[rabbitmq-discuss] Preventing DoS in a multi-tenant Rabbit deployment

Tomasz Janczuk tjanczuk33 at gmail.com
Wed Apr 23 01:43:08 BST 2014


What is the best mechanism to prevent authenticated DoS attacks in a 
multi-tenant Rabbit deployment? Is there one?

By authenticated DoS attack I mean an attack in which an authenticated 
tenant causes a level of resource consumption in a Rabbit deployment that 
prevents other tenants from using the service or severely degrades the 
performance. 

Vhosts appear to support a level of entity isolation that is desired 
between tenants in a multi-tenant deployment, but do they support setting 
limits to prevent DoS? For example, limiting the message throughput, number 
of channels and connections, message sizes, number of queues and exchanges?

Is process-isolation an adequate solution? Does assigning individual Rabbit 
nodes to tenants allow limits to be set to prevent DoS?

Or is using dedicated VMs the only way to achieve the level of isolation 
that will prevent authenticated DoS?

Thanks,
Tomasz Janczuk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140422/b6472ba7/attachment.html>


More information about the rabbitmq-discuss mailing list