[rabbitmq-discuss] Preventing DoS in a multi-tenant Rabbit deployment
Tomasz Janczuk
tjanczuk33 at gmail.com
Wed Apr 23 01:43:08 BST 2014
What is the best mechanism to prevent authenticated DoS attacks in a
multi-tenant Rabbit deployment? Is there one?
By authenticated DoS attack I mean an attack in which an authenticated
tenant causes a level of resource consumption in a Rabbit deployment that
prevents other tenants from using the service or severely degrades the
performance.
Vhosts appear to support a level of entity isolation that is desired
between tenants in a multi-tenant deployment, but do they support setting
limits to prevent DoS? For example, limiting the message throughput, number
of channels and connections, message sizes, number of queues and exchanges?
Is process-isolation an adequate solution? Does assigning individual Rabbit
nodes to tenants allow limits to be set to prevent DoS?
Or is using dedicated VMs the only way to achieve the level of isolation
that will prevent authenticated DoS?
Thanks,
Tomasz Janczuk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140422/b6472ba7/attachment.html>
More information about the rabbitmq-discuss
mailing list