mirror of https://github.com/sipwise/kamailio.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
148 lines
5.4 KiB
148 lines
5.4 KiB
|
|
Ratelimit Module
|
|
|
|
Hendrik Scholz
|
|
|
|
<hscholz@raisdorf.net>
|
|
|
|
Copyright © 2006 Freenet Cityline GmbH
|
|
Revision History
|
|
Revision $Revision$ $Date$
|
|
_________________________________________________________________
|
|
|
|
Overview
|
|
|
|
This module implements rate limiting for SIP requests. In contrast to
|
|
the PIKE module this limits the flow based on a per SIP request type
|
|
basis and not per source IP. The XML-RPC interface can be used to
|
|
change tunables while running SER. Currently supported requests are
|
|
INVITE, REGISTER and SUBSCRIBE.
|
|
|
|
Use Cases
|
|
|
|
Limiting the rate messages are processed on a system directly
|
|
influences the load. The ratelimit module can be used to protect a
|
|
single host or to protect a SER cluster when run on the dispatching
|
|
box in front.
|
|
|
|
A sample configuration snippet might look like this:
|
|
if (method=="INVITE" || method="REGISTER" || method=="SUBSCRIBE") {
|
|
if (!rl_check()) {
|
|
sl_send_reply("503", "Service Unavailable");
|
|
break;
|
|
}
|
|
};
|
|
|
|
Upon every incoming request listed above rl_check is invoked. It
|
|
returns an OK code if the current per request load is below the
|
|
configured threshold. If the load is exceeded the function returns an
|
|
error and an administrator can discard requests with a stateless
|
|
response.
|
|
|
|
Rate Limiting Algorithms
|
|
|
|
As of writing the ratelimit module supports two different algorithms
|
|
to be used by rl_check to determine whether a message should be
|
|
blocked or not.
|
|
|
|
Tail drop
|
|
|
|
This is a trivial algorithm that imposes some risks when used in
|
|
conjunction with long timer intervals. At the start of each interval
|
|
an internal counter is reset and incremented for each incoming
|
|
message. Once the counter hits the configured limit rl_check returns
|
|
an error.
|
|
|
|
The downside of this algorithm is that it can lead to SIP client
|
|
synchronization. During a relatively long interval only the first
|
|
requests (i.e. REGISTERs) would make it through. Following messages
|
|
(i.e. RE-REGISTERs) will all hit the SIP proxy at the same time when a
|
|
common Expire timer expired. Other requests will be retransmissed
|
|
after given time, the same on all devices with the same firmware/by
|
|
the same vendor.
|
|
|
|
Random Early Detection (RED)
|
|
|
|
Random Early Detection tries to circumvent the synchronization problem
|
|
imposed by the tail drop algorithm by measuring the average load and
|
|
adapting the drop rate dynamically. When running with the RED
|
|
algorithm (enabled by default) SER will return errors to the SER
|
|
routing engine every n'th packet trying to evenly spread the measured
|
|
load of the last timer interval onto the current interval. As a
|
|
negative side effect SER might drop messages although the limit might
|
|
not be reached within the interval. Decrease the timer interval if you
|
|
encounter this.
|
|
|
|
Parameters
|
|
|
|
timer_interval (integer)
|
|
|
|
The initial length of a timer interval in seconds. All amounts of
|
|
messages have to be divided by this timer to get a messages per second
|
|
value.
|
|
|
|
Default value is 5 seconds.
|
|
|
|
invite_limit (integer)
|
|
|
|
The initial number of allowed INVITE requests per timer interval. Once
|
|
this number has been reached within one interval rl_check returns an
|
|
error. If running in Random Early Detection (RED) mode (default)
|
|
rl_check preemtively starts dropping packets.
|
|
|
|
Default value is 0 which means unlimited requests are permitted.
|
|
|
|
register_limit (integer)
|
|
|
|
The initial number of allowed REGISTER requests per timer interval.
|
|
Once this number has been reached within one interval rl_check returns
|
|
an error. If running in Random Early Detection (RED) mode (default)
|
|
rl_check preemtively starts dropping packets.
|
|
|
|
Default value is 0 which means unlimited requests are permitted.
|
|
|
|
subscribe_limit (integer)
|
|
|
|
The initial number of allowed SUBSCRIBE requests per timer interval.
|
|
Once this number has been reached within one interval rl_check returns
|
|
an error. If running in Random Early Detection (RED) mode (default)
|
|
rl_check preemtively starts dropping packets.
|
|
|
|
Default value is 0 which means unlimited requests are permitted.
|
|
|
|
Functions
|
|
|
|
rl.check()
|
|
|
|
Add the current request to the internal counters and determine if this
|
|
request is above the limit. The ratelimit module has different
|
|
internal counters for the supported request types and if a counter is
|
|
exceeded the function returns an error code.
|
|
|
|
Example 1. rl.check usage
|
|
...
|
|
if (method==INVITE) {
|
|
if (!rl_check()) {
|
|
sl_send_reply("503", "Service Unavailable");
|
|
break;
|
|
}
|
|
}
|
|
...
|
|
|
|
FIFO Interface
|
|
|
|
The number of allowed requests per interval as well as the interval
|
|
length itself can be modified over the FIFO interface of SER. In
|
|
addition rate limiting statistics are provided upon request.
|
|
* rl.stats - Get current per request limits as well as current load
|
|
levels for all request types.
|
|
* rl.invite_limit - Set the number of allowed INVITE requests per
|
|
interval to the given value as the sole parameter. A limit of 0
|
|
turns of rate limiting of INVITE messages.
|
|
* rl.register_limit - Set the number of allowed REGISTER requests
|
|
per interval to the given value as the sole parameter. A limit of
|
|
0 turns of rate limiting of REGISTER messages.
|
|
* rl.subscribe_limit - Set the number of allowed SUBSCRIBE requests
|
|
per interval to the given value as the sole parameter. A limit of
|
|
0 turns of rate limiting of SUBSCRIBE messages.
|