Skip to content

Introduce Rate Limiting #3265

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sukunrt opened this issue Apr 3, 2025 · 1 comment
Open

Introduce Rate Limiting #3265

sukunrt opened this issue Apr 3, 2025 · 1 comment

Comments

@sukunrt
Copy link
Member

sukunrt commented Apr 3, 2025

We should rate limit new connections and streams created by a host. go-libp2p should rate limit new connections, and streams used by libp2p itself, like identify-push, autonat, etc. Users should be able to configure these limits as well as set rate limits for their protocols.

This is very similar to what the resource manager does. It limits resource consumption at a point in time. Rate limits limit resource consumption over a specific window. From an implementation perspective we can choose to extend the resource manager with this functionality.

There are two specific benefits I'm interested in:

  1. Security benefits of being able to exploit some vulnerability or memory leak as many times as physically possible vs only being able to exploit it a few times a minute.
  2. From a systems perspective, there's a limit beyond which things will not work smoothly, especially in a heterogeneous p2p environment where you're running a bunch of things on the same node.
    Note: 2 makes things harder to configure as the limits would necessarily be different depending on the machine the node's run on. These are all the same issues that make the resource manager hard to configure.

As creating a peerID is cheap, we need to rely on limiting by IP subnets. Connection rate limiting can extend the IP specific Conn limit setup in the resource manager. Stream rate limiting can also borrow most of this setup, allowing users to rate limit streams from IPs sharing the same prefix.

Similar to ConnLimits in resource manager we can allow configuring rate limits at three levels

  1. Global limit: applicable to all events
  2. Subnet Specific rates: events grouped by ip subnet
  3. Specific Network Prefix rates: events from specific network prefixes
sukunrt added a commit that referenced this issue Apr 3, 2025
@sukunrt
identify: rate limit id push protocol
bbe99aa 
The rate limits id pushes from peers to one every five second with an
allowed burst of 10 pushes. This should be enough for all but
malfunctioning and malicious peers. 

We can use the exact same code for autonat, autonatv2, circuit v2, etc. 

Introducing limits to identify separately to get some feedback for
#3265. For this PR, I'd like to ignore issues regarding where should this
piece of code go, and focus on how specifically it should behave. See
the long comment in `rateLimiter.allow` for example. We should probably
modify `x/time/rate` for our usecase.

Part of: #3265
sukunrt added a commit that referenced this issue Apr 3, 2025
@sukunrt
identify: rate limit id push protocol
7c6e267 
The rate limits id pushes from peers to one every five second with an
allowed burst of 10 pushes. This should be enough for all but
malfunctioning and malicious peers. 

We can use the exact same code for autonat, autonatv2, circuit v2, etc. 

Introducing limits to identify separately to get some feedback for
#3265. For this PR, I'd like to ignore issues regarding where should this
piece of code go, and focus on how specifically it should behave. See
the long comment in `rateLimiter.allow` for example. We should probably
modify `x/time/rate` for our usecase.

Part of: #3265
sukunrt added a commit that referenced this issue Apr 3, 2025
@sukunrt
identify: rate limit id push protocol
58d3e36 
The rate limits id pushes from peers to one every five second with an
allowed burst of 10 pushes. This should be enough for all but
malfunctioning and malicious peers. 

We can use the exact same code for autonat, autonatv2, circuit v2, etc. 

Introducing limits to identify separately to get some feedback for
#3265. For this PR, I'd like to ignore issues regarding where should this
piece of code go, and focus on how specifically it should behave. See
the long comment in `rateLimiter.allow` for example. We should probably
modify `x/time/rate` for our usecase.

Part of: #3265
@sukunrt sukunrt mentioned this issue Apr 3, 2025
Open
sukunrt added a commit that referenced this issue Apr 3, 2025
@sukunrt
identify: rate limit id push protocol
beb9ef8 
The rate limits id pushes from peers to one every five second with an
allowed burst of 10 pushes. This should be enough for all but
malfunctioning and malicious peers. 

We can use the exact same code for autonat, autonatv2, circuit v2, etc. 

Introducing limits to identify separately to get some feedback for
#3265. For this PR, I'd like to ignore issues regarding where should this
piece of code go, and focus on how specifically it should behave. See
the long comment in `rateLimiter.allow` for example. We should probably
modify `x/time/rate` for our usecase.

Part of: #3265
sukunrt added a commit that referenced this issue Apr 3, 2025
@sukunrt
identify: rate limit id push protocol
adc11a8 
The rate limits id pushes from peers to one every five second with an
allowed burst of 10 pushes. This should be enough for all but
malfunctioning and malicious peers. 

We can use the exact same code for autonat, autonatv2, circuit v2, etc. 

Introducing limits to identify separately to get some feedback for
#3265. For this PR, I'd like to ignore issues regarding where should this
piece of code go, and focus on how specifically it should behave. See
the long comment in `rateLimiter.allow` for example. We should probably
modify `x/time/rate` for our usecase.

Part of: #3265
sukunrt added a commit that referenced this issue Apr 3, 2025
@sukunrt
identify: rate limit id push protocol
8b13eb6 
The rate limits id pushes from peers to one every five second with an
allowed burst of 10 pushes. This should be enough for all but
malfunctioning and malicious peers. 

We can use the exact same code for autonat, autonatv2, circuit v2, etc. 

Introducing limits to identify separately to get some feedback for
#3265. For this PR, I'd like to ignore issues regarding where should this
piece of code go, and focus on how specifically it should behave. See
the long comment in `rateLimiter.allow` for example. We should probably
modify `x/time/rate` for our usecase.

Part of: #3265
sukunrt added a commit that referenced this issue Apr 3, 2025
@sukunrt
identify: rate limit id push protocol
a286927 
The rate limits id pushes from peers to one every five second with an
allowed burst of 10 pushes. This should be enough for all but
malfunctioning and malicious peers. 

We can use the exact same code for autonat, autonatv2, circuit v2, etc. 

Introducing limits to identify separately to get some feedback for
#3265. For this PR, I'd like to ignore issues regarding where should this
piece of code go, and focus on how specifically it should behave. See
the long comment in `rateLimiter.allow` for example. We should probably
modify `x/time/rate` for our usecase.

Part of: #3265
sukunrt added a commit that referenced this issue Apr 3, 2025
@sukunrt
identify: rate limit id push protocol
4069b71 
The rate limits id pushes from peers to one every five second with an
allowed burst of 10 pushes. This should be enough for all but
malfunctioning and malicious peers. 

We can use the exact same code for autonat, autonatv2, circuit v2, etc. 

Introducing limits to identify separately to get some feedback for
#3265. For this PR, I'd like to ignore issues regarding where should this
piece of code go, and focus on how specifically it should behave. See
the long comment in `rateLimiter.allow` for example. We should probably
modify `x/time/rate` for our usecase.

Part of: #3265
@gerceboss
Copy link

@sukunrt , would like to work on this with you. Can you you mention where can we discuss about it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sukunrt @gerceboss