0

rakelimit

A fair-share ratelimiter implemented in BPF

Official Site
Github repo
Main metrics

Github stars Tracking Chart

Rakelimit

A multi-dimensional fair-share rate limiter in BPF, designed for UDP.
The algorithm is based on Hierarchical Heavy Hitters, and ensures that no party can exceed
a certain rate of packets. For more information please take a look at our blog post.

Usage

First we need to increase the optmem memory

sudo sysctl -w net.core.optmem_max=65536

To activate rakelimit create a new instance and provide a file descriptor and a rate limit that you think the
service in question won't be able to handle anymore:


conn, err := net.ListenPacket("udp4", "127.0.0.1:0")
if err != nil {
    tb.Fatal("Can't listen:", err)
}
udpConn := conn.(*net.UDPConn)

// We don't want to allow anyone to use more than 128 packets per second
ppsPerSecond := 128
rake, err := New(udpConn, ppsPerSecond)
defer rake.Close()
// rate limiter stays active even after closing

That's all! The library now enforces rate limits on incoming packets, and it happens within the kernel.

Requirements

The library should be go-gettable, and has been tested on Linux 5.4.

You will need a clang-9 binary if you want to recompile the filter. Simply run go generate in the root of the project.

Limitations

  • no IPv6 (we're working on adding it)
  • requires tweaking of optmem
  • not tested in production

Overview

Name With Ownercloudflare/rakelimit
Primary LanguageC
Program languageMakefile (Language Count: 3)
Platform
License:BSD 3-Clause "New" or "Revised" License
Release Count1
Last Release Namev0.1.0 (Posted on )
First Release Namev0.1.0 (Posted on )
Created At2020-08-10 17:19:23
Pushed At2023-03-21 12:07:55
Last Commit At2021-05-27 18:16:07
Stargazers Count179
Watchers Count18
Fork Count11
Commits Count38
Has Issues Enabled
Issues Count9
Issue Open Count5
Pull Requests Count15
Pull Requests Open Count1
Pull Requests Close Count0
Has Wiki Enabled
Is Archived
Is Fork
Is Locked
Is Mirror
Is Private
To the top