1 Comment

Simulating Poor Network Connectivity on Mac OSX

I’ve often used Chrome dev tools’ device mode network throttling feature to test how a web app behaves with a poor network connection.

If you need this capability outside your browser, you can use Apple’s Network Link Conditioner to degrade your whole computer’s connectivity, individually controlling bandwidth, latency, and packet loss. This is particularly useful for other browsers, device simulators, and headless processes.

I recently wished to simulate degraded connectivity to a single host. A modern web app loads resources from a variety of sources. It’s good to know how your app will behave if your font server is on the fritz, or if your image CDN slows to a crawl.

Targeting One Host

It turns out that Mac OSX has this capability out of the box—it’s used for the Network Link Conditioner tool described above, however, it’s a little hard to find. When Apple switched from the IPFW firewall to PF several OSX versions ago, it appears they kept the former’s “dummynet” traffic shaper, rather than using the “altq” system described in PF’s man page.

On OSX 10.11, the commands to control PF and dummynet are pfctl and dnctl. Using them requires root; sudo as necessary.

Test it out:

First, let’s create a slow pipe, operating at 10kb/s with a 300ms delay:

dnctl pipe 1 config bw 10Kbit/s delay 300

Then we create a rule to direct our example.com traffic through the pipe:

echo "dummynet out proto tcp from any to example.com pipe 1" |pfctl -f -

Finally, enable the firewall with pfctl -e, and enjoy terrible connectivity to example.com!

When you’re done, you can revert your changes with pfctl -F /etc/pf.conf and dnctl -q flush, and then stop the firewall with pfctl -d.

Additional Notes

  • PF resolves DNS once when the rule is activated, rather than each time a connection is made, so this approach may be stymied by round robin DNS.
  • You can inspect the current configurations of PF with pfctl -sa and dummynet with dnctl list.
  • To get a better idea of these tools’ capabilities, check out Murus Firewall, which exposes them with a graphical interface.