firezone
relay: rate limiting
I am guessing we will eventually want to rate limit how much bandwidth a user can use. I am writing this issue so we don't forget about it.
Any ideas on how that rate limiting should work? Same limits for every user? Fair-use policy / day? Do we need ad-hoc limiting from the portal? Do we want to limit just bandwidth or also maximum traffic i.e. speed vs data cap.
Yes, absolutely. Eventually we plan to rate limit based on which tier a client's account belongs to from Enterprise to Free.
Thinking through this feature a bit more, we could add a bandwidth_tier enum to the username for the long-term credential. This would be provided by the portal and used to inform the Relay which bandwidth tier the user's account belongs to.
I don't think we need this at 1.0 launch -- at launch we could apply static tc rules to our managed Relays.
After 1.0 launch we could ship this and self-hosted Relays in the next launch
I don't think we need this at 1.0 launch -- at launch we could apply static
tcrules to our managed Relays.
@jamilbk In the epic you tagged this as 1.0. Do we want to include this then?
I don't think we need this at 1.0 launch -- at launch we could apply static
tcrules to our managed Relays.@jamilbk In the epic you tagged this as
1.0. Do we want to include this then?
Good catch, fixed.
Blocked on #2044 Blocked on #3353
Todo
- [ ] Create separate Relay tiers depending on plan
- [ ] Refactor STUN-only codepaths in portal to instead select appropriate relays
- [ ] Create fair bandwidth policy with
tcon both tiers of Relays, and test bandwidth sharing
Some quick research suggests that it is possible using tc to dynamically limit the bandwidth a single IP can consume. This would allow us to still deploy the relay's to bigger machines but limit, how much traffic a single IP (i.e. user) can use.
I think the consensus here so far is to have "colored" relays that are sent to clients depending on the account tier they're in. Can save for a bit later.