Uploaded image for project: 'Indy Node'
  1. Indy Node
  2. INDY-1087

Add iptables rules to limit the number of clients connections

    Details

    • Type: Task
    • Status: Complete
    • Priority: High
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Epic Link:
    • Sprint:
      INDY 18.01: Stability+, Sprint 18.02 Stability

      Description

      The investigation done in scope of ticket INDY-570 showed that there is no way to limit the number of clients connections using ZMQ API. So we need external firewall (iptables) to do it.

      Corresponding iptables rule may be added manually by steward or automatically by install script. The questions here is what max number of sumultaneous connections should be specified? Just to remind: the main problem of non-limited number of clients connections is situation when we can not open some file as the limit of opened file descriptors is reached. The main point here is that we always should have ability to open files that are necessary for node functionality. So I propose the following solution:
      1. calculate approximate number of file descriptors needed to open local files, DBs etc. (F)
      2. calculate approximate number of file descriptors needed for communication with other nodes (N)
      3. define some window, i.e. some number of spare file descriptors as two steps above calculate file descriptors approximately (W)
      4. now we can calculate max number of clients connections (X): X = LimitNOFILE - (F + N + W)

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                VladimirWork Vladimir Shishkin
                Reporter:
                sergey-shilov Sergey Shilov
                Watchers:
                Sergey Shilov, Vladimir Shishkin
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: