SlideShare a Scribd company logo

Real life XMPP Instant Messaging

Mickaël Rémond
Mickaël Rémond

Real life XMPP: How to deploy and manage your public and or large XMPP scale XMPP server. Case of misbehaviour and abuse.

Technology
1 of 50
Download to read offline
XMPP in real life: attacks, bad behaviour and how to cope with them 2009, 7th february - FOSDEM 2009 Mickaël Rémond <mremond@process-one.net>
Background: What we do Company created in 1999
Background: What we do Company created in 1999 20 employees
Background: What we do Company created in 1999 20 employees Specialized in Instant Messaging since 2002
Background: What we do Company created in 1999 20 employees Specialized in Instant Messaging since 2002 Involved in ejabberd since 2002. ProcessOne produced 98% of the code.
Background: What we do Company created in 1999 20 employees Specialized in Instant Messaging since 2002 Involved in ejabberd since 2002. ProcessOne produced 98% of the code. Complete stack of Instant Messaging software
Background: What we do Company created in 1999 20 employees Specialized in Instant Messaging since 2002 Involved in ejabberd since 2002. ProcessOne produced 98% of the code. Complete stack of Instant Messaging software Two main activities software: complete software solution for IM expertise: renowed company for high-availability, scalability and custom solutions (consulting, development and hosting)
Background: What we do Company created in 1999 20 employees Specialized in Instant Messaging since 2002 Involved in ejabberd since 2002. ProcessOne produced 98% of the code. Complete stack of Instant Messaging software Two main activities software: complete software solution for IM expertise: renowed company for high-availability, scalability and custom solutions (consulting, development and hosting) Several tens of large customers, spread across the world Large scale worldwide leader Specific needs renowed expertise
XMPP deployments types Visible public servers The «Sandbox» Not necessarily large scale but very unusual behaviours, clients, usage pattern
XMPP deployments types Visible public servers The «Sandbox» Not necessarily large scale but very unusual behaviours, clients, usage pattern Large scale servers Large scale in term of registered or simultaneous users Large scale starts after a million of registered users and / or hundred of thousands simultaneous connections
XMPP deployments types Visible public servers The «Sandbox» Not necessarily large scale but very unusual behaviours, clients, usage pattern Large scale servers Large scale in term of registered or simultaneous users Large scale starts after a million of registered users and / or hundred of thousands simultaneous connections Large scale in term of thoughput At least tens of thousands of packets per seconds, millions of users of MUC / Pubsub, millions of nodes.
XMPP deployments types Visible public servers The «Sandbox» Not necessarily large scale but very unusual behaviours, clients, usage pattern Large scale servers Large scale in term of registered or simultaneous users Large scale starts after a million of registered users and / or hundred of thousands simultaneous connections Large scale in term of thoughput At least tens of thousands of packets per seconds or tens of thousands users in MUC room or subscribed to pubsub node, etc. Experience of large clusters with several tens of millions registered users and more than 500 000 simultaneous users.
Challenges of real life XMPP Uptime
Challenges of real life XMPP Uptime Uptime !
Challenges of real life XMPP Uptime Uptime ! Uptime !!
Challenges of real life XMPP Uptime Everything else derives from this Uptime ! Challenge (performance, scalability) Uptime !!
Challenges of real life XMPP Uptime Everything else derives from this Uptime ! Challenge (performance, scalability) Uptime !! When a server is restarted: it faces a reconnect storm from client that login again it needs to resync the complete presence states with most of its known s2s servers it reconnects the users accounts on gateways ...
Challenges of real life XMPP Uptime Everything else derives from this Uptime ! Challenge (performance, scalability) Uptime !! When a server is restarted: it faces a reconnect storm from client that login again it needs to resync the complete presence states with most of its known s2s servers it reconnects the users accounts on gateways ... You need to: Be able to monitor lots of values to detect troubles and have tools to keep the server online during trouble phase (otherwise it crash:get worse) Be able to perform maintenance task and upgrade code live
Case 1: XMPP as a proxy Symptom: A «sandbox» XMPP server crashes regularly
Case 1: XMPP as a proxy Symptom: A «sandbox» XMPP server crashes regularly First challenge: Detect possible abuser
Case 1: XMPP as a proxy Symptom: A «sandbox» XMPP server crashes regularly First challenge: Detect possible abuser Use of our toolkit (TeamLeader console) to analyse traffic patterns.
Case 1: XMPP as a proxy Symptom: A «sandbox» XMPP server crashes regularly First challenge: Detect possible abuser Use of our toolkit (TeamLeader console) to analyse traffic patterns. Correlate the crash to a given user Large number of packets send when online Large bandwidth consumption
Case 1: XMPP as a proxy Symptom: A «sandbox» XMPP server crashes regularly First challenge: Detect possible abuser Use of our toolkit (TeamLeader console) to analyse traffic patterns. Correlate the crash to a given user Large number of packets send when online Large bandwidth consumption Dump traffic of this user for analysis
Case 1: XMPP as a proxy Symptom: A «sandbox» XMPP server crashes regularly First challenge: Detect possible abuser Use of our toolkit (TeamLeader console) to analyse traffic patterns. Correlate the crash to a given user Large number of packets send when online Large bandwidth consumption Dump traffic of this user for analysis Traffic reveals that user: has deployed XMPP bot at work on his servers is using the public server to get control of his server basically «Shell over XMPP»
Case 1: XMPP as a proxy Symptom: A «sandbox» XMPP server crashes regularly First challenge: Detect possible abuser Use of our toolkit (TeamLeader console) to analyse traffic patterns. Correlate the crash to a given user Large number of packets send when online Large bandwidth consumption Dump traffic of this user for analysis Traffic reveals that user: has deployed XMPP bot at work on his servers is using the public server to get control of his server basically «Shell over XMPP» Response: Need to detect abnormal usage pattern and trigger alerts
Case 2: Client bad behaviours Symptom: Abnormal memory consumption / sometime leading to crash
Case 2: Client bad behaviours Symptom: Abnormal memory consumption / sometime leading to crash Source problem had been client behaviour
Case 2: Client bad behaviours Symptom: Abnormal memory consumption / sometime leading to crash Source problem had been client behaviour Generates an undue load on the server Example: Client does not reply to some IQ stanzas (PEPS / CAPS) Server waits for reply until timeout Depending on the type of processing it can be blocking Example: Client that send too many presences Large presence broadcast, especially in MUC rooms
Case 2: Client bad behaviours Symptom: Abnormal memory consumption / sometime leading to crash Source problem had been client behaviour Generates an undue load on the server Example: Client does not reply to some IQ stanzas (PEPS / CAPS) Server waits for reply until timeout Depending on the type of processing it can be blocking Example: Client that send too many presences Large presence broadcast, especially in MUC rooms Need to restrict the ability to perform those patterns: Limit the interval for sending presences in chat rooms Limit resourc consumption in general
Case 2: Client bad behaviours Symptom: Abnormal memory consumption / sometime leading to crash Source problem had been client behaviour Generates an undue load on the server Example: Client does not reply to some IQ stanzas (PEPS / CAPS) Server waits for reply until timeout Depending on the type of processing it can be blocking Example: Client that send too many presences Large presence broadcast, especially in MUC rooms Need to restrict the ability to perform those patterns: Limit the interval for sending presences in chat rooms Limit resourc consumption in general
Case 3: Multi User chat MUC rooms attacks Most common case of abuse
Case 3: Multi User chat MUC rooms attacks Most common case of abuse Create a lot of MUC persistant MUC rooms
Case 3: Multi User chat MUC rooms attacks Most common case of abuse Create a lot of MUC persistant MUC rooms Join a lot of MUC rooms
Case 3: Multi User chat MUC rooms attacks Most common case of abuse Create a lot of MUC persistant MUC rooms Join a lot of MUC rooms Join / leave a MUC room fastly
Case 3: Multi User chat MUC rooms attacks Most common case of abuse Create a lot of MUC persistant MUC rooms Join a lot of MUC rooms Join / leave a MUC room fastly Join lots of users in a single room
Case 3: Multi User chat MUC rooms attacks Most common case of abuse Create a lot of MUC persistant MUC rooms Join a lot of MUC rooms Join / leave a MUC room fastly Join lots of users in a single room Change presence to bypass voice
Case 3: Multi User chat MUC rooms attacks Most common case of abuse Create a lot of MUC persistant MUC rooms Join a lot of MUC rooms Join / leave a MUC room fastly Join lots of users in a single room Change presence to bypass voice Flood with messages
Case 3: Multi User chat MUC rooms attacks Most common case of abuse Create a lot of MUC persistant MUC rooms Join a lot of MUC rooms Join / leave a MUC room fastly Join lots of users in a single room Change presence to bypass voice Flood with messages Use large values to «attack» the server or the client (large room names, large nick names, etc)
Case 4: Bots Symptom: Server crash
Case 4: Bots Symptom: Server crash Reduce to a crash when some special user connects (every time)
Case 4: Bots Symptom: Server crash Reduce to a crash when some special user connects (every time) Bots send messages to their users on a public server
Case 4: Bots Symptom: Server crash Reduce to a crash when some special user connects (every time) Bots send messages to their users on a public server They do not often use headline message type (which means they are not intended to be stored offline). They sometimes rely on presence, but it can be inaccurate after a force server shutdown. We have seen users of public servers with more than 500 000 messages in the offline store.
Case 4: Bots Symptom: Server crash Reduce to a crash when some special user connects (every time) Bots send messages to their users on a public server They do not often use headline message type (which means they are not intended to be stored offline). They sometimes rely on presence, but it can be inaccurate after a force server shutdown. We have seen users of public servers with more than 500 000 messages in the offline store. Limit the size of the offline store Ability to detect abusers and limit their ability to send massive amount of messages
Case 5: Large flow / small pipes An XMPP server is a pipe Data flows from on connection to another.
Case 5: Large flow / small pipes An XMPP server is a pipe Data flows from on connection to another. Problem: What happens if you try to send data faster than the target client can receive (mobile) ? What happens if you try to send data faster than the target server can receive (limited bandwith, Karma limitation) ?
Case 5: Large flow / small pipes An XMPP server is a pipe Data flows from on connection to another. Problem: What happens if you try to send data faster than the target client can receive (mobile) ? What happens if you try to send data faster than the target server can receive (limited bandwith, Karma limitation) ? Challenge: Detect congestions and decide what to do when this happens This has to been done right otherwise the service might seems unreliable Federation rules / pattern needed ?
Interesting new challenges ahead Massive numbers of XMPP servers deployed Lots of s2s connections to maintain for large servers Will XMPP scale to millions of servers ?
Interesting new challenges ahead Massive numbers of XMPP servers deployed Lots of s2s connections to maintain for large servers Will XMPP scale to millions of servers ? Large servers connected through s2s: Several large servers need to keep users presence in sync Imagine what happen when one of them goes down ... Yes, massive presence resync is needed
Interesting new challenges ahead Massive numbers of XMPP servers deployed Lots of s2s connections to maintain for large servers Will XMPP scale to millions of servers ? Large servers connected through s2s: Several large servers need to keep users presence in sync Imagine what happen when one of them goes down ... Yes, massive presence resync is needed New usage patterns Ubiquitous XMPP: A single users can have many connections: Increase in size of XMPP platforms Devices / Machine to Machine communication: increase of volume of messages
Questions and challenges to share ?

Recommended

XMPP Intro 1101 - 2008
XMPP Intro 1101 - 2008XMPP Intro 1101 - 2008
XMPP Intro 1101 - 2008Steffen Larsen
 
Xmpp intro 2014
Xmpp intro 2014Xmpp intro 2014
Xmpp intro 2014Steffen Larsen
 
XMPP In Real Time
XMPP In Real TimeXMPP In Real Time
XMPP In Real Timeguest488a24
 
Xmpp presentation
Xmpp presentationXmpp presentation
Xmpp presentationjavaranger123
 
Interacting with XMPP using PHP
Interacting with XMPP using PHPInteracting with XMPP using PHP
Interacting with XMPP using PHPSudar Muthu
 
WTF is XMPP?
WTF is XMPP?WTF is XMPP?
WTF is XMPP?Pedro Melo
 
The Real Time Web with XMPP
The Real Time Web with XMPPThe Real Time Web with XMPP
The Real Time Web with XMPPJack Moffitt
 
What is XMPP Protocol
What is XMPP ProtocolWhat is XMPP Protocol
What is XMPP ProtocolHamidreza Soleimani
 

Recommended

XMPP Intro 1101 - 2008
XMPP Intro 1101 - 2008XMPP Intro 1101 - 2008
XMPP Intro 1101 - 2008Steffen Larsen
 
Xmpp intro 2014
Xmpp intro 2014Xmpp intro 2014
Xmpp intro 2014Steffen Larsen
 
XMPP In Real Time
XMPP In Real TimeXMPP In Real Time
XMPP In Real Timeguest488a24
 
Xmpp presentation
Xmpp presentationXmpp presentation
Xmpp presentationjavaranger123
 
Interacting with XMPP using PHP
Interacting with XMPP using PHPInteracting with XMPP using PHP
Interacting with XMPP using PHPSudar Muthu
 
WTF is XMPP?
WTF is XMPP?WTF is XMPP?
WTF is XMPP?Pedro Melo
 
The Real Time Web with XMPP
The Real Time Web with XMPPThe Real Time Web with XMPP
The Real Time Web with XMPPJack Moffitt
 
What is XMPP Protocol
What is XMPP ProtocolWhat is XMPP Protocol
What is XMPP ProtocolHamidreza Soleimani
 
Zimbra scripting with python
Zimbra scripting with pythonZimbra scripting with python
Zimbra scripting with pythonImam Omar Mochtar
 
Realtime applications with EmberJS and XMPP
Realtime applications with EmberJS and XMPPRealtime applications with EmberJS and XMPP
Realtime applications with EmberJS and XMPPrjvegasf
 
Ejabberd with xmpp
Ejabberd with xmppEjabberd with xmpp
Ejabberd with xmppPrem Narain
 
Xmpp presentation
Xmpp presentationXmpp presentation
Xmpp presentationJava Pro
 
XMPP Academy #2
XMPP Academy #2XMPP Academy #2
XMPP Academy #2Mickaël Rémond
 
Kopdar Zimbra-ID , How to use Zimbra SOAP API
Kopdar Zimbra-ID , How to use Zimbra SOAP APIKopdar Zimbra-ID , How to use Zimbra SOAP API
Kopdar Zimbra-ID , How to use Zimbra SOAP APIImam Omar Mochtar
 
Ejabberd Session
Ejabberd SessionEjabberd Session
Ejabberd SessionKunal Saxena
 
Ejabberd installation configuration
Ejabberd installation configurationEjabberd installation configuration
Ejabberd installation configurationShaojie Yang
 
Managing ejabberd Platforms with Docker - ejabberd Workshop #1
Managing ejabberd Platforms with Docker - ejabberd Workshop #1Managing ejabberd Platforms with Docker - ejabberd Workshop #1
Managing ejabberd Platforms with Docker - ejabberd Workshop #1Mickaël Rémond
 
Enterprise Messaging with Apache ActiveMQ
Enterprise Messaging with Apache ActiveMQEnterprise Messaging with Apache ActiveMQ
Enterprise Messaging with Apache ActiveMQelliando dias
 
RPC protocols
RPC protocolsRPC protocols
RPC protocols오석 한
 
HTTP/2 Update - FOSDEM 2016
HTTP/2 Update - FOSDEM 2016HTTP/2 Update - FOSDEM 2016
HTTP/2 Update - FOSDEM 2016Daniel Stenberg
 
XMPP & AMQP
XMPP & AMQPXMPP & AMQP
XMPP & AMQPvoluntas
 
The RabbitMQ Message Broker
The RabbitMQ Message BrokerThe RabbitMQ Message Broker
The RabbitMQ Message BrokerMartin Toshev
 
An Introduction to Apache ServiceMix 4 - FUSE ESB
An Introduction to Apache ServiceMix 4 - FUSE ESBAn Introduction to Apache ServiceMix 4 - FUSE ESB
An Introduction to Apache ServiceMix 4 - FUSE ESBAdrian Trenaman
 
SPDY - or maybe HTTP2.0
SPDY - or maybe HTTP2.0SPDY - or maybe HTTP2.0
SPDY - or maybe HTTP2.0Andreas Bjärlestam
 
Composite Source With Mule ESB
Composite Source With Mule ESBComposite Source With Mule ESB
Composite Source With Mule ESBJitendra Bafna
 
Messaging with amqp and rabbitmq
Messaging with amqp and rabbitmqMessaging with amqp and rabbitmq
Messaging with amqp and rabbitmqSelasie Hanson
 
Nimbuzz march2012
Nimbuzz march2012Nimbuzz march2012
Nimbuzz march2012nlwebperf
 
AMQP with RabbitMQ
AMQP with RabbitMQAMQP with RabbitMQ
AMQP with RabbitMQSpyros Papageorgiou
 
Create Your Own Language
Create Your Own LanguageCreate Your Own Language
Create Your Own LanguageHamidreza Soleimani
 
OneTeam Media Server
OneTeam Media ServerOneTeam Media Server
OneTeam Media ServerMickaël Rémond
 

More Related Content

What's hot

Zimbra scripting with python
Zimbra scripting with pythonZimbra scripting with python
Zimbra scripting with pythonImam Omar Mochtar
 
Realtime applications with EmberJS and XMPP
Realtime applications with EmberJS and XMPPRealtime applications with EmberJS and XMPP
Realtime applications with EmberJS and XMPPrjvegasf
 
Ejabberd with xmpp
Ejabberd with xmppEjabberd with xmpp
Ejabberd with xmppPrem Narain
 
Xmpp presentation
Xmpp presentationXmpp presentation
Xmpp presentationJava Pro
 
Kopdar Zimbra-ID , How to use Zimbra SOAP API
Kopdar Zimbra-ID , How to use Zimbra SOAP APIKopdar Zimbra-ID , How to use Zimbra SOAP API
Kopdar Zimbra-ID , How to use Zimbra SOAP APIImam Omar Mochtar
 
Ejabberd installation configuration
Ejabberd installation configurationEjabberd installation configuration
Ejabberd installation configurationShaojie Yang
 
Managing ejabberd Platforms with Docker - ejabberd Workshop #1
Managing ejabberd Platforms with Docker - ejabberd Workshop #1Managing ejabberd Platforms with Docker - ejabberd Workshop #1
Managing ejabberd Platforms with Docker - ejabberd Workshop #1Mickaël Rémond
 
Enterprise Messaging with Apache ActiveMQ
Enterprise Messaging with Apache ActiveMQEnterprise Messaging with Apache ActiveMQ
Enterprise Messaging with Apache ActiveMQelliando dias
 
HTTP/2 Update - FOSDEM 2016
HTTP/2 Update - FOSDEM 2016HTTP/2 Update - FOSDEM 2016
HTTP/2 Update - FOSDEM 2016Daniel Stenberg
 
XMPP & AMQP
XMPP & AMQPXMPP & AMQP
XMPP & AMQPvoluntas
 
The RabbitMQ Message Broker
The RabbitMQ Message BrokerThe RabbitMQ Message Broker
The RabbitMQ Message BrokerMartin Toshev
 
An Introduction to Apache ServiceMix 4 - FUSE ESB
An Introduction to Apache ServiceMix 4 - FUSE ESBAn Introduction to Apache ServiceMix 4 - FUSE ESB
An Introduction to Apache ServiceMix 4 - FUSE ESBAdrian Trenaman
 
Composite Source With Mule ESB
Composite Source With Mule ESBComposite Source With Mule ESB
Composite Source With Mule ESBJitendra Bafna
 
Messaging with amqp and rabbitmq
Messaging with amqp and rabbitmqMessaging with amqp and rabbitmq
Messaging with amqp and rabbitmqSelasie Hanson
 
Nimbuzz march2012
Nimbuzz march2012Nimbuzz march2012
Nimbuzz march2012nlwebperf
 

What's hot (20)

Zimbra scripting with python
Zimbra scripting with pythonZimbra scripting with python
Zimbra scripting with python
 
Realtime applications with EmberJS and XMPP
Realtime applications with EmberJS and XMPPRealtime applications with EmberJS and XMPP
Realtime applications with EmberJS and XMPP
 
Ejabberd with xmpp
Ejabberd with xmppEjabberd with xmpp
Ejabberd with xmpp
 
Xmpp presentation
Xmpp presentationXmpp presentation
Xmpp presentation
 
XMPP Academy #2
XMPP Academy #2XMPP Academy #2
XMPP Academy #2
 
Kopdar Zimbra-ID , How to use Zimbra SOAP API
Kopdar Zimbra-ID , How to use Zimbra SOAP APIKopdar Zimbra-ID , How to use Zimbra SOAP API
Kopdar Zimbra-ID , How to use Zimbra SOAP API
 
Ejabberd Session
Ejabberd SessionEjabberd Session
Ejabberd Session
 
Ejabberd installation configuration
Ejabberd installation configurationEjabberd installation configuration
Ejabberd installation configuration
 
Managing ejabberd Platforms with Docker - ejabberd Workshop #1
Managing ejabberd Platforms with Docker - ejabberd Workshop #1Managing ejabberd Platforms with Docker - ejabberd Workshop #1
Managing ejabberd Platforms with Docker - ejabberd Workshop #1
 
Enterprise Messaging with Apache ActiveMQ
Enterprise Messaging with Apache ActiveMQEnterprise Messaging with Apache ActiveMQ
Enterprise Messaging with Apache ActiveMQ
 
RPC protocols
RPC protocolsRPC protocols
RPC protocols
 
HTTP/2 Update - FOSDEM 2016
HTTP/2 Update - FOSDEM 2016HTTP/2 Update - FOSDEM 2016
HTTP/2 Update - FOSDEM 2016
 
XMPP & AMQP
XMPP & AMQPXMPP & AMQP
XMPP & AMQP
 
The RabbitMQ Message Broker
The RabbitMQ Message BrokerThe RabbitMQ Message Broker
The RabbitMQ Message Broker
 
An Introduction to Apache ServiceMix 4 - FUSE ESB
An Introduction to Apache ServiceMix 4 - FUSE ESBAn Introduction to Apache ServiceMix 4 - FUSE ESB
An Introduction to Apache ServiceMix 4 - FUSE ESB
 
SPDY - or maybe HTTP2.0
SPDY - or maybe HTTP2.0SPDY - or maybe HTTP2.0
SPDY - or maybe HTTP2.0
 
Composite Source With Mule ESB
Composite Source With Mule ESBComposite Source With Mule ESB
Composite Source With Mule ESB
 
Messaging with amqp and rabbitmq
Messaging with amqp and rabbitmqMessaging with amqp and rabbitmq
Messaging with amqp and rabbitmq
 
Nimbuzz march2012
Nimbuzz march2012Nimbuzz march2012
Nimbuzz march2012
 
AMQP with RabbitMQ
AMQP with RabbitMQAMQP with RabbitMQ
AMQP with RabbitMQ
 

Viewers also liked

Real time Web Application with XMPP and Wave
Real time Web Application with XMPP and WaveReal time Web Application with XMPP and Wave
Real time Web Application with XMPP and WaveMickaël Rémond
 
WaveOne server and client by ProcessOne
WaveOne server and client by ProcessOneWaveOne server and client by ProcessOne
WaveOne server and client by ProcessOneMickaël Rémond
 
2015: L'année d'Elixir, Code, écosystème et communauté
2015: L'année d'Elixir, Code, écosystème et communauté2015: L'année d'Elixir, Code, écosystème et communauté
2015: L'année d'Elixir, Code, écosystème et communautéMickaël Rémond
 
Archipel Introduction - ejabberd SF Meetup
Archipel Introduction - ejabberd SF MeetupArchipel Introduction - ejabberd SF Meetup
Archipel Introduction - ejabberd SF MeetupMickaël Rémond
 
Multi Chat
Multi ChatMulti Chat
Multi ChatSoftTeco
 
Event Driven Architecture Concepts in Web Technologies - Part 2
Event Driven Architecture Concepts in Web Technologies - Part 2Event Driven Architecture Concepts in Web Technologies - Part 2
Event Driven Architecture Concepts in Web Technologies - Part 2Hamidreza Soleimani
 
ProcessOne Push Platform: XMPP-based Push Solutions
ProcessOne Push Platform: XMPP-based Push SolutionsProcessOne Push Platform: XMPP-based Push Solutions
ProcessOne Push Platform: XMPP-based Push SolutionsMickaël Rémond
 
Nanomsg - Scalable Networking Library
Nanomsg - Scalable Networking LibraryNanomsg - Scalable Networking Library
Nanomsg - Scalable Networking LibraryHamidreza Soleimani
 
Nodejs Applications in Production
Nodejs Applications in ProductionNodejs Applications in Production
Nodejs Applications in ProductionHamidreza Soleimani
 
Event Driven Architecture Concepts in Web Technologies - Part 1
Event Driven Architecture Concepts in Web Technologies - Part 1Event Driven Architecture Concepts in Web Technologies - Part 1
Event Driven Architecture Concepts in Web Technologies - Part 1Hamidreza Soleimani
 
A vision for ejabberd - ejabberd SF Meetup
A vision for ejabberd - ejabberd SF MeetupA vision for ejabberd - ejabberd SF Meetup
A vision for ejabberd - ejabberd SF MeetupMickaël Rémond
 
Phoenix Presence: Le service temps réel de Phoenix - Paris.ex #8
Phoenix Presence: Le service temps réel de Phoenix - Paris.ex #8 Phoenix Presence: Le service temps réel de Phoenix - Paris.ex #8
Phoenix Presence: Le service temps réel de Phoenix - Paris.ex #8 Mickaël Rémond
 

Viewers also liked (19)

Create Your Own Language
Create Your Own LanguageCreate Your Own Language
Create Your Own Language
 
OneTeam Media Server
OneTeam Media ServerOneTeam Media Server
OneTeam Media Server
 
Erlang White Label
Erlang White LabelErlang White Label
Erlang White Label
 
Real time Web Application with XMPP and Wave
Real time Web Application with XMPP and WaveReal time Web Application with XMPP and Wave
Real time Web Application with XMPP and Wave
 
WaveOne server and client by ProcessOne
WaveOne server and client by ProcessOneWaveOne server and client by ProcessOne
WaveOne server and client by ProcessOne
 
2015: L'année d'Elixir, Code, écosystème et communauté
2015: L'année d'Elixir, Code, écosystème et communauté2015: L'année d'Elixir, Code, écosystème et communauté
2015: L'année d'Elixir, Code, écosystème et communauté
 
Archipel Introduction - ejabberd SF Meetup
Archipel Introduction - ejabberd SF MeetupArchipel Introduction - ejabberd SF Meetup
Archipel Introduction - ejabberd SF Meetup
 
Multi Chat
Multi ChatMulti Chat
Multi Chat
 
Event Driven Architecture Concepts in Web Technologies - Part 2
Event Driven Architecture Concepts in Web Technologies - Part 2Event Driven Architecture Concepts in Web Technologies - Part 2
Event Driven Architecture Concepts in Web Technologies - Part 2
 
ProcessOne Push Platform: XMPP-based Push Solutions
ProcessOne Push Platform: XMPP-based Push SolutionsProcessOne Push Platform: XMPP-based Push Solutions
ProcessOne Push Platform: XMPP-based Push Solutions
 
Nanomsg - Scalable Networking Library
Nanomsg - Scalable Networking LibraryNanomsg - Scalable Networking Library
Nanomsg - Scalable Networking Library
 
Nodejs Applications in Production
Nodejs Applications in ProductionNodejs Applications in Production
Nodejs Applications in Production
 
Multitasking in iOS 7
Multitasking in iOS 7Multitasking in iOS 7
Multitasking in iOS 7
 
XMPP Academy #1
XMPP Academy #1XMPP Academy #1
XMPP Academy #1
 
Event Driven Architecture Concepts in Web Technologies - Part 1
Event Driven Architecture Concepts in Web Technologies - Part 1Event Driven Architecture Concepts in Web Technologies - Part 1
Event Driven Architecture Concepts in Web Technologies - Part 1
 
Practical Look at Erlang
Practical Look at ErlangPractical Look at Erlang
Practical Look at Erlang
 
A vision for ejabberd - ejabberd SF Meetup
A vision for ejabberd - ejabberd SF MeetupA vision for ejabberd - ejabberd SF Meetup
A vision for ejabberd - ejabberd SF Meetup
 
XMPP 101
XMPP 101XMPP 101
XMPP 101
 
Phoenix Presence: Le service temps réel de Phoenix - Paris.ex #8
Phoenix Presence: Le service temps réel de Phoenix - Paris.ex #8 Phoenix Presence: Le service temps réel de Phoenix - Paris.ex #8
Phoenix Presence: Le service temps réel de Phoenix - Paris.ex #8
 

Similar to Real life XMPP Instant Messaging

Chat app case study - xmpp vs SIP
Chat app case study - xmpp vs SIPChat app case study - xmpp vs SIP
Chat app case study - xmpp vs SIPGenora Infotech
 
The Art of Message Queues - TEKX
The Art of Message Queues - TEKXThe Art of Message Queues - TEKX
The Art of Message Queues - TEKXMike Willbanks
 
FreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceFreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceEvan McGee
 
Tef con2016 (1)
Tef con2016 (1)Tef con2016 (1)
Tef con2016 (1)ggarber
 
Advanced off heap ipc
Advanced off heap ipcAdvanced off heap ipc
Advanced off heap ipcPeter Lawrey
 
Microservices Practitioner Summit Jan '15 - Don't Build a Distributed Monolit...
Microservices Practitioner Summit Jan '15 - Don't Build a Distributed Monolit...Microservices Practitioner Summit Jan '15 - Don't Build a Distributed Monolit...
Microservices Practitioner Summit Jan '15 - Don't Build a Distributed Monolit...Ambassador Labs
 
Open HFT libraries in @Java
Open HFT libraries in @JavaOpen HFT libraries in @Java
Open HFT libraries in @JavaPeter Lawrey
 
Messaging With Erlang And Jabber
Messaging With Erlang And JabberMessaging With Erlang And Jabber
Messaging With Erlang And Jabberl xf
 
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPointBsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPointZack Meyers
 
Abaca: The World's Most Effective Spam Filter
Abaca: The World's Most Effective Spam FilterAbaca: The World's Most Effective Spam Filter
Abaca: The World's Most Effective Spam FilterJohn Jefferies
 
Docker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platformsDocker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platformsFederico Michele Facca
 
Scaling Slack - The Good, the Unexpected, and the Road Ahead
Scaling Slack - The Good, the Unexpected, and the Road AheadScaling Slack - The Good, the Unexpected, and the Road Ahead
Scaling Slack - The Good, the Unexpected, and the Road AheadC4Media
 
RESTful Microservices
RESTful MicroservicesRESTful Microservices
RESTful MicroservicesShaun Abram
 
Lec 3(Isp and Security)
Lec 3(Isp and Security)Lec 3(Isp and Security)
Lec 3(Isp and Security)maamir farooq
 
Enterprise Messaging with RabbitMQ.pdf
Enterprise Messaging with RabbitMQ.pdfEnterprise Messaging with RabbitMQ.pdf
Enterprise Messaging with RabbitMQ.pdfOrtus Solutions, Corp
 
Low latency in java 8 v5
Low latency in java 8 v5Low latency in java 8 v5
Low latency in java 8 v5Peter Lawrey
 
Построение распределенной системы сбора данных с помощью RabbitMQ, Alvaro Vid...
Построение распределенной системы сбора данных с помощью RabbitMQ, Alvaro Vid...Построение распределенной системы сбора данных с помощью RabbitMQ, Alvaro Vid...
Построение распределенной системы сбора данных с помощью RabbitMQ, Alvaro Vid...Ontico
 
Adding Real-time Features to PHP Applications
Adding Real-time Features to PHP ApplicationsAdding Real-time Features to PHP Applications
Adding Real-time Features to PHP ApplicationsRonny López
 

Similar to Real life XMPP Instant Messaging (20)

Chat app case study - xmpp vs SIP
Chat app case study - xmpp vs SIPChat app case study - xmpp vs SIP
Chat app case study - xmpp vs SIP
 
The Art of Message Queues - TEKX
The Art of Message Queues - TEKXThe Art of Message Queues - TEKX
The Art of Message Queues - TEKX
 
The bigrabbit
The bigrabbitThe bigrabbit
The bigrabbit
 
FreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceFreeSWITCH as a Microservice
FreeSWITCH as a Microservice
 
Tef con2016 (1)
Tef con2016 (1)Tef con2016 (1)
Tef con2016 (1)
 
Advanced off heap ipc
Advanced off heap ipcAdvanced off heap ipc
Advanced off heap ipc
 
Microservices Practitioner Summit Jan '15 - Don't Build a Distributed Monolit...
Microservices Practitioner Summit Jan '15 - Don't Build a Distributed Monolit...Microservices Practitioner Summit Jan '15 - Don't Build a Distributed Monolit...
Microservices Practitioner Summit Jan '15 - Don't Build a Distributed Monolit...
 
Open HFT libraries in @Java
Open HFT libraries in @JavaOpen HFT libraries in @Java
Open HFT libraries in @Java
 
Art Of Message Queues
Art Of Message QueuesArt Of Message Queues
Art Of Message Queues
 
Messaging With Erlang And Jabber
Messaging With Erlang And JabberMessaging With Erlang And Jabber
Messaging With Erlang And Jabber
 
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPointBsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
 
Abaca: The World's Most Effective Spam Filter
Abaca: The World's Most Effective Spam FilterAbaca: The World's Most Effective Spam Filter
Abaca: The World's Most Effective Spam Filter
 
Docker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platformsDocker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platforms
 
Scaling Slack - The Good, the Unexpected, and the Road Ahead
Scaling Slack - The Good, the Unexpected, and the Road AheadScaling Slack - The Good, the Unexpected, and the Road Ahead
Scaling Slack - The Good, the Unexpected, and the Road Ahead
 
RESTful Microservices
RESTful MicroservicesRESTful Microservices
RESTful Microservices
 
Lec 3(Isp and Security)
Lec 3(Isp and Security)Lec 3(Isp and Security)
Lec 3(Isp and Security)
 
Enterprise Messaging with RabbitMQ.pdf
Enterprise Messaging with RabbitMQ.pdfEnterprise Messaging with RabbitMQ.pdf
Enterprise Messaging with RabbitMQ.pdf
 
Low latency in java 8 v5
Low latency in java 8 v5Low latency in java 8 v5
Low latency in java 8 v5
 
Построение распределенной системы сбора данных с помощью RabbitMQ, Alvaro Vid...
Построение распределенной системы сбора данных с помощью RabbitMQ, Alvaro Vid...Построение распределенной системы сбора данных с помощью RabbitMQ, Alvaro Vid...
Построение распределенной системы сбора данных с помощью RabbitMQ, Alvaro Vid...
 
Adding Real-time Features to PHP Applications
Adding Real-time Features to PHP ApplicationsAdding Real-time Features to PHP Applications
Adding Real-time Features to PHP Applications
 

More from Mickaël Rémond

Go for Real Time Streaming Architectures - DotGo 2017
Go for Real Time Streaming Architectures - DotGo 2017Go for Real Time Streaming Architectures - DotGo 2017
Go for Real Time Streaming Architectures - DotGo 2017Mickaël Rémond
 
Fighting XMPP abuse and spam with ejabberd - ejabberd Workshop #1
Fighting XMPP abuse and spam with ejabberd - ejabberd Workshop #1Fighting XMPP abuse and spam with ejabberd - ejabberd Workshop #1
Fighting XMPP abuse and spam with ejabberd - ejabberd Workshop #1Mickaël Rémond
 
Messaging temps réel avec Go
Messaging temps réel avec GoMessaging temps réel avec Go
Messaging temps réel avec GoMickaël Rémond
 
Building Scalable Systems: What you can learn from Erlang - DotScale 2016
Building Scalable Systems: What you can learn from Erlang - DotScale 2016Building Scalable Systems: What you can learn from Erlang - DotScale 2016
Building Scalable Systems: What you can learn from Erlang - DotScale 2016Mickaël Rémond
 
Property-based testing of XMPP: generate your tests automatically - ejabberd ...
Property-based testing of XMPP: generate your tests automatically - ejabberd ...Property-based testing of XMPP: generate your tests automatically - ejabberd ...
Property-based testing of XMPP: generate your tests automatically - ejabberd ...Mickaël Rémond
 
IoT Studio #1: Protocols introduction and connected jukebox
IoT Studio #1: Protocols introduction and connected jukeboxIoT Studio #1: Protocols introduction and connected jukebox
IoT Studio #1: Protocols introduction and connected jukeboxMickaël Rémond
 
Deep Dive Into ejabberd Pubsub Implementation
Deep Dive Into ejabberd Pubsub ImplementationDeep Dive Into ejabberd Pubsub Implementation
Deep Dive Into ejabberd Pubsub ImplementationMickaël Rémond
 

More from Mickaël Rémond (9)

Go for Real Time Streaming Architectures - DotGo 2017
Go for Real Time Streaming Architectures - DotGo 2017Go for Real Time Streaming Architectures - DotGo 2017
Go for Real Time Streaming Architectures - DotGo 2017
 
Fighting XMPP abuse and spam with ejabberd - ejabberd Workshop #1
Fighting XMPP abuse and spam with ejabberd - ejabberd Workshop #1Fighting XMPP abuse and spam with ejabberd - ejabberd Workshop #1
Fighting XMPP abuse and spam with ejabberd - ejabberd Workshop #1
 
Messaging temps réel avec Go
Messaging temps réel avec GoMessaging temps réel avec Go
Messaging temps réel avec Go
 
Building Scalable Systems: What you can learn from Erlang - DotScale 2016
Building Scalable Systems: What you can learn from Erlang - DotScale 2016Building Scalable Systems: What you can learn from Erlang - DotScale 2016
Building Scalable Systems: What you can learn from Erlang - DotScale 2016
 
Property-based testing of XMPP: generate your tests automatically - ejabberd ...
Property-based testing of XMPP: generate your tests automatically - ejabberd ...Property-based testing of XMPP: generate your tests automatically - ejabberd ...
Property-based testing of XMPP: generate your tests automatically - ejabberd ...
 
IoT Studio #1: Protocols introduction and connected jukebox
IoT Studio #1: Protocols introduction and connected jukeboxIoT Studio #1: Protocols introduction and connected jukebox
IoT Studio #1: Protocols introduction and connected jukebox
 
Deep Dive Into ejabberd Pubsub Implementation
Deep Dive Into ejabberd Pubsub ImplementationDeep Dive Into ejabberd Pubsub Implementation
Deep Dive Into ejabberd Pubsub Implementation
 
XMPP Academy #3
XMPP Academy #3XMPP Academy #3
XMPP Academy #3
 
OneTeam Media Server
OneTeam Media ServerOneTeam Media Server
OneTeam Media Server
 

Recently uploaded

Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 

Recently uploaded (20)

Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 

Real life XMPP Instant Messaging

  • 1. XMPP in real life: attacks, bad behaviour and how to cope with them 2009, 7th february - FOSDEM 2009 Mickaël Rémond <mremond@process-one.net>
  • 2. Background: What we do Company created in 1999
  • 3. Background: What we do Company created in 1999 20 employees
  • 4. Background: What we do Company created in 1999 20 employees Specialized in Instant Messaging since 2002
  • 5. Background: What we do Company created in 1999 20 employees Specialized in Instant Messaging since 2002 Involved in ejabberd since 2002. ProcessOne produced 98% of the code.
  • 6. Background: What we do Company created in 1999 20 employees Specialized in Instant Messaging since 2002 Involved in ejabberd since 2002. ProcessOne produced 98% of the code. Complete stack of Instant Messaging software
  • 7. Background: What we do Company created in 1999 20 employees Specialized in Instant Messaging since 2002 Involved in ejabberd since 2002. ProcessOne produced 98% of the code. Complete stack of Instant Messaging software Two main activities software: complete software solution for IM expertise: renowed company for high-availability, scalability and custom solutions (consulting, development and hosting)
  • 8. Background: What we do Company created in 1999 20 employees Specialized in Instant Messaging since 2002 Involved in ejabberd since 2002. ProcessOne produced 98% of the code. Complete stack of Instant Messaging software Two main activities software: complete software solution for IM expertise: renowed company for high-availability, scalability and custom solutions (consulting, development and hosting) Several tens of large customers, spread across the world Large scale worldwide leader Specific needs renowed expertise
  • 9. XMPP deployments types Visible public servers The «Sandbox» Not necessarily large scale but very unusual behaviours, clients, usage pattern
  • 10. XMPP deployments types Visible public servers The «Sandbox» Not necessarily large scale but very unusual behaviours, clients, usage pattern Large scale servers Large scale in term of registered or simultaneous users Large scale starts after a million of registered users and / or hundred of thousands simultaneous connections
  • 11. XMPP deployments types Visible public servers The «Sandbox» Not necessarily large scale but very unusual behaviours, clients, usage pattern Large scale servers Large scale in term of registered or simultaneous users Large scale starts after a million of registered users and / or hundred of thousands simultaneous connections Large scale in term of thoughput At least tens of thousands of packets per seconds, millions of users of MUC / Pubsub, millions of nodes.
  • 12. XMPP deployments types Visible public servers The «Sandbox» Not necessarily large scale but very unusual behaviours, clients, usage pattern Large scale servers Large scale in term of registered or simultaneous users Large scale starts after a million of registered users and / or hundred of thousands simultaneous connections Large scale in term of thoughput At least tens of thousands of packets per seconds or tens of thousands users in MUC room or subscribed to pubsub node, etc. Experience of large clusters with several tens of millions registered users and more than 500 000 simultaneous users.
  • 13. Challenges of real life XMPP Uptime
  • 14. Challenges of real life XMPP Uptime Uptime !
  • 15. Challenges of real life XMPP Uptime Uptime ! Uptime !!
  • 16. Challenges of real life XMPP Uptime Everything else derives from this Uptime ! Challenge (performance, scalability) Uptime !!
  • 17. Challenges of real life XMPP Uptime Everything else derives from this Uptime ! Challenge (performance, scalability) Uptime !! When a server is restarted: it faces a reconnect storm from client that login again it needs to resync the complete presence states with most of its known s2s servers it reconnects the users accounts on gateways ...
  • 18. Challenges of real life XMPP Uptime Everything else derives from this Uptime ! Challenge (performance, scalability) Uptime !! When a server is restarted: it faces a reconnect storm from client that login again it needs to resync the complete presence states with most of its known s2s servers it reconnects the users accounts on gateways ... You need to: Be able to monitor lots of values to detect troubles and have tools to keep the server online during trouble phase (otherwise it crash:get worse) Be able to perform maintenance task and upgrade code live
  • 19. Case 1: XMPP as a proxy Symptom: A «sandbox» XMPP server crashes regularly
  • 20. Case 1: XMPP as a proxy Symptom: A «sandbox» XMPP server crashes regularly First challenge: Detect possible abuser
  • 21. Case 1: XMPP as a proxy Symptom: A «sandbox» XMPP server crashes regularly First challenge: Detect possible abuser Use of our toolkit (TeamLeader console) to analyse traffic patterns.
  • 22. Case 1: XMPP as a proxy Symptom: A «sandbox» XMPP server crashes regularly First challenge: Detect possible abuser Use of our toolkit (TeamLeader console) to analyse traffic patterns. Correlate the crash to a given user Large number of packets send when online Large bandwidth consumption
  • 23. Case 1: XMPP as a proxy Symptom: A «sandbox» XMPP server crashes regularly First challenge: Detect possible abuser Use of our toolkit (TeamLeader console) to analyse traffic patterns. Correlate the crash to a given user Large number of packets send when online Large bandwidth consumption Dump traffic of this user for analysis
  • 24. Case 1: XMPP as a proxy Symptom: A «sandbox» XMPP server crashes regularly First challenge: Detect possible abuser Use of our toolkit (TeamLeader console) to analyse traffic patterns. Correlate the crash to a given user Large number of packets send when online Large bandwidth consumption Dump traffic of this user for analysis Traffic reveals that user: has deployed XMPP bot at work on his servers is using the public server to get control of his server basically «Shell over XMPP»
  • 25. Case 1: XMPP as a proxy Symptom: A «sandbox» XMPP server crashes regularly First challenge: Detect possible abuser Use of our toolkit (TeamLeader console) to analyse traffic patterns. Correlate the crash to a given user Large number of packets send when online Large bandwidth consumption Dump traffic of this user for analysis Traffic reveals that user: has deployed XMPP bot at work on his servers is using the public server to get control of his server basically «Shell over XMPP» Response: Need to detect abnormal usage pattern and trigger alerts
  • 26. Case 2: Client bad behaviours Symptom: Abnormal memory consumption / sometime leading to crash
  • 27. Case 2: Client bad behaviours Symptom: Abnormal memory consumption / sometime leading to crash Source problem had been client behaviour
  • 28. Case 2: Client bad behaviours Symptom: Abnormal memory consumption / sometime leading to crash Source problem had been client behaviour Generates an undue load on the server Example: Client does not reply to some IQ stanzas (PEPS / CAPS) Server waits for reply until timeout Depending on the type of processing it can be blocking Example: Client that send too many presences Large presence broadcast, especially in MUC rooms
  • 29. Case 2: Client bad behaviours Symptom: Abnormal memory consumption / sometime leading to crash Source problem had been client behaviour Generates an undue load on the server Example: Client does not reply to some IQ stanzas (PEPS / CAPS) Server waits for reply until timeout Depending on the type of processing it can be blocking Example: Client that send too many presences Large presence broadcast, especially in MUC rooms Need to restrict the ability to perform those patterns: Limit the interval for sending presences in chat rooms Limit resourc consumption in general
  • 30. Case 2: Client bad behaviours Symptom: Abnormal memory consumption / sometime leading to crash Source problem had been client behaviour Generates an undue load on the server Example: Client does not reply to some IQ stanzas (PEPS / CAPS) Server waits for reply until timeout Depending on the type of processing it can be blocking Example: Client that send too many presences Large presence broadcast, especially in MUC rooms Need to restrict the ability to perform those patterns: Limit the interval for sending presences in chat rooms Limit resourc consumption in general
  • 31. Case 3: Multi User chat MUC rooms attacks Most common case of abuse
  • 32. Case 3: Multi User chat MUC rooms attacks Most common case of abuse Create a lot of MUC persistant MUC rooms
  • 33. Case 3: Multi User chat MUC rooms attacks Most common case of abuse Create a lot of MUC persistant MUC rooms Join a lot of MUC rooms
  • 34. Case 3: Multi User chat MUC rooms attacks Most common case of abuse Create a lot of MUC persistant MUC rooms Join a lot of MUC rooms Join / leave a MUC room fastly
  • 35. Case 3: Multi User chat MUC rooms attacks Most common case of abuse Create a lot of MUC persistant MUC rooms Join a lot of MUC rooms Join / leave a MUC room fastly Join lots of users in a single room
  • 36. Case 3: Multi User chat MUC rooms attacks Most common case of abuse Create a lot of MUC persistant MUC rooms Join a lot of MUC rooms Join / leave a MUC room fastly Join lots of users in a single room Change presence to bypass voice
  • 37. Case 3: Multi User chat MUC rooms attacks Most common case of abuse Create a lot of MUC persistant MUC rooms Join a lot of MUC rooms Join / leave a MUC room fastly Join lots of users in a single room Change presence to bypass voice Flood with messages
  • 38. Case 3: Multi User chat MUC rooms attacks Most common case of abuse Create a lot of MUC persistant MUC rooms Join a lot of MUC rooms Join / leave a MUC room fastly Join lots of users in a single room Change presence to bypass voice Flood with messages Use large values to «attack» the server or the client (large room names, large nick names, etc)
  • 39. Case 4: Bots Symptom: Server crash
  • 40. Case 4: Bots Symptom: Server crash Reduce to a crash when some special user connects (every time)
  • 41. Case 4: Bots Symptom: Server crash Reduce to a crash when some special user connects (every time) Bots send messages to their users on a public server
  • 42. Case 4: Bots Symptom: Server crash Reduce to a crash when some special user connects (every time) Bots send messages to their users on a public server They do not often use headline message type (which means they are not intended to be stored offline). They sometimes rely on presence, but it can be inaccurate after a force server shutdown. We have seen users of public servers with more than 500 000 messages in the offline store.
  • 43. Case 4: Bots Symptom: Server crash Reduce to a crash when some special user connects (every time) Bots send messages to their users on a public server They do not often use headline message type (which means they are not intended to be stored offline). They sometimes rely on presence, but it can be inaccurate after a force server shutdown. We have seen users of public servers with more than 500 000 messages in the offline store. Limit the size of the offline store Ability to detect abusers and limit their ability to send massive amount of messages
  • 44. Case 5: Large flow / small pipes An XMPP server is a pipe Data flows from on connection to another.
  • 45. Case 5: Large flow / small pipes An XMPP server is a pipe Data flows from on connection to another. Problem: What happens if you try to send data faster than the target client can receive (mobile) ? What happens if you try to send data faster than the target server can receive (limited bandwith, Karma limitation) ?
  • 46. Case 5: Large flow / small pipes An XMPP server is a pipe Data flows from on connection to another. Problem: What happens if you try to send data faster than the target client can receive (mobile) ? What happens if you try to send data faster than the target server can receive (limited bandwith, Karma limitation) ? Challenge: Detect congestions and decide what to do when this happens This has to been done right otherwise the service might seems unreliable Federation rules / pattern needed ?
  • 47. Interesting new challenges ahead Massive numbers of XMPP servers deployed Lots of s2s connections to maintain for large servers Will XMPP scale to millions of servers ?
  • 48. Interesting new challenges ahead Massive numbers of XMPP servers deployed Lots of s2s connections to maintain for large servers Will XMPP scale to millions of servers ? Large servers connected through s2s: Several large servers need to keep users presence in sync Imagine what happen when one of them goes down ... Yes, massive presence resync is needed
  • 49. Interesting new challenges ahead Massive numbers of XMPP servers deployed Lots of s2s connections to maintain for large servers Will XMPP scale to millions of servers ? Large servers connected through s2s: Several large servers need to keep users presence in sync Imagine what happen when one of them goes down ... Yes, massive presence resync is needed New usage patterns Ubiquitous XMPP: A single users can have many connections: Increase in size of XMPP platforms Devices / Machine to Machine communication: increase of volume of messages