I think the purpose of the DB is to support a clustered setup, otherwise an in-memory counter would suffice. John's concern on DB performance is pertinent. I have had good success with MySQL's "UPDATE table SET counter=counter+1" to increment counts, but that is specific to MySQL. Note that the FK is really not necessary -- you could ensure it is deleted with a background task.
This opensource project [1] prefers to use a Redis store to track the counters to enable distributed counting, but I wonder if MySQL's in-memory table would also work (there's a lot of limitations on the in-memory store though). OTOH, a nosql store like Redis might find applications elsewhere. [1]https://github.com/klmitch/turnstile#readme On 12/19/12 11:01 AM, "John Kinsella" <j...@stratosec.co> wrote: >Looks good - you got the one thing I would have thought of, to be able to >throttle per account. > >I'd suspect that tracking db counts in the db itself could cause a DOS, >unless the inserts are buffered? > >Also, how will the tracking work in clustered manager setups? > >I don't know what this "campo" release is which the wiki page speaks of. >:) > >On Dec 19, 2012, at 10:49 AM, Min Chen <min.c...@citrix.com> > wrote: > >> Hi all, >> >> Currently, the legitimate users of CloudStack can occasionally hammer >>the server with heavy API requests that cause undesirable results, like >>killing the server, performance issues for other CloudStack users. Also, >>it may become a mechanism for certain malicious users to do malicious >>attacks to CloudStack service to cause cloud outage. To prevent certain >>things happen, we would like to introduce API request throttling >>feature to limit number of APIs that can be placed by each account >>within certain time duration and will block API requests if the account >>is over the limit so that he/she have to retry later. The detailed FS >>can be found at >>https://cwiki.apache.org/confluence/display/CLOUDSTACK/API+Request+Thrott >>ling. >> >> Please let me know any comments and suggestions. >> >> Thanks >> -min > >Stratosec - Secure Infrastructure as a Service >o: 415.315.9385 >@johnlkinsella >
