pub const MIN_INBOUND_PEER_FAILED_CONNECTION_INTERVAL: Duration;
Expand description
The minimum time between failed inbound peer connections, implemented by
peer_set::initialize::accept_inbound_connections
.
This is a tradeoff between:
- the memory, CPU, and network usage of each new connection attempt, and
- denying service to honest peers due to an attack which makes many inbound connections.
Attacks that reach this limit should be managed using a firewall or intrusion prevention system.
ยงSecurity
Zebra resists distributed denial of service attacks by limiting the inbound connection rate. After a failed inbound connection, new inbound peer connections are only accepted, and our side of the handshake initiated, after this minimum time has elapsed.