Add spec for metadata-rate-limit
Related-Bug: #1989199 Change-Id: I31fe80a2fa4c495acfab5886a304866c7da0d04b
This commit is contained in:
Guillaume Espanel
parent
cc10828176
commit
89528429f9
|
|
@ -0,0 +1,53 @@
|
|||
..
|
||||
This work is licensed under a Creative Commons Attribution 3.0 Unported
|
||||
License.
|
||||
|
||||
http://creativecommons.org/licenses/by/3.0/legalcode
|
||||
|
||||
===================
|
||||
Metadata rate limit
|
||||
===================
|
||||
|
||||
Launchpad Bug:
|
||||
https://bugs.launchpad.net/neutron/+bug/1989199
|
||||
|
||||
The metadata agents currently do not limit the number of requests they try to
|
||||
process. Mis-behaved instances hammering the metadata endpoint can incur a
|
||||
high load on services above the metadata-agents (Nova and Neutron).
|
||||
|
||||
Problem Description
|
||||
===================
|
||||
|
||||
Platforms administrators would benefit from being able to rate-limit requests
|
||||
handled by metadata in order to protect other OpenStack components from DoS.
|
||||
|
||||
* Rate-limiting should be configurable via the config files
|
||||
* Requests should be rate-limited by source IP
|
||||
* The default settings for the rate-limiting should not impact the normal
|
||||
provisioning of an instance (eg. through cloud-init)
|
||||
|
||||
Proposed Change
|
||||
===============
|
||||
|
||||
The metadata agent (both in the case of OVN and OVS/linuxbridge) receive
|
||||
instances requests through an haproxy process it configures.
|
||||
|
||||
We could leverage haproxy's stick-tables to implement rate-limiting, similar
|
||||
to what is done in this haproxy configuration example [1]_. Concretely,
|
||||
requests coming-in from IPs that have a request rate above a configured
|
||||
threshold would receive 429s from haproxy, without hitting the metadata-agent.
|
||||
|
||||
As far as configuration is concerned, we would introduce some new directives
|
||||
to enable the rate-limiting and to configure the thresholds and time-window
|
||||
sizes.
|
||||
|
||||
In order to accommodate some events that normally occur during the life of an
|
||||
instance (for example: cloud-init, periodic refresh of the network-metadata),
|
||||
we could make the rate-limit burstable, for example: limit the request rate
|
||||
to 30 over 60s and to 10 over 5s.
|
||||
|
||||
References
|
||||
==========
|
||||
|
||||
.. [1] HAProxy Rate Limiting: Four Examples, July 30, 2019
|
||||
https://www.haproxy.com/blog/four-examples-of-haproxy-rate-limiting/#sliding-window-rate-limiting
|
||||
Loading…
Reference in New Issue