[jira] [Commented] (ZOOKEEPER-2454) Limit Connection Count based on User

Mon, 08 Aug 2016 14:56:28 -0700 

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15412546#comment-15412546
 ] 

Edward Ribeiro commented on ZOOKEEPER-2454:
-------------------------------------------

Hi [~botond.hejj],

I totally agree with [~fpj]. As you correctly pointed out the Netty code is a 
bit out of sync wrt to NIO already, but if we can avoid this *further*, the 
better, imo.

{quote}
I've checked Netty code and I see that in Netty even the simple ip based 
connection limiting implementation is broken. There is a set to collect 
connections for ip but there is no remove from the set on disconnect and 
actually the logic is missing to disconnect a connection if the limit is 
reached.
{quote}

Yup, this particular issue has being tracked by ZOOKEEPER-2280. It is a very 
old patch and *certainly is lacks needs fixing/reworking/rebasing*, but gonna 
resume now.

Also, I have proposed another feature to limit the total amount of connections: 
ZOOKEEPER-2280 (again, an old patch that need to be revisited and probably 
rewritten). I think it would make a nice addition to this JIRA.

Cheers


> Limit Connection Count based on User
> ------------------------------------
>
>                 Key: ZOOKEEPER-2454
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2454
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: server
>            Reporter: Botond Hejj
>            Assignee: Botond Hejj
>            Priority: Minor
>         Attachments: ZOOKEEPER-2454-br-3-4.patch, ZOOKEEPER-2454.patch, 
> ZOOKEEPER-2454.patch
>
>
> ZooKeeper currently can limit connection count from clients coming from the 
> same ip. It is a great feature to malfunctioning clients DOS-ing the server 
> with many requests.
> I propose additional safegurads for ZooKeeper. 
> It would be great if optionally connection count could be limited for a 
> specific user or a specific user on an ip.
> This is great in cases where ZooKeeper ensemble is shared by multiple users 
> and these users share the same client ips. This can be common in container 
> based cloud deployment where external ip of multiple clients can be the same.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to