You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by "Botond Hejj (JIRA)" <ji...@apache.org> on 2016/08/02 12:31:20 UTC

[jira] [Commented] (ZOOKEEPER-2454) Limit Connection Count based on User

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-2454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15403893#comment-15403893 ] 

Botond Hejj commented on ZOOKEEPER-2454:
----------------------------------------

1.
I've checked Netty code and I see that in Netty even the simple ip based connection limiting implementation is broken. There is a set to collect connections for ip but there is no remove from the set on disconnect and actually the logic is missing to disconnect a connection if the limit is reached.

I think there should be another jira to fix that up. Those changes doesn't belong here.
I would progress with NIO support for now and have 2 more jira. One to fix the Netty ip limiting and depending on that add user based limiting to Netty.

2.
I think every provider has an id. Maybe the feature name is misleading and we should rename from "Limit Connection Count based on User" to "Limit Connection Count based on Auth Id"

> Limit Connection Count based on User
> ------------------------------------
>
>                 Key: ZOOKEEPER-2454
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2454
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: server
>            Reporter: Botond Hejj
>            Assignee: Botond Hejj
>            Priority: Minor
>         Attachments: ZOOKEEPER-2454-br-3-4.patch, ZOOKEEPER-2454.patch, ZOOKEEPER-2454.patch
>
>
> ZooKeeper currently can limit connection count from clients coming from the same ip. It is a great feature to malfunctioning clients DOS-ing the server with many requests.
> I propose additional safegurads for ZooKeeper. 
> It would be great if optionally connection count could be limited for a specific user or a specific user on an ip.
> This is great in cases where ZooKeeper ensemble is shared by multiple users and these users share the same client ips. This can be common in container based cloud deployment where external ip of multiple clients can be the same.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)