zebra_network::constants

Constant MIN_INBOUND_PEER_FAILED_CONNECTION_INTERVAL

source
pub const MIN_INBOUND_PEER_FAILED_CONNECTION_INTERVAL: Duration;
Expand description

The minimum time between failed inbound peer connections, implemented by peer_set::initialize::accept_inbound_connections.

This is a tradeoff between:

  • the memory, CPU, and network usage of each new connection attempt, and
  • denying service to honest peers due to an attack which makes many inbound connections.

Attacks that reach this limit should be managed using a firewall or intrusion prevention system.

ยงSecurity

Zebra resists distributed denial of service attacks by limiting the inbound connection rate. After a failed inbound connection, new inbound peer connections are only accepted, and our side of the handshake initiated, after this minimum time has elapsed.