Show Table of Contents
8.3.9. Resource Quota Options
The maximum number of connections can be restricted with the
--max-connections broker option.
Table 8.8. Resource Quota Options
| Option | Description | Default Value |
|---|---|---|
--max-connections N
|
Total concurrent connections to the broker.
|
500
|
--max-negotiate-time N
|
The time during which initial protocol negotiation must succeed. This prevents resource starvation by badly behaved clients or transient network issues that prevent connections from completing.
|
500
|
Notes
--max-connectionsis a qpid core limit and is enforced whether ACL is enabled or not.--max-connectionsis enforced per Broker. In a cluster of N nodes where all Brokers set the maximum connections to 20 the total number of allowed connections for the cluster will be N*20.
ACL-based Quotas
To enable ACL-based quotas, an ACL file must be loaded:
Table 8.9. ACL Command-line Option
| Option | Description | Default Value |
|---|---|---|
--acl-file FILE (policy.acl)
|
The policy file to load from, loaded from data dir.
|
When an ACL file is loaded, the following ACL options can be specified at the command-line to enforce resource quotas:
Table 8.10. ACL-based Resource Quota Options
|
Option
| Description | Default Value |
|---|---|---|
--connection-limit-per-user N
|
The maximum number of connections allowed per user. 0 implies no limit.
|
0
|
--connection-limit-per-ip N
|
The maximum number of connections allowed per host IP address. 0 implies no limit.
| 0 |
--max-queues-per-user N
|
Total concurrent queues created by individual user
|
0
|
Notes
- In a cluster system the actual number of connections may exceed the connection quota value
Nby one less than the number of member nodes in the cluster. For example: in a 5-node cluster, with a limit of 20 connections, the actual number of connections can reach 24 before limiting takes place. - Cluster connections are checked against the connection limit when they are established. The cluster connection is denied if a free connection is not available. After establishment, however, a cluster connection does not consume a connection.
- Allowed values for
Nare 0..65535. - These limits are enforced per cluster.
- A value of zero (0) disables that option's limit checking.
- Per-user connections are identified by the authenticated user name.
- Per-ip connections are identified by the
<broker-ip><broker-port>-<client-ip><client-port>tuple which is also the management connection index.- With this scheme host systems may be identified by several names such as
localhostIPv4,127.0.0.1IPv4, or::1IPv6, and a separate set of connections is allowed for each name. - Per-IP connections are counted regardless of the user credentials provided with the connections. An individual user may be allowed 20 connections but if the client host has a 5 connection limit then that user may connect from that system only 5 times.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.