Skip to content

Latest commit

 

History

History
 
 

ratelimit

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
doc
doc
 
 
Makefile
Makefile
 
 
README
README
 
 
ratelimit.c
ratelimit.c
 
 

README

Ratelimit Module

Hendrik Scholz

   <[email protected]>

   Copyright © 2006 Freenet Cityline GmbH
   Revision History
   Revision $Revision$ $Date$
     _________________________________________________________________

Overview

   This module implements rate limiting for SIP requests. In contrast to
   the PIKE module this limits the flow based on a per SIP request type
   basis and not per source IP. The XML-RPC interface can be used to
   change tunables while running SER. Currently supported requests are
   INVITE, REGISTER and SUBSCRIBE.

Use Cases

   Limiting the rate messages are processed on a system directly
   influences the load. The ratelimit module can be used to protect a
   single host or to protect a SER cluster when run on the dispatching
   box in front.

   A sample configuration snippet might look like this:
if (method=="INVITE" || method="REGISTER" || method=="SUBSCRIBE") {
        if (!rl_check()) {
                sl_send_reply("503", "Service Unavailable");
                break;
        }
};

   Upon every incoming request listed above rl_check is invoked. It
   returns an OK code if the current per request load is below the
   configured threshold. If the load is exceeded the function returns an
   error and an administrator can discard requests with a stateless
   response.

Rate Limiting Algorithms

   As of writing the ratelimit module supports two different algorithms
   to be used by rl_check to determine whether a message should be
   blocked or not.

Tail drop

   This is a trivial algorithm that imposes some risks when used in
   conjunction with long timer intervals. At the start of each interval
   an internal counter is reset and incremented for each incoming
   message. Once the counter hits the configured limit rl_check returns
   an error.

   The downside of this algorithm is that it can lead to SIP client
   synchronization. During a relatively long interval only the first
   requests (i.e. REGISTERs) would make it through. Following messages
   (i.e. RE-REGISTERs) will all hit the SIP proxy at the same time when a
   common Expire timer expired. Other requests will be retransmissed
   after given time, the same on all devices with the same firmware/by
   the same vendor.

Random Early Detection (RED)

   Random Early Detection tries to circumvent the synchronization problem
   imposed by the tail drop algorithm by measuring the average load and
   adapting the drop rate dynamically. When running with the RED
   algorithm (enabled by default) SER will return errors to the SER
   routing engine every n'th packet trying to evenly spread the measured
   load of the last timer interval onto the current interval. As a
   negative side effect SER might drop messages although the limit might
   not be reached within the interval. Decrease the timer interval if you
   encounter this.

Parameters

timer_interval (integer)

   The initial length of a timer interval in seconds. All amounts of
   messages have to be divided by this timer to get a messages per second
   value.

   Default value is 5 seconds.

invite_limit (integer)

   The initial number of allowed INVITE requests per timer interval. Once
   this number has been reached within one interval rl_check returns an
   error. If running in Random Early Detection (RED) mode (default)
   rl_check preemtively starts dropping packets.

   Default value is 0 which means unlimited requests are permitted.

register_limit (integer)

   The initial number of allowed REGISTER requests per timer interval.
   Once this number has been reached within one interval rl_check returns
   an error. If running in Random Early Detection (RED) mode (default)
   rl_check preemtively starts dropping packets.

   Default value is 0 which means unlimited requests are permitted.

subscribe_limit (integer)

   The initial number of allowed SUBSCRIBE requests per timer interval.
   Once this number has been reached within one interval rl_check returns
   an error. If running in Random Early Detection (RED) mode (default)
   rl_check preemtively starts dropping packets.

   Default value is 0 which means unlimited requests are permitted.

Functions

rl.check()

   Add the current request to the internal counters and determine if this
   request is above the limit. The ratelimit module has different
   internal counters for the supported request types and if a counter is
   exceeded the function returns an error code.

   Example 1. rl.check usage
...
if (method==INVITE) {
  if (!rl_check()) {
    sl_send_reply("503", "Service Unavailable");
    break;
  }
}
...

FIFO Interface

   The number of allowed requests per interval as well as the interval
   length itself can be modified over the FIFO interface of SER. In
   addition rate limiting statistics are provided upon request.
     * rl.stats - Get current per request limits as well as current load
       levels for all request types.
     * rl.invite_limit - Set the number of allowed INVITE requests per
       interval to the given value as the sole parameter. A limit of 0
       turns of rate limiting of INVITE messages.
     * rl.register_limit - Set the number of allowed REGISTER requests
       per interval to the given value as the sole parameter. A limit of
       0 turns of rate limiting of REGISTER messages.
     * rl.subscribe_limit - Set the number of allowed SUBSCRIBE requests
       per interval to the given value as the sole parameter. A limit of
       0 turns of rate limiting of SUBSCRIBE messages.