Rate limiting zone size question

Tue Oct 11 11:26:50 UTC 2016

Greetings group,
I have posted the same questions elsewhere, hope its not against the policy.

One of the modules that is often employed *ngx_http_limit_req_module*
has the following precaution in the documentation:

*If the **zone storage is exhausted, the server will return the 503*

*(Service Temporarily Unavailable) error to all further requests.*

*Questions:*
*----------------------------------------------------------------------*
1. It is interesting for me how is the *zone *defined?
I know that the underlining data structure is a red-black tree.
But what comprises the entire zone record?
All the information needed for the rate limit?

2. I have multiple users on the website served by nginx.
And the zone size is 1m. How do I determine the lower
bound of the zone for a given unique ip count?

3. After what time is the zone memory released?
If I have: rate=1r/m; does that mean that all the records will
have to be kept for 1 minute to do the accounting, then cleared
so that memory in zone could be renewed?

*Some code considerations:*
*----------------------------------------------------------------------*
Trying to look at *ngx_http_limit_req_module.c *I saw only configure
time error being thrown when the zone size is specified incorrectly:

*if (size < (ssize_t) (8 * ngx_pagesize)) { *

*ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "zone \"%V\" is too small",
&value[i]); *

*return NGX_CONF_ERROR;*

* }*

(8 * ngx_pagesize), if I'm not mistaken is 8 * 4096 = 32768
I confirmed experimentally that the smallest size is indeed 32768 bytes =
32KB.

*----------------------------------------------------------------------*

The function contains some interesting data:

*static ngx_int_t ngx_http_limit_req_lookup(ngx_http_limit_req_limit_t
*limit, *

*ngx_uint_t hash, *

*ngx_str_t *key, *

*ngx_uint_t *ep, *

*ngx_uint_t account)*

*         node = ngx_slab_alloc_locked(ctx->shpool, size);*
*         if (node == NULL) {*
*             ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, 0,*
*                           "could not allocate node%s",
ctx->shpool->log_ctx);*
*             return NGX_ERROR;*
*         } *

I suppose this is the error thrown when zone size limit is reached?
Would really appreciate your help on this issue.

*----------------------------------------------------------------------*

Also, I calculated the size of each node of the rb tree and
it seems to only comprise 44 bytes.

0022 struct ngx_rbtree_node_s
<http://lxr.nginx.org/ident?_i=ngx_rbtree_node_s> {0023
ngx_rbtree_key_t <http://lxr.nginx.org/ident?_i=ngx_rbtree_key_t>
 key <http://lxr.nginx.org/ident?_i=key>;   ===> 4 bytes0024
ngx_rbtree_node_t <http://lxr.nginx.org/ident?_i=ngx_rbtree_node_t>
 *left <http://lxr.nginx.org/ident?_i=left>;  ===> 8 bytes (pointer
size on 64bit)0025     ngx_rbtree_node_t
<http://lxr.nginx.org/ident?_i=ngx_rbtree_node_t>     *right
<http://lxr.nginx.org/ident?_i=right>; ===> 80026
ngx_rbtree_node_t <http://lxr.nginx.org/ident?_i=ngx_rbtree_node_t>
 *parent <http://lxr.nginx.org/ident?_i=parent>;===> 80027     u_char
               color <http://lxr.nginx.org/ident?_i=color>; ===> 80028
    u_char                 data <http://lxr.nginx.org/ident?_i=data>;
===> 80029 };
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20161011/b4e96e7f/attachment.html>