RateLimitingPolicy allows you to preset a policy in the Service Mesh (ASM) traffic scheduling suite. You can declaratively configure throttling for global traffic of the services in an ASM instance. This topic describes the fields of RateLimitingPolicy.
Example
The following configuration indicates that throttling is performed on the HTTPBin service in a Kubernetes cluster. The token bucket used for throttling is filled with two tokens every 30 seconds. That is, two requests are allowed every 30 seconds. The maximum number of tokens in the token bucket is two, which indicates that burst traffic is not allowed. Requests are grouped by the user_id request headers. The system determines whether to perform throttling on requests with different user_id request headers separately, and requests with different user_id request headers consume tokens in their own token buckets.
apiVersion: istio.alibabacloud.com/v1
kind: RateLimitingPolicy
metadata:
name: ratelimit
namespace: istio-system
spec:
rate_limiter:
bucket_capacity: 2
fill_amount: 2
parameters:
interval: 30s
limit_by_label_key: http.request.header.user_id
selectors:
- agent_group: default
control_point: ingress
service: httpbin.default.svc.cluster.localDescription of RateLimitingPolicy fields
RateLimitingPolicy defines a global throttling policy in the ASM traffic scheduling suite. It specifies the services on which throttling takes effect, the runtime parameters of the throttling policy, and the attributes of the token bucket used for throttling.
RateLimitingPolicySpec
RateLimitingPolicySpec is the core configuration of RateLimitingPolicy and corresponds to the spec field.
Field | Type | Required | Description |
rate_limiter | Yes | The configuration of the limiter that executes the throttling policy. |
RateLimiter
RateLimiter specifies the parameters of the limiter and the token bucket used by the limiter.
Field | Type | Required | Description |
fill_amount | double | Yes | The number of tokens filled into the token bucket each time. This field can be used together with the interval field in RateLimiterParameters to implement throttling on requests. |
bucket_capacity | double | Yes | The maximum capacity of the token bucket used by the limiter. When the request rate is lower than the token bucket filling rate, the number of tokens in the token bucket will continue to increase until the maximum capacity |
parameters | Yes | The configuration parameters of the limiter. | |
request_parameters | No | The configuration of the operations to be performed by the limiter on requests. | |
selectors | []Selector | Yes | The specific requests for which throttling takes effect. |
RateLimiterParameters
RateLimiterParameters specify the configuration parameters of the limiter.
Field | Type | Required | Description |
interval | Duration | Yes | The interval at which the limiter fills the token bucket each time. For example, the value |
limit_by_label_key | string | No | The request labels that are used by the throttling policy to group requests. After you specify this field, throttling is performed separately on requests with different labels, and requests with different labels use their own token buckets. For more information about how to specify labels for requests, see Description of request labels. |
continuous_fill | bool | No | Specifies whether the limiter smoothly fills the token bucket. If this field is set to true, the limiter will continuously fill the token bucket with a certain number of tokens within the time period specified by the interval field, instead of filling the token bucket with a certain number of tokens at a time immediately after the time period specified by the interval field elapses. The number of tokens to be filled is specified by the fill_amount field. Default value: true. |
delay_initial_fill | bool | No | Specifies whether to delay filling the token bucket when the throttling policy takes effect. If this field is set to |
lazy_sync | No | The delayed synchronization capability configuration of the limiter. | |
max_idle_time | Duration | No | This field takes effect when |
RateLimiterRequestParameters
RateLimiterRequestParameters specifies the custom configuration for the limiter to perform operations on requests.
Field | Type | Required | Description |
denied_response_status_code | int | No | You can use this field to override the default HTTP 429 status code that is returned when throttling occurs. |
tokens_label_key | string | No | You can use this field to override the number of tokens consumed by requests. If a request carries a specified label, the number in the label indicates the number of tokens to be consumed. |
RateLimiterParametersLazySync
RateLimiterParametersLazySync specifies the configuration parameters related to the delayed synchronization capability of the limiter. Delayed synchronization is a capability of the limiter in the ASM traffic scheduling suite. If delayed synchronization is not enabled, Envoy synchronizes with the remote agent for each request to determine whether throttling is required. This allows accurate throttling for a single service. If delayed synchronization is enabled, Envoy makes throttling decisions locally and periodically synchronizes with the remote agent. This reduces the accuracy of throttling but accelerates throttling decisions and reduces request latency.
Field | Type | Required | Description |
enabled | bool | No | Specifies whether to enable delayed synchronization. Default value: false. |
num_sync | int | No | The number of times that Envoy synchronizes the number of requests on which throttling is performed with the remote agent within the time period specified by the interval field. Default value: 4. |
Description of request labels
In the ASM traffic scheduling suite, request labels are key-value pairs that indicate the characteristics or classification of requests. Scheduling can be performed on different requests based on their labels. For example, requests can be grouped according to specific request labels, and a separate token bucket is used for throttling each group of requests. The labels of a request can be obtained from multiple sources, such as the request metadata and the Baggage header.
Request metadata
The basic metadata of each HTTP request is automatically converted into a series of labels of the request. Mapping between the metadata of an HTTP request and the request labels:
http.method: the method of the HTTP request. Example:
POST.http.flavor: the protocol version of the HTTP request. Example:
1.1.http.host: the host of the HTTP request. Example:
httpbin.default.svc.cluster.local.http.target: the path name of the HTTP request. Example:
/get.http.request_content_length: the size of the HTTP request body. Example:
431.http.request.header.header_name: the request header named
header_namein the HTTP request headers. For example, http.request.header.user_agent indicates theuser_agentrequest header.
Baggage
Baggage is a standardized mechanism developed by OpenTelemetry to transfer context information across processes in call chains of a distributed system. You can add an HTTP header named baggage to HTTP headers. The value of the baggage header is in the key-value pair format. You can use the baggage header to transfer context data such as tenant ID, trace ID, and security credential. This way, you can use the tracing analysis and log association features without the need to modify code. Example:
baggage: userId=alice,isProduction=falseIf a request carries the Baggage header, each key-value pair in the Baggage header is automatically converted into a request label with the same name. For example, the Baggage header in the preceding example is converted into two request labels: userId: alice and isProduction: false.