zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Edward Ribeiro (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-2454) Limit Connection Count based on User
Date Mon, 08 Aug 2016 21:55:20 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-2454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15412546#comment-15412546
] 

Edward Ribeiro commented on ZOOKEEPER-2454:
-------------------------------------------

Hi [~botond.hejj],

I totally agree with [~fpj]. As you correctly pointed out the Netty code is a bit out of sync
wrt to NIO already, but if we can avoid this *further*, the better, imo.

{quote}
I've checked Netty code and I see that in Netty even the simple ip based connection limiting
implementation is broken. There is a set to collect connections for ip but there is no remove
from the set on disconnect and actually the logic is missing to disconnect a connection if
the limit is reached.
{quote}

Yup, this particular issue has being tracked by ZOOKEEPER-2280. It is a very old patch and
*certainly is lacks needs fixing/reworking/rebasing*, but gonna resume now.

Also, I have proposed another feature to limit the total amount of connections: ZOOKEEPER-2280
(again, an old patch that need to be revisited and probably rewritten). I think it would make
a nice addition to this JIRA.

Cheers


> Limit Connection Count based on User
> ------------------------------------
>
>                 Key: ZOOKEEPER-2454
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2454
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: server
>            Reporter: Botond Hejj
>            Assignee: Botond Hejj
>            Priority: Minor
>         Attachments: ZOOKEEPER-2454-br-3-4.patch, ZOOKEEPER-2454.patch, ZOOKEEPER-2454.patch
>
>
> ZooKeeper currently can limit connection count from clients coming from the same ip.
It is a great feature to malfunctioning clients DOS-ing the server with many requests.
> I propose additional safegurads for ZooKeeper. 
> It would be great if optionally connection count could be limited for a specific user
or a specific user on an ip.
> This is great in cases where ZooKeeper ensemble is shared by multiple users and these
users share the same client ips. This can be common in container based cloud deployment where
external ip of multiple clients can be the same.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message