[Openstack-operators] api rate-limit

Jay Pipes jaypipes at gmail.com
Sun Jun 22 18:47:21 UTC 2014


On 06/22/2014 01:52 PM, Belmiro Moreira wrote:
> Hi,
> I'm looking how to rate limit the API requests from users in order
> to prevent abusive utilization.
> nova-api can be configured to handle rate-limit however this is not
> available in other apis (ec2, glance ...).
>
> Any experiences, suggestions in this area?

Do not use the rate-limiting functionality in Nova. It was not a good 
idea to begin with, as there are already open source, better, faster 
programs that do rate-limiting in C not Python. IMO, Nova should focus 
on compute API processing, not standard HTTP rate limiting.

Use a rate-limiting middleware application that sits in front of your 
nova-api daemons. Same for SSL termination. Don't use Python+SSL for 
your SSL functionality. Terminate the (expensive) SSL operations in your 
load balancer or something like Pound.

Check out mod_evasive and mod_qos for Apache and proxies like Varnish. 
There is also rate-limiting functionality in nginx and lighttpd as well.

Best,
-jay



More information about the OpenStack-operators mailing list