, etc.)

    IPV4 Progress table:

    KinD: | CNI | Version | Linux | Windows | | --- | --- | --- | --- | | Calico | v3.18.0 | ✅ | ❌ | | Calico | v3.18.1 | ❌ | ❌ | | Antrea | v0.12.0 | ✅ | ❌ | | Antrea | v0.12.2 | ✅ | ❌ | | Cilium | v1.9.4 | ✅ | ❌ | | Cilium | v1.9.5 | ✅ | ❌ | | Weave | ??? | ❌ | ❌ | | ovn-kubernetes | ??? | ✅ | ❌ |

    Azure: | CNI | Version | Linux | Windows | | --- | --- | --- | --- | | Calico | v3.18.1 | ❌ | ❌ |

    GKE: | CNI | Version | Linux | Windows | | --- | --- | --- | --- | | Calico | v3.18.0 | ✅ | ❌ | | Antrea | v0.12.2 | ❌ | ❌ | | Cilium | v1.9.5 | ✅ | ❌ | | ovn-kubernetes | ??? | ❌ | ❌ |

    EKS: | CNI | Version | Linux | Windows | | --- | --- | --- | --- | | Calico | v3,18.0 | ❌ | ❌ | | Antrea | v0.12.2 | ❌ | ❌ | | Cilium | v1.9.5 | ❌ | ❌ | | ovn-kubernetes | ??? | ❌ | ❌ |

    Partial data:

    • weave on KinD (pending verification from @dougsland @rikatz)

    Network policies not supported, so don't need data:

    • Flannel

    IPV6 is not yet supported by Cyclonus

    Bugs reported

    • Calico bug: https://github.com/projectcalico/libcalico-go/pull/1370
    • Antrea bug: https://github.com/vmware-tanzu/antrea/issues/1764
    • Cilium bug: https://github.com/cilium/cilium/pull/14720
    • Antrea CI https://github.com/vmware-tanzu/antrea/pull/1765
    • Cilium CI https://github.com/cilium/cilium/pull/14889
    • ovn missing named port support: https://github.com/ovn-org/ovn-kubernetes/issues/2117
    opened by mattfenwick 9
  • Add Junit output for automated results processing

    Add Junit output for automated results processing

    If specified by a the new --junit flag, output the results as junit to the specified file. This allows automated processing.

    Updated sonobuoy plugin to use this junit format so that you can see result counts and test pass/fail info using native sonobuoy commands.

    opened by johnSchnake 6
  • report issues with parsing network policies

    report issues with parsing network policies

    The following policy is incorrectly indented, so fails to create in kubernetes.

    kind: NetworkPolicy
    apiVersion: networking.k8s.io/v1
    metadata:
      name: allow-all-ingress-egress-by-label
      namespace: "y"
    spec:
      policyTypes:
        - Egress
        - Ingress
      podSelector:
        matchExpressions:
          - key: pod
            operator: In
            values: [a, b, c]
      egress:
        - to:
          - podSelector:
            matchLabels:
              use: db
      ingress:
        - from:
          - ipBlock:
            cidr: 172.17.0.0/16
            except:
            - 172.17.1.0/24
          - namespaceSelector:
            matchLabels:
              project: myproject
          - podSelector:
            matchLabels:
              role: frontend
          ports:
            - protocol: TCP
              port: 6379
    
    $ kubectl create -f policy.yaml
    error: error validating "policy.yaml": error validating data: [ValidationError(NetworkPolicy.spec.egress[0].to[0]): unknown field "matchLabels" in io.k8s.api.networking.v1.NetworkPolicyPeer, ValidationError(NetworkPolicy.spec.ingress[0].from[0]): unknown field "cidr" in io.k8s.api.networking.v1.NetworkPolicyPeer, ValidationError(NetworkPolicy.spec.ingress[0].from[0]): unknown field "except" in io.k8s.api.networking.v1.NetworkPolicyPeer, ValidationError(NetworkPolicy.spec.ingress[0].from[1]): unknown field "matchLabels" in io.k8s.api.networking.v1.NetworkPolicyPeer, ValidationError(NetworkPolicy.spec.ingress[0].from[2]): unknown field "matchLabels" in io.k8s.api.networking.v1.NetworkPolicyPeer]; if you choose to ignore these errors, turn validation off with --validate=false
    

    However, cyclonus doesn't notice these problems.

    Cyclonus should notice these problems and report them.

    opened by mattfenwick 3
  • Feature request: ability to mark test failures as expected

    Feature request: ability to mark test failures as expected

    Cilium currently does not pass all of cyclonus's tests (https://github.com/cilium/cilium/issues/14678), and as cyclonus's test suite expands Cilium might fail other tests due to missing features in Cilium's NetworkPolicy implementation.

    So that cyclonus can be used in Cilium's CI (which requires all tests to pass before a PR can be merged), it would be nice if individual tests could be marked as "expected to fail". For these tests, cyclonus should still run them, but report success if they fail and failure if they succeed. This allows CI to pass for known failures, and will alert developers to update the cyclonus test configuration if/when Cilium fixes the bug.

    Marking individual tests as "expected to fail" could either be done through a CLI option or a configuration file, depending on the number of tests expected to fail.

    opened by twpayne 3
  • state validation fails due to new default namespace labels

    state validation fails due to new default namespace labels

    This happens on newer kube versions, see: https://github.com/kubernetes/kubernetes/pull/96968

    Logs: Untitled.txt

    time="2021-04-09T09:52:57Z" level=fatal msg="for namespace y, expected labels map[ns:y] (found map[kubernetes.io/metadata.name:y ns:y])\n
    github.com/mattfenwick/cyclonus/pkg/connectivity.(*TestCaseState).verifyClusterStateHelper
      /Users/mfenwick/go/src/github.com/mattfenwick/cyclonus/pkg/connectivity/testcasestate.go:238
    github.com/mattfenwick/cyclonus/pkg/connectivity.(*TestCaseState).VerifyClusterState
      /Users/mfenwick/go/src/github.com/mattfenwick/cyclonus/pkg/connectivity/testcasestate.go:286
    github.com/mattfenwick/cyclonus/pkg/connectivity.(*Interpreter).ExecuteTestCase
      /Users/mfenwick/go/src/github.com/mattfenwick/cyclonus/pkg/connectivity/interpreter.go:85
    github.com/mattfenwick/cyclonus/pkg/cli.RunGenerateCommand\n\t/Users/mfenwick/go/src/github.com/mattfenwick/cyclonus/pkg/cli/generate.go:135\ngithub.com/mattfenwick/cyclonus/pkg/cli.SetupGenerateCommand.func1\n\t/Users/mfenwick/go/src/github.com/mattfenwick/cyclonus/pkg/cli/generate.go:44\ngithub.com/spf13/cobra.
    (*Command).execute\n\t/Users/mfenwick/go/pkg/mod/github.com/spf13/[email protected]/command.go:846\ngithub.com/spf13/cobra.
    (*Command).ExecuteC\n\t/Users/mfenwick/go/pkg/mod/github.com/spf13/[email protected]/command.go:950\ngithub.com/spf13/cobra.
    (*Command).Execute\n\t/Users/mfenwick/go/pkg/mod/github.com/spf13/[email protected]/command.go:887\ngithub.com/mattfenwick/cyclonus/pkg/cli.RunRootCommand\n\t/Users/mfenwick/go/src/github.com/mattfenwick/cyclonus/pkg/cli/root.go:13\nmain.main\n\t/Users/mfenwick/go/src/github.com/mattfenwick/cyclonus/cmd/cyclonus/main.go:8\nruntime.main\n\t/usr/local/Cellar/go/1.15.5/libexec/src/runtime/proc.go:204\nruntime.goexit\n\t/usr/local/Cellar/go/1.15.5/libexec/src/runtime/asm_amd64.s:1374"
    

    TODOs:

    • [x] get a cluster of 1.21 to repro this against
    • [x] come up with some code that works on both <= 1.20 and >= 1.21
    • [ ] (maybe) just ignore extra labels
    • [ ] (maybe) detect cluster version and do the right thing automatically
    • [ ] (maybe) provide a CLI switch to turn on/off the labels
    kube-1.21 
    opened by mattfenwick 2
  • kind: split the calls in modules for re-use

    kind: split the calls in modules for re-use

    Instead of duplicating code, let's re-use calls to simplify creating new network policies tests.

    Signed-off-by: Douglas Schilling Landgraf [email protected]

    opened by dougsland 2
  • UX: Rename fuzz command to generate

    UX: Rename fuzz command to generate

    cyclonus currently has a fuzz command that is described as:

    Generate network policies, install the policies one at a time in kubernetes, and compare actual measured connectivity to expected connectivity using a truth table.

    Fuzzing is described by Wikipedia as:

    Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program.

    Since generate is a more accurate description of what the fuzz command currently does, would it make sense to rename the command from fuzz to generate?

    opened by twpayne 2
  • get a single connectivity matrix to fit on a single page (even on smaller monitors)

    get a single connectivity matrix to fit on a single page (even on smaller monitors)

    Connectivity matrices with multiple ports and protocols expand vertically and can quickly take more than a single screen of space.

    It's really useful to see the whole thing at once!

    opened by mattfenwick 1
  • handle pod IPs in different /24 subnets

    handle pod IPs in different /24 subnets

    Cyclonus currently assumes that pods are all in the same /24 subnet; if this assumption is violated, spurious failures will be reported.

    Cyclonus should not make this assumption.

    opened by mattfenwick 1
  • Add service and node discovery to test resources

    Add service and node discovery to test resources

    Add some basic wiring to create/destroy services as part of test step, and target desting datapath from pod matrix to nodes, specifically via nodeport.

    Known TODOs:

    • Table showing datapath from pod->node is incomplete
    • Including nodes in truth table/simulated runs needs to be built
    • Is connection from pod x/a, to service that has podselector pod=a, considered loopback? This traffic is allowed with a default-deny-all on cilium, although the generated netpol expectation doesn't factor this in and will fail the scenario with these allowed connections
    opened by matmerr 3
  • Address docker hub rate limit for image mfenwick100/sonobuoy-cyclonus

    Address docker hub rate limit for image mfenwick100/sonobuoy-cyclonus

    Hi team,

    Thanks for the cool project, just wonder do we have an alternative to download the image mfenwick100/sonobuoy-cyclonus It's easy to hit rate limit issue in an enterprise network.

    Thanks

    opened by ydp 1
  • speed up test runs

    speed up test runs

    client-side:

    • https://github.com/kubernetes/kubernetes/blob/master/test/images/agnhost/connect/connect.go

    server-side:

    • https://github.com/kubernetes/kubernetes/tree/master/test/images/agnhost/porter
    • https://github.com/kubernetes/kubernetes/tree/master/test/images/agnhost/serve-hostname

    ideas:

    • reduce number of kubectl exec calls
    • avoid spinning up an agnhost binary for each network call
    opened by mattfenwick 1
  • investigate KinD/TCP/IPV6 slowness of requests to services

    investigate KinD/TCP/IPV6 slowness of requests to services

    see: https://github.com/mattfenwick/cyclonus/runs/2371412592?check_suite_focus=true

    TCP requests were nearly always timing, while analagous UDP and SCTP requests were not.

    opened by mattfenwick 0
  • Create feature support matrix

    Create feature support matrix

    Including:

    underlying OS:

    • linux
    • windows

    kube version:

    • 1.21
    • 1.20
    • 1.19

    IP stack:

    • IPV4
    • dual-stack
    • IPV6

    CNI:

    • Antrea
    • Calico
    • Cilium
    • ovn-kubernetes
    • flannel
    • weave

    Cluster:

    • kind
    • k3s
    • GKE
    • AKS
    • EKS
    • bare-metal

    What else?

    opened by mattfenwick 0
Releases(v0.5.1)
Owner
Matt Fenwick
Matt Fenwick
gNXI Tools - gRPC Network Management/Operations Interface Tools

gNxI Tools gNMI - gRPC Network Management Interface gNOI - gRPC Network Operations Interface A collection of tools for Network Management that use the

Google 226 Nov 11, 2022
Tools - This subrepository holds the source for various packages and tools that support

Go Tools This subrepository holds the source for various packages and tools that

Rohan 0 Jan 12, 2022
Package socket provides a low-level network connection type which integrates with Go's runtime network poller to provide asynchronous I/O and deadline support. MIT Licensed.

socket Package socket provides a low-level network connection type which integrates with Go's runtime network poller to provide asynchronous I/O and d

Matt Layher 48 Nov 15, 2022
Magma is an open-source software platform that gives network operators an open, flexible and extendable mobile core network solution.

Connecting the Next Billion People Magma is an open-source software platform that gives network operators an open, flexible and extendable mobile core

Magma 1.4k Nov 26, 2022
Zero Trust Network Communication Sentinel provides peer-to-peer, multi-protocol, automatic networking, cross-CDN and other features for network communication.

Thank you for your interest in ZASentinel ZASentinel helps organizations improve information security by providing a better and simpler way to protect

ZTALAB 8 Nov 1, 2022
Optimize Windows's network/NIC driver settings for NewTek's NDI(Network-Device-Interface).

windows-ndi-optimizer[WIP] Optimize Windows's network/NIC driver settings for NewTek's NDI(Network-Device-Interface). How it works This is batchfile d

Nil Hiiragi 3 Apr 15, 2022
A simple network analyzer that capture http network traffic

httpcap A simple network analyzer that captures http network traffic. support Windows/MacOS/Linux/OpenWrt(x64) https only capture clienthello colorful

null 2 Oct 25, 2022
kcp is a prototype of a Kubernetes API server that is not a Kubernetes cluster - a place to create, update, and maintain Kube-like APis with controllers above or without clusters.

kcp is a minimal Kubernetes API server How minimal exactly? kcp doesn't know about Pods or Nodes, let alone Deployments, Services, LoadBalancers, etc.

Prototype of Future Kubernetes Ideas 1.8k Nov 26, 2022
Scripts and other small tools developed against TCM systems

TCM Tools This repo contains scripts and small tools developed against TCM services that do not really have a home other places but we would like to m

Twin Cities Maker 0 Mar 22, 2022
Tools for authoring and serving codelabs

Tools for authoring and serving codelabs Codelabs are interactive instructional

Thomas Pollyblank 1 Feb 8, 2022
:alarm_clock: :fire: A TCP proxy to simulate network and system conditions for chaos and resiliency testing

Toxiproxy Toxiproxy is a framework for simulating network conditions. It's made specifically to work in testing, CI and development environments, supp

Shopify 8.7k Nov 27, 2022
A LoRaWAN nodes' and network simulator that works with a real LoRaWAN environment (such as Chirpstack) and equipped with a web interface for real-time interaction.

LWN Simulator A LoRaWAN nodes' simulator to simulate a LoRaWAN Network. Table of Contents General Info Requirements Installation General Info LWN Simu

ARSLab 32 Nov 16, 2022
Go network programming framework, supports multiplexing, synchronous and asynchronous IO mode, modular design, and provides flexible custom interfaces

Go network programming framework, supports multiplexing, synchronous and asynchronous IO mode, modular design, and provides flexible custom interfaces。The key is the transport layer, application layer protocol has nothing to do

rick.wu 11 Nov 7, 2022
Toxiproxy - A TCP proxy to simulate network and system conditions for chaos and resiliency testing

Toxiproxy is a framework for simulating network conditions. It's made specifically to work in testing, CI and development environments, supp

Shopify 6.7k Nov 3, 2021
A suite of gRPC debugging tools. Like Fiddler/Charles but for gRPC.

grpc-tools A suite of tools for gRPC debugging and development. Like Fiddler/Charles but for gRPC! The main tool is grpc-dump which transparently inte

Bradley Kemp 1.1k Nov 25, 2022
Serve vanity URLs to Go tools.

goovus serves vanity URLs to Go tools. What's In A Name? go Made for Go. o Open as in open source. vus vanity url server. go + o + vus gives goovus. Q

null 5 Sep 28, 2021
golang consul tools

中文文档 consult A consul key/value tool for golang Usage install go get -u github.com/xxjwxc/[email protected] New Config conf := consulkv.NewConfig() With

xxj 7 Mar 6, 2022
gophertunnel is composed of several packages that may be of use for creating Minecraft related tools

gophertunnel is composed of several packages that may be of use for creating Minecraft related tools. A brief overview of all packages may be found here.

Sandertv 297 Nov 16, 2022
A suite of tools for NFT generative art.

nftool A suite of tools for NFT generative art. Features Traits/Attributes/Properties Generation Configure custom rarity Generate collection attribute

Aleph Retamal 147 Nov 23, 2022