Add a small function for ZooKeeper: Specify the IP address to filter restricted clients.

Original article: http://rdc.taobao.com/team/jm/archives/1334

(All files to download are here: https://issues.apache.org/jira/browse/ZOOKEEPER-1320)

ZooKeeper features are specific, which "leads" to not support some "non-mainstream" features. However, sometimes, as the ZooKeeper administrator, some features are required:For example, you can use a specified ip address to reject connection and operation requests from a client.. Currently, the official ZooKeeper statement is to configure iptables to meet this requirement. In addition, ZK can set the maximum number of connections for a single client, but it seems useless in case of an emergency because it needs to be restarted ). For those systems with servers, this function is actually quite necessary. The systems under the responsibility of colleagues also affect Server performance due to improper use of a client.

I have slightly modified the zk code. Currently, dynamic limitedIp configuration is supported, and up to 10 s can be configured.) It can intercept a specified client, this prevents the impact of one or more clients on the zk server and disallows connections from one or more ip addresses to the zk Server. You have tried a log analysis system. The patch of the Code and the zookeeper-3.3.3.jar_iplimited built based on 3.3.3-rc0 can be downloaded here: ZOOKEEPER-1320

 How to use this feature:
1. Download ZOOKEEPER-1320-iplimited.patch, and patch it on you zookeeper server source code, and rebuild you project. Or you can download the zookeeper-3.3.3.jar_iplimited and rename it to zookeeper-3.3.3.jar.
2. Replace zookeeper-3.3.3.jar of % ZK_HOME %/
3. Start it.
4. Use./zkCli. sh to connect to the server, and use commands as follow:
Set/zookeeper/extends/skip_limited_ip false
Set/zookeeper/extends/limited_ip 1.1.1.1, 1.1.1.2, 1.1.1.3
5. Use these command in runtime feel free, take effect within 10 seconds.
6. Note: Use comma with English state input method.
7. Enjoy.

1. Download ZOOKEEPER-1320-iplimited.patch, hit your zk source code, and then build again. Or you can directly zookeeper-3.3.3.jar_iplimited (this is built on 3.3.3-rc0) and rename it as a zookeeper-3.3.3.jar.
2. Replace zookeeper-3.3.3.jar in % ZK_HOME % on the server.
3. Start zk.
4. Use the command./zkCli. sh to connect to zk and perform the following operations:
Set/zookeeper/extends/skip_limited_ip false
Set/zookeeper/extends/limited_ip 1.1.1.1, 1.1.1.2, 1.1.1.3
Note: ip addresses are separated in English. The above commands can be executed at any time in the future, and will take effect within 10 s at most.

The impact of enabling this function on ZK Server performance will be provided later. Note,Three ZK servers: 4-core, 2-core, 8-core, with 4 GB memory. Size of the zk log and data mount point Disk: 8 GB, constantly cleaning zk logs ...), In addition, other java programs are running on these machines. Therefore, this test focuses on comparison. Do not focus too much on absolute value performance testing and a wide range of test cases inHere ). In addition, I also tested the session creation test. However, the session itself is affected by the network and fluctuates greatly. I will not give it here. Click an image to view the large image

Pure read performance

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/130GAR3-0.jpg "border =" 0 "alt =" "/>

Pure Write Performance

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/130G61a5-1.jpg "border =" 0 "alt =" "/>

This article is from the "ni treasurer's notes" blog, please be sure to keep this source http://nileader.blog.51cto.com/1381108/795529