Hi @icme
TLDR: Application canisters are protected by subnet level rate limits. Rate-limiting beyond the subnet level defaults has to be done by the canister itself. We are looking into providing canisters with all the info needed to make these rate-limiting decisions locally.
The boundary node infra is responsible for rate-limiting requests for Internet Computers at a subnet level. The boundary node is oblivious to canisters specific and imposes rate limits in a general sense (reasonable defaults). These defaults will change as the platform matures AND/OR when we are under constrained conditions like a DDOS attack. Current defaults are
Per subnet / Per boundary node
- 500 Queries/Second
- 50 Updates/Second
- 100 Request/second per IP. (irrespective of request type)
If we have N boundary nodes the overall upper bound to queries/updates seen by a subnet is 500 * N & 50 * N Rps
Q. how does Internet Identity (II) handle DDOS?
II did face spam attacks in the past. To thwart this spam, additional rate limits were placed specifically for the II canister such that only 1 II create request was allowed per minute per IP. This was possible only because we knew the mechanics of the II which helped in decoding the CBOR and applying the rate limits.
Please note, that the II-like special handling cannot be extended for general canisters. In all likelihood, boundary rate limits are to be relaxed in the future.