[rabbitmq-discuss] OOM kill
mklishin at gopivotal.com
Sat Mar 8 15:00:35 GMT 2014
On 8 Mar 2014, at 18:54, Dmitry Andrianov <dmitry.andrianov at alertme.com> wrote:
> Well, creation of exchanges and queues we can at least control with some auth plugin so we can try protecting from these types of DOS. However with connections there seem to be no way to solve it. If no ulimit is used - we are susceptible to that OOM DOS. And if we set ulimit, it is still possible to DOS us - Rabbit won't die but won't accept connections from consumers either.
> I will look into limiting connections by the means if OS or Amazon ELB but it feels like that kind of DOS protection should be part of Rabbit itself.
Services such as CloudAMQP monitor connections/channels/queues/etc over HTTP API and force close
those that use too many resources.
One can argue that you can DOS any service, e.g. MySQL, exposed to the public Internet, by flooding it with writes.
Some form of connection monitoring will likely be necessary anyway.
Software Engineer, Pivotal/RabbitMQ
More information about the rabbitmq-discuss