Return-Path: X-Original-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org Delivered-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 58FE5D4C6 for ; Thu, 20 Dec 2012 09:34:21 +0000 (UTC) Received: (qmail 32415 invoked by uid 500); 20 Dec 2012 09:34:21 -0000 Delivered-To: apmail-incubator-cloudstack-dev-archive@incubator.apache.org Received: (qmail 31890 invoked by uid 500); 20 Dec 2012 09:34:20 -0000 Mailing-List: contact cloudstack-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cloudstack-dev@incubator.apache.org Delivered-To: mailing list cloudstack-dev@incubator.apache.org Received: (qmail 31868 invoked by uid 99); 20 Dec 2012 09:34:19 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Dec 2012 09:34:19 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of koushik.das@citrix.com designates 203.166.19.134 as permitted sender) Received: from [203.166.19.134] (HELO SMTP.CITRIX.COM.AU) (203.166.19.134) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Dec 2012 09:34:11 +0000 X-IronPort-AV: E=Sophos;i="4.84,322,1355097600"; d="scan'208";a="152935" Received: from banpmailmx02.citrite.net ([10.103.128.74]) by SYDPIPO01.CITRIX.COM.AU with ESMTP/TLS/RC4-MD5; 20 Dec 2012 09:33:50 +0000 Received: from BANPMAILBOX01.citrite.net ([10.103.128.72]) by BANPMAILMX02.citrite.net ([10.103.128.74]) with mapi; Thu, 20 Dec 2012 15:03:47 +0530 From: Koushik Das To: "cloudstack-dev@incubator.apache.org" Date: Thu, 20 Dec 2012 15:03:46 +0530 Subject: RE: [DISCUSS]API request throttling Thread-Topic: [DISCUSS]API request throttling Thread-Index: Ac3eGYLXdE084in4QAuzx62ZPN3F9QAeUBJAAAB0E1A= Message-ID: <2529883E7B666F4E8F21F85AADA43CA7010C8EB1BD7E@BANPMAILBOX01.citrite.net> References: <35F04D4C394874409D9BE4BF45AC5EA9010B2807B930@BANPMAILBOX01.citrite.net> In-Reply-To: <35F04D4C394874409D9BE4BF45AC5EA9010B2807B930@BANPMAILBOX01.citrite.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org All the APIs are independent so even if some are not allowed due to limit g= etting reached there shouldn't be any inconsistency in the DB/hypervisors. = But this needs to be handled properly in the UI. Thanks, Koushik > -----Original Message----- > From: Ram Ganesh [mailto:Ram.Ganesh@citrix.com] > Sent: Thursday, December 20, 2012 2:53 PM > To: cloudstack-dev@incubator.apache.org > Subject: RE: [DISCUSS]API request throttling >=20 > How do we characterize the behaviour for a UI/self-service portal user? A > single UI screen can result anywhere from 1 to N API requests. Would it n= ot > lead CloudStack to some inconsistent state? What if the UI configuration > spans time duration window? >=20 > Thanks, > RamG >=20 > > -----Original Message----- > > From: Min Chen [mailto:min.chen@citrix.com] > > Sent: 20 December 2012 00:19 > > To: cloudstack-dev@incubator.apache.org > > Subject: [DISCUSS]API request throttling > > > > Hi all, > > > > Currently, the legitimate users of CloudStack can occasionally hammer > > the server with heavy API requests that cause undesirable results, > > like killing the server, performance issues for other CloudStack users. > > Also, it may become a mechanism for certain malicious users to do > > malicious attacks to CloudStack service to cause cloud outage. To > > prevent certain things happen, we would like to introduce API request > > throttling feature to limit number of APIs that can be placed by each > > account within certain time duration and will block API requests if > > the account is over the limit so that he/she have to retry later. The > > detailed FS can be found at > > > https://cwiki.apache.org/confluence/display/CLOUDSTACK/API+Request+Th > r > > o > > ttling. > > > > Please let me know any comments and suggestions. > > > > Thanks > > -min