hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vinod Kumar Vavilapalli (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-1547) Prevent DoS of ApplicationMasterProtocol by putting in limits
Date Wed, 30 Mar 2016 19:43:25 GMT

    [ https://issues.apache.org/jira/browse/YARN-1547?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15218681#comment-15218681

Vinod Kumar Vavilapalli commented on YARN-1547:

Looked at the updated document, thanks [~giovanni.fumarola] and [~subru]! Few comments
bq. Keeps tracks of all the requests
In addition to the sliding window, we should have an upper limit on all requests possible
from any single application in its entire life-time. The sliding window avoids unreasonable
spikes while the across-the-lifetime limit avoids slow abuse of unreasonable amount of resources.

bq. We can apply an additional control to check if the list-size of a single request overflows
a specific threshold.  
+1, we must. To me this is an equally pressing concern compared to the spikes in list-sizes.

It will be good if we can implement the enforcers / limiters in such a way that we can easily
reuse them as the APIs themselves change over time from lists to maps etc.

Overall, you have covered significant ground in the latest doc. We should get going with code

Thanks for taking care of this!

> Prevent DoS of ApplicationMasterProtocol by putting in limits
> -------------------------------------------------------------
>                 Key: YARN-1547
>                 URL: https://issues.apache.org/jira/browse/YARN-1547
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Vinod Kumar Vavilapalli
>            Assignee: Giovanni Matteo Fumarola
>         Attachments: YARN-1547.pdf, YARN-1547.v0.pdf
> Points of DoS in ApplicationMasterProtocol
>  - Host and trackingURL in RegisterApplicationMasterRequest
>  - Diagnostics, final trackingURL in FinishApplicationMasterRequest
>  - Unlimited number of resourceAsks, containersToBeReleased and resourceBlacklistRequest
in AllocateRequest
>     -- Unbounded number of priorities and/or resourceRequests in each ask.

This message was sent by Atlassian JIRA

View raw message