Uploaded image for project: 'Indy Node'
  1. Indy Node
  2. INDY-1087

Add iptables rules to limit the number of clients connections



    • Task
    • Status: Complete
    • High
    • Resolution: Done
    • None
    • None
    • None
    • None
    • INDY 18.01: Stability+, Sprint 18.02 Stability


      The investigation done in scope of ticket INDY-570 showed that there is no way to limit the number of clients connections using ZMQ API. So we need external firewall (iptables) to do it.

      Corresponding iptables rule may be added manually by steward or automatically by install script. The questions here is what max number of sumultaneous connections should be specified? Just to remind: the main problem of non-limited number of clients connections is situation when we can not open some file as the limit of opened file descriptors is reached. The main point here is that we always should have ability to open files that are necessary for node functionality. So I propose the following solution:
      1. calculate approximate number of file descriptors needed to open local files, DBs etc. (F)
      2. calculate approximate number of file descriptors needed for communication with other nodes (N)
      3. define some window, i.e. some number of spare file descriptors as two steps above calculate file descriptors approximately (W)
      4. now we can calculate max number of clients connections (X): X = LimitNOFILE - (F + N + W)


        Issue Links



              VladimirWork Vladimir Shishkin
              sergey-shilov Sergey Shilov
              Sergey Shilov, Vladimir Shishkin
              0 Vote for this issue
              2 Start watching this issue