[ratelimits] new type of attack or stuck client?
vjs at rhyolite.com
Fri May 24 00:35:44 UTC 2013
> From: wolfgang.rupprecht at gmail.com
> I probably misunderstood how slip works. I thought a value of "1"
> meant a 1:1 reply with TC. The incoming query rate was
> approx. 166 q/s in the second I counted. The average was ~44 q/s.
With 'responses-per-second 5' and 'slip 1', the first 5 queries in
the first second are answered normally.
The next 161 queries in that second are answered with TC=1 and the
token bucket is reduced by -161.
At the start of the next second, the token bucket is increased by
the responses-per-second value 5 or no larger than -156.
Because -156 is <0, all queries in the second second are answered with TC=1
and the token count is decreased. With ~44 qps, the token value continue
to become more negative and all queries will be answered with TC=1.
15 seconds after the stream of queries stops, the token count will
be set to 5.
Vernon Schryver vjs at rhyolite.com
More information about the ratelimits