Open oberstet opened 2 years ago
Resource limits can be applied at different resource scopes:
Resource limits can be applied along different resource dimensions:
A resource limits configuration stanza may therefor look like:
{
"sessions": 100,
"subscriptions": 500,
"registrations": 500,
"bandwidth": {
"guaranteed": 200,
"burst": 200,
"total": 1000
}
}
Here, "bandwidth" is following this rational / is to be understood in this way: "bandwidth" is based on sum of the uplink and downlink volume Bytes in terms of serialized WAMP messages at the WAMP transport level (e.g. before WebSocket or RawSocket framing and TLS encryption, but after CBOR or other serialization)
FIXME: Discuss multi-node cluster setups where the scope may apply at a per worker, per node or per cluster level.
The following is an example of a (incomplete) node configuration that illustrates the application of resource limits at different scopes (realm, role and authid), and using only one resource control dimension "sessions":
{
"version": 2,
"workers": [
{
"type": "router",
"realms": [
{
"name": "realm1",
"roles": [
{
"name": "anonymous",
"permissions": [],
"limits": {
"sessions": 1200
}
},
{
"name": "frontend",
"permissions": [],
"limits": {
"sessions": 800
}
}
],
"limits": {
"sessions": 2000
}
}
],
"transports": [
{
"type": "websocket",
"endpoint": {
"type": "tcp",
"port": 8080
},
"auth": {
"cookie": {},
"anonymous": {
"type": "static",
"realm": "realm1",
"role": "anonymous",
"authid": "${CBTID}",
"limits": {
"sessions": 10
}
},
"wampcra": {
"type": "static",
"users": {
"alice": {
"secret": "${ALICE_SECRET}",
"realm": "realm1",
"role": "frontend",
"limits": {
"sessions": 600
}
},
"bob": {
"secret": "${BOB_SECRET}",
"realm": "realm1",
"role": "frontend",
"limits": {
"sessions": 400
}
}
}
}
}
}
]
}
]
}
Above configuration would lead to the following behavior:
FIXME: discuss "resource policing" vs "resource shaping" as it applies for WAMP (background here and here)
wamp.limit.authid.on_limit_exceeded
wamp.limit.authrole.on_limit_exceeded
wamp.limit.realm.on_limit_exceeded
with arguments
authid|str
or authrole|str
or realm|str
period_no|int
period_start|int
period_end|int
limit|int
actual|int
is_warning|bool
and (in case of warnings)
wamp.limit.authid.on_limit_recovered
wamp.limit.authrole.on_limit_recovered
wamp.limit.realm.on_limit_recovered
One WAMP meta procedure registered:
wamp.reservation.get(delegate_adr) -> reservation
One user WAMP procedure called:
wamp.delegate.<delegate.address>.claim_reservation(reservation.address, ...)
wamp.session.kill(session_id|int, reason|str, message|str)
wamp.session.kill_by_authid(authid|str, reason|str, message|str)
wamp.session.kill_by_authrole(authrole|str, reason|str, message|str)
IPendingAuth.hello
https://github.com/crossbario/crossbar/blob/09eaf37ce0dfc58e97ed8e0af428bea28dea61cc/crossbar/interfaces.py#L72Accept.limits
https://github.com/crossbario/autobahn-python/blob/0090f300fa9e2d4a1ef2a44ee15241a9ad9ba4f3/autobahn/wamp/types.py#L134Welcome.limits
https://github.com/crossbario/autobahn-python/blob/0090f300fa9e2d4a1ef2a44ee15241a9ad9ba4f3/autobahn/wamp/message.py#L840Goodbye.reason == "wamp.close.limit-exceeded"
https://github.com/crossbario/autobahn-python/blob/0090f300fa9e2d4a1ef2a44ee15241a9ad9ba4f3/autobahn/wamp/message.py#L1327CloseDetails.reason == "wamp.close.limit-exceeded"
https://github.com/crossbario/autobahn-python/blob/0090f300fa9e2d4a1ef2a44ee15241a9ad9ba4f3/autobahn/wamp/types.py#L422Consider
{
"pubkey": "...",
"realm": "realm1",
"authid": "alice",
"role": "frontend",
"extra": {"message": "Welcome, Alice!"},
"cache": true,
"limits": {
"sessions": 400
}
}
here
This would apply the authid-level ("alice") resource limits, that is "at most 400 sessions of alice" are accepted.
One question that needs to be answered when coding is how to combine the authid-level limits with any limits defined at the authrole and realm level.
period_no|int
is the numbered time period, 10-20s longlimit_oid|uuid
realm|str
authrole|str
authid|str
sessions|int
subscriptions|int
registrations|int
bandwidth_guaranteed|int
bandwidth_burst|int
bandwidth_total|int
reservation_oid|uuid
claim_oid|uuid
reservation_oid|uuid
period_no|int
limit_oid|uuid
reservation_oid|uuid
last_claim_oid|uuid
node_oid|uuid
node_authid|str
worker_name|str
worker_pid|int
realm|str
authrole|str
authid|str
sessions|int
subscriptions|int
registrations|int
uplink_volume|int
downlink_volume|int
limit_warnings|int
limit_enforcements|int
The following discusses a number of aspects and describes a design for an experimental prototype implementation of router-based resource / bandwidth limit controls for WAMP.
The goal of resource limit controls is to divide limited WAMP routing resources in a multi-user/role/realm in a user defined and controlled way.
Routing Resources
The computing resources consumed by Crossbar.io for core WAMP routing is primarily CPU, memory and network scaled by the following factors:
Static
Dynamic
HELLO
andWELCOME
messages)Dynamic WAMP Control
Dynamic WAMP App Data