Uploaded image for project: 'Indy Node'
  1. Indy Node
  2. INDY-1087

Add iptables rules to limit the number of clients connections

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Complete
    • Priority: High
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Epic Link:
    • Sprint:
      INDY 18.01: Stability+, Sprint 18.02 Stability

      Description

      The investigation done in scope of ticket INDY-570 showed that there is no way to limit the number of clients connections using ZMQ API. So we need external firewall (iptables) to do it.

      Corresponding iptables rule may be added manually by steward or automatically by install script. The questions here is what max number of sumultaneous connections should be specified? Just to remind: the main problem of non-limited number of clients connections is situation when we can not open some file as the limit of opened file descriptors is reached. The main point here is that we always should have ability to open files that are necessary for node functionality. So I propose the following solution:
      1. calculate approximate number of file descriptors needed to open local files, DBs etc. (F)
      2. calculate approximate number of file descriptors needed for communication with other nodes (N)
      3. define some window, i.e. some number of spare file descriptors as two steps above calculate file descriptors approximately (W)
      4. now we can calculate max number of clients connections (X): X = LimitNOFILE - (F + N + W)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              VladimirWork Vladimir Shishkin
              Reporter:
              sergey-shilov Sergey Shilov
              Watchers:
              Sergey Shilov, Vladimir Shishkin
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: