zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Botond Hejj (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-2454) Limit Connection Count based on User
Date Tue, 02 Aug 2016 12:31:20 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-2454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15403893#comment-15403893
] 

Botond Hejj commented on ZOOKEEPER-2454:
----------------------------------------

1.
I've checked Netty code and I see that in Netty even the simple ip based connection limiting
implementation is broken. There is a set to collect connections for ip but there is no remove
from the set on disconnect and actually the logic is missing to disconnect a connection if
the limit is reached.

I think there should be another jira to fix that up. Those changes doesn't belong here.
I would progress with NIO support for now and have 2 more jira. One to fix the Netty ip limiting
and depending on that add user based limiting to Netty.

2.
I think every provider has an id. Maybe the feature name is misleading and we should rename
from "Limit Connection Count based on User" to "Limit Connection Count based on Auth Id"

> Limit Connection Count based on User
> ------------------------------------
>
>                 Key: ZOOKEEPER-2454
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2454
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: server
>            Reporter: Botond Hejj
>            Assignee: Botond Hejj
>            Priority: Minor
>         Attachments: ZOOKEEPER-2454-br-3-4.patch, ZOOKEEPER-2454.patch, ZOOKEEPER-2454.patch
>
>
> ZooKeeper currently can limit connection count from clients coming from the same ip.
It is a great feature to malfunctioning clients DOS-ing the server with many requests.
> I propose additional safegurads for ZooKeeper. 
> It would be great if optionally connection count could be limited for a specific user
or a specific user on an ip.
> This is great in cases where ZooKeeper ensemble is shared by multiple users and these
users share the same client ips. This can be common in container based cloud deployment where
external ip of multiple clients can be the same.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message