[Openstack] [keystone] Rate limit middleware

Jorge Williams jorge.williams at rackspace.com
Wed Jul 11 17:23:08 UTC 2012 

More info on the Repose rate limiter here:

http://wiki.openrepose.org/display/REPOSE/Rate+Limiting+Filter

The rate limiter has the concept of limit groups -- you can specify rate limits for a particular group -- then introspect the request to see which group applies.  Typically a user can be placed in a particular group etc.  When rate limiting keystone, you might want to rate limit authentication attempts.  The issue there is that the user has not gone through an auth process so you can't necessarily ID the user. We use the concept of quality, where different middle ware components take a guess about what limit group to use.  This allows the rate limiter to rate limit by say IP address, data in the URI, or the content of the message etc.

See:  http://wiki.openrepose.org/display/REPOSE/Header+Value+Quality
And:   http://wiki.openrepose.org/display/REPOSE/Identity+Filters

Sorry, our docs are a little sparse.

-jOrGe W.


On Jul 11, 2012, at 10:56 AM, Dolph Mathews wrote:

REPOSE would be worth taking a look at, as well (includes rate limiting):

  https://github.com/rackspace/repose
  http://openrepose.org/documentation.html

-Dolph

On Wed, Jul 11, 2012 at 9:19 AM, Kevin L. Mitchell <kevin.mitchell at rackspace.com<mailto:kevin.mitchell at rackspace.com>> wrote:
On Wed, 2012-07-11 at 01:50 +0200, Rafael Durán Castañeda wrote:
> I'm working on a blueprint [1] and implementation [2] doing rate limit
> middleware for Keystone; after discussing it at keystone's meeting
> today I was suggested to ask for some feedback from the community.

Have you taken a look at Turnstile and the related integration package,
nova_limits?  Unfortunately, trunk Turnstile doesn't support
multiprocess, but I intend to address that as soon as job
responsibilities permit.

URLs:

      * http://pypi.python.org/pypi/turnstile
      * http://pypi.python.org/pypi/nova_limits
      * https://github.com/klmitch/turnstile
      * https://github.com/klmitch/nova_limits
--
Kevin L. Mitchell <kevin.mitchell at rackspace.com<mailto:kevin.mitchell at rackspace.com>>


_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120711/11b27a39/attachment.html>

More information about the Openstack mailing list