[
https://issues.apache.org/jira/browse/ZOOKEEPER-2454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15352636#comment-15352636
]
Flavio Junqueira commented on ZOOKEEPER-2454:
---------------------------------------------
I think this is a good feature, thanks for contributing [~botond.hejj].
As I understand it, you're setting limits per user and user-IP, but the limits
are global and valid for all SASL users, you don't want to add fine-grained
control over specific users like in "user x can have at most 5 connections,
while user y can have at most 10". It would be good to document the behavior
here, e.g., is it possible that the user limit and the user ip can contradict
each other. If I say that globally a user has max 10 and per IP it has 5, then
what happens if I have 3 IPs for the user? Do I get 15 max or do I cap at 10? I
suspect you want the latter, but again documenting would help to determine what
behavior we are trying to get if it makes sense.
> Limit Connection Count based on User
> ------------------------------------
>
> Key: ZOOKEEPER-2454
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2454
> Project: ZooKeeper
> Issue Type: New Feature
> Components: server
> Reporter: Botond Hejj
> Assignee: Botond Hejj
> Priority: Minor
> Attachments: ZOOKEEPER-2454-br-3-4.patch, ZOOKEEPER-2454.patch
>
>
> ZooKeeper currently can limit connection count from clients coming from the
> same ip. It is a great feature to malfunctioning clients DOS-ing the server
> with many requests.
> I propose additional safegurads for ZooKeeper.
> It would be great if optionally connection count could be limited for a
> specific user or a specific user on an ip.
> This is great in cases where ZooKeeper ensemble is shared by multiple users
> and these users share the same client ips. This can be common in container
> based cloud deployment where external ip of multiple clients can be the same.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
