[
https://issues.apache.org/jira/browse/ZOOKEEPER-2454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15403893#comment-15403893
]
Botond Hejj commented on ZOOKEEPER-2454:
----------------------------------------
1.
I've checked Netty code and I see that in Netty even the simple ip based
connection limiting implementation is broken. There is a set to collect
connections for ip but there is no remove from the set on disconnect and
actually the logic is missing to disconnect a connection if the limit is
reached.
I think there should be another jira to fix that up. Those changes doesn't
belong here.
I would progress with NIO support for now and have 2 more jira. One to fix the
Netty ip limiting and depending on that add user based limiting to Netty.
2.
I think every provider has an id. Maybe the feature name is misleading and we
should rename from "Limit Connection Count based on User" to "Limit Connection
Count based on Auth Id"
> Limit Connection Count based on User
> ------------------------------------
>
> Key: ZOOKEEPER-2454
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2454
> Project: ZooKeeper
> Issue Type: New Feature
> Components: server
> Reporter: Botond Hejj
> Assignee: Botond Hejj
> Priority: Minor
> Attachments: ZOOKEEPER-2454-br-3-4.patch, ZOOKEEPER-2454.patch,
> ZOOKEEPER-2454.patch
>
>
> ZooKeeper currently can limit connection count from clients coming from the
> same ip. It is a great feature to malfunctioning clients DOS-ing the server
> with many requests.
> I propose additional safegurads for ZooKeeper.
> It would be great if optionally connection count could be limited for a
> specific user or a specific user on an ip.
> This is great in cases where ZooKeeper ensemble is shared by multiple users
> and these users share the same client ips. This can be common in container
> based cloud deployment where external ip of multiple clients can be the same.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
