[JDEV] Performance

Kurt D. Starsinic kstar at orientation.com
Mon Apr 24 16:20:24 CDT 2000 

On Sun, Apr 23, 2000 at 10:43:17AM +1000, Bron Gondwana wrote:
> >     No limitation..  Feature..  ;-P
> > 
> >     Throwing a throttle on connections is meant to limit situations where an
> > individual could attempt to bash the server (intentionally on other).
> 
> It may be worth giving an option to either disable this all together, or
> preferably on a per-user basis.  I'm thinking about something like a
> print server or syslog setup where you want high speed at _all_ times
> often from a single "user".
> 
> Otherwise, sounds like a good idea!  Stop those id10t spammers.

    A better solution might be to (optionally) make the client do some
hard work that the server can check easily, such as factoring a large
number chosen by the server:

    C:  <jabber-request>[content]</jabber-request>
    S:  <jabber-response please-factor="21"/>
    C:  <jabber-request please-factor="21" factor_a="3" factor_b="7">
        [content]</jabber-request>

    Of course, substitute a suitable bignum in place of `21'.

    Added work on the server side:  generating bignums (and their
factorizations), managing a pool of same, checking factor_a and factor_b
on every request, making sure the challenge is currently in the pool,
issuing new challenges for failed responses.

    Added work on the client side:  keeping the most recent request in a
buffer in case it is challenged, factoring bignums, resending requests
that have been challenged.

    Very minimal bignum support (integer multiplication only) is required
on client and server; one doesn't require a full-featured implementation
like libgmp.

    The advantages are that, under high load, throttling is handled by the
client, instead of the server keeping per-client state; and throttling can
be per-client (privileged clients are offered non-expiring challenges, but
everybody else has to periodically respond to a new challenge; and/or
second-tier clients are given bigger nums to factor).

    Thoughts?  I wouldn't be averse to coding this up myself.  I'm going
to be dealing with serious Jabber scaling issues soon . . . .

    Peace,
* Kurt Starsinic (kstar at orientation.com) ---------- Senior Network Engineer *
| `It is impossible to achieve the aim without suffering.' -- J. G. Bennett |

More information about the JDev mailing list