[jira] [Commented] (TS-4087) H2 flexible resource limitation

Wed, 24 Feb 2016 18:05:52 -0800 

    [ 
https://issues.apache.org/jira/browse/TS-4087?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15166566#comment-15166566
 ] 

ASF GitHub Bot commented on TS-4087:
------------------------------------

Github user masaori335 commented on a diff in the pull request:

    https://github.com/apache/trafficserver/pull/485#discussion_r54039631
  
    --- Diff: proxy/http2/Http2ConnectionState.cc ---
    @@ -1160,3 +1162,31 @@ 
Http2ConnectionState::send_window_update_frame(Http2StreamId id, uint32_t size)
       SCOPED_MUTEX_LOCK(lock, this->ua_session->mutex, this_ethread());
       this->ua_session->handleEvent(HTTP2_SESSION_EVENT_XMIT, &window_update);
     }
    +
    +// Return min_concurrent_streams_in when current client streams number is 
larger than max_active_streams_in.
    +// Main purpose of this is preventing DDoS Attacks.
    +unsigned
    +Http2ConnectionState::_adjust_concurrent_stream()
    +{
    +  int64_t current_client_streams = 0;
    +  RecGetRawStatSum(http2_rsb, HTTP2_STAT_CURRENT_CLIENT_STREAM_COUNT, 
&current_client_streams);
    --- End diff --
    
    Ah, `RecGetRawStatSum` gets global + thread local stats. I'll fix this. 
Thanks.
    I thought `RecGetGlobalRawStatSum` is global and `RecGetRawStatSum` is 
thread local one;)



> H2 flexible resource limitation
> -------------------------------
>
>                 Key: TS-4087
>                 URL: https://issues.apache.org/jira/browse/TS-4087
>             Project: Traffic Server
>          Issue Type: New Feature
>          Components: HTTP/2
>            Reporter: Ryo Okubo
>            Assignee: Masaori Koshiba
>             Fix For: 6.2.0
>
>
> Current H2 implementation depends on FetchSM and PluginVC to forward 
> requests. But their memory footprint is very high. It may be vulnerable to 
> DoS attack.
> As simple ways to avoid the problem, we can use two limitations, 
> _proxy.config.net.connections_throttle_ and 
> _proxy.config.http2.max_concurrent_streams_in_. But reducing number of 
> _proxy.config.net.connections_throttle_ causes that number of acceptable 
> HTTP/1.1 requests become lower. And reducing 
> _proxy.config.http2.max_concurrent_streams_in_ restricts benefits of H2.
> I'd like to propose more flexible resource limitation for current H2 impl 
> based on number of active H2 streams. Its adding an upper limit of active H2 
> streams. If tis exceeded, ATS send low number of 
> SETTINGS_MAX_CONCURRENT_STREAMS to clients and/or RST_STREAM frame.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to