Too Many Requests Response Code for the Constrained Application Protocol
Ericsson
ari.keranen@ericsson.com
Internet-Draft
A Constrained Application Protocol (CoAP) server can experience
temporary overload because one or more clients are sending requests to
the server at a higher rate than the server is capable or willing to
handle. This document defines a new CoAP Response Code for a server
to indicate that a client should reduce the rate of requests.
The Constrained Application Protocol (CoAP) Response Codes
are used by a CoAP server to indicate the result of the attempt to
understand and satisfy a request sent by a client.
CoAP Response Codes are similar to the HTTP Status Codes
and many codes are shared with similar semantics by both CoAP and
HTTP. HTTP has the code “429” registered for “Too Many Requests”
. This document registers a CoAP Response Code “4.29” for
similar purpose and also defines use of the Max-Age option to indicate
a back-off period after which a client can try the request again.
While a server may not be able to respond to one kind of request, it
may be able to respond to a request of different kind, even from the
same client. Therefore the back-off period applies only to similar
requests. For the purpose of this response code, a request is similar
if it has the same method and Request-URI. Also if a client is sending
a sequence of requests that are part of the same series (e.g., a set
of measurements to be processed by the server) they can be considered
similar even if request URIs may be different. Because request
similarity is context-dependent, it is up to the application logic to
decide how the similarity of the requests should be evaluated.
The 4.29 code is similar to the 5.03 “Service Unavailable”
code in a way that the 5.03 code can also be used by a server to
signal an overload situation. However the 4.29 code indicates that the
too frequent requests from the requesting client are the reason for
the overload.
The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”,
“SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “NOT RECOMMENDED”, “MAY”, and
“OPTIONAL” in this document are to be interpreted as described in
BCP 14 when, and only when, they appear in
all capitals, as shown here.
Readers should also be familiar with the terms and concepts discussed
in .
If a CoAP server is unable to serve a client that is sending
CoAP request messages more often than the server is capable or willing
to handle, the server SHOULD respond to the request(s) with the
Response Code 4.29, “Too Many Requests”. The Max-Age option is used
to indicate the number of seconds after which the server assumes it is
OK for the client to retry the request.
An action result payload (see Section 5.5.1 in ) can be
sent by the server to give more guidance to the client, e.g., about
the details of the overload situation.
If a client receives the 4.29 Response Code from a CoAP server to a
request, it SHOULD NOT send a similar request to the server before the
time indicated in the Max-Age option has passed.
A client MUST NOT rely on a server being able to send the 4.29
Response Code in an overload situation because an overloaded server
may not be able to reply to all requests at all.
Replying to CoAP requests with a Response Code consumes resources from
a server. For a server under attack it may be more appropriate to
simply drop requests without responding.
If a CoAP reply with the Too Many Requests Response Code is not
authenticated and integrity protected, an attacker can attempt to
spoof a reply and make the client wait for an extended period of time
before trying again.
IANA is requested to register the following Response Code in the “CoRE
Parameters Registry”, “CoAP Response Codes” sub-registry:
Response Code: 4.29
Description: Too Many Requests
Reference: [[This document]]
This Response Code definition was originally part of the “Publish-
Subscribe Broker for CoAP” document .
Author would like to thank Abhijan Bhattacharyya, Carsten Bormann,
Gyorgy Rethy, Klaus Hartke, and Sandor Katona for their contributions
and reviews.
Key words for use in RFCs to Indicate Requirement Levels
In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.
The Constrained Application Protocol (CoAP)
The Constrained Application Protocol (CoAP) is a specialized web transfer protocol for use with constrained nodes and constrained (e.g., low-power, lossy) networks. The nodes often have 8-bit microcontrollers with small amounts of ROM and RAM, while constrained networks such as IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) often have high packet error rates and a typical throughput of 10s of kbit/s. The protocol is designed for machine- to-machine (M2M) applications such as smart energy and building automation.CoAP provides a request/response interaction model between application endpoints, supports built-in discovery of services and resources, and includes key concepts of the Web such as URIs and Internet media types. CoAP is designed to easily interface with HTTP for integration with the Web while meeting specialized requirements such as multicast support, very low overhead, and simplicity for constrained environments.
Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words
RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.
Publish-Subscribe Broker for the Constrained Application Protocol (CoAP)
The Constrained Application Protocol (CoAP), and related extensions are intended to support machine-to-machine communication in systems where one or more nodes are resource constrained, in particular for low power wireless sensor networks. This document defines a publish- subscribe Broker for CoAP that extends the capabilities of CoAP for supporting nodes with long breaks in connectivity and/or up-time.
Additional HTTP Status Codes
This document specifies additional HyperText Transfer Protocol (HTTP) status codes for a variety of common situations. [STANDARDS-TRACK]
Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing
The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document provides an overview of HTTP architecture and its associated terminology, defines the "http" and "https" Uniform Resource Identifier (URI) schemes, defines the HTTP/1.1 message syntax and parsing requirements, and describes related security concerns for implementations.