Page MenuHomePhabricator
Create Task
Maniphest T119917

Set up backend per-IP limits on varnish for WDQS
Closed, ResolvedPublic
Actions

Description

We need to create a backend per-IP limit on varnish for WDQS, that would allow only set number of requests per IP (say, 10) to be sent to the backend in parallel and the rest of the requests should be queued by varnish and expired if the are queued for too long, or just rejected outright if that's easier. This will ensure no client would hog all available backend time.

Since we have Trusted XFF support, we probably need to use that too when resolving IPs.

Event Timeline

Smalyshev created this task.Nov 30 2015, 11:30 PM
Smalyshev raised the priority of this task from to Medium.
Smalyshev updated the task description. (Show Details)
Smalyshev added projects: Discovery-ARCHIVED, SRE, Wikidata-Query-Service, Wikidata.
Smalyshev subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 30 2015, 11:30 PM
Smalyshev updated the task description. (Show Details)Nov 30 2015, 11:30 PM
Smalyshev set Security to None.
BBlack subscribed.Dec 1 2015, 2:06 PM

It would be best to use the header X-Client-IP as the notion of the client IP address for these sorts of purposes. This is intended to resolve trusted XFF, but has a much shorter list (intended to be improved on), whereas TrustedXFF is not usable by the the varnish layer and has a much longer list, but the list is not well-maintained.

We don't have any mechanism for giving an explicit parallelism limit per-client-IP (which only makes sense for requests that commonly run for long times anyways). What we do have at our disposal currently is ratelimiting per-client-IP, and we could even modify the weighting based on response headers as well.

BBlack added a project: Traffic.Dec 1 2015, 2:06 PM
Lydia_Pintscher moved this task from incoming to monitoring on the Wikidata board.Dec 3 2015, 3:39 PM
Smalyshev moved this task from Incoming to Watching / Waiting on the Wikidata-Query-Service board.Dec 4 2015, 10:03 PM
JanZerebecki subscribed.Dec 12 2015, 12:31 AM
Deskana moved this task from Needs triage to Maps on the Discovery-ARCHIVED board.Dec 31 2015, 5:14 AM
Deskana moved this task from Maps to WDQS on the Discovery-ARCHIVED board.
Smalyshev moved this task from WDQS to Ops on the Discovery-ARCHIVED board.Feb 4 2016, 10:11 PM
Smalyshev added a subscriber: Gehel.May 4 2016, 8:23 AM
ema moved this task from Backlog to Caching on the Traffic board.Oct 4 2016, 11:20 AM
Smalyshev moved this task from Watching / Waiting to Operations/SRE on the Wikidata-Query-Service board.Oct 11 2016, 5:53 PM
Smalyshev closed this task as Resolved.Feb 22 2017, 9:44 PM
Smalyshev claimed this task.

I think this is done.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL