search

openziti / zrok

Geo-scale, next-generation peer-to-peer sharing platform built on top of OpenZiti.
https://zrok.io
Apache License 2.0
2.53k stars 99 forks source link

Limits #96

Closed michaelquigley closed 1 year ago

michaelquigley commented 1 year ago

An initial technical spike on how to implement account-based limits.

michaelquigley commented 1 year ago

We do have an issue with the implementation of a thoroguh limits facility... in order to do bandwidth-based limits properly, we're going to need to get our source of ultimate truth from the underlying Ziti network, through the edge management api (the Ziti Native SDK). Sparklines and bandwidth estimation is currently coming from the public frontend fleet that we control. As we start allowing private frontend instances, and other forms of user-controlled access points, we can no longer assume that metrics from these instances are reliable. They could easily provide maliciously over or under-estimated metrics information.

So, concrete metrics data (per-session) needs to flow into zrok from the underlying Ziti network very close to real-time.

Limits for the number of environments or sessions are easily accomplished, as these are simple resources that can be counted.

michaelquigley commented 1 year ago

We might have to do something out-of-band as a custom solution for zrok.io using the existing NetFoundry metrics infrastructure in order to implement account-based bandwidth limits in the short/medium term.

michaelquigley commented 1 year ago

Investigate the existing streaming metrics available from OpenZiti:

Image