[
https://issues.apache.org/jira/browse/YARN-1547?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15284052#comment-15284052
]
Giovanni Matteo Fumarola commented on YARN-1547:
------------------------------------------------
[~vinodkv] I just pushed a first prototype version.
Just to get feedback on it.
Some few comments from my side:
1) To prevent DoS attacks, this new class performs 3 checks: on singular
request, over the entire lifetime of the application, and in a short time using
a sliding window.
2) The sliding window's code is taken from an other OSS project: Storm. I made
some modification on top of it. I don't know how it works with shared code
between OSS Apache projects.
3) Right now, the class is an interceptor for AMRMProxy, as we discussed we
should move this class in a common place to be used by RM - maybe
yarn-server-common.
4) I inserted some default values on YarnConfiguration. They are inaccurate. We
should get those data from a real cluster. On top of it, I would like to create
a new YarnConfiguration for DoS values.
5) In this patch, jUnits are missing. I tested it with some simple UTCs in the
same style of [YARN-4117|https://issues.apache.org/jira/browse/YARN-4117]. As I
said before this patch is just a prototype to get feedback :) in the next
versions I will insert real UTCs.
6) A full complete JavaDocs are missing.
7) When the application passes a limit or gives a wrong values, the interceptor
should reject the call. I inserted couple of TODO because I was not sure what
to do: return null; or throw a YarnException.
> Prevent DoS of ApplicationMasterProtocol by putting in limits
> -------------------------------------------------------------
>
> Key: YARN-1547
> URL: https://issues.apache.org/jira/browse/YARN-1547
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Vinod Kumar Vavilapalli
> Assignee: Giovanni Matteo Fumarola
> Attachments: YARN-1547.pdf, YARN-1547.prototype.v0.patch,
> YARN-1547.v0.pdf
>
>
> Points of DoS in ApplicationMasterProtocol
> - Host and trackingURL in RegisterApplicationMasterRequest
> - Diagnostics, final trackingURL in FinishApplicationMasterRequest
> - Unlimited number of resourceAsks, containersToBeReleased and
> resourceBlacklistRequest in AllocateRequest
> -- Unbounded number of priorities and/or resourceRequests in each ask.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
