Description
We should rate limit new connections and streams created by a host. go-libp2p should rate limit new connections, and streams used by libp2p itself, like identify-push, autonat, etc. Users should be able to configure these limits as well as set rate limits for their protocols.
This is very similar to what the resource manager does. It limits resource consumption at a point in time. Rate limits limit resource consumption over a specific window. From an implementation perspective we can choose to extend the resource manager with this functionality.
There are two specific benefits I'm interested in:
- Security benefits of being able to exploit some vulnerability or memory leak as many times as physically possible vs only being able to exploit it a few times a minute.
- From a systems perspective, there's a limit beyond which things will not work smoothly, especially in a heterogeneous p2p environment where you're running a bunch of things on the same node.
Note: 2 makes things harder to configure as the limits would necessarily be different depending on the machine the node's run on. These are all the same issues that make the resource manager hard to configure.
As creating a peerID is cheap, we need to rely on limiting by IP subnets. Connection rate limiting can extend the IP specific Conn limit setup in the resource manager. Stream rate limiting can also borrow most of this setup, allowing users to rate limit streams from IPs sharing the same prefix.
Similar to ConnLimits in resource manager we can allow configuring rate limits at three levels
- Global limit: applicable to all events
- Subnet Specific rates: events grouped by ip subnet
- Specific Network Prefix rates: events from specific network prefixes