Skip to content
This repository has been archived by the owner on Oct 11, 2024. It is now read-only.

Implement low-level rate-limiting #422

Merged
merged 15 commits into from
Oct 1, 2019

Conversation

albrow
Copy link
Contributor

@albrow albrow commented Sep 20, 2019

Fixes #119.

This PR implements low-level rate-limiting and bans offending peers by their IP address. Currently, the limit on bandwidth usage is set conservatively high at 100 MiB/s. We can lower this limit over time as we get a better sense for what real world usage looks like.

This PR also will cause Mesh to log bandwidth statistics every 5 minutes, which will help us understand how much bandwidth is being used by each peer and each protocol over time. Technically, it would probably be better to report these statistics via Prometheus. However, since we already have the proxy and authentication infra set up for logging+EFK, I think it is okay to log them for now.

Also note that in order for this rate-limiting strategy to be effective we need to implement #390. In this PR, relay hosts are immune from being banned, so a spammer could simply use a relayed connection to circumvent the bandwidth limits. Once well-behaving relay hosts implement their own rate-limiting, we can safely differentiate misbehaving relay hosts from well-behaving ones and ban them.

@albrow albrow changed the base branch from master to development September 20, 2019 22:09
@albrow albrow requested a review from fabioberger September 20, 2019 22:25
@albrow albrow modified the milestone: Hardening Mesh Sep 30, 2019
p2p/bandwidth_checker.go Outdated Show resolved Hide resolved
p2p/node.go Outdated Show resolved Hide resolved
@albrow albrow force-pushed the feature/low-level-rate-limiting branch from 524ecfb to 89940f7 Compare October 1, 2019 18:20
@albrow albrow merged commit 9afbd1d into development Oct 1, 2019
@albrow albrow deleted the feature/low-level-rate-limiting branch October 1, 2019 18:39
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants