Rate limiting zone size question
Mindaugas Bernatavičius
darbas.mindaugas at gmail.com
Tue Oct 11 11:26:50 UTC 2016
Greetings group,
I have posted the same questions elsewhere, hope its not against the policy.
One of the modules that is often employed *ngx_http_limit_req_module*
has the following precaution in the documentation:
*If the **zone storage is exhausted, the server will return the 503*
*(Service Temporarily Unavailable) error to all further requests.*
*Questions:*
*----------------------------------------------------------------------*
1. It is interesting for me how is the *zone *defined?
I know that the underlining data structure is a red-black tree.
But what comprises the entire zone record?
All the information needed for the rate limit?
2. I have multiple users on the website served by nginx.
And the zone size is 1m. How do I determine the lower
bound of the zone for a given unique ip count?
3. After what time is the zone memory released?
If I have: rate=1r/m; does that mean that all the records will
have to be kept for 1 minute to do the accounting, then cleared
so that memory in zone could be renewed?
*Some code considerations:*
*----------------------------------------------------------------------*
Trying to look at *ngx_http_limit_req_module.c *I saw only configure
time error being thrown when the zone size is specified incorrectly:
*if (size < (ssize_t) (8 * ngx_pagesize)) { *
*ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "zone \"%V\" is too small",
&value[i]); *
*return NGX_CONF_ERROR;*
* }*
(8 * ngx_pagesize), if I'm not mistaken is 8 * 4096 = 32768
I confirmed experimentally that the smallest size is indeed 32768 bytes =
32KB.
*----------------------------------------------------------------------*
The function contains some interesting data:
*static ngx_int_t ngx_http_limit_req_lookup(ngx_http_limit_req_limit_t
*limit, *
*ngx_uint_t hash, *
*ngx_str_t *key, *
*ngx_uint_t *ep, *
*ngx_uint_t account)*
* node = ngx_slab_alloc_locked(ctx->shpool, size);*
* if (node == NULL) {*
* ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, 0,*
* "could not allocate node%s",
ctx->shpool->log_ctx);*
* return NGX_ERROR;*
* } *
I suppose this is the error thrown when zone size limit is reached?
Would really appreciate your help on this issue.
*----------------------------------------------------------------------*
Also, I calculated the size of each node of the rb tree and
it seems to only comprise 44 bytes.
0022 struct ngx_rbtree_node_s
<http://lxr.nginx.org/ident?_i=ngx_rbtree_node_s> {0023
ngx_rbtree_key_t <http://lxr.nginx.org/ident?_i=ngx_rbtree_key_t>
key <http://lxr.nginx.org/ident?_i=key>; ===> 4 bytes0024
ngx_rbtree_node_t <http://lxr.nginx.org/ident?_i=ngx_rbtree_node_t>
*left <http://lxr.nginx.org/ident?_i=left>; ===> 8 bytes (pointer
size on 64bit)0025 ngx_rbtree_node_t
<http://lxr.nginx.org/ident?_i=ngx_rbtree_node_t> *right
<http://lxr.nginx.org/ident?_i=right>; ===> 80026
ngx_rbtree_node_t <http://lxr.nginx.org/ident?_i=ngx_rbtree_node_t>
*parent <http://lxr.nginx.org/ident?_i=parent>;===> 80027 u_char
color <http://lxr.nginx.org/ident?_i=color>; ===> 80028
u_char data <http://lxr.nginx.org/ident?_i=data>;
===> 80029 };
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20161011/b4e96e7f/attachment.html>
More information about the nginx
mailing list