[ratelimiter] Add IP allowlist #19
Conversation
| logger: logger, | ||
| } | ||
| } | ||
|
|
||
| // Checks whether a request from the given requesterID is allowed | ||
| func (d *rateLimiter) AllowRequest(ctx context.Context, requesterID common.RequesterID, blobSize uint, rate common.RateParam) (bool, error) { | ||
| for _, id := range d.allowlist { | ||
| if id == requesterID { | ||
| // Allow 10x the rate for allowlisted IDs |
There was a problem hiding this comment.
Should we just drop the limit for these IPs, i.e. allowing them to push the traffic to the global limit?
There was a problem hiding this comment.
I initially implemented that way, but decided to go this way to ensure no single IP can hog the global throughput, which will make all requests to fail globally. wdyt? maybe we can make it 100x?
There was a problem hiding this comment.
What about 1MiB/s / len(d.allowlist)?
| logger: logger, | ||
| } | ||
| } | ||
|
|
||
| // Checks whether a request from the given requesterID is allowed | ||
| func (d *rateLimiter) AllowRequest(ctx context.Context, requesterID common.RequesterID, blobSize uint, rate common.RateParam) (bool, error) { | ||
| for _, id := range d.allowlist { | ||
| if id == requesterID { |
There was a problem hiding this comment.
I think this will fail because the disperser constructs the requesterID as ip:quorumID.
There was a problem hiding this comment.
We could change the AllowRequest to accept both requesterID and a tag variable, and construct the key internally to the library.
Signed-off-by: Wellington Barbosa <[email protected]> Signed-off-by: Wellington Barbosa <[email protected]> Co-authored-by: Wellington Barbosa <[email protected]> Co-authored-by: Wellington Barbosa <[email protected]>
Why are these changes needed?
We can use this flag to manually add IPs that can be rate limited at 10x the setting.
Checks