Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add hot_clients_ips_maxsize, hot_clients_ips_threshold_ratio #2087

Draft
wants to merge 2 commits into
base: 04-29-feat_truncate_suspicious_ips_when_it_exceed_the_max_size
Choose a base branch
from
Draft

feat: Add hot_clients_ips_maxsize, hot_clients_ips_threshold_ratio #2087

wants to merge 2 commits into from

Conversation

jopemachine
Copy link
Member

@jopemachine jopemachine commented Apr 30, 2024
edited by github-actions bot
Loading

Overview

Define the settings hot_clients_ips_maxsize and hot_clients_ips_threshold_ratio in shard_config to allow customization.

By adding these key value settings, the existing anonymous_ratelimit key-value config path has also been changed.
Refer to the 'Command Test' section.

Default value

Key Default value
hot_clients_ips_maxsize 1000
hot_clients_ips_threshold_ratio 0.8

The hot_clients_ips_threshold_ratio of 0.8 means that an IP address is classified as a hot client when it reaches 80% or more of the rlimit (rate_limit).

Please take a look if the values above are sensible, and if not, let me know.

Command test

For example, to set the anonymous_ratelimit value to 10, execute the following command.

./backend.ai mgr etcd put config/anonymous_ratelimiter/rlimit 10

Checklist: (if applicable)

  • Milestone metadata specifying the target backport version
  • Mention to the original issue

📚 Documentation preview 📚: https://sorna--2087.org.readthedocs.build/en/2087/

📚 Documentation preview 📚: https://sorna-ko--2087.org.readthedocs.build/ko/2087/

@graphite-app Graphite App
Copy link

graphite-app bot commented Apr 30, 2024

Your org has enabled the Graphite merge queue for merging into main

Add the label “flow:merge-queue” to the PR and Graphite will automatically add it to the merge queue when it’s ready to merge. Or use the label “flow:hotfix” to add to the merge queue as a hot fix.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

@github-actions github-actions bot added area:docs Documentations comp:manager Related to Manager component size:M 30~100 LoC labels Apr 30, 2024
This was referenced Apr 30, 2024
Draft
Draft
Draft
Draft
@jopemachine Graphite App
Copy link
Member Author

jopemachine commented Apr 30, 2024
edited
Loading

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

This stack of pull requests is managed by Graphite. Learn more about stacking.

This was referenced Apr 30, 2024
Draft
Closed
@jopemachine jopemachine added this to the 24.09 milestone Apr 30, 2024
@jopemachine jopemachine marked this pull request as ready for review April 30, 2024 03:02
@jopemachine jopemachine linked an issue Apr 30, 2024 that may be closed by this pull request
DDoS prevention for anonymous manager API requests #2060
Open
@github-actions github-actions bot added the type:feature Add new features label Apr 30, 2024
@jopemachine jopemachine force-pushed the 04-29-feat_truncate_suspicious_ips_when_it_exceed_the_max_size branch from 826f01b to d075b8e Compare April 30, 2024 04:29
@jopemachine jopemachine force-pushed the 04-30-Add-suspicious_ips_maxsize-and-suspicious_ips_threshold_ratio branch from 9232390 to f8caa97 Compare April 30, 2024 04:30
@jopemachine jopemachine changed the title feat: Add suspicious_ips_maxsize, suspicious_ips_threshold_ratio feat: Add hot_clients_ips_maxsize, hot_clients_ips_threshold_ratio Apr 30, 2024
@jopemachine jopemachine force-pushed the 04-30-Add-suspicious_ips_maxsize-and-suspicious_ips_threshold_ratio branch from f8caa97 to 3b56a60 Compare April 30, 2024 04:45
@github-actions github-actions bot added the comp:client Related to Client component label Apr 30, 2024
@jopemachine jopemachine requested a review from achimnol July 29, 2024 05:04
@jopemachine jopemachine force-pushed the 04-29-feat_truncate_suspicious_ips_when_it_exceed_the_max_size branch from 646aefb to fe5dfef Compare August 5, 2024 04:51
@jopemachine jopemachine force-pushed the 04-30-Add-suspicious_ips_maxsize-and-suspicious_ips_threshold_ratio branch from 2914aea to 23133a5 Compare August 5, 2024 04:51
@jopemachine jopemachine force-pushed the 04-29-feat_truncate_suspicious_ips_when_it_exceed_the_max_size branch from fe5dfef to 21403c5 Compare September 30, 2024 13:52
@jopemachine jopemachine force-pushed the 04-30-Add-suspicious_ips_maxsize-and-suspicious_ips_threshold_ratio branch from 23133a5 to 1ab8ee7 Compare September 30, 2024 13:53
@jopemachine jopemachine added the action:on hold Hold it. Wait for the restart. label Dec 6, 2024
@jopemachine jopemachine marked this pull request as draft December 6, 2024 07:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@achimnol achimnol Awaiting requested review from achimnol

Assignees

@jopemachine jopemachine

Labels
action:on hold Hold it. Wait for the restart. area:docs Documentations comp:client Related to Client component comp:manager Related to Manager component size:M 30~100 LoC type:feature Add new features
Projects
None yet
Milestone
24.09
Development

Successfully merging this pull request may close these issues.

DDoS prevention for anonymous manager API requests
1 participant
@jopemachine