Open Stack

Hi Jay,
thanks for your comments and suggestions.

In fact now I started to look into HAProxy because we are already using it
as load balancer.
Anyone with a similar setup using "stick-table" functionality on HAProxy
for rate-limit?

Belmiro



On Sun, Jun 22, 2014 at 8:47 PM, Jay Pipes <jaypipes at gmail.com> wrote:

> On 06/22/2014 01:52 PM, Belmiro Moreira wrote:
>
>> Hi,
>> I'm looking how to rate limit the API requests from users in order
>> to prevent abusive utilization.
>> nova-api can be configured to handle rate-limit however this is not
>> available in other apis (ec2, glance ...).
>>
>> Any experiences, suggestions in this area?
>>
>
> Do not use the rate-limiting functionality in Nova. It was not a good idea
> to begin with, as there are already open source, better, faster programs
> that do rate-limiting in C not Python. IMO, Nova should focus on compute
> API processing, not standard HTTP rate limiting.
>
> Use a rate-limiting middleware application that sits in front of your
> nova-api daemons. Same for SSL termination. Don't use Python+SSL for your
> SSL functionality. Terminate the (expensive) SSL operations in your load
> balancer or something like Pound.
>
> Check out mod_evasive and mod_qos for Apache and proxies like Varnish.
> There is also rate-limiting functionality in nginx and lighttpd as well.
>
> Best,
> -jay
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20140622/62531f3b/attachment.html>