<div dir="ltr">Hi Jay,<div>thanks for your comments and suggestions.</div><div><br></div><div>In fact now I started to look into HAProxy because we are already using it as load balancer.</div><div>Anyone with a similar setup using "stick-table" functionality on HAProxy for rate-limit?</div>
<div><br></div><div>Belmiro</div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sun, Jun 22, 2014 at 8:47 PM, Jay Pipes <span dir="ltr"><<a href="mailto:jaypipes@gmail.com" target="_blank">jaypipes@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On 06/22/2014 01:52 PM, Belmiro Moreira wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
I'm looking how to rate limit the API requests from users in order<br>
to prevent abusive utilization.<br>
nova-api can be configured to handle rate-limit however this is not<br>
available in other apis (ec2, glance ...).<br>
<br>
Any experiences, suggestions in this area?<br>
</blockquote>
<br></div></div>
Do not use the rate-limiting functionality in Nova. It was not a good idea to begin with, as there are already open source, better, faster programs that do rate-limiting in C not Python. IMO, Nova should focus on compute API processing, not standard HTTP rate limiting.<br>
<br>
Use a rate-limiting middleware application that sits in front of your nova-api daemons. Same for SSL termination. Don't use Python+SSL for your SSL functionality. Terminate the (expensive) SSL operations in your load balancer or something like Pound.<br>
<br>
Check out mod_evasive and mod_qos for Apache and proxies like Varnish. There is also rate-limiting functionality in nginx and lighttpd as well.<br>
<br>
Best,<br>
-jay<br>
<br>
______________________________<u></u>_________________<br>
OpenStack-operators mailing list<br>
<a href="mailto:OpenStack-operators@lists.openstack.org" target="_blank">OpenStack-operators@lists.<u></u>openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack-operators</a><br>
</blockquote></div><br></div>